Cops have a pretty good set of rules and responses. They look for the good and bad actors. They question everything and have a response for most eventualities. “Move along buddy” solves a lot of problems, for example.
It turns out that Detective Constable Kenrick Bagnall who handles Computer Cyber Crime in Intelligence Services, Toronto Police Service is no exception. His essay in the book Cybersecurity in Canada A Guide to Best Practices, Planning and Management is a little longer than his title, and more explanatory. He starts with a great definition and turn of a phrase. About the Internet, he writes “… [m]any regulate it, no one owns it, and most of the planet’s population is connected to it.”
The author also cites a legal definition from an Ontario Court of Appeal case in 2012. “The Internet, as a global system of computer networks, has become an increasingly important tool for the exchange of information. Internet use for a variety of reasons is ubiquitous in today’s society. In many ways, the Internet has be- come the new library, shopping mall, theatre, meeting hall and enumerable other venues all rolled into a single global venue avail- able at the user’s fingertips wherever he or she might be.”
It has often been said in the age of terrorism that the terrorists only have to succeed once, but intelligence services must succeed every time. The Detective Constable/author then channels a version of this by writing that “[c]riminals have access to a boundless supply of victims, while at the same time, they are able to maintain a relatively-high degree of anonymity.”
This sets the stage for cyber-crime very well. “Just the facts Ma’am,” as they say in cop lingo.
Interesting how far we’ve come in crime since possessing burglary tools was an offense in some jurisdictions. “… [W]hile not every criminal offense is a cybercrime, every criminal offense is likely to have some form of cyber component or digital footprint.” Traces of footprints can be found in things ranging from server logs, header information contained in the backbones of emails, and usernames. This is the modern version of tire tracks in mud, or shoe prints in wet concrete.
Unlike the burglary tools which are used the day of the break-in, many attackers spend months in your network before being detect- ed or acting. This officer rightly wants evidence on which to act —
“logs and tables from firewalls” and anything else to hand over to investigators. An organization may have also made itself vulnerable to the age-old “inside job,” with cyber criminals doing things under the auspices and identity of a trusted user on the company network.
We might just add a respectful footnote to the officer’s good advice. A criminal lawyer once said that once you get the police in your lives, it’s hard to get them out. You may have done nothing wrong. You may have done something wrong in a far-off jurisdiction that you know nothing about, but which hosts your information “on premises” using a server, or in a cloud environment. Worse yet, this information may be hosted using a hybrid model, meaning that it’s housed on a server in a facility while simultaneously existing in multiple locations across the globe.
You may have improperly moved information through jurisdictions, and not known it. You may have accessed the Internet at your local coffee shop using an unsecured wireless network — leaving you and your information vulnerable to review or access through what’s called a “man in the middle” attack.
Your employees may have done something wrong or have something wrong on their computers. A “key logger” could be the very software working in the background on the victims’ computers, looking for specific pieces of information without their knowledge. A 16-character entry into a form, followed by another three entries likely means trouble for the company credit card or even an individual — especially if checking online banking and completing transactions at work. The investigation into how someone’s credit card information may have been compromised can get complicated fast.
Other real-life cases involve pornography on company computers, and even pornography on the computers of child welfare workers.
Most of us rightly feel uneasy about undergoing a police investigation. Even if you’re the victim, the police presence creates tension, and like the traffic stop, we’re never sure if we’ll be suspected of something. For offenders the police may be a deterrent. For others it may be a rush — motivation to move on to another job.
Police work by “the book,” ensuring policies, procedures, processes, and legislation are followed. They do so knowing that the slightest deviation could see the guilty go free.
So why is it that the same attention to detail isn’t paid by those who are responsible for securing our information? The answer may lie in the fact that there isn’t a global policy, procedure, resolution, or declaration specific to securing our networks.
It’s a sad reality, but it’s a reality that may bring us the motivation we need to take action.
That’s why we need to get back to the basics: locking up systems. We’re now at a time where newer cars automatically lock and arm their security systems when the owner isn’t present. Those who choose not to lock their cars or leave their keys in the ignition are just asking for trouble. Cases like this also consume a large chunk of time for police and the courts.
It’s time to start putting some thought and effort into making IT systems simple and secure to operate. It would make us all a bit safer and save time and money.
Bring in the police when necessary. Work diligently to make sure it’s not.