Compliance Management, Critical Infrastructure Security, Privacy, Security Strategy, Plan, Budget

Law and order: A national computer forensic center takes shape

By blood-and-guts standards, Cary, N.C. is as safe a suburb as there is in the nation. The 121,000-person bedroom community regularly ranks near the statistical bottom of all the major crime categories, including murders, aggravated assaults and robberies

But considering the 42-square-mile town's proximity to the so-called Research Triangle, a hotbed of high-tech businesses in the piedmont of North Carolina, local leaders are not resting on their laurels. They know Cary's residents and businesses may not be staring down the barrel of a gun anytime soon, but they are attractive targets for a 21st century style of violence known as identity theft.

"We have a very educated, affluent population here," Police Chief Scott Cunningham says. "We're right next to the Research Triangle. There's a lot of computer literacy in this area. We feel our residents are more ripe to being victimized in this way. The threat will continue to grow."

After a Cary-based child pornography forensic investigation took overburdened federal authorities almost a year to complete, potentially costing local police additional arrests, Cunningham realized it was time for his officers to learn the ropes of digital evidence collection and forensic analysis firsthand. He won approval from the Town Council to obtain $225,000 worth of technology so police no longer have to rely on larger agencies for help.

The problem, though, is many communities lack the drive of Cary, N.C. They do not have the resources, dollars or even the insight to train local law enforcement and purchase the necessary equipment to investigate computer-related crimes. Far too often, many cases are either dropped or investigations not properly approached, leading to criminals being let off the hook, say experts.

But this laissez-faire mindset — and the number of suspects put behind bars — appears on the brink of change. This is thanks to a new, free federal training center that seeks to create an education standard for those in the most need of help — the local police, prosecutors, judges and the business community — and then send them each home with about $2,500 worth of investigative hardware and software.

The National Computer Forensic Institute, as it is being called, is just weeks away from kicking off its courses, which will run one to six weeks. The brainchild of Randy Hillman, executive director of the Alabama District Attorney's Association, the institute will receive about $9 million in annual funding from the Department of Homeland Security to permit comprehensive all-expenses-paid U.S. Secret Service-led training for roughly 1,000 people a year. The facility will replace other computer crime-specific training efforts, such as the White Collar Crime Center in Glen Allen, Va.

If successful, the institute will serve as a force multiplier to exponentially increase the number of people in the nation competent to investigate computer-related crimes. Hillman says time is running out to open an academic setting such as this.

"There are two things in the prosecution world that are about to take us under," says Hillman, 42, the former chief assistant district attorney in Shelby County, Ala. "One of them is methamphetamine, and it's on top of us. The other thing that has one foot on us and the other one ready to kick us in the head is computer digital forensics. Nobody has stepped up and said, ‘Look, this is such an issue and such a problem that we are going to train on it every day,'" Hillman adds. "We couldn't find anybody that did. We said, ‘Why don't we do it?'"

The Secret Service — the major computer crime investigative agency in the country — is anxious for the doors to open.

"It takes the burden off the federal agencies to provide all the expertise as far as forensics and the investigation know-how," spokesman Darrin Blackford says.

Organizers are applying an if-you-build-it-they-will-come mentality to their project. After all, ground zero for national computer forensics training will be in an unlikely place — a 32,000-square-foot building in Hoover, Ala.

The city's Mayor, Tony Petelos, recalls a conversation with U.S. Secret Service Deputy Director Brian Nagel during the institute's groundbreaking in March. "He told me, ‘I don't think y'all realize what this means.'"

"Computers are implicated in every kind of crime," says Sean Byrne, executive deputy commissioner of the New York State Division of Criminal Justice Services and a former director of the state's Prosecutors Training Institute. "You can have a computer element in a homicide, you can have a computer element in a sex crime, and you can have a computer element in a financial crime."

The problem is, most of America's 30,000 towns lack the tools and techniques to track the footprint of cybercriminals and prosecute offenders, choosing instead to either drop cases or pass them off to overburdened state or federal authorities. And there are not enough federal investigators available to tackle the increasing number of cases, say experts.

Ken Saban, a business professor at Duquesne University in Pittsburgh, led a survey released last fall that canvassed nearly 700 law enforcement agencies in western Pennsylvania and West Virginia about cybercrime. What he found startled him.

Seventy-seven percent of responding agencies have received cybercriminal complaints, but 89 percent of those admitted to lacking the adequate resources to investigate cases. Meanwhile, 74 percent said their investigators and forensic examiners never received specialized training and just 13 percent spent more than $500 on cybercrime training in the year leading up to the survey.

"The eye-popping fact was that local law enforcement was not prepared to deal with the reporting and the digital evidence collection," Saban says. "As a result of that, it could be lost or not utilized correctly. They don't have the resources or the knowledge or the training or the software to be able to deal with the forensic issues."

A new frontier

Barry Matson, a high-tech crimes prosecutor in Alabama who has worked with Hillman to develop the institute, says police normally are eager to work cases such as bank robberies and other physical thefts. "But if that same amount of money is lost through a network intrusion, they're completely lost," he says.

"It's not their fault," Matson says. "The district attorney and law enforcement are used to dealing with dope and blood-and-guts stuff. You give us a murder, we can work that. You give us dope, we can work that. But computer crime is such a new frontier that nobody's had the ability or the money to get training on it."

But it is the first responders who are the ones who need the most knowledge, perhaps even more than federal authorities, Saban says. For instance, if the database for a local business is hacked and thieves make off with personal information of customers, chances are that company is going to call local police. "Most SMBs are not necessarily going to call the Secret Service or FBI," he says. "They're going to call someone they're comfortable with."

The fact is, local law enforcement should be available to help. In many cases of internet fraud, while attacks may be launched from a foreign country, there is a local connection, says Keith Burt, a San Diego-based deputy district attorney and the project director of the Computer and Technology Crime High-Tech (CATCH) response team.

"They always have somebody or some computers here in the U.S.," he says. "It's not easy to do an electronic intrusion into someone's bank and transfer it to Russia. It's usually got to make a stop here."

William Burch, director of corporate security at Birmingham, Ala.-based Regions Bank, says if a cybercrime incident affects any customers of his 2,000 branches, he immediately calls law enforcement. The reaction he receives is often mixed.

"The hacking or the phishing, spyware and malware overlap a number of jurisdictions," Burch says. "The victims are all over the place. But I can tell you, I do see the lack of expertise in some state and local agencies because they haven't had the training or the opportunity to work these kinds of cases."

San Diego's Burt is aware of the importance of a trained local backbone — but he also realizes the challenges. When he was attempting to fill the ranks of CATCH a few years back, he encountered unexpected resistance from officers who were worried about the geek persona connected to computer-based investigations. "I couldn't find any takers," he recalls. "I had to go out and twist arms. But that's going to change."

A major reason why Burt predicts more acceptance is the reliability of computer crime cases. They are based on evidence that is not subject to an unexpected change in the witness chair. Police and prosecutors, simply, are going to get more guilty pleas and convictions, he says.

He estimates about 95 percent of identity theft suspects plead guilty at their first hearing. "When you make these cases, the electronic and paper trail is so well documented, there's no way out of the box," Burt says. "The evidence is irrefutable. It's so overwhelming. The hardest part is putting the person at the computer when the crime was committed. But usually there's evidence that it couldn't be anyone else."

Creating curriculum

Hillman says the curriculum at The National Computer Forensic Institute will be divided into courses for four groups: local and state law enforcement, local and state prosecutors, trial and appellate judges and the private sector.

Training sessions for police will be broken down into three levels. The first deals with basic crime scene investigation, the second focuses on network intrusion, and the third encompasses digital forensics.

The center currently is working with the National District Attorneys Association and The National Judicial College to develop curriculums for prosecutors and judges, respectively.

Private end-user training will be aimed at security personnel with the goal of getting them to "quit thinking like the business world and start thinking like the folks in the criminal justice world," Hillman says.

Anne Wallace, executive director of the Washington, D.C.-based Identity Theft Assistance Corp., a nonprofit consortium of large financial services companies, says it is crucial to get corporate IT security workers and local crime-fighters sitting side by side in the classroom.

"I think both sides recognize that the private sector really needs to be a part of this," she says. "We all need to be in the same classroom. We're the ones with the information and we need to understand how investigators operate and they need to understand how we operate."

The extreme losses suffered by identity theft victims, banks and other financial institutions due to computer crimes is reason enough for a public-private partnership, says Rep. Spencer Bachus, R-Ala., a ranking member on the House Financial Services Committee. "Identity theft costs about $57 billion a year and when financial institutions can't absorb these costs, they are ultimately passed on to consumers," he says.

Not to mention, an educated workforce can provide untold assistance to investigating authorities. "Very often the private industry has a means for identifying the criminal technique and of combating it before government is in the loop. There's a lot to be gained from this partnership," says Byrne of the New York State Division of Criminal Justice Services.

