• Categories

  • Pages

  • Archives

Why Is Your Employer Giving the Gov’t Your Personal Info? CISPA Explained.

Posted on April 22, 2013 by Lina Maini

CISPA

What is CISPA?

CISPA, known officially as H.R. 624, is a cybersecurity Bill, ostensibly designed to help prevent and defend against cyberattacks on critical national infrastructure and against other internet attacks on private firms by obtaining and sharing “cyberthreat information” .  It passed the House last week (288-127 in favor) in days that found the nation stunned by the horrific terror attack at the Boston Marathon, the subsequent five-day manhunt for the remaining (and now captured) suspect and the gruesome workplace explosion in West, Texas that left many dead and injured.  CISPA is now winding its way through the Senate.

This Is Good For Us, Correct?

On paper CISPA reads well and appears to be a tightening of security against potential cyber attacks.  We’ve  now entered into a dark area of cyberspace; that which is focused on causing mayhem – where cyberthreats are routinely are received (and thankfully, overwhelmingly neutralized) by government agencies, the military and big corporations.  In 2010, the Pentagon declared cyberspace as a new domain in warfare and established the United States Cyber Command (USCyberCom) to defend American military networks, and if necessary, attack other countries’ systems.  USCyberCom however was (and remains) active only to protect our military.  Government infrastructure and corporations are primarily the responsibility of the Department of Homeland Security and private companies – until CISPA, as expected, passes the Senate in the coming days.

So Why The Concern?

CISPA, in its current version,  allows firms and agencies from the private sector to acquire and search sensitive data relating to U.S. citizens. Under the guise of using such sharing — without court-ordered warrants — allegedly to combat cybercrime, data including heath records, banking and online activity could be shared without anonymization.  Extending the bill’s definition:  it permits private firms to hand over private user data while circumventing existing privacy laws, such as the Wiretap Act and the Stored Communications Act. This means that CISPA can permit private firms to share your data, such as emails, text messages, and cloud-stored documents and files, with the US government again without the need for a warrant.

It also gives these firms legal protection to hand over such data. There is no judicial oversight.

Other factors to consider are that tech giants including Twitter, Facebook and Google would not be able to protect your privacy, as no legal reprisal could be mounted against such data sharing, and U.S. intelligence agencies would be able to hand over classified information to groups without security clearance.

Finally, and perhaps worst of all, because there is little transparency and individual accountability, those who have had their data handed to the US government may not even know about it or be given a chance to challenge it.

We need to ask ourselves and certainly our elected representatives, at what price security? As a security specialist, I certainly understand the need for firm policies that will reduce the effectiveness of cyber attacks, but like most people, I’m have not been given an unfiltered explanation of how the aggregation of personal information by private companies, handed over to the government, without a clearly defined need by such and that which can be obtained without a warrant by the government, is necessary or even constitutional.  Yes, there is an expectation of privacy of personal medical records, credit information and personal email.

Let’s stay sharply focused on how CISPA is used and probably, abused, by corporations and governmental agencies.

Our Operatives: Street mart; info savvy.

As always, stay safe.

Related articles

Filed under: cyber crime, cyber investigations, cyber law, cyber threat, cyberattack, cybersecurity, data, databases | Tagged: , , , , , , , , | Leave a Comment »

Identifying and Reporting Cyber Harassment

Posted on March 24, 2013 by Lina Maini

(We’re wrapped up in several serious cyber harassment cases at the moment and are sharing several tips on how to handle cyber/internet harassment that crosses the line to true criminality.  All too frequently, we feel our hands are tied in trying to protect ourselves, our businesses and families from this type of harassment but in reality, the reporting protocol for these situations already exists.  Below is information on how to report cyber harassment.)

Cyber harassment refers to the malicious use of technology to willfully and deliberately harass or harm another individual or entity.  Cyber harassment is a federal crime and can be an incredibly scary experience for victims. There are  steps to report Internet harassment. If you are in imminent fear of your life or for the safety of others, call 911 to report the harassment immediately.

