29/10/2002 - 21:00

Cyber cops pound the virtual beat

29/10/2002 - 21:00


Upgrade your subscription to use this feature.

IN striving to be profitable and competitive, local businesses may often overlook the potential impact of criminal activity, not only on their bottom line, but also on long-term sustainability.

Cyber cops pound the virtual beat
IN striving to be profitable and competitive, local businesses may often overlook the potential impact of criminal activity, not only on their bottom line, but also on long-term sustainability. Particularly vulnerable are an organisation’s computerised systems and the communication channels connecting those systems to the outside world.

However, according to Detective Sergeant Ted Wisniewski of the WA Police’s Computer Crime Investigation unit, apathy and a lack of awareness remain characteristic of the approach many businesses have to the security of their electronic systems.

“Organisations are not taking security seriously enough,” Detective Sergeant Wisniewski said. “As long as their systems do what they need them to, many organisations regard security as secondary. Until something happens.”

And, as indicated in the recently released 2002 Australian Computer Crime and Security Survey, the likelihood of something happening is high. The survey found that, since 1999, the volume of computer crime and security incidents reported by Australian organisations had doubled. Of those surveyed, 89 per cent had recorded attacks from external sources, with 65 per cent recording attacks from internal sources. Perhaps most noteworthy was the finding that 98 per cent of the Australian organisations surveyed reported they had experienced computer crime of some form.

Detective Sergeant Wisniewski said organisations with insufficient security made themselves soft targets for a wide range of attacks.

“Such organisations become vulnerable to web site defacement, viral infection and industrial espionage,” he said. “Being the victim of such attacks can lead to acute embarrassment, loss of public reputation and in some cases a loss of competitive advantage.”

In addition to attacks of this nature, organisations doing business on-line become potential targets of credit card fraud, according to Detective Sergeant Wisniewski.

“Criminals use stolen or bogus credit card numbers to purchase goods or services from the victim merchant,” he said.

In WA, victims of computer crimes such as these can turn to their local police, who will be assisted by CCI, which forms part of the Commercial Crime Division within the WA Police Force. Its role is two-fold. Firstly, it provides computer forensic analysis support to other departments in the force conducting investigations into criminal activities. Secondly, in cases where the unlawful operation of a computer system has been the central criminal activity, the CCI may also conduct investigations directly.

In either event, CCI gathers evidence from computer systems involved in criminal activity for the purposes of investigation and legal proceedings. It will often do this by seizing computer systems suspected of having been used in a crime and scanning hard disk drives to locate evidence.

“This is a clinical, methodical and often laborious procedure,” Detective Sergeant Wisniewski said. “However, such an approach is vital if evidence acquired from computer systems is to stand up in court.”

Detective Sergeant Wisniewski said securing a conviction against an offender was in many ways contingent upon the steps taken by the victim organisation.

“As a matter of course, all organisations should have password protection on their systems in addition to an unambiguous policy that clearly states the responsibilities of those using them,” he said.

“Thus, persons circumventing or exceeding these measures to access and use an organisation’s computer systems clearly do so without authorisation. Establishing this lack of authorisation is vital if a conviction is to be secured in a court of law.

“Organisations also need to ensure that some form of system logging is in place.”

There were several important steps to follow in cases where a business thought it had been affect-ed.

“Most importantly, any potential evidence needs to be identified and preserved and anyone involved in this process needs to be aware that they may be required to give evidence in court at some point in the future,” Detective Sergeant Wisniewski said.

“This may range from taking forensic back-ups of hard drives through to the recording of system logs to an unalterable format such as CD-ROM. Any evidence obtained should be clearly and uniquely identified by the person securing it.

“Depending on the circumstances, we may actually attend the scene and secure forensic back-ups of hard drives for the purposes of investigation and evidence gathering. A running sheet should be kept detailing any actions taken, and any movements and handling of evidence, including dates and times and names of persons involved.”


Subscription Options