Hundreds of officials from agencies around the world including the FBI, Interpol, state attorneys general, city and county police, and the Air Force are attending a three-day technology training session at Microsoft's Redmond, Wash., campus beginning on Monday.
Microsoft is training the officers how to use technologies that can help them fight cybercrime as well as help them investigate traditional crime with an online component. Nearly 400 people from more than 80 agencies in 35 countries are attending.
For instance, attendees will learn how to pull evidence off PDAs running Windows CE and how to gather evidence from Microsoft's online services and products like Hotmail and Windows, says Aaron Kornblum, a senior attorney for Microsoft's Internet Safety Enforcement Team.
Officials also will be trained on a relatively new computer online forensic evidence extractor, with the acronym of COFEE, that was developed by a former Hong Kong cop who now works for Microsoft. COFEE (Computer Online Forensic Evidence Extractor), designed for use during police raids, is a USB thumb drive that captures evidence on a computer that could be lost when the computer is shut off, according to Kornblum.
Microsoft also operates a law enforcement portal where officials can get free technical support.
With all the phishing attacks, identity theft, and botnets out on the Internet, police can use all the help they can get.
This is the second such event Microsoft has held; the first was in 2006. Microsoft has trained more than 6,000 officers from more than 110 countries and does regular training with state officials and organizations like the International Center for Missing and Exploited Children, Kornblum says.
Tim Cranton (right), Director of the Internet Safety Enforcement Team at Microsoft, demonstrates new forensic tool COFEE for Jean-Michel Louboutin, executive director of police services, Interpol, at the Law Enforcement Technology 2008 conference. COFEE (Computer Online Forensic Evidence Extractor) provides investigators with a means to easily and quickly extract 'live' data from a suspect's computer at the point of seizure, before turning it off.
(Credit: Microsoft)A few weeks ago I had the chance to ask Dave Merkel, vice president of products for Mandiant, a digital forensics company, if there was a point where investigators say "well, that's the best we can do." Apparently a lot of cybercrime cases do hit a brick wall. Merkel said it was a one-in-a-hundred or one-in-two-hundred chance that investigators get the kind of resolution that results in someone's arrest.
"The big challenge is--and this is still true today--there is no Internet equivalent to a local cop or local police agency. You work with actual local agencies and local police but they have limited resources and a lot of times their very best investigators that really become proficient in computer crime can double--if not triple--their salaries by working in private industry.
"The ability to retain the talent that can pursue those crimes is very hard. Federal agencies have a better time of retaining that kind of talent by being able to contract that kind of talent, but their focus a lot of the time is national security issues or problems that are much bigger than what might be plaguing you, particularly in a criminal context. Until it really starts crossing some serious thresholds in terms of loss or risks to national infrastructure, it can be difficult to get their attention."
"That's not a criticism. That's just an acknowledgment of reality today. There are different things that, to use an example, the FBI is focused on today. I would think everyone would know what those things are, so getting someone to pursue--I don't know, a distributed denial-of-service that took your e-commerce site offline--is going to be pretty difficult."
You can read more of Merkel's comments in this Security Watch column. And you hear more of my interview with him in this Security Bites podcast.
WASHINGTON--Spammers, beware: more criminal spam prosecutions--complete with stiff prison sentences and mandatory forfeiture of relevant valuables--are on the way in the coming months, a U.S. Department of Justice attorney said Thursday.
"I think the healthy dose of jail time plus lose-your-money is working," Mona Sedky Spivack, a trial attorney in the Justice Department's computer crime and intellectual property unit, said at the second day of a Federal Trade Commission spam summit here. "I hope that provides a deterrent effect to other would-be criminal spammers out there."
Justice Department and FBI representatives contacted by CNET News.com weren't able to provide any numbers on how many spam-related cases have already been prosecuted in recent years. The FTC's experience may offer one clue: a spokeswoman said her agency brought 26 civil actions against spammers since the 2003 passage of a controversial antispam law known as Can-Spam, and four of them also involved a criminal component.
It wasn't until January of this year that the department recorded its first criminal jury conviction under Can-Spam. That perpetrator of that phony e-mail scheme, a 45-year-old California man named Jeffrey Brett Goodin, was sentenced this June to 70 months in federal prison and ordered to pay more than $1 million in restitution to his victims, including Internet service provider Earthlink.
More recently, a federal jury in Arizona convicted two men on charges--some of which fell under Can-Spam--related to an international pornography spamming enterprise they operated a few years ago.
Prosecutors have also gone after spam-related misbehavior under more general federal computer crime laws and will continue to do so, Spivack said. She pointed to a recent FBI effort with the moniker "Operation Bot Roast," which included the arrest of a Seattle man accused of using a large botnet network to fire off tens of millions of unsolicited e-mails advertising his Web site.
But one "massive challenge" that remains in apprehending spammers and enforcing antispam rules is coordinating international investigations, said Robert Shaw, head of the cybersecurity arm of the International Telecommunication Union, a United Nations agency composed of representatives from 91 nations.
"Even people who are experts at working in this space say they still have a really hard problem finding their counterparts in other countries and getting things done in real time," he said.
- prev
- 1
- next