Instructions  

1.  Determine whether you are the victim of cyber harassment. The lines between genuine cyber harassment and general nuisance are blurry, so it can be difficult to substantiate a claim of Internet harassment. If someone is threatening you with violence and you genuinely fear for your safety and well-being, you might meet the criteria of being a victim. It is important to note that hacking, cyber spying and cyber stalking are not forms of Internet harassment. The first two are not necessarily criminal activities, depending on the nature of the offender’s behavior, and the latter is a separate crime, which should be reported and addressed differently than cyber harassment, defined by the Federal Anti-Cyber-Stalking Act.

2.  Do what you can to reduce or prevent further Internet harassment from occurring. This includes changing your email address, screen names and member names for instant messaging programs and social networking websites; privatizing profiles and websites that currently are public; and ceasing all contact with the person who is harassing you. You must demonstrate that you have taken steps to stop the person from harassing you. If you converse with the individual who is harassing you, your chances of reporting and stopping Internet harassment will significantly drop.

3.  Gather as much information as you can about the individual harassing you. This can prove to be quite difficult given the anonymous nature of the Internet, but technology allows law enforcement to track down anonymous harassers by using multiple methods. Develop a log that includes email addresses, screen names, and website and social networking profile URLs that belong to the person/people harassing you. Save and print emails and conversations, create “screen grabs” or screenshots of websites or profiles with threatening or malicious content, and keep track of the offender’s every attempt to contact you. A detailed log containing dates, times and places will help you immensely when you report cyber harassment. If possible, also try to locate and write down the offender’s Internet Protocol (IP) address.

4.  Contact your local law enforcement agency and ask to report cyber harassment. Use the police department’s nonemergency (administrative) telephone number or visit in person to make your report. Be prepared to provide information you have detailed in your log; if you make the report in person, bring along two copies of every document you have to leave with the police. If you know the offender’s location, you can contact his local police department or file a report with both precincts. Be sure to get a copy of any police report you file.

5.  Contact your local FBI field office if your local police department is unable to or uninterested in pursuing your report. You can locate your local office using the FBI’s field office locator online, or ask you local police department for the information. Always attempt to make a report with your local police department before contacting the FBI, unless you have reason to believe the harassment is terroristic (for example, the offender is threatening to plant a bomb or commit a school shooting) in nature.

6.  Contact a cyber harassment watch group for more assistance. While your matter is under investigation, you can contact an organization such as WiredSafety for further assistance and general support. Note that this type organization is not a governmental or law enforcement agency and you should not rely on these private groups as an alternative to law enforcement authorities.

Our Operatives: Street smart; info savvy.

As always, stay safe.

Filed under: cyber crime, cyber investigations, cyber law | Tagged: , , , , , , , , , | Leave a Comment »

How To Rob a Bank in the 21st Century.

Posted on December 9, 2012 by Lina Maini

cyber thief

Or “Facts on Online Banking and Cyber Theft”.

  • 74% of people do online banking.
  • 85% are afraid of using public PCs to bank online or via open wireless networks.
  • 35% are sure that their banks are not providing their accounts with enough cyber security.

In 2010, the FBI reported 390 banking-fraud related cases.   Cyber thieves attempted to steal $220,000,000; actual losses: $70,000,000.  (Not a bad return.)

The general steps in which funds are stolen online.  (I’m not giving any advice to the novice to follow and the pros already know how to steal your money.)

  • Spam email.  These are the “final notice”, “overdue invoice” or otherwise eye-catching subject lined emails that many people (still) pop open.  Now the thief has identified his mark.
  • Exploit kit is deployed.Basic summary of how an exploit kit works
    1. The customer licenses an exploit kit from the authors and specifies various options to customize the kit.
    2. A potential victim loads a compromised web page or opens a malicious link in a spammed email.
    3. The compromised web page or malicious link in the spammed email sends the user to an exploit kit server’s landing page.
    4. This landing page contains obfuscated JavaScript that determines what is on the victim’s computers and loads all exploits to which this computer is vulnerable and sometimes a Java applet tag that loads a Java Trojan horse.
    5. If there is an exploit that is usable, the exploit loads and executes a payload on the victim’s computer and informs the exploit kit server which exploit was used to load the payload.
  • Now the target pc is infected with a trojan downloader.
  • Once the trojan banker is installed, the thief has complete control over the victim’s online banking activity. Advanced banking trojans interact on the target’s behalf in real-time. Someone thinks they are paying a bill. The receipt certainly looks real.  But that money has been diverted elsewhere.
  • Where has the money been transferred? To a mule’s account.  Mules are just regular folk who’ve been scammed into believing that they’ve taken on a real online job as a “money transfer agent” for a seemingly legitimate payroll processing service. that is outsourcing its excess work.   The mule is advised to withdraw 80 – 90% of the funds deposited into the mule’s own real bank account and forward it to the recipients. (To an untraceable account, of course.)

