Agape Blog

Every company handles huge amount of data in the form of company details, project details, customer database, etc. But then this data can be lost due to Hardware/Software Problems, Human Error, Viruses or Natural Disasters. Apart from this, the companies, specially IT, also fear the release of their sensitive information outside. This is the reason why data protection is the number one concern of chief information security officers worldwide.

Thus the DLP (Data Loss Prevention) tools are being heralded as tactical tools to help businesses meet compliance needs and protect intellectual properties. many security companies have invested in DLP either through in-house development or by acquiring some reputed startups. McAfee payed around $46m to buy DLP firm Reconnex. Similar deals featured Symantec purchasing Vontu for $350m, Trend Micro picking up Provilla and EMC acquiring Tablus.

Analyst group IDC has predicted that Information Protection and Control (IPC) market would grow to around $3.2bn by year 2011. This would present a great opportunity for Information Security companies like Agape Inc to offer either their products/solutions or services and prevent your data loss.

I was researching on cyber security and i came up with an article wherein the the famous American journalist - Brian Krebs interviewed FBI’s cyber division head - James Finch. I found it helpful as it provides insight into how the FBI sees cyber crime and hence thought of sharing the same.

Here’s the link to the article:
http://voices.washingtonpost.com/securityfix/2008/08/qa_with_fbis_cyber_crime_chief.html?hpid=sec-tech

The Securities and Exchange Board of India (SEBI) has appointed Mrs.Pradnya Sarvade as an officer on special duty to work with its investigation wing. Mrs.Sarvade was the head of cyber crime cell at Mumbai Police and has handled many cases pertaining to online frauds. She has the experience of working in CBI’s bank securities and fraud cell and has handled the investigation and trial of the 1992 securities scam cases.

Due to the rise in the cyber crimes, specially online frauds and phishing, the investors are reluctant for online transactions. In one of the recent case, SEBI failed to do justice to a group of investors who had alleged that a manager of India Infoline at Mangalore had committed a fraud and cheated them of RS 20 lakhs.

With an experienced investigator like Mrs.Sarvade, SEBI will be able to protect the interests of investors in securities in a better way.

I was researching for the training providers in forensics space to understand how training is provided in this field. Basically, I was hunting for institutes/organisations which provide online/offline training to law enforcement agencies, professionals and students. Here is what i have found out so far -

1. National Computer Forensic Academy
http://www.gohtci.com/training/index.php

2. Asian School of Cyber Laws
http://www.asianlaws.org

3. Purdue University
http://cyberforensics.purdue.edu/Courses.aspx

4. National Institute of e-Forensic (NIeF)
http://www.nief.in

5. Cyber Law College
http://www.cyberlawcollege.com

6. Forensic Education
http://www.forensiceducation.com/forensic_edu/index.htm

7. India Forensic
http://www.indiaforensic.com/education

8. University of Florida
http://www.forensicscience.ufl.edu/Programs.asp

9. University of FairFax
http://www.ufairfax.net/ufairfax/academics/courses/

10. InfoSec Institute
http://www.infosecinstitute.com/courses/computer_forensics_training.html

I am still working on getting more of such training providers to lengthen this list. Any thoughts…

You see a nice picture on the internet and say WOW! You now think of downloading the same and forwarding it to your friends. But wait, this can land you in a terror network.

For the terrorists are playing havoc by increasingly adopting a technique called steganography for communicating devastating messages in codes. Steganography involves hiding a message which could contain text, images or maps inside a picture, music file or video on a web page or by e-mail. These messages are harder to find than encrypted ones because they can be hidden amongst any of the billions of web pages. Hidden messages can only be found by someone who knows where to look.

Its not that this technique has been adopted by the terrorists recently. They have used this method in the year 2001 in the Parliament attack (in India) on the 13 December and in the September 11 attack on World Trade Centre (in USA).

Terrorists easily hide vital and sensitive communication by mixing it with large amounts of public data. What might appear to be normal files to an innocent observer can have embedded secret message in it.

So it is advisable not to forward any message sent by unknown sources.

The National Cyber-Forensics and Training Alliance (NCFTA) has provided a section titled- “Top Alerts” on their website. The objective for the same is to make people aware of the various threats which can make anyone vulnerable to attacks from cyber criminals.

Here’s a screenshot of that section:

More details on various threats can be found at - http://www.ncfta.net/alerts.asp

The Indiana University-Purdue University Indianapolis (IUPUI) will be offering the state’s first master’s degree program in forensic science.

After successfully completing this program, the candidates will be awarded a degree from Purdue University. The demand for highly trained forensic scientists is growing rapidly and this program will increase the state’s pool of talented, highly-skilled professionals to make it a national leader in high tech and life sciences business.

Students will be educated in the natural, physical and social sciences and will be trained to apply these sciences to the criminal justice system. This way the students would become experts not only in forensic science but also in public health, environmental sciences, criminal case investigations and others. Thus this program offers great career prospects for the students.

Forensic science is being used extensively by investigators, experts and law enforcement agencies to punish the criminals, develop more intelligence using more research and to implement certain principles, respectively. Here are some of the cases which speak for the importance of forensics in various fields and for various reasons.

1. The use of forensic science in criminal trials is critically important. But the system needs some immediate reforms. Radley Balko and Roger Koppl have come up with some suggestions and examples to bring some reforms to forensic science. Read more.

2. Prof. Charles Uwadia (President: Nigerian  Computer Society), stressed on the importance of fighting cyber crime. He also asked for help from the Federal Government, when he was speaking at the annual general meeting and 30th anniversary of NCS. Read more.

3. Catching World’s high tech criminals becomes easier with the Logicube CellDEK. Nick Heath presents his review on this tool. Read more.

The University of Alabama at Birmingham is warning computer users of a new spam scam! E-mail is vastly used to stay connected with other people by sharing information and this has been the target of spammers since a long time. Of course, forensic experts  helped in nabbing many cyber space criminals. But as forensic science is advancing, so are the spammers.

They create emails that look normal, but instead of taking you to the body of the email, it takes you to the malware. These are not phishing emails, which ask for your bank account or credit card details, etc. These are of a different type referred as “drive-by infectors”. Usually, the links provided in the email open a pop up which will tell you that your computer is infected. To help you out, it will take you to an anti-virus website, which is deceiving and instead takes you to a malware.

The latest exploitable target for the spammers is - Media. And the latest example is CNN being targeted by spammers. Basically spammers have cloned the news alert the same way that we get breaking news from CNN.

Forensic experts suggest that if you do not trust any email, the easiest way to double check is to log on to the source website mentioned in the email. Also, you should be on the lookout for suspicious emails cluttering your inbox.

In a unique internship program 17 second year students from the Madras University were allowed to undergo a five-day training with the cyber crime cell - Chennai.  This is the first time that the city police have shared the technical and investigation expertise of the cyber cell of the Central Crime Branch (CCB) with students. The students who had undergone internship are currently pursuing their MSc in Forensic Science.

The students were trained in analysis of data, information security, investigation methods and collection of forensic evidence. Various sessions were held on application security, information forensics, how to trace lost mobiles and how internet frauds are tracked by procuring the internet protocol addresses. The training was provided by the cyber cell’s trained professionals.

This unique internship program served two purposes:
1. Police officials were able to educate students on the importance and application of forensics, as the demand for forensic experts is on the rise.

2. The students were able to have a live experience of how forenscics can be used to crack numerous cases.

Chennai Police is planning for more internship programs to students of MA Criminology, in the future.