SCIENCE

James J. Barlow, the head of Security Operations and Incident Response at the National Center for Supercomputing Applications (NCSA), will give anInformation Trust Institute Trust & Security Seminar on "Tracking a Hacker: The Long Tail of Incident Response" at 4 p.m. Oct. 19 in Room 3405 at the University of Illinois' Siebel Center for Computer Science.{dmMaps strt="1317901764" DO NOT EDIT/REMOVE, HIDDEN ON THE FRONTEND ;) }

Barlow has been at NCSA for more than 16 years; he has been involved in system administration and security, and has been doing security full-time for over 10 years. The security operations team that he leads is responsible for all the network and host-based security monitoring done on the NCSA network.

ABSTRACT: So your network monitoring systems all seem to be working. You are receiving alerts of malicious activity on your network. Incidents are caught, responded to, and remediated. However, the miscreant who initiated the attack is still out there and just moves his attack elsewhere. Can we determine who is at the end of this attack? How do we go about doing so? And is it really worth our time tracking back hackers? Each of these items will be addressed in this talk, in which I will cover a year-long investigation working with the FBI to track back a hacker from the point of initial contact until apprehension and trial.