11.1 Strengthen cyber-related counterintelligence efforts

Previous page
Table of content
Next page

  < Day Day Up > 


Those organizations with offices or operations in several countries are in a unique position to provide assistance in the fight against cyberterrorism. Even though an organization's computers and networks located in the United States may not be attacked, it is entirely possible that the computers and networks located in other countries may be under attack or have been penetrated or damaged.

Organizations located in the United States that have had such experiences should strongly consider reporting this information to the FBI or other law-enforcement agencies. The following types of instances should be reported, because they may help in compiling profiles of potential hackers and terrorists:

  • Systems intrusions and hacking incidents

  • Theft of intellectual property or trade secrets

  • Theft of computer-based business information

  • Harassing e-mails

  • Denial-of-service attacks

  • Physical destruction of computers or networking equipment

  • Theft of portable computing devices

  • Repeated virus attacks that are unique to an environment or location

  • Break-ins or destruction of physical facilities that house computers or network equipment

The FBI may not be able to help investigate specific crimes or even intervene with local law-enforcement authorities. However, such information can be helpful in mapping the frequency and types of incidents and can contribute to the formulation of warnings for other organizations operating in the same region or country. Reports can also be made to the FBI liaison at U.S. consulates and embassies in many locations around the world, including the following:

Europe

  • Vienna, Austria

  • Brussels, Belgium

  • Copenhagen, Denmark

  • London, England

  • Tallinn, Estonia

  • Paris, France

  • Berlin, Germany

  • Athens, Greece

  • Rome, Italy

  • Warsaw, Poland

  • Moscow, Russia

  • Madrid, Spain

  • Bern, Switzerland

  • Kiev, Ukraine

Africa

  • Lagos, Nigeria

  • Pretoria, South Africa

Asia/Pacific

  • Canberra, Australia

  • Hong Kong, China

  • Tokyo, Japan

  • Manila, Philippines

  • Singapore, Singapore

  • Bangkok, Thailand

Central Asia/Middle East

  • Cairo, Egypt

  • New Delhi, India

  • Tel Aviv, Israel

  • Almaty, Kazakhstan

  • Islamabad, Pakistan

  • Riyadh, Saudi Arabia

  • Ankara, Turkey

Western Hemisphere

  • Buenos Aires, Argentina

  • Bridgetown, Barbados

  • Brasilia, Brazil

  • Ottawa, Canada

  • Santiago, Chili

  • Bogot·, Colombia

  • Mexico City, Mexico

  • Panama City, Panama

  • Caracas, Venezuela

According to the FBI, it is also important to work to collect digital evidence in an organized fashion and to apply standard procedures to analyze that evidence and do so around the world. The Scientific Working Group on Digital Evidence (SWGDE) was established in February 1998 through a collaborative effort of the Federal Crime Laboratory Directors. SWGDE, as the United States-based component of standardization efforts conducted by the International Organization on Computer Evidence (IOCE), was charged with the development of crossdisciplinary guidelines and standards for the recovery, preservation, and examination of digital evidence, including audio, imaging, and electronic devices.

From a law-enforcement perspective, more of the information that serves as currency in the judicial process is being stored, transmitted, or processed in digital form. The connectivity resulting from a single world economy in which the companies providing goods and services are truly international has enabled criminals to act transjurisdictionally with ease. Consequently, a perpetrator may be brought to justice in one jurisdiction while the digital evidence required to prosecute the case successfully may reside only in other jurisdictions.

This situation requires that all countries have the ability to collect and preserve digital evidence for their own needs, as well as for the potential needs of other countries. Each jurisdiction has its own system of government and administration of justice, but in order for one country to protect itself and its citizens, it must be able to make use of evidence collected by other countries. Though it is not reasonable to expect all countries to know about and abide by the precise laws and rules of other countries, a means that will allow the exchange of evidence must be found. The following concepts and principles need to be applied in cybercrime investigations and the collection of digital evidence.

