[ISN] Security Agents Head For Cybercrime School

From: InfoSec News (isnat_private)
Date: Mon Apr 29 2002 - 02:19:21 PDT

  • Next message: InfoSec News: "[ISN] `Task Force Tiger' put to the test"

    By Beatrice Arnfield, Special to Newsbytes
    26 Apr 2002, 2:21 PM CST
    Security agents from both sides of the Atlantic are being sent to
    school so they can trace and prosecute computer criminals.
    The FBI, U.S. Customs, the High Technology Crime Investigation
    Association, Europol and the U.K.'s National High-Tech Crime Unit are
    among the agencies that have sent staff to learn about cybercrime,
    fraud, hacking and software bugs, according to the company,
    Massachusetts-based QinetiQ Trusted Information Management.
    QinetiQ Trusted Information Management is a division of QinetiQ, which
    until July 2001 was part of the UK's Ministry of Defence. QinetiQ, now
    a company wholly owned by the UK government, is currently looking for
    private equity investors.
    Europol analyst Ian Casewell and the UK National High-Tech Crime
    Unit's press officer Judi Prue confirmed to Newsbytes that their
    organizations sent staff to QinetiQ courses.
    According to Casewell, Europol staff have been trained in network
    security by QinetiQ. An FBI spokeswoman said the agency never comments
    on internal affairs.
    Law enforcement agents, district attorneys, private attorneys and
    corporate investigators are lining up for the courses, which are also
    available in private workplaces, according to John Holland, QinetiQ
    Trusted Information Management's CEO.
    "There are two things you must know, if you are involved with this
    type of work," Holland told Newsbytes at the Infosecurity exhibition
    in London. "You have to know how to track the criminals and you have
    to know what is permissible in a court of law. It is no good putting a
    lot of work into finding evidence, only to find out that it can't be
    used. And every country has its own seizure and espionage
    requirements, so we have to teach people about this."
    Computer forensics is every bit as complicated as traditional
    forensics, said Holland, but no criminal is perfect and most leave
    footprints behind. For example, when a computer is used to log onto
    another computer, it retains a trace of the activity carried out. This
    is the case even if the criminal first logs onto an intermediate,
    innocent computer or even a long chain of open computers before
    launching an attack. These other computers can often be in
    inaccessible countries, making the job of collecting evidence harder.
    "It is not a trivial job to trace through these computers and collect
    evidence that can be presented in a court of law," pointed out
    Holland. "Sometimes, you have to rely on help from local law
    enforcement agencies. More countries are becoming aware now of the
    problem of computer crime and are willing to help if they are shown
    However, not all attacks involve computers in distant lands. According
    to the FBI, most computer crime is committed by corporate insiders or
    associates and many QinetiQ students are corporate investigators
    intent on controlling crime within their own organization.
    "If they have the skills, they may be able to build a case against the
    offender," said Holland. "We also teach them how to preserve the chain
    of evidence so that it can be used in court if necessary."
    Students are taught about how e-mail works and how e-mail can be
    traced and retrieved even after messages have been deleted.
    "Deleting e-mails is more complex than most people realize," said
    Holland. "The use of internal Merrill Lynch e-mails as evidence
    against the company is the latest high profile example of the use of
    cyber-evidence, and finding deleted e-mails is one of the skills
    taught by QinetiQ."
    These skills can also be used in tracking the movement of paedophile
    material through computer systems.
    QinetiQ Trusted Information Management is in the process of opening a
    technical investigation unit near Seattle, Washington. The forensic
    laboratory will be concerned mainly with data recovery.
    QinetiQ is at www.qinetiq.com
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Mon Apr 29 2002 - 05:56:55 PDT