Upholding the law: the risks for forensicators
March 18, 2011 by David Hewitt
Filed under Methodologies & Best Practices
“You have zero privacy anyway. Get over it” – I’m sure many remember Scott McNealy, CEO of Sun Microsystems coming out with that controversial phrase in 1999. Yet 15 years later instead of the problem being dealt with it now is hotter than ever. In Episode 35, Forensic 4cast discussed the events surrounding HBGary, having been articulately hacked by activist group Anonymous – because of their assistance to government investigations against them and possible connections to data leaks through website WikiLeaks.org. This attack has been particularly personal for the victims who have been caught in a much bigger cyber-privacy whirlwind. What kind of message is this sending to those in the same position as HBGary? – are the enforcers who stamp out cybercrime activities likely to be at threat for providing services to aid justice? Is it not acceptable for professional security firms to assist the government investigating computer crimes?
Freedom of Information
First a quick history lesson – open your books at the Freedom of Information… FOI has been around for a long time and is well set in legislation (FOIA 1966 US, FOI 2000 UK) – laws which we the public lobbied for to gain access to information we believed was our right to see. This included personal details held by government agencies as well as restricted information deemed to be in the public’s interest. More recently with the advent of the computer as a prime means of holding information, FOI matured and became more complicated. Legislation was kept up to date to deal with the electronic storage of information (E-FOIA 1996) and this transparency continued to encourage good working practices. We have become used to this and I have even exercised this right several times placing disclosure requests against companies who hold my data (keeps them on their toes!). In addition, it has caused a transformation of the media industry who now use FOI as a key tool to write headlines and scoops. For some this was always a step too far and pushes FOI to the limit of what it was really designed for.
Risk to the enforcer
While the laws haven’t changed much, the attitudes to interpreting them most certainly have. Openness and privacy have complex and contrasting meanings which are open to much interpretation – cultures, industries and the passing of time itself are just a few reasons for different viewpoints. In the last few years we have heard noises from various anti-privacy groups that the restriction of information is still far to tight. The Anonymous/WikiLeaks story epitomizes this. In an interview in January 2011, Julian Assange summed up his thinking into a single paragraph:
“The more secretive or unjust an organization is, the more leaks induce fear and paranoia in its leadership and planning coterie …Since unjust systems, by their nature, induce opponents, and in many places barely have the upper hand, mass leaking leaves them exquisitely vulnerable to those who seek to replace them with more open forms of governance.” – Julian Assange, Jan 2011
I don’t know about you – but I find that a pretty frightening statement. So what message is that putting out to the HBGary’s out there? Cyber warfare is complex. One man’s right is another man’s wrong – Assange’s quote shows this. He would like an FOI Act on steroids. This challenge has always existed – this is just a new plain on which the challenge is being presented. Just as when the original Act was formed in 1966 due to pressures on making data more open, there are those today who continue to hold the belief that the required level of transparency hasn’t yet been reached. It is still early in this struggle but it already places those like HBGary who considered themselves of integrity in the firing line for supporting the very agencies that others have determined are at fault. Does this mean forensicators dealing with criminal cases should expect to have their reputation slurred by activists who don’t like the laws that cover computer crimes? What about those who help secure private networks? Are they now seen to be targets as supporters of those departments who protect classified information?
There are lots of questions and chaos, and no real answers at the minute – at least none that directly respond to these new threats. However we should be able to use lessons learnt from the past:
1. Accept the risks that come with the job. Basic but important to remember. Just like a security guard shouldn’t be surprised to see the odd bandit, the nature of your work may mean risks of attack are always there. You need to tune your mindset accordingly.
2. Display professional discretion. To build upon the acceptance, you should be wise when discussing client work and your general role in public spaces. Loose lips can sink ships.
3. Implement safeguards in your work. Those who work in forensics operate to flawless procedures – where simple inaccuracies or reason for doubt can result in the entire loss of a case – never mind the developing consequences on the reputation. Minimise the risk and put all safe guards in place. Don’t make it easy for those who wish to defame you – make your own work bulletproof.
4. Maintain your integrity. If everything else fails you will hoping you have LOTS of this. Having a reputation and history for being trustworthy by peers and clients could make the difference between surviving the rage of an attack or not. You can’t buy it or get a certification in it – it’s built continually as part of your working life.
So where does this leave us?
Having to watch every step? McNeal was warning us about privacy issues in 1999, and others well before that. The reality is that as we battle and solve today’s fight, there are those planning the new attacks for tomorrow. Those in law enforcement or who support government departments probably already have a built-in awareness to the risks around them. It’s now clear more than ever that security firms in the private sector must also consider their ability to deal with these issues. Ultimately the risks can only be managed through sensible choices – you cannot make them go away. Remember above all else: maintain your integrity.
David Hewitt is a security consultant and published writer of articles on digital forensics and IT law. He runs the Forensically Speaking Project, which looks at emerging technologies and their impact to forensics and cybercrime. Follow him on Twitter @Forensically or contact him at david.hewitt@gmail.com.
Forensic 4cast 2010 Statistical Report
March 9, 2011 by Lee Whitfield
Filed under News
I was looking at the website stats the other day and thought that there may be some people out there that would find the stats interesting so I’m publishing them for your review. I’m not a statistician by any means so if anyone has any insight as to what they get from these please let me know in the comments.
1) This table shows the total bandwidth usage per month with the grand total at the bottom.
| By Month | ||
| Hits | Bandwidth (GB) | |
| Jan-10 | 106473 | 61.88 |
| Feb-10 | 90126 | 35.72 |
| Mar-10 | 102493 | 41.72 |
| Apr-10 | 156418 | 63.6 |
| May-10 | 169595 | 88.22 |
| Jun-10 | 174941 | 105.95 |
| Jul-10 | 198779 | 77.78 |
| Aug-10 | 172236 | 73.03 |
| Sep-10 | 154859 | 43.52 |
| Oct-10 | 162438 | 29.87 |
| Nov-10 | 170863 | 57.61 |
| Dec-10 | 160938 | 65.44 |
| TOTAL | 1820159 | 744.34 |
744.34 GB Total bandwidth used in 2010. I was quite impressed with that.
2) This table shows the daily averages of how much bandwidth is used.
| Daily Averages | ||
| Hits | Bandwidth (GB) | |
| Mon | 5420.86 | 2.01 |
| Tue | 5737.21 | 2.588 |
| Wed | 5644.56 | 2.623 |
| Thu | 5472.88 | 2.219 |
| Fri | 4838.89 | 1.706 |
| Sat | 3731.08 | 1.549 |
| Sun | 4064.52 | 1.716 |
3) This table shows the top ten total bandwidth consumed by country
| Top 10 Countries | |
| Country | Bandwidth (GB) |
| United States | 502.08 |
| Great Britain | 80.72 |
| Canada | 37.19 |
| Australia | 18.05 |
| Germany | 14.95 |
| Netherlands | 6.76 |
| Sweden | 6.57 |
| Japan | 6.03 |
| Austria | 2.72 |
| China | 2.27 |
4) This table shows the 20 most popular podcast episodes
| Top 20 Podcast Episodes | |
| Episode | Downloads |
| 26 – Make Mine a DECAF | 3083 |
| 20 – Not Another ‘Kitty Porn’ Joke! | 2854 |
| Conversation with Rob Lee | 2683 |
| 21 – Curveball to the Forensic Field | 2577 |
| 19 – Bullet Holes and Cat Burglars | 2520 |
| 28 – Xerox This! | 2410 |
| Forensic 4cast Awards – Announcement | 2375 |
| 25 – The Little iPhone Worm that Could | 2300 |
| 18 – Standing Room Only | 2252 |
| 23 – The Butt of Everyone’s Jokes | 2209 |
| 17 – Free is not Free | 2132 |
