Like Sherlock Homes, computer forensics researchers discover, analyze and collect digital evidence that incriminates virtual attackers, who for more than two decades have been affecting the real world from the computational universe.
By Ana María Restrepo
Global security
With the rise of computers and IT, computer security has been affected. During the last decade virtual attacks have grown unimaginably establishing a dark scenario on the security of computer infrastructure around the world, which has led to a series of actions that favor and reinforce security, however, hackers and computer criminals increasingly find new ways to continue with their actions.
In recent days, in some Latino media, there were various news about electronic fraud, espionage, child pornography, viruses and hacks, among other practices that weaken the computer structure of companies, governments and people, for this reason those in charge of security have created strategies and implemented solutions that prevent these actions, however, they have not been enough.
What is computer forensics?
Due to these attacks and computer crimes that have been occurring for more than two decades, the police authorities in the world took action on the matter, creating computer laboratories to support judicial investigations, in a few words they created a computer forensics department to analyze the information of the network and its behaviors, and being able to catch criminals.
In accordance with the above, we can define computer forensics as a branch of computer science that is responsible for collecting and / or collecting valuable information from computer systems (networks, computers, magnetic supports, optics, etc.) for different purposes, serving as support for other disciplines or activities, such as the work of criminalistics and investigations. This evidence that allows to discover different data serve, for example, to convict or acquit a defendant.
This branch of research originated in 1984 when the FBI and other U.S. agencies began developing programs to examine computational evidence.
The main idea of this type of computer science is to collaborate with criminalistics, because as Jeimy Cano, systems and computer engineer at the Universidad de los Andes (Bogotá, Colombia) and former president of the Colombian Association of Systems Engineers (ACIS), explains, forensic computing works as an auxiliary discipline of modern justice, to face the challenges and techniques of computer intruders, as a guarantor of the truth around the digital evidence that could be provided in a process.
As such, forensic analysis involves aspects such as the preservation, discovery, identification, extraction, documentation and interpretation of computer data, analyzing, from this, the elements that are digital evidence, which is nothing more than a type of physical evidence, less tangible than other forms of evidence (DNA, fingerprints, computer components), which can be duplicated exactly and copied as if it were the original, as Cano explains.
This type of evidence is what gives researchers the raw material to work with, however it has some disadvantages since it is volatile, anonymous, duplicable, alterable, modifiable and eliminable. Therefore, researchers must be aware of procedures, techniques and technological tools to obtain, safeguard, analyze, review and present this evidence. They must also have knowledge of the rules, procedural law and legal procedures so that such evidence is reliable and gives the necessary elements to be able to indict someone.
When conducting an investigation, there are some components that every forensic investigator must take into account when manipulating the evidence, since depending on the good use that is given to the evidence and the knowledge of modern Sherlock Homes is that justice can make decisions.
Components of forensic analysis
• Identification of evidence: researchers must know very well the formats that the information has in order to know how to extract it, where and how to store and preserve it.
• Preservation of evidence: it is important that no changes are generated in the evidence when analyzing, however in some cases where these changes must be presented they must be explained since any alteration must be recorded and justified
• Analysis of the evidence: each of the data collected as evidence must be examined by experts in the field.
• Presentation: the methodologies used for the presentation of the analyzed data must be serious, tested and reliable.
It should be noted that these components and procedures are not unique, as there are others such as: the sterility of the computer means of work, which, as in forensic medicine, if there is a contaminated material can cause an interpretation or an erroneous analysis; and verification of copies on computer media, which must be identical to the original.
Computer crimes
Virtual attacks and computer crimes, like ordinary real-world crimes, are analyzed by forensic computer units or laboratories around the world, which seek to find the culprits and convict them.
In Latin America, countries such as Mexico, Colombia, Chile, Argentina, Cuba, Venezuela, Brazil, Ecuador, El Salvador, Peru, Guatemala, Panama, Paraguay, Peru, Dominican Republic and Uruguay, have computer security response teams, which are responsible for the investigation of cybercrime cases that have been reported. It should be clarified that some companies do not report their cases because they fear losing credibility, or suffering economic or similar consequences, as explained by Major Fredy Bautista, head of the computer crimes group of the Dijín, (Directorate of Judicial Police of Colombia).
To give an example, so far in 2007, in Colombia companies have lost 6.6 billion pesos as a result of computer crimes. From the accounts of natural persons, 311 billion pesos have been stolen, and the reported cases, compared to 2006, have increased by 71%. (taken from Cara y Sello magazine).
Directorate of Criminal Investigation
In Colombia, computer forensics emerged as a science that supports the investigative work of the National Police since 2004, with the creation of what is currently known as the Directorate of Criminal Investigation.