Now that you know how online bank theft occurs, ensure that your browsers and security are current and monitored frequently.  For those considering an online transfer agent job, forget it.  If it looks too good to be true… you know the rest.

Our Operatives: Street smart; info savvy.

As always, stay safe.

Filed under: cyber crime, cyber investigations | Tagged: , , , | Leave a Comment »

Warning Signs of Covert Eavesdropping or Bugging. Part ll/ll

Posted on October 8, 2012 by Lina Maini

Electromagnetic frequencies and the AM and FM ...

Motive.  That is the first thing you should consider if you believe you may be a potential target of covert surveillance.  If anything you write, say or do can increase someone else’s wealth or influence, that is more than motive enough.

Below are warning signs that you may be the target of a surveillance campaign.

  1. Others seem to know more than they should about your confidential business or professional trade secrets.
  2. Secret meetings, negotiations or bids seem to be open knowledge.
  3. You have noticed strange sounds or volume changes on your phone lines.   (Amateur wiretappers tend to use off-the-shelf equipment that is inferior to that used by professional eavesdroppers.  Almost all surveillance devices cause slight anomalies on the phone line, such as volume changes and or drop-offs.  This could also simply be a flaw in the line but definitely have the line checked.)
  4. Static, popping or scratching sounds appear on your phone line.  (This occurs when a poorly trained or amateur eavesdropper is messing with your line.  When two conductors are connected together - such as a bug or wiretap on a line, there is an electrical discharge that causes these sounds.)
  5. Your phone’s headset emits sounds when it’s hung up.  (This is caused by a hook switch bypass which effectively turns the phone receiver into a microphone and a speaker.  There is probably someone listening to everything being said within 15 – 25 feet of the telephone.)
  6. Your phone rings often and there is either nobody there, a very faint tone or a high pitched squeal or beep which is heard for a split second.  (This is indicative or a slave device or line extender being used on your phone line. )
  7. Your AM/FM radio suddenly develops strange interference. (Many amateurs use eavesdropping devices that use frequencies within or just barely outside the FM radio band.  These signals tend to drift and will “quiet” an FM radio in range of the bug.  If the radio begins to squeal when slowed moved around the room, keep it in motion until the sound becomes very high pitched.  You’ve now found you bug.  Make sure that the “stereo” function is turned off so that the radio is operating only in “mono” as this will seriously increase the radio’s sensitivity.)
  8. Your car radio suddenly becomes erratic.  (The antenna of your car radio can be, and often is, used by eavesdroppers.)
  9. Your television develops strange interference. (TV draws in a lot of bandwidth.  Because of this they are very sensitive to any nearby transmitter – bugs.)
  10. You have been burglarized but nothing was taken.  (Professional eavesdroppers often repeatedly break into a target’s home or office, usually to reposition or replace malfunctioning or dead bugs.  Rarely, however, can anyone reset furniture or room accents back to the exact position.  If you feel it, test it.)
  11. Electrical wall plates appear to be moved slightly.  (One of the most popular places to hide bugs are inside electrical outlets, smoke alarms and lighting fixtures.  This requires that the wall plate surrounding the device be removed and replaced.  Look for small amounst of debris directly below the electrical outlet and note the repositioned screws.)
  12. A dime-sized discoloration suddenly appears on the wall or ceiling. (This is a sure sign that a pinhole mike or small video camera has been recently installed.)
  13. One of your vendors has gifted you with any type of an electronic device such a desk radio, alarm clock, iPod, small TV…  (Many gifts of this type are Trojan horses.  Know your gifter.)
  14. A small bump or deformation appears on the baseboard near the floor.  (Someone may have concealed covert wiring or a mike imbedded into the molding adhesive, causing the discoloration.)
  15. Certain items just appear in your office or home, yet no one seems to know how they got there.  (Typical items to watch for are clocks, exit signs, sprinkler heads. picture frames and lamps.)
  16. You notice repair vehicles often now near your home or office.
  17. Telephone, cable, plumbing or HVAC repair people show up to allegedly do work when they have not been requested.  (A very common ruse is for eavesdroppers to pretend they need to repair a problem when in fact they are installing recording devices.)
  18. Service or delivery trucks are often parked nearby your office or home with nobody (that you can see) in them.  (These types of vehicles are often used as listening posts.  Be especially wary of those vehicles with tinted windows and those carrying what appear to be ladders and pipe racks on the roofs.  These are often sophisticated antennas.)
  19. Your door lock suddenly doesn’t ”feel right”.  (That is primary evidence that your door lock has been picked, manipulated or bypassed.  Try to always use coaxial locks with sidebars – such as Medeco locks.)
  20. Things seems to have been rummaged through but nothing taken.  (The most common rummaging targets are the backs of desk drawers, the bottom of cabinets, closets and dresser drawers.)

