Intelligence efforts have kicked into high gear since two planes leveled the Twin Towers of New York’s World Trade Center and a third airliner slammed into the Pentagon on Sept. 11. FBI agents have since seized several notebook computers and personal computers from suspected terrorists and are decoding the machines’ encrypted files in hopes of uncovering evidence that could lead to the capture of terrorist operatives—and maybe even the leader of al Qaeda himself, Osama bin Laden.
For years, top-secret intelligence efforts and covert maneuvers combined with military might have served as the most commonly used weapons for tracking terrorists. But according to Michael R. Anderson, president and CEO of New Technologies, Inc., a computer forensics consulting company in Gresham, OR, a new tool is being increasingly used in the fight against terrorism: the forensic study of computers by IT and law enforcement professionals.
Anderson, a retired special agent with the U.S. Treasury who was responsible for creating early computer evidence processing procedures, is an expert on computer forensics and cybercrime. I’ll share with you his thoughts, as well as another security expert’s, on how forensics is being used to find criminal leads and who might be best suited for a career in computer forensics.
Following electronic leads
Computer forensics is the science of preserving computer data as evidence to use as leads for unearthing criminal activity around the globe. And while many of us might think that the efforts of international terrorism would be more sophisticated, it may surprise you to know that the bad guys, according to Anderson, are communicating on what he calls “Bill Gates’ stuff.”
Anderson says that forensics often involves decoding encrypted files and ambient data, which is often found on popular off-the-shelf software files. “Microsoft Word was never designed to be secure, which means that residue in background, temporary, or swap files can be found even if it’s deleted,” he said.
Swapping is a technique that enables a computer to execute programs and manipulate data files larger than main memory. “Windows is so dirty, from a security standpoint, that the stuff is probably spread over an entire computer,” Anderson said.
Forensics also involves following a “digital trail,” as Anderson calls it, by tracing e-mails as they shuttle from one ISP to another. After the World Trade Center attack, all government computer forensics efforts were focused on gathering information leading up to the event: identifying who the terrorists talked to and finding the plans outlining the logistics of the attack.
A career in computer forensics
So who’s cut out to be a cybersleuth? The most likely candidates are geeks who have been experimenting with computers since they were kids, according to Steve Halligan, a security specialist employed by the Geek Squad, a computer support and repair company in Minneapolis.
“They have a curiosity and passion to learn all they can,” he explains. “Ninety-nine percent of the people working in security and forensics are self-taught. Many are former teenage hackers. But they all have a level of knowledge that can’t be taught in a classroom. They understand programming and have a deep knowledge of network administration and infrastructure. Simply, they know how networks are designed and how to make them run.”
Anderson said that being successful at computer detective work takes a burning desire to be a fact finder. “The ones who really shine are cops who know a little about computers,” he said.
If you’re interested in breaking into computer forensics, Anderson suggests getting experience working with security for a corporation—especially financial institutions, where security is a top priority.
“Companies have instant response teams that solve security emergencies as they occur,” he said. “Usually, there is one forensics person on a team. It’s great experience because you learn about the different security problems and how to react quickly.”
Halligan, on the other hand, believes that the best way to learn about forensics is on your own: “Learn the language, plug into the security networks, attend conferences, and follow the serious security sites where the pros hang out,” he said.
Halligan’s favorites are SecurityFocus and Honeynet Project. These sites track the newest trends in security technology, and you can also find out about the techniques used by the best security gurus in action today.
If you’re already an experienced security pro, government computer security positions abound, especially in agencies like the FBI, CIA, and Treasury Department.
Does your company have a chief security officer?
Do you have a team within your organization that addresses security attacks when they occur, or do you have one person dedicated to security? Have the recent terrorist attacks changed your thinking on this issue? Tell us how your company manages the security of your network and data.