The Wheatstalker


March 18, 2001

Computer Primer for the Investigator.


The federal government has been moving into the area of computer crime and has established significant operations that are important and accessible. Here are two that are easily reached on the Internet for information on computer virus attacks.

The National Infrastructure Protection Center (NIPC). www.nipc.gov. The mission statement reads as follows:


By going to the web site, you can find current information on viruses and security measures. NIPC has initiated a Kansas City Chapter. A background check is required for membership. A KAPI officer has made contact with the chapter; more information at the monthly meeting.

The Computer Incident Advisory Center, Department of Energy. www.ciac.org/ciac/

Initiated by the Department of Energy due to its role in electrical power production, this site contains a variety of information. It issues bulletins on current threats and is emphasizing those that affect the power grid. It has a virus database that is no longer being maintained and additional links to other databases. Among the other features are:


This page probably has more information or links to it than you would usually want to know. It is a monitored site; a record is kept of your visit.

The federal investigative agencies are also maintaining databases or computer threat sites, but these are not accessible by the public. In addition, the Department of Defense has initiated a Joint Command for computer warfare; it will address both offensive and defensive actions in the computer field. During the recent attack by the 'Love Letter" virus, this command was able to crack the virus (identifying its code, its effects and telltale electronic footprint), trace it to its source, and initiate an international server shutdown in 4-6 hours. The effects of the virus continued longer than that because it was already in many systems in the United States. Their action limited the duration and effects. The most interesting feature of this action was the use of a standard traffic pattern analysis (an intelligence analysis technique used on communications intercepts) on the affected computer systems to assist in identifying the attack and source.