And finally, if an eavesdropper sends you a copy of your private conversations, texts, chats…, all bets are off.  You have been compromised and can expect to be blackmailed or terrorized.  At this point, inform your local police department and immediately contact the FBI.  If you believe that you have also been compromised/cyber defrauded, contact IC3 – The Internet Crime Complaint Center (IC3) is a partnership between the Federal Bureau of Investigation (FBI) and the National White Collar Crime Center (NW3C).

Our Operatives: Street smart; tech savvy.

As always, stay safe.

Related articles

Filed under: bug, bugging, burglar, camera, cell phone, cyber crime, surveillance, taped recordings, tapped | Tagged: , , , , , , , , , , | Leave a Comment »

Situations and Professions at High Risk for Covert Surveillance. Part I/II

Posted on October 1, 2012 by Lina Maini

Those of us in the investigative and intelligence gathering fields refer to October as Clean Up Month.  It’s this time of year when telecom, software and security related technology firms release new editions of their products.

(In our two-part series this week, we explore a) the situations and people  most likely to be covertly surveilled (at the end of this article, we list the FBI‘s top professions most likely to encounter bugging situations) and b) next week, we provide you with 25 tip-offs to potential bugging in your home, vehicle or office.)

Given the proliferation and ease of use now of “bugging” devices, the probability of being secretly recorded is higher than ever. So who is most likely to get bugged?

In Business

- Companies that have publicly traded stock (even more at risk, those about to IPO)

- Corporate entities experiencing labor problems, union activities or are in negotiation situations.

- Companies involved in any type of litigation or lawsuit.

- Businesses anticipating layoffs

- Companies involved in the fashion, automotive, advertising or marketing industries.

While anyone can be the target of covert eavesdropping, some people are at a higher risk thank other because of financial status, occupation, legal or domestic situation.  These targets may include:

- Spouses tend to secretly monitor each other (especially if involved in a divorce, child custody case or other serious financial position).

- Parents bugging kids

- Students bugging professors

- Business people bug each other

- Insurance companies but accident victims and other claimants

- Salespeople bug their clients

This list goes on ad infinitum, so when should you be seriously concerned?

You (and or someone close to you) is or have been:

- Involved in any type of litigation or lawsuit

- Been questioned or arrested by the police

- In the process of getting married, divorced, separated or recently widowed

- Running for ay type of elected public office

- Recently filed an insurance claim

- Are an executive or scientist at any large company

- Engaged in political demonstrations or activism

- Are in the upper income bracket

- Private investigators have been digging into your information

Extreme High Risk Businesses  (citing the FBI):

Materials:

  • Materials synthesis and processing
  • Electronic and photonic materials
  • Ceramics
  • Composites
  • High-performance metals and alloys

Manufacturing:

  • Flexible computer-integrated manufacturing
  • Intelligence processing equipment
  • Micro- and nano-fabrication
  • Systems management technologies

Information and Communications:

  • Software
  • Micro and optoelectronics
  • High-performance computing and networking
  • High-definition imaging and displays
  • Sensors and signal processing
  • Data storage and peripherals
  • Computer simulation and modeling

Biotechnology and Life Sciences:

  • Applied molecular biology
  • Computational Chemistry
  • Medical technology

Transportation:

  • Aeronautics
  • Surface transportation technologies

Energy and enviroment:

  • Energy technologies
  • Pollution minimization, remediation and waste management

Finally, we look at those professions that are particularly target for covert surveillance.

