Showing posts with label Law Enforcement. Show all posts
Showing posts with label Law Enforcement. Show all posts

Blame the cat

Early last year the big domestic infosec story here in Japan was a hacker who was running rings around the police, while making death and bomb threats against airlines and kindergartens.
The Police arrested several suspects - 'extracting' confessions from some of them who later turned out to be victims whose computers had been used by the the hacker via remote access.
The best part of the tale (tail?) is the hacker attached a memory card to the collar of a cat(!) and invited the press to 'play a game' by answering quizzes that led to the cat with the memory card. Possibly the first hack in history to involve a actual cat, and not just LOLcats.exe.

The police eventually captured and charged a new suspect, who is now claiming his innocence and pointing to the previous dubious police investigation (and confession extracting) as proof.

Prosecutors say they found on Katayama’s office computer, searches for the words “cat” and “Enoshima” that predate the email of riddles sent to journalists. But the defense asserts that the real suspect would've planted the searches, recalling the untraceable nature of the virus, which was dispersed widely through the popular online forum, 2channel. The defense, meanwhile, called the allegations “complete nonsense."
Did he do it? Who knows, that's for the lawyers to decide but I hope there's more to the evidence than searching for cats on the internet!


Google Transparency

Google has released it's transparency figures for the period January to June 2012 which details requests made by various countries to access user data held by Google. The figures provided by Google only give the total number of requests which (I think) can be a little misleading, I'm no statistician but I thought it might be informative to have a look at the figures relative to population. Other interesting comparisons might relate to law enforcement budget or be somewhat more subjective such as the goverment's stance on data retention.

Australia ranks second behind the US for requests that were complied with when accounting for population, fourth for total requests when accounting for population and ninth for total number of requests.

I think one interesting aspect of the graph below is the discrepancy in certain cases between the number of requests made and the number complied with.


Interestingly, there's a note on the US stats that states:
 
"Government requests for user data from the United States include those issued by U.S. authorities on behalf of other governments pursuant to mutual legal assistance treaties and other diplomatic mechanisms."
 
ref:

http://www.cso.com.au/article/441971/australian_govt_gets_user_data_from_google_twice_day/#closeme

http://www.ag.gov.au/Documents/Final+TIA+Act+Annual+Report+2010-11+-+amended+after+publication+-+v5+(3).pdf

BYO Forensic Lab

After recently reading and learing about the requirements for setting up a Forensic laboratory, I did a little more research into the subject and came across a fairly recent article on csoonline.com entitled "How to Build Your Own Digital Forensics Lab - for Cheap". While the article is fairly brief and doesn't go into issues such as chain of custody or the capture of volatile data, the author does provide some cool tips on making a usb device read only and points to some free tools for imaging a suspects disk.

The article also has a link to the handy little "Secret Service's Best Practices For Seizing Electronic Evidence, Pocket Guide for First Responders" [pdf] which has tips such as photographing the screen before powering off a suspect machine and performing the power-down by yanking the power cord (and where appropriate removing the battery). For servers in a business it recommends not yanking out the power cord, but calling a pro and restricting access to avoid damaging the system, disrupting legitimate business and (of course!) reducing the potential for officer and department liability.

It's a cool little guide and an intersting insight into law enforcement procedures.

powered by Blogger | WordPress by Newwpthemes | Converted by BloggerTheme