| 32 – The Mecca for Digital Forensicators | 2092 |
| 27 – When RIAA Rules the World | 2082 |
| 22 – Captain Forensics vs. Jonathan Parker | 1872 |
| 29 – #robleeisagiant | 1780 |
| 24 – No Good Crying Over Spilled COFEE | 1773 |
| 31 – They try to send me off to DC but I say R-M-O | 1766 |
| 30 – Amy Winehouse is no Forensic Guru | 1736 |
| 16 – Tool | 1220 |
| 15 – Vacation’s Over | 1176 |
5) This table shows the top twenty posts that are not podcasts
| Top 20 Other Content | |
| Title | Views/Downloads |
| Into the Shadow Presentation | 2530 |
| Forensic 4cast Awards 2010 Voting is Open | 1885 |
| Testing Acquisition Software | 1211 |
| How to do the Worst Job Possible | 1154 |
| Testing Acquisition Hardware Part 1 | 1109 |
| Forensic 4cast Awards – Results #forensicsummit | 833 |
| Extreme Hex Jumping | 832 |
| The Risk of Rooting | 779 |
| Getting into Digital Forensics in the UK | 764 |
| Into the Shadows | 761 |
| Sometimes I Wonder | 752 |
| Forensic 4cast Live Rerun | 671 |
| Shadow Analyser Article by the Register | 649 |
| Where are my Podcasts? | 596 |
| Future of Forensic 4cast | 544 |
| Forensic 4cast Awards 2010 | 532 |
| Forensic 4cast Live | 527 |
| Lessons From Data Recovery Part 1 (repost) | 506 |
| Sneak Peak at the Forensic 4cast Awards | 478 |
| Sans Forensic Summit | 475 |
6) This table shows the top 10 referring search engines
| Top Ten Search Engine Referrers | |
| Search Engine | Referrals |
| 8491 | |
| Yahoo! | 4684 |
| Google (Images) | 186 |
| Yandex | 92 |
| Microsoft Windows Live | 41 |
| Microsoft MSN Search | 18 |
| Baidu | 13 |
| AOL | 10 |
| Ask | 7 |
| Stumbleupon (Social Bookmark) | 5 |
7) This table shows the top 20 referrers that are not search engines
| Top Referrers (Not Search Engines) | |
| Referrer | Referrals |
| http://www.digital-detective.co.uk | 4158 |
| http://www.forensicfocus.com | 1170 |
| http://twitter.com | 1116 |
| http://computer-forensics.sans.org | 422 |
| http://www.irongeek.com | 213 |
| http://youdao.com | 203 |
| http://www.computer-forensics.co.uk | 166 |
| http://borssnack.di.se | 164 |
| http://www.bing.com | 144 |
| http://ericjhuber.blogspot.com | 121 |
| http://www.facebook.com | 115 |
| http://www.macosxforensics.com | 112 |
| http://longurl.org | 102 |
| http://viaforensics.com | 100 |
| http://www.binint.com | 78 |
| http://www.digitalforensicsmagazine.com | 67 |
| http://twitturls.com | 65 |
| http://windowsir.blogspot.com | 60 |
| http://iconfactory.com/twitterrific | 55 |
| http://www.macosxforensics.com | 50 |
| http://aimtrust.com | 44 |
| http://www.podfeed.net | 41 |
| http://samouprav.ru | 26 |
| http://www.irongeek.com | 25 |
| http://happyasamonkey.wordpress.com | 25 |
| http://www.pryaniki.org | 23 |
| http://www.energetic-news.ru | 23 |
| http://www.firstlink.ru | 22 |
| http://theinvestblog.com | 20 |
| http://www.znaki-textile.ru | 20 |
This table shows the top 10 search terms used to find the website
| Top 10 Search Terms | |
| Term | Number |
| forensic 4cast | 841 |
| forensic4cast | 276 |
| encase portable | 249 |
| forensic 4 cast | 94 |
| forensic podcast | 62 |
| facebook forensics | 66 |
| encase pricing | 61 |
| forensics 4cast | 58 |
| mac forensics | 7 |
| android forensic toolkit | 5 |
Episode 35 – Anonymously Yours
March 2, 2011 by Lee Whitfield
Filed under Podcast Episodes
Is today’s show we discuss the HBGary v Anonymous issues, the opening of the CFCE to non-law enforcement, the future of digital forensics tools, and the 2011 Forensic 4cast Awards.
