It's a wonder how Laura A. Chappell juggles her time between training law enforcement agencies and her other interests.
A member of the High Technology Crime Investigation Association (HTCIA) and an Associate Member of the Institute for Electrical and Electronic Engineers (IEEE) since 1989, one of Chappell's biggest achievements is creating the Internet Safety for Kids program in conjunction with her company, Protocol Analysis Institute.
In an interview with ZDNet Australia, Chappell shares some of the more interesting crimes she's witnessed and tells of one of the most challenging criminals she's ever pursued.
When and how did your career in computer crime
investigation/forensics begin?
Chappell: The transition from network/protocol analyst to security analyst
was a natural one -- in the early 1990s, as I analysed network
communications with an eye on troubleshooting and optimisation, I
realised that the traffic was not secure. This led to more study,
research and testing in the area of TCP/IP vulnerabilities and
the white hat/black hat tools available to penetