Tag Archives: cloud computing

Danger! Zombies ahead… and other security issues

INL@Work Cyber Security ResearcherWeb-based traffic signs seem like the perfect solution for agencies that have speed enforcement problems. With the ability to change the sign’s message online — as well as receive alerts and data from the sign — no longer do supervisors need to send precious units to the signs to perform these functions manually.

But in January 2009, signs in Austin (Texas) were hacked. Displaying messages like “Caution! Zombies Ahead!!!”  they slowed traffic and made for some debate about “harmless fun” (reminiscent of the MIT hacks) vs. vandalism as a threat to public safety.

The signs were not connected to the internet, so hackers had to be there physically to break the locks and the passwords on the controller computers inside. Nevertheless, technology advancements mean that law enforcement administrators need to remember: information security isn’t just about sensitive employee and crime-related data.

Why are these stories important? They reflect that the more law enforcement agencies rely on information technology to make police work more efficient, the more threats they will face from both outside and inside. Whether student pranksters (as was speculated in Austin), foreign operatives (as was speculated in Iowa), or ill informed employees, these threats can take many different forms.

For example, remote-controlled robots are increasingly being deployed in bomb and hostage situations, as in Milwaukee in December. However, as early as last year, cybercrime and security expert Marc Goodman warned of vulnerabilities in battlefield robots, which could easily translate into vulnerabilities for police robotics as well.

The point is not to spread fear, uncertainty and doubt (FUD) about deploying new technologies. Rather, as Goodman puts it: “While electronic warfare is a relatively old domain, the presence of battlefield (and perhaps police robots) means there is a whole additional set of technologies which need to be fully understood and protected prior to deployment in real world scenarios.”

The same can be said of social media, “the cloud,” or even computer-controlled traffic signs. Nothing is completely secure; the human factor trumps all. However, the public- and officer-safety, force-multiplying, and investigative benefits of each kind of technology are too great to avoid them entirely.

What kind of security research have you done on technology you considered or deployed? How have you prepared your employees for best security practices?

Creative Commons License photo credit: Idaho National Laboratory

Considering hiring an intern for day-to-day social media tasks

Collecting evidence from the Internet

Last time I blogged about iCyte, a bookmarking tool that archives websites rather than simply linking to them. This preserves pages for later reference, rather than a person having to deal with broken links.

The implications for online investigation are clear. If you can archive a website, preserving it with incriminating (or exculpatory) evidence the way you found it, you can make cases that way. Right?

Yes. Absolutely. But a third party storing evidence opens the door to reasonable doubt. How can you, the law enforcement officer, prove that no data went unchanged while the evidence was stored out of your direct control? (Chain of custody; evidence preservation.)

I debated with myself over whether to post this, because even if I disclose that I work for a maker of online evidence collection software, “conflict of interest” gives way to “selling something.” Not a comfortable position to be in.

And yet, I believe in what my client does. That’s why I signed with them. And I’d be remiss as a blogger if I didn’t draw attention to something that solves a problem for my community of readers.

Therefore:

Got WebCase?

Websites have a bad habit of changing content, especially when you least need or expect them to. They might undergo a redesign and lose the article you needed to find, or the server they’re hosted on goes down, or their owner might let the domain registration lapse.

Or they could be a social networking site, with status updates and tweets disappearing after a matter of days.

Forensic collection of evidence has always depended on the ability of the collector to preserve the evidence as it was at the time of collection. A bloodstained shirt goes into a properly sealed and marked paper bag, and is logged along the chain of custody until it gets to the analyst. A hard drive is imaged and likewise logged until a digital forensic examiner analyzes that image.

How do you do this with Internet evidence? A lot of investigators simply screenshot a website or capture its video. If that content is taken down or changed between the time it was collected and court, there’s no way to prove it ever existed as it did when you saw it. (Even the Internet Archive’s Wayback Machine is limited.) Again: reasonable doubt.

There’s a much longer story that goes into Vere Software’s making of WebCase, but in essence, it splices together legal expectation with commonly accepted digital forensic methodology by not just archiving, but also date/time stamping and hashing (“digitally fingerprinting”) the website content as evidence.

It then goes a step further by providing a way to show all this in court in a way that average jurors, attorneys, and judges can understand—visually, sometimes auditorially.

Can vs. should

Can you get away with screenshots and video captures? Sure. I can’t think of current or recent cases that made challenges to this kind of evidence… but that doesn’t mean they aren’t coming, as soon as defense attorneys and judges get savvy. I’m not sure that will take long. They’re already trying to figure out what to do about tweeting jurors and judges on Facebook.

Cops are so frequently accused of taking shortcuts, meanwhile, with investigations. Especially when it comes to evidence collection and preservation. And while digital evidence can be complicated, WebCase wasn’t designed for analysts. It was designed for average investigators, who deserve to be able to show in court how law enforcement takes case-building as seriously as we want you to.

So please head on over to the Vere Software website and download the 30-day free demo of WebCase, along with the various free tools offered. Subscribe to the blog, check out the free e-learning. No, I’m not getting paid for this post, nor based on sales that come from this post. Yes, I understand that budgets are strapped. Believe me.

At the same time, though, a good friend of mine secured two copies of WebCase not long before the union in his department voted to forego pay raises just to keep its gang unit rather than see it disbanded. That town is facing serious gang problems, and given that gangs are using social networking sites to do their business, the fact that this agency found the money for WebCase is significant.

What kinds of online evidence is your agency seeing?

Image: NIOSH via Flickr