March 18, 2001
Computer Primer for the Investigator.
The federal government has been moving into the area of computer crime and has established significant operations that are important and accessible. Here are two that are easily reached on the Internet for information on computer virus attacks.
The National Infrastructure Protection Center (NIPC). www.nipc.gov. The mission statement reads as follows:
- "Located in the FBI's headquarters building in Washington, D.C., the NIPC brings together representatives from U.S. government agencies, state and local governments, and the private sector in a partnership to protect our nation's critical infrastructures."
- "Established in February 1998, the NIPC's mission is to serve as the U.S. government's focal point for threat assessment, warning, investigation, and response for threats or attacks against our critical infrastructures. These infrastructures, which include telecommunications, energy, banking and finance, water systems, government operations, and emergency services, are the foundation upon which our industrialized society is based."
- "Our society is increasingly relying on new information technologies and the Internet to conduct business, manage industrial activities, engage in personal communications, and perform scientific research. While these technologies allow for enormous gains in efficiency, productivity, and communications, they also create new vulnerabilities to those who would do us harm. The same interconnectivity that allows us to transmit information around the globe at the click of a mouse or push of a button also creates unprecedented opportunities for criminals, terrorists, and hostile foreign nation-states who might seek to steal money or proprietary data, invade private records, conduct industrial espionage, cause a vital infrastructure to cease operations, or engage in Information Warfare."
- "Protecting our critical infrastructures in the Information Age raises new challenges for all of us. Above all, it requires a partnership between the government and private industry to reduce our vulnerability to attack and increase our capabilities to respond to new threats. The NIPC provides an important vehicle for carrying that partnership forward."
By going to the web site, you can find current information on viruses and security measures. NIPC has initiated a Kansas City Chapter. A background check is required for membership. A KAPI officer has made contact with the chapter; more information at the monthly meeting.
The Computer Incident Advisory Center, Department of Energy. www.ciac.org/ciac/
Initiated by the Department of Energy due to its role in electrical power production, this site contains a variety of information. It issues bulletins on current threats and is emphasizing those that affect the power grid. It has a virus database that is no longer being maintained and additional links to other databases. Among the other features are:
- Sources and reviews of security products.
- Lists on current hoaxes.
- Lists on chain letters.
- Sources of additional information.
This page probably has more information or links to it than you would usually want to know. It is a monitored site; a record is kept of your visit.
The federal investigative agencies are also maintaining databases or computer threat sites, but these are not accessible by the public. In addition, the Department of Defense has initiated a Joint Command for computer warfare; it will address both offensive and defensive actions in the computer field. During the recent attack by the 'Love Letter" virus, this command was able to crack the virus (identifying its code, its effects and telltale electronic footprint), trace it to its source, and initiate an international server shutdown in 4-6 hours. The effects of the virus continued longer than that because it was already in many systems in the United States. Their action limited the duration and effects. The most interesting feature of this action was the use of a standard traffic pattern analysis (an intelligence analysis technique used on communications intercepts) on the affected computer systems to assist in identifying the attack and source.