But, he concedes, "It's equally important to emphasize that often private industry doesn't do a good job of preserving evidence for eventual criminal prosecution."

In the classroom

The training facility, led by 18 full-time instructors, will include classrooms, a computer forensics lab, an evidence vault, a conference room and exhibit space, Hillman says. Attendees will be flown in and provided lodging for free. The only cost to departments is covering missed shifts while the trainees are gone.

All participants will walk away with free equipment, Hillman says. Aside from the fact that the technology will not cost departments a dime, it also will help create an investigation standard, Byrne says.

"One of the disconnects in this strategy was a lack of standardization," Byrne says. "If I do a tech analysis, and I'm operating on one platform and you're operating on a different platform, it's not that easy to share what I've discovered."

Hillman, who began his law career 18 years ago in Mobile, Ala., says he foresees the center becoming the national and international destination for forensic training.

"Our goal is to be the one-stop-shop where we all get in a room and exchange ideas and train folks on the brass tacks of computer evidence," Hillman says. "There's no question in my mind this is going to be the hot ticket. Look at the number of cases that are out there now, and nobody is doing this full time."

Burch of Regions Bank, whose company is a 10-minute drive from the institute, understands the possibilities. If malware writers and identity thieves realize the justice system is out for them, they may consider retiring their trojans. "The best deterrent for any kind of criminal activity is prosecution," he says. n

For more information on the National Computer Forensic Institute, email [email protected].

Law enforcement online

A college professor in Pittsburgh is developing another option for police departments seeking training in cybercrime investigations.
Ken Saban, a business professor at Duquesne University, is leading an initiative to create region-specific online training courses for local police departments, starting in the western Pennsylvania area, but ideally spreading across the country. The courses will be designed by the academic community, FBI and law enforcement and business consortiums, he says. Participants can earn continuing education credits when they complete the lessons.
Saban says he hopes to make the courses affordable, aided by an expected $150,000 grant this summer from the federal Department of Justice.
His goal is to weave in an academic component to get businesses more comfortable with reporting crimes to local police. 
— Dan Kaplan


Dream to reality

Watching the National Computer Forensic Institute evolve was a lesson in cooperation among all levels of government. But, most of all, it required the foresight and credibility of one man, say organizers.

It was about five years ago when Randy Hillman, executive director of the Alabama District Attorney's Association, was working with the U.S. Secret Service to open four computer forensic laboratories in Alabama. Just as those facilities were about to open, Hillman says he started thinking about the big picture with computer forensics and digital evidence.

"We knew that we had to train more than the folks working in our labs," Hillman, 42, says. "We started looking out there and there was nobody else in this country that made it their daily business to train law enforcement, prosecutors or judges or anybody else like that."

Fast forward to last year, when Hillman and a group of Alabama prosecutors were meeting with Brian Nagel, deputy director of the U.S. Secret Service, to discuss methamphetamine cases. Hillman brought up the idea for a national training center, more as an off-hand comment than anything else, and Nagel fell in love with it.

"Seven a.m. the next morning, it's Nagel," Hillman recalls. "He says, ‘Please come over and let's talk about this idea some more.'"

That initial sit-down set the wheels in motion. Rep. Spencer Bachus, R-Ala., a ranking member on the House Financial Services Committee, contacted Hoover, Ala. Mayor Tony Petelos to request space for the training center. Petelos offered the 32,000-square-foot former public safety building for a nominal $1-a-year lease.

Alabama Governor Bob Riley, meanwhile, helped secure between $3.5 and $4 million to pay for construction costs and the Shelby County Commission offered $250,000 to pay for architectural fees. The Department of Homeland Security agreed to pitch in the big money ($9 million a year) to pay for training and equipment.

The Secret Service will provide the brunt of the expected 18 full-time instructors. To keep the training fresh, organizers are planning a nonprofit foundation made up of a cross-section of IT security leaders.

Barry Matson, a high-tech crimes prosecutor in Alabama, credits Hillman's strong relationships with legislators and law enforcement with getting the institute built. "That was a big part of this," he says. "It wasn't like we knocked on doors off the street and said, ‘Give us money.'"

Hillman says he sold the idea to the lawmakers — who also included Republican Sens. Jeff Sessions and Richard Shelby and Democratic Rep. Bud Cramer — by showing them the mounting load of computer crime-related cases.

"It's a testament to the people we pulled in," Saban says. "They knew a good portion of their investment would go to train people outside their jurisdiction. But they said, ‘This is so desperately needed. We're going to do it.'"

— Dan Kaplan

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.