High Threat Occupations (again, according to the FBI):

- Attorney

- Doctor

- Chiropractor

- Dentist

- Architect

- Police Officer

- Court Clerk

- Judge

- Elected official

- Mayor

- Selectman

- School Principal

- Professor

- Product Engineer

- Software Developer

- Executive/Scientist at a large development company

- Employees at defense contracting companies

- Ministers and other religious leaders

- Corporate Buyer or Purchasing Agent

- Labor or Union Official

- Fashion employees

- Advertising personnel

- Personnel managers

Next week, in Part II of this series, we will define 25 “tip-off” clues that you or your business may be bugged.

Paranoia is unnecessary; vigilance required.

Our Operatives: Street smart, tech savvy.

As always, stay safe.

Filed under: cyber crime, data, security, Spying Equipment, surveillance, taped recordings, tapped | Tagged: , , , , , , | Leave a Comment »

Electronic Crime Scene Investigations; Evidence Collection. II/II

Posted on July 24, 2012 by Lina Maini

In Part I of our two-part Electronic Crime Scene Investigations series, we covered recognizing and securing an electronic crime scene.  In this post, we delve into the actual investigation itself.

First and foremost, now that you have isolated all persons with access from the crime scene, please ensure that they provide your investigator (whether it is an inside manager or a hired professional detective), with a release similar to the below.  (Please check with your local law enforcement on particular jurisdictional guidelines.)

CONSENT TO SEARCH ELECTRONIC MEDIA
I, __________________, hereby authorize __________________, who has identified himself / herself as a law enforcement officer, and any other person(s), including but not limited to a computer forensic examiner, he / she may designate to assist him / her, to remove, take possession of and / or conduct a complete search of the following: computer systems, electronic data storage devices, computer data
storage diskettes, DVDs, or any other electronic equipment capable of storing, retrieving, processing and / or accessing data.
The aforementioned equipment will be subject to data duplication / imaging and a forensic analysis for any data pertinent to the incident / criminal investigation.
I give this consent to search freely and voluntarily without fear, threat, coercion or promises of any kind and with full knowledge of my constitutional right to refuse to give my consent for the removal and / or search of the aforementioned equipment /data, which I hereby waive. I am also aware that if I wish to exercise this right of refusal at any time during the seizure and or search of the equipment / data, it will be respected.

This consent to search is given by me this ________ day of, __________________
20__________, at ____________ am / pm.

Location items taken from: ____________________________________________
Consenter Signature: ________________________________________________
Witness Signature: _________________________________________________
Witness Signature: _________________________________________________

Evidence Collection
Handling digital evidence correctly is essential to preserving the integrity of the physical device as well as the information or data it contains. Turning off the power to a computer or other electronic device may cause the information or data stored on it to be damaged or lost.
If you are not trained in handling digital evidence —
• Do not attempt to explore the contents of a computer or other electronic device or to
recover information from it.
• Do not alter the state of a computer or other electronic device.
• Do not press any keys or click the mouse.
• If the computer or device is off, leave it off.
• Do not move a computer or other electronic device that is powered on.
• Do not accept offers of help or technical assistance from unauthorized persons.
• DO request technical assistance from personnel with advanced equipment and training in digital evidence collection.  See http://www.ecpi-us.org/Technicalresources.html for a list of available resources.

Assess the Situation

Before seizing digital evidence, make sure you have the legal authority to do so. Improper access to information or data stored on electronic devices may violate provisions of federal laws.

After securing the scene and identifying the computer’s power status, follow the steps listed below for the situation most like your own. (If the final suggestion in each situation is “Proceed to if Computer Is On” or “Proceed to if Computer Is Off.”, those two sections are posted on the bottom on this article.)

Situation 1: Monitor is on. Program, application, work product, picture, e-mail or Internet site is displayed.