According to some studies carried out in the country, and based on the reported cases of virtual attacks and computer crimes, by government and private entities and by the banking sector, in Colombia these events, their prevention and prosecution are becoming increasingly important, which is why police and judicial action has increased.
In 2004, not only was the Computer Forensics Cabinet, now the Criminal Investigation Directorate, established, but also in the Office of the Comptroller delegate for investigations, tax trials and coercive jurisdiction of the Office of the Comptroller General of the Republic, a computer forensics laboratory was set up to determine unlawful acts or fraud where the State's assets are at risk.
With the creation of this laboratory, the Comptroller's Office was the first entity in Latin America that had these investigative elements as well as the FBI, the CIA, Interpol, the New York Police, the Israeli Security Agency, among other institutions.
Cybercrimes in Colombia
In 2006, Dijin's cybercrime group conducted 433 cybercrime investigations in the country, and as of September 2007, there have been 85 known virtual threats, 25 cases of pornography, 381 of electronic fraud, eight of extortion and 16 of pishing.
Likewise, Major Bautista explains that monthly 150 pages with child pornography content are detected and blocked and 50 cases are investigated for electronic scams, which increased to 5,000 million pesos in the last year and so far in 2007 already exceed 6,000 million.
Similarly, the increase in child pornography has the Colombian authorities worried, since during 2006 more than 15,000 web pages produced in Colombia with this content were identified.
However, despite the commitment of the Dijin and the Administrative Department of Security (DAS), this type of crime in Colombia does not have strong legislation, moreover, the Criminal Code does not classify computer crimes, so there are no penalties for those who incur in these.
According to Major Fredy Bautista, current Colombian legislation contemplates some of these behaviors in terms of what has to do with abusive access to a computer system (art. 195), sabotage (art. 199), or violation of Copyright (art. 271 and 272).
There are also some laws such as 679 of 2001 that contains the statute to prevent and counteract child pornography; Law 527 of 1999 on Electronic Commerce, which defines and regulates the access and use of data messages, electronic commerce and digital signatures; and Law 906 of the Code of Criminal Procedure and its articles 235, 236 and 276, which allow the interception of calls and similar means, the retrieval of information and evidence.
It should be noted that the Congress of the Republic will process a bill that aims to create a new protected legal asset, called "the protection of information" to modify the Criminal Code and break some barriers to the control of these crimes.
Greater actions
Due to the massification of the Internet and the wide access of Colombians to the network, the computer crime group is also investigating illicit downloads of music programs, identity theft, photomontages, illicit money transfers for password theft, and misuse of information for own or business benefit.
However, and in order to continue fighting against these cases, Dijin has implemented five computer forensic laboratories equipped with technology, and trained 50 police officers to combat computer crimes and safely handle classified information on computers, which since the middle of the year were distributed throughout the country. Likewise, and due to the increase in Internet robberies, the DAS is strengthening the defense mechanisms against computer attacks.
"Colombia has the technology available in the market and that puts us at the forefront in the fight against electronic crime in Latin America. We have implemented virtual interaction services between the community and the police," Bautista explained.
11 September, a decisive day for security
As a result of the attacks on the Twin Towers, public and private organizations realized the multiple shortcomings they had in terms of computer security, so they have tried to develop better security strategies, however they have not been able to counteract the vast majority of online attacks that occur today.
It should be noted that the Latino situation compared to North America is totally different and that in Latin America just a few years ago, both governments and companies took action on the matter, although not in the way they should.
"Organizations have carried out security analysis, installed multiple protection mechanisms and carried out multiple tests in order to improve the existing security conditions in each of their business environments. However, since complete security does not exist, the margin for a new security incident is always had, therefore, when it occurs, it is verified in a high percentage that organizations are not prepared to face the reality of an intrusion or incident" explains Jeimy Cano.
Likewise, the importance given to computer security is so little that the insurers themselves do not consider current computer attacks within their insurance policies, since they establish clauses for banks and other entities based on technological elements of 20 years ago.
Cano explains that these clauses insure and refer to loss of information, message transfers via telex, fax or telephone connections and other modalities that are no longer functional for virtual attackers; while phishing, website manipulation, identity theft and impersonation, powerful new computer crimes, are not covered by the policies currently offered by insurance companies.
These two cases of ignorance, both of companies and insurers reflect that Colombia, like other Latin countries, is not aware of how powerful the virtual attacks of the country's hackers are, who have all the technology and knowledge to deceive and defraud.
It should be clarified that Colombia is humanly and technologically prepared to face computer attacks and capture the culprits, however the country's legislation and the little commitment and trust of the companies hinders the process, since many of the cases reported by the different organizations are not analyzed due to the lack of information.
Leave your comment