6Location Awareness

He sits in the dim glow of his laptop screen, knowing he is more than half a world away from the system he is really working on. It's late at night and the world outside is blanketed by darkness. He moves carefully on the system because, while it's late at night where he is and dark, it would be light and into the business day on the system he is connected to. Fortunately, he isn't directly connected to the system on the other end. Instead, he has bounced through a couple of intermediate systems. He knows that even if someone were watching, having those additional hops in between will make it harder to track him down.

The time difference is something that he always has to factor in to make sure he isn't being too noisy while the legitimate user of the system is trying to use it. If he is using too much network or too much disk, that may get noticed because it will cause performance problems and the user may well take notice of the changes on the system. As a result, he always has to be aware of where the system he has compromised is. He has a number of ways to know this but the easiest is just checking the time zone setting on the system. This isn't always accurate, however, since some servers use Greenwich Mean Time (GMT) as ...

Get Network Forensics now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.