Archive for the ‘FBI’ Category

In Brief: CODIS DNA Database To Catch Horse Thieves

May 2, 2008

Horses are valuable and stealing horses is a big business. “EDNA Test” is now offering Equine CODIS, based upon the same process as the FBI’s human own CODIS system which is used for human DNA analysis. CODIS stands for Combined DNA Information Systems. The CODIS software enables State, local, and national law enforcement crime laboratories to compare DNA profiles electronically. Horses don’t have fingerprints and therefore DNA is the most accurate available method for horse identification. Implanted microchips have potential health risks, and along with tattoos or brands can be altered or removed. Reference


Microsoft Ships Future Crime Fighting Tool and Fights Cybercrime

April 29, 2008

It has been revealed that Microsoft has developed a tool which will enable forensic investigators to easily gather digital evidence after a crime has been committed. The COFEE is a USB device that reportedly supports 150 commands that can dramatically cut the time it takes to gather digital evidence including decrypting passwords analyzing Internet activity, and all data stored in the computer. Apparently the device has been available to the law enforcement community since June 2007, although there have not to my knowledge been any previous public revelations of its use. Microsoft’s Tim Cranton describes COFEE as “a preconfigured, automated tool” that “fits on a USB thumb drive. Prior to COFEE the equivalent work would require a computer forensics expert to enter 150 complex commands manually through a process that could take three to four hours. With COFEE, you simply plug into a running computer to extract the data with the click of one button –completing the work in about 20 minutes.” Cranton states that more than 2,000 law enforcement officers have registered for COFEE and the tool is used in over 15 countries.

Tim Cranton demos COFEE at LE tech 2008

The IMO not very surprising revelation of COFEE hit the blogosphere today during Microsoft’s 2nd Annual Law Enforcement technology Conference an event especially for law enforcement officials which is being attended by 400 individuals from more than 80 agencies in 35 countries around the world.

COFEE is only one aspect of Microsoft’s anti-cybercrime efforts. Cranton also described the role of the Internet Safety Enforcement Team and organization founded in 2002 as making “the Internet safer and more secure for everyone. ” Although Cranton didn’t go into any further detail of what this organization actually does on a day to day basis, he does reveal that the ISET consists of “35 professionals around the globe including former prosecutors, investigators, software engineers and business professionals whose full-time job is to make the Internet a safer place.”

This seems to be somewhat at odds with Aaron Kornblum’s previous revelations about ISET which described the organization as “a worldwide group of 65 attorneys, investigators, and other professionals” but whatever the size of the organization it appears their primary work is to aid law enforcement with technical investigations. ISET aided the FBI in gathering evidence against convicted phisher Jayson Harris who was operating “a phishing scheme by creating a bogus MSN billing website and then sending e-mails to MSN customers requesting that they visit the website and update their accounts by providing credit card account numbers and other personal information. ”

The work of Peter Fifka, an ISET investigator was documented in an enjoyable 2003 article entitled Gumshoe chases Internet villains in Eastern Europe ISET also targets spammers and the creators of viruses and worms. Some are sure to question Microsoft’s motives and wonder about their influence over investigations conducted by the law enforcement community.

The Justice Department says the company doesn’t influence its investigations. Microsoft is not “driving law enforcement’s priorities,” according to Christopher Painter, deputy chief of the department’s Computer Crime Section, but given the fact that Microsoft appears to initiate at least some of the investigations conducted by ISET questions are likely to remain.

[Update: According to this article, COFEE was developed by Anthony Fung, a senior investigator on Microsoft’s Internet Safety Enforcement Team.  Some additional interesting speculation about COFEE here ]

FBI Spyware Capabilities

July 18, 2007

WIRED has a very detailed and interesting article today detailing the use of spyware by the FBI to catch a teen “prankster” that was behind bomb threats at a Washington High School.

 In the sidebar, the article includes a somewhat terse description of the systems capabilities:

 The full capabilities of the FBI’s “computer and internet protocol address verifier” are closely guarded secrets, but here’s some of the data the malware collects from a computer immediately after infiltrating it, according to a bureau affidavit acquired by Wired News.

• IP address
• MAC address of ethernet cards
• A list of open TCP and UDP ports
• A list of running programs
• The operating system type, version and serial number
• The default internet browser and version
• The registered user of the operating system, and registered company name, if any
• The current logged-in user name
• The last visited URL

Once that data is gathered, the CIPAV begins secretly monitoring the computer’s internet use, logging every IP address to which the machine connects.

All that information is sent over the internet to an FBI computer in Virginia, likely located at the FBI’s technical laboratory in Quantico.

Will commercial security software detect police key loggers?

July 17, 2007

Following on the heals of his recent story that a judge approved the use of keylogging software in a DEA case in order to thwart a criminal using encryption, Declan McCullagh and CNET have released the results of his recent survey of PC security software companies which claim they will detect police spyware.  All the companies surveyed claim they can detect police spyware; however only a few acknowledged that they might, at least under threat of a court order, fail to report these detections to the user.  This is an interesting follow up to the 2001 report that MacAfee took measures to avoid detecting FBI spyware. 

Ed Felton reported on audio keylogging a couple of years back, and of course screens and keystrokes can also be captured in some cases by using remote monitoring or screen capture software, by capturing radio emissions, or simply with hidden video cameras.  The average person simply can’t be certain one or more of these techniques isn’t being employed against them.

And it isn’t just law enforcement that has access to these surveillance tools today.  These tools are readily available to high tech criminals and others that might want to know what you are doing on your computer.   For example, keyloggers are sometimes posted to boards and game sites.  Unfortunately, not only can’t you be sure that your security software will detect a particular piece of keylogging or screen capture software, some security software just plain doesn’t work in many cases.  Caveat emptor.  If you want to be sure, you’ll have to write your own software.

Interestingly, at the current time keylogging software is not readily available for most PDAs and mobile devices, while encryption software is.  Future criminals and crime fighters take note.