http://www.newsbytes.com/news/02/176176.html By Beatrice Arnfield, Special to Newsbytes LONDON, ENGLAND, 26 Apr 2002, 2:21 PM CST Security agents from both sides of the Atlantic are being sent to school so they can trace and prosecute computer criminals. The FBI, U.S. Customs, the High Technology Crime Investigation Association, Europol and the U.K.'s National High-Tech Crime Unit are among the agencies that have sent staff to learn about cybercrime, fraud, hacking and software bugs, according to the company, Massachusetts-based QinetiQ Trusted Information Management. QinetiQ Trusted Information Management is a division of QinetiQ, which until July 2001 was part of the UK's Ministry of Defence. QinetiQ, now a company wholly owned by the UK government, is currently looking for private equity investors. Europol analyst Ian Casewell and the UK National High-Tech Crime Unit's press officer Judi Prue confirmed to Newsbytes that their organizations sent staff to QinetiQ courses. According to Casewell, Europol staff have been trained in network security by QinetiQ. An FBI spokeswoman said the agency never comments on internal affairs. Law enforcement agents, district attorneys, private attorneys and corporate investigators are lining up for the courses, which are also available in private workplaces, according to John Holland, QinetiQ Trusted Information Management's CEO. "There are two things you must know, if you are involved with this type of work," Holland told Newsbytes at the Infosecurity exhibition in London. "You have to know how to track the criminals and you have to know what is permissible in a court of law. It is no good putting a lot of work into finding evidence, only to find out that it can't be used. And every country has its own seizure and espionage requirements, so we have to teach people about this." Computer forensics is every bit as complicated as traditional forensics, said Holland, but no criminal is perfect and most leave footprints behind. For example, when a computer is used to log onto another computer, it retains a trace of the activity carried out. This is the case even if the criminal first logs onto an intermediate, innocent computer or even a long chain of open computers before launching an attack. These other computers can often be in inaccessible countries, making the job of collecting evidence harder. "It is not a trivial job to trace through these computers and collect evidence that can be presented in a court of law," pointed out Holland. "Sometimes, you have to rely on help from local law enforcement agencies. More countries are becoming aware now of the problem of computer crime and are willing to help if they are shown evidence." However, not all attacks involve computers in distant lands. According to the FBI, most computer crime is committed by corporate insiders or associates and many QinetiQ students are corporate investigators intent on controlling crime within their own organization. "If they have the skills, they may be able to build a case against the offender," said Holland. "We also teach them how to preserve the chain of evidence so that it can be used in court if necessary." Students are taught about how e-mail works and how e-mail can be traced and retrieved even after messages have been deleted. "Deleting e-mails is more complex than most people realize," said Holland. "The use of internal Merrill Lynch e-mails as evidence against the company is the latest high profile example of the use of cyber-evidence, and finding deleted e-mails is one of the skills taught by QinetiQ." These skills can also be used in tracking the movement of paedophile material through computer systems. QinetiQ Trusted Information Management is in the process of opening a technical investigation unit near Seattle, Washington. The forensic laboratory will be concerned mainly with data recovery. QinetiQ is at www.qinetiq.com - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Mon Apr 29 2002 - 05:56:55 PDT