1. Photograph screen and record information displayed.
2. Proceed to “If the Computer Is ON”

Situation 2: Monitor is on. Screen saver or picture is visible.
1. Move mouse slightly without depressing buttons or rotating wheel if present.
2. Note any onscreen activity that causes a change in the display.
3. Photograph screen and record information displayed.
4. Proceed to “If the Computer Is ON”

Situation 3: Monitor is on. Display is blank.
1. Move mouse slightly without depressing buttons or rotating wheel if present.
2. Display changes to login screen, work product, or other visible display.
3. Note change in display.
4. Photograph screen and record information displayed.
5. Proceed to “If the Computer Is ON”

Situation 4a: Monitor is off. Display is blank.
1. If monitor’s power switch is in off position, turn monitor on.
2. Display changes to a login screen, work product or other visible display.
3. Note change in the display.
4. Photograph screen and record information displayed.
5. Proceed to “If the Computer Is ON”

Situation 4b: Monitor is off. Display is blank.
1. If monitor’s power switch is in off position, turn monitor on.
2. Display does not change. Screen remains blank.
3. Note that the display does not change.
4. Photograph blank screen.
5. Proceed to “If the Computer Is OFF”.

Situation 5: Monitor is on. Display is blank.
1. Move mouse slightly without depressing any buttons or rotating the wheel if present.
2. If display does not change, confirm that power is supplied to the monitor.
3. If display remains blank, check computer case for active lights and listen for fans spinning or other indications computer is on.
4. If computer case gives no indication that it is powered on, proceed to “If the Computer Is OFF”.

================================

If the Computer Is OFF
For desktop, tower and minicomputers follow these steps:
1. Document, photograph, and sketch all wires, cables, and devices connected to the computer.
2. Uniquely label and photograph the power supply cord and all cables, wires or USB drives attached to the computer and the connection each of these occupies on the computer.
3. Remove and secure the power supply cord from the back of the computer and from the wall outlet, power strip or battery backup device.
4. Disconnect and secure all cables, wires and USB drives from the computer and document the device or equipment connected at the opposite end.
5. Place tape over the floppy disk slot if present. Ensure that the CD or DVD drive trays are retracted into place and tape across the drive tray to prevent it from opening.
6. Place tape over the power switch.
7. Record the make, model, serial numbers and any user-applied markings or identifiers.
8. Record or log computer and all cords, cables, wires, devices and components according to agency procedures.
9. Carefully package all evidence collected to prevent damage or alteration during transportation and storage.

For laptop computers follow these steps:
1. Document, photograph and sketch all wires, cables and devices connected to the laptop.
2. Uniquely label and photograph all wires, cables and devices connected to the laptop and the connection each occupies.
3. Remove and secure the power supply and all batteries from the laptop computer.
4. Disconnect and secure all cables, wires, and USB drives from the laptop and document the equipment or device connected at the opposite end.
5. Place tape over the floppy disk slot if present. Ensure that the CD or DVD drive trays are retracted into place and tape across the drive tray to prevent it from opening.
6. Place tape over the power switch.
7. Record the make, model, serial numbers and any user-applied markings or identifiers.
8. Record or log the laptop computer and all cords, cables, wires, devices and components according to agency procedures.
9. Carefully package all evidence collected to prevent damage or alteration during transportation and storage.

If the Computer Is ON
Removing the power supply is generally the safest option. If evidence of a crime is visible on the computer display, however, request assistance from personnel with experience in volatile data capture and preservation (see http://www.ecpi-us.org/Technicalresources.html).

Immediate disconnection of power is recommended when —
• Information or activity on screen indicates that information or data is being deleted or overwritten.
• A destructive process appears to be in progress on the computer’s data storage device(s).
• The system is powered on in a typical Microsoft Windows® environment. Pulling the power supply cord from the back of the computer will preserve information about the last user account logged in, login time, most recently used documents, most
recently used commands, and other valuable information.

Immediate disconnection of power is NOT recommended when —
• Information or data of apparent evidentiary value is in plain view onscreen. Seek assistance from personnel with advanced training in digital evidence collection.
• Indications exist that any of the following are active or in use: Chat room(s), text documents, remote data storage, Instant Messaging (IM), child pornography, contraband, financial documents, data encryption and obvious illegal activities.
• The device is a mobile or smart phone. Leave mobile and smart phones in the power state in which they were found.