The acquisition of digital evidence begins when information or physical items are collected or stored for examination purposes. The term evidence implies that the collector of evidence is recognized by the courts. The process of collecting is also assumed to be a legal process and appropriate for rules of evidence in that locality. A data object or physical item only becomes evidence when so deemed by a law-enforcement official or designee.

In order to ensure that digital evidence is collected, preserved, examined, or transferred in a manner safeguarding the accuracy and reliability of the evidence, law-enforcement and forensic organizations must establish and maintain an effective quality system. Standard operating procedures (SOPs) are documented quality-control guidelines, which must be supported by proper case records and use broadly accepted procedures, equipment, and materials.

All agencies that seize or examine digital evidence must maintain an appropriate SOP document. All elements of an agency's policies and procedures concerning digital evidence must be clearly set forth in this SOP document, which must be issued under the agency's management authority. The use of SOPs is fundamental to both law enforcement and forensic science. Guidelines that are consistent with scientific and legal principles are essential to the acceptance of results and conclusions by courts and other agencies. The development and implementation of these SOPs must be under an agency's management authority.

Procedures used must be generally accepted in the field or supported by data gathered and recorded in a scientific manner. Because a variety of scientific procedures may validly be applied to a given problem, standards and criteria for assessing procedures need to remain flexible. The validity of a procedure may be established by demonstrating the accuracy and reliability of specific techniques. In the digital-evidence area, peer review of SOPs by other agencies may be useful.

The law-enforcement agency must maintain written copies of appropriate-technical procedures. Procedures should set forth their purpose and appropriate application. Required elements such as hardware and software must be listed, and the proper steps for successful use should be listed or discussed. Any limitations in the use of the procedure or the use or interpretation of the results should be established. Personnel who use these procedures must be familiar with them and have them available for reference.

The law-enforcement agency must use hardware and software that is appropriate and effective for the seizure or examination procedure. Although many acceptable procedures may be used to perform a task, considerable variation among cases requires that personnel have the flexibility to exercise judgment in selecting a method appropriate to the problem. Hardware used in the seizure or examination of digital evidence should be in good operating condition and be tested to ensure that it operates correctly. Software must be tested to ensure that it produces reliable results for use in seizure or examination purposes.

All activity relating to the seizure, storage, examination, or transfer of digital evidence must be recorded in writing and be available for review and testimony. In general, documentation to support conclusions must be such that, in the absence of the originator, another competent person could evaluate what was done, interpret the data, and arrive at the same conclusions as the originator.

The requirement for evidence reliability necessitates a chain of custody for all items of evidence. Chain-of-custody documentation must be maintained for all digital evidence.

Case notes and records of observations must be of a permanent nature. Handwritten notes and observations must be in ink, not pencil, although pencil (including color) may be appropriate for diagrams or making tracings. Any corrections to notes must be made by an initialed, single strikeout; nothing in the handwritten information should be obliterated or erased. Notes and records should be authenticated by handwritten signatures, initials, digital signatures, or other marking systems.

Any action that has the potential to alter, damage, or destroy any aspect of original evidence must be performed by qualified persons in a forensically sound manner. As outlined in the preceding standards and criteria, evidence has value only if it can be shown to be accurate, reliable, and controlled. A quality forensic program consists of properly trained personnel and appropriate equipment, software, and procedures.


 < Day Day Up > 


Previous page
Table of content
Next page
Implementing Homeland Security for Enterprise IT
Implementing Homeland Security for Enterprise IT
ISBN: 1555583121
EAN: 2147483647
Year: 2003
Pages: 248
Authors: Michael Erbschloe
BUY ON AMAZON
MySQL Stored Procedure Programming
Kanban Made Simple: Demystifying and Applying Toyotas Legendary Manufacturing Process
Excel Scientific and Engineering Cookbook (Cookbooks (OReilly))
Lotus Notes Developers Toolbox: Tips for Rapid and Successful Deployment
Service-Oriented Architecture (SOA): Concepts, Technology, and Design
The Oracle Hackers Handbook: Hacking and Defending Oracle
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy