HolidayBuyer's Guide

Back to school for cybercops

Investigators fighting Internet crime are being trained in computer forensics--a technique that is part science, part sleuthing.

Police are heading back to the classroom as a new breed of criminals turns to the Internet to prey on unsuspecting victims. Across Europe and beyond, cyberinvestigators are being trained in computer forensics--a crime-fighting technique that is part science, part sleuthing.

Investigators comb through seized computer hard drives, looking amid countless disguised files for evidence that the machine was used in a crime. The clues could be elaborate computer programs designed to hijack a victim's PC, or e-mail and Web browsing logs that reveal the identity of conspirators.

Get Up to Speed on...
Enterprise security
Get the latest headlines and
company-specific news in our
expanded GUTS section.

"It's akin to auto mechanics," said Dan Haagman, head of training for 7Safe, a company based in Cambridge, England, that instructs police officers and civilians in computer forensics. "You rule out things early on. You search for signs that give you a picture of a particular security breach," he said.

The same techniques can be used to trace--or at least, build a profile of--a criminal suspect from a hacked PC or computer network, he said.

As criminals turn to high-tech gadgets and the Internet to commit crimes ranging from extortion to drug-dealing, computer forensics is rapidly becoming as crucial to an investigation as DNA evidence, U.K. police have said.

"I expect new staff to have an absolute minimum of computer and software forensics before they even walk in the door," said Marc Kirby, a detective inspector in the computer forensics section at Britain's National Hi-Tech Crime Unit (NHTCU).

In addition to training local police in cybersleuthing techniques, Kirby's 55 investigators also hunt criminals. Earlier this month, the NHTCU arrested 12 people in a case in which a Russian crime gang is accused of using an e-mail scam known as "phishing" to defraud U.K. bank customers out of hundreds of thousands of pounds.

In another success, a string of globe-spanning pedophilia stings has determined the identities of thousands of people suspected of using the Internet to trade and collect pornographic images.

But police forces around the world remain a step behind the criminals.

In the United Kingdom, home to some of Europe's most advanced cybercrime fighting forces, just 1,000 of the country's 140,000 police officers are trained to handle digital evidence. Fewer than 250 have high-level computer forensics skills, European information security lobby group EURIM has said.

Efforts have been ramped up across Europe to close the gap.

Back to class
Earlier this month, British police toiled in the reflection of their computer screens. They were hunting the deep recesses of a computer for traces of an increasingly popular cybercrime weapon known as "malware" in a 7Safe training session. Malware is malicious computer code programmed by an underworld of hackers, virus writers and sometimes spammers to commit all manners of crime.

In the training exercise, investigators discovered in a deep corner of the hard drive a nasty piece of malware known as a Trojan horse installed on the machine without the user's knowledge.

Criminals use Trojan horses and backdoors to infect PCs. An army of vulnerable machines might then be programmed to execute a distributed denial-of-service () attack on a Web retailer or flood the Internet with dubious e-mail messages aiming to defraud users out of their bank details, in a typical phishing expedition. Zombie PC attacks from every corner of the globe is a new criminal threat.

As always, the only way for an investigator to catch a cyber criminal is to learn their tricks. "To truly understand malware they have to use it. To understand hacking they have to do it," Haagman said.

Story Copyright  © 2004 Reuters Limited.  All rights reserved.