Improper shutdown of mainframe computers, servers or a group of networked computers may result in the loss of data, loss of evidence and potential civil liability. Secure the scene and request assistance from personnel with advanced training in digital evidence collection of large or complex computer systems (see http://www.ecpi-us.org/Technicalresources.html).

(We suggest you print Parts I and II of this series into a manual format.)

Our Operatives: A step ahead.

As always, stay safe.

Related articles

Filed under: Computer Security, crime, cyber crime, cyber investigations, data, equipment, evidence, investigation, security | Tagged: , , , , , , , , , | Leave a Comment »

Electronic Crime Scene Investigations; Assessing & Documenting the Situation. I/II

Posted on July 17, 2012 by Lina Maini

When a computer crime is suspected in the workplace, action must be taken immediately. We’ll take you through a step by step computer crime scene investigation; the same protocol that we security and information specialists conduct.

When securing and evaluating the scene:
• Do not alter the state of an electronic device. If a computer or an electronic device is off, leave it off.
• Remove all unauthorized persons from the area where evidence is to be collected.
• Identify, seize and secure all electronic devices, including personal (have the employee sign a release or note the type of device, if s/he refuses) or portable devices.
• Recognize potential digital evidence in telephones, digital video recorders, other office appliances and motor vehicles.

If the computer is on or the power state cannot be determined:
• Look and listen for indications that the computer is on — e.g., fans running, drives spinning and lit light-emitting diodes (LEDs).
• If you cannot determine the power state of the computer, observe the monitor to determine if it is on, off or in sleep mode.
• Check display screen for signs of data destruction.  Look out for words such as “delete,” “format,” “remove,” “copy,” “move,” “cut” or “wipe.”
• Look for indications that the computer is being accessed remotely and/or signs of ongoing com-
munications with other computers or users — e.g., Instant Messaging (IM) windows or chat rooms.
• Take note of all cameras and determine whether they are active.

Preliminary Interviews
•Separate and identify all adults of interest and record the location they occupied when you entered the scene. Obtain the following information from interviewee(s):
• Purpose of computers and devices.
• All users of the computers and devices.
• Type of Internet access and Internet service provider.
• Computer and Internet user information — e.g., login names, user account names and passwords, and Instant Message screen names.
• E-mail and Web mail (Web-based e-mail) accounts and Web pages.
• Account information for online social networking Web sites — e.g.,  Facebook, LinkedIn
• All security provisions, data access restrictions, destructive devices or software in use.
• Any automated applications in use.
• Any other relevant information.

Documenting the Scene
Your documentation should include:
• The type, location, position, condition and power status of the device.
• A record of all activity and processes visible on the display screen(s).
• A record of all physical connections to and from the computers and other devices.
• A record of any network and wireless components capable of linking devices to each other and the Internet.
• The type, condition and power status of the device’s Internet and network access.
• Video, photos, notes and sketches to assist in recreating/conveying the details of the scene.
(Some computer systems and electronic devices — and the information they contain — may be protected under applicable laws, agency policies or other factors, that may prohibit collection of these devices or components.  That’s when you call in a pro.  However, do include the location, condition and power state of these devices in your documentation.)

Movement of a running computer or electronic device may cause changes or damage to the computer or device or the digital evidence it contains. Computers and electronic devices should not be moved until it is determined that they are powered off.

In Part II/II we will get into the meat of Evidence Collection.  The instructions we will impart will not be generalizations but rather, actual, working directions.

Our Operatives: A step ahead.

As always, stay safe.

Related articles

Filed under: Computer Security, crime, cyber crime, invasion of privacy, investigation | Tagged: , , , , , , , | 2 Comments »

Top Ten Security/Investigation Predictions for 2012. Part I of II.

Posted on January 2, 2012 by Lina Maini

 Hoping to give our readers an edge on awareness and combatting security and investigation concerns in 2012, below are our top five predictions in the area of information and data security management. (Next week, in II of this two-part series, we will cover the remaining five predictions, focused on evolving investigation concepts.)

1. Social networking redefining “privacy”.

Confidential user information is ending up online, in large part by the users themselves.  We’ve grown into a society that maintains a different attitude toward protecting and sharing information. We are now more likely to reveal personal data and unlikely to take steps to keep information restricted.  Within several years, privacy-conscious individuals will be in the minority.

