Suche innerhalb des Archivs / Search the Archive All words Any words

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[] Computerforensik: US- und UK-Agenten gehen zur Privatschule,

Security Agents Head For Cybercrime School

By Beatrice Arnfield, Special to Newsbytes
26 Apr 2002, 2:21 PM CST
Security agents from both sides of the Atlantic are being sent to
school so they can trace and prosecute computer criminals.

The FBI, U.S. Customs, the High Technology Crime Investigation
Association, Europol and the U.K.'s National High-Tech Crime Unit are
among the agencies that have sent staff to learn about cybercrime,
fraud, hacking and software bugs, according to the company,
Massachusetts-based QinetiQ Trusted Information Management.
QinetiQ Trusted Information Management is a division of QinetiQ, which
until July 2001 was part of the UK's Ministry of Defence. QinetiQ, now
a company wholly owned by the UK government, is currently looking for
private equity investors.

Europol analyst Ian Casewell and the UK National High-Tech Crime
Unit's press officer Judi Prue confirmed to Newsbytes that their
organizations sent staff to QinetiQ courses.

According to Casewell, Europol staff have been trained in network
security by QinetiQ. An FBI spokeswoman said the agency never comments
on internal affairs.

Law enforcement agents, district attorneys, private attorneys and
corporate investigators are lining up for the courses, which are also
available in private workplaces, according to John Holland, QinetiQ
Trusted Information Management's CEO.

"There are two things you must know, if you are involved with this
type of work," Holland told Newsbytes at the Infosecurity exhibition
in London. "You have to know how to track the criminals and you have
to know what is permissible in a court of law. It is no good putting a
lot of work into finding evidence, only to find out that it can't be
used. And every country has its own seizure and espionage
requirements, so we have to teach people about this."

Computer forensics is every bit as complicated as traditional
forensics, said Holland, but no criminal is perfect and most leave
footprints behind. For example, when a computer is used to log onto
another computer, it retains a trace of the activity carried out. This
is the case even if the criminal first logs onto an intermediate,
innocent computer or even a long chain of open computers before
launching an attack. These other computers can often be in
inaccessible countries, making the job of collecting evidence harder.

"It is not a trivial job to trace through these computers and collect
evidence that can be presented in a court of law," pointed out
Holland. "Sometimes, you have to rely on help from local law
enforcement agencies. More countries are becoming aware now of the
problem of computer crime and are willing to help if they are shown

However, not all attacks involve computers in distant lands. According
to the FBI, most computer crime is committed by corporate insiders or
associates and many QinetiQ students are corporate investigators
intent on controlling crime within their own organization.

"If they have the skills, they may be able to build a case against the
offender," said Holland. "We also teach them how to preserve the chain
of evidence so that it can be used in court if necessary."

Students are taught about how e-mail works and how e-mail can be
traced and retrieved even after messages have been deleted.

"Deleting e-mails is more complex than most people realize," said
Holland. "The use of internal Merrill Lynch e-mails as evidence
against the company is the latest high profile example of the use of
cyber-evidence, and finding deleted e-mails is one of the skills
taught by QinetiQ."

These skills can also be used in tracking the movement of paedophile
material through computer systems.

QinetiQ Trusted Information Management is in the process of opening a
technical investigation unit near Seattle, Washington. The forensic
laboratory will be concerned mainly with data recovery.

QinetiQ is at

Liste verlassen: 
Mail an infowar -
 de-request -!
- infopeace -
 de mit "unsubscribe" im Text.