A few weeks ago, we had an unpleasant surprise when our 🚗 registration plates were swapped with stolen ones. Once we overcame the initial shock and contacted the 👮♀️ police, our next step was to pinpoint the exact time of the crime. Using our home security cameras 📷, we narrowed down the timeframe to a two-hour window. The images below provide a glimpse into our investigative process at home.
Additionally, since our car had been exclusively parked at a nearby shopping center, roughly 20 minutes away, we were able to further refine the estimated time of the crime. This information proved invaluable to the dedicated police officer who assisted us by confiscating the stolen plates.
This situation draws some striking parallels to upholding effective cyber security operational capabilities, particularly in the realm of monitoring. These are the key points:
1️⃣ Don’t Rely Solely on Defenses: Just as our garage door, home alarm, and car immobiliser were ineffective against this incident, the analogy extends to firewalls and intrusion prevention systems (IPS). Defenses cannot protect against all potential threats particular as your data frequently exits the perimeter of your controls.
2️⃣ Ensure Your Logging/Monitoring/SIEM/SOAR Works and is capturing what you need: Our situation highlighted the importance of functional and detailed logging/monitoring. Our garage cameras’ night vision had malfunctioned but fortunately the opening of the garage door provided ample light to capture the registration plates.
3️⃣ Maintain Accurate Time Synchronization: The significance of accurate time synchronisation cannot be overstated. Inaccurate timestamps severely undermine the value of your logs. Don’t assume your NTP (or similar) synchronisation is working – check it regularly!
4️⃣ Leverage Human Intelligence (HUMINT): In our case, combining human intelligence with the data from our logs improved the investigation of when the incident took place. Tracing the car’s movements during the two-hour window and factoring in travel time to the location further narrowed down the potential timeframe by an additional 40 minutes.
Lastly, a heartfelt thank you goes out to the South Australia Police👮 for their swift and empathetic response upon reporting the incident. Your support was truly appreciated.
(Note: The camera in our garage has since been replaced.)
Leave a Reply