[ISN] RCMP computer security breached, documents reveal

From: InfoSec News (alerts@private)
Date: Sun Mar 30 2008 - 22:22:47 PST


http://www.canada.com/vancouversun/news/story.html?id=20ae6f79-876e-4bec-9a1f-e6b6ca111893

By Robert Koopmans
Kamloops Daily News
March 29, 2008

KAMLOOPS -- The security of RCMP computers used to process evidence for 
a looming multimillion-dollar trial was breached from outside the 
agency, exposing sensitive files to the possibility of theft and 
tampering, Crown documents reveal.

The police computers were also used to view pornography and download 
music and illegal software, a letter from senior Kamloops Crown 
prosecutor Don Mann states.

The three-page letter, obtained by the Kamloops Daily News Thursday, was 
provided to four men accused of being part of a national auto-theft ring 
during a court hearing Wednesday.

The information in the letter relates to six computers that handled the 
massive volumes of Project Eau evidence.

The computers, which stored and processed more than 250,000 pieces of 
evidence, were exposed to viruses and the possibility of tampering after 
an officer with the investigating unit hooked the computers to the 
Internet, contrary to orders.

The Crown document reveals the computers were hooked to the Internet in 
October 2003 and remained connected until May 2005, when Shaw notified 
the RCMP that the police agency's computers were spamming e-mail to the 
Internet. The breach was discovered and the connection to the Internet 
shut down.

The Crown letter indicates one of the Project Eau investigating officers 
connected the computers to the Internet, then used some of the machines 
for a variety of personal purposes, including viewing pornography, 
downloading music and video files, visiting a dating service and chat 
sites and a modelling agency site. The officer also visited online 
auction sites and a variety of other websites.

The name of the officer was not revealed.

The officer also downloaded various pieces of software, including 
LimeWire and Free Proxy, Paint Shop Pro, an Internet chat program knows 
as MIRC, the latest versions of Adobe software and WordPerfect. Some of 
the downloaded software was pirated.

During the nearly 20 months that the computer bank was improperly 
connected to the Internet, one of the six computers became infected by 
at least four viruses.

One of the viruses was running a script that made it a part of what is 
described in the letter as a "zombie network" used to distribute spam 
e-mail unknown to the RCMP.

The nature of the spam e-mail or where it originated isn't known, but 
spamming e-mail is widely considered an unethical or illegal activity.

Individuals often use spam to market or sell, among other things, 
pornography and gambling sites and grey-market, or illegal, drugs.

A team of investigators from the RCMP's Integrated Technical Crime Unit 
examined the computers after the RCMP was notified of the breach.

"A detailed examination of the infected computer revealed that three 
known virus programs and one unknown virus program had been running .... 
The viruses in question include the ability to open a backdoor whereby 
the computer can be controlled for an intended purpose, which would 
include the ability to view, copy, delete or change any file on the 
infected computer," the Crown's letter to the accused men reveals.

The letter also states the examiners could not conclude that the files 
on the computers were not compromised. The team was of the view, 
however, the likelihood of files being affected was "extremely low."

Copyright The Vancouver Sun 2008


___________________________________________________      
Subscribe to InfoSec News
http://www.infosecnews.org/mailman/listinfo/isn 



This archive was generated by hypermail 2.1.3 : Sun Mar 30 2008 - 22:49:38 PST