CLEARWATER, FLA. - When it comes to cybercrime, one of the biggest problems facing the Department of Defense comes from within - the rank and file personnel suspected of downloading child pornography on military PCs.

Although fraud, network intrusions and counterintelligence cases also keep the department's tech experts busy, it's detecting evidence of child pornography stored or accessed via military networks that's straining the resources of the Defense Cyber Crime Center. At last week's Defense Department Cyber Crime Conference, which was attended by about 550 computer crime specialists from the military and FBI, the experts didn't shy from acknowledging child pornography as a scourge the military is determined to fight.

"Child porn is 50% of our criminal cases," said Steven Shirley, director of the Defense Cyber Crime Center. The computer forensics lab in Baltimore is regularly contacted by investigators in the Army, Navy, Air Force and Marines to analyze digital evidence seized as part of the military's most complex computer crime investigations.

Of the 411 cases referred last year to the Defense Cyber Crime Center, 39% were categorized as "criminal" and half of those involved child pornography, Shirley told conference attendees during a presentation.

He noted the terabytes of seized images and other data that accompanies child pornography cases can take analysts two to three months to plow through.

"There's often a backlog," said Bill Harback, senior computer forensic examiner at the center. "Basically all the evidence was in our hands, and we wanted to get the evidence back to investigators in a timely manner so they could do their jobs."

The Defense Cyber Crime Center, which has 328 people to assist in computer crime investigations, is seeking to pick up speed in child pornography cases through the use of a new software tool developed under the military's Project KIDS (Known Image Database Systems) initiative.

The tool automates analysis through a hashing technique that finds both known and possible child pornography in data files.

The tool also looks for malware, such as backdoors or Trojans, that might indicate the PC was subverted to download child pornography without the PC user's knowledge.

Currently, the center has approved more than 300 tools for computer forensics purposes in the military. The three primary tools are EnCase from Guidance Software, the Forensic Toolkit from AccessData and iLook, a tool originally developed by Scotland Yard, which is licensed in the U.S. by the Internal Revenue Service only to government users.

Another challenge facing the Defense Cyber Crime Center is finding secure ways to store seized data in all computer crime cases. The center's practice has been to store data for each case on a separate PC.

"We're getting cases so big we can't store the evidence on even four networked PCs, so we need a storage-area network," said Jim Christy, director of the Cyber Crime Institute, the Defense Cyber Crime Center's research arm. "But we haven't seen the kind of system to prevent cross-contamination of data."

In one case, Christy recalled, the amount of data reached a whopping 75T bytes.

Even as the military's computer forensics experts struggle to root out illegal material from within the department and external threats, they are confronted by the need to prove their labs and personnel can meet the highest professional standards.

Although computer forensics is a new and evolving science for criminologists, the American Society of Criminal Laboratory Directors (ASCLD) in Garner, N.C., is considered the certifying organization whose standards must be met.

There are no computer forensics labs in the Defense Department that have been certified by the ASCLD, Shirley said, but the Defense Cyber Crime Center will undergo evaluation to gain accreditation this spring.

It's only a matter of time before lawyers, in the course of defending their clients accused of computer-based crimes, will call into question any evidence analyzed in a lab that's not accredited, Shirley said. "You don't want an enterprising defense counsel boxing your ears in court."

Source
_________________________
D, world destruction
Over and overture
N, do I need
Apostrophe T, need this torture?-They Might Be Giants