2. Hackers will attack nontraditional targets.

To date, hackers’ goals have been mainly to steal money, obtain valuable data for resale, disrupt services and intimidate targets ranging from individuals to large corporations and governmental agencies.  The new hack attacks will now concentrate on network-connected systems, such as medical equipment, actively controlling devices from external locations by unauthorized users. (This may explain the decision to not enable online election voting  as within a networked system there is a 100% probability of its vulnerability to outside hacking attacks, which may include data interruption or manipulation.)

3. Smartphone and tablet platforms, especially Android, will suffer greater cybercriminal attacks.

As smartphone usage continues to grow worldwide, so will mobile platforms attacks. The Android platform, in particular, due to its open app distribution model, is and will continue to be, a favored cybercrminal’s target.

4. Virtual and cloud-based computing systems will encounter the same cybercriminal vulnerabilities as do physical systems.

The inevitable, using and or interacting with virtual and cloud-based computing systems, renders them just as vulnerable by conventional attack methods that hackers have used in the past.  They see no need to change their criminal methodology as virtual and cloud platforms are just as easy to attack as physical systems but more difficult to protect. The burden will thus fall on IT admins to secure their company’s critical data as they adopt these technologies.

5. Bring-Your-Own-Device (BYOD) data breaches will dramatically increase.

The BYOD Era is here and, if anything, mobile device usage will only increase. As more and more corporate data is stored or accessed by mobile devices that are not fully controlled by IT administrators,  the likelihood of data loss incidents will rise.  The massive uptick expected in this area is directly attributable to improperly secured personal devices.

Just my thoughts:  In the past decade+, I’ve noticed the wide range of expertise among IT administrators.  Operating an entity’s internal information engine is one thing, securing it is an entirely different matter.  Given the cost that security breaches can and have caused, perhaps it is time to upgrade the post-certification requirements for IT admins.  Continuing education classes and annual re-certification may be viable solutions to the rapidly rising level of cybercriminality.

Our Operatives: Street smart; Tech savvy.

As always, stay safe.

Related articles

Filed under: cyber crime, data, information, security | Tagged: , , , , , , , , | Leave a Comment »

IP Theft – Not If but When

Posted on November 3, 2008 by Lina Maini

Intellectual property (IP) theft is on the rise. It is of particular interest to us in that it is a challenging area of research and investigation, with which we have formidable experience but also because of the sheer laxity with which people, unintentionally, treat their personal concepts and/or corporate secrets. One of the most infamous IP hijack attempts is the one by a Pepsi employee several years ago, of rival, Coca Cola’s age old secret formula. (This situation was more of a former Coke employee, turncoat cum extortionist, caught in the act.)

No longer is it the ragged thief on the sidewalk selling bootleg DVDs (although, despite recording and film industry-instigated aggressive prosecution, continues at a multi-billion dollars a year loss). Cyber thievery is the crime du jour. The mastermind cyber criminal needs only to bring in a skilled hacker (he/she may not even be old enough to vote – although we encourage everyone to get out tomorrow, Election Day ’08!) and if there is a focus on your product or concept, and you’ve maintained it on your corporate or personal PC, it can be retrieved from the outside. For that matter, it’s not just traditional IP materials that are vulnerable to cyber theft, so are your client lists, address book, confidential case file data, etc. As you can see in the CBS News clip below, there are actually hacking kits on the market.

Cyber Crime/Intellectual Property Protection Tips:

1. Have all employees, affiliated vendors.. sign confidentiality agreements. Specify the agreement to your firm’s concerns.

2. Conduct specific prior IP theft prosecution background checks for any employee or potential subcontractor, vendor… who may potentially gain access to proprietary company information.

3. Change passwords. Frequently. This can be a hassle but there are off the shelf programs (roboform comes to mind immediately) that can automatically enable and track these changes for you.

For more info, there is an up-to-date, comprehensive cyber crime area on the USDOJ site.

BNI Operatives: Street smart; Web savvy.

Stay safe and VOTE!,

Lina

Filed under: cyber crime, government employee, intellectual property theft, ip address, prosecution, trade secrets | Leave a Comment »

Follow

Get every new post delivered to your Inbox.

Join 186 other followers

%d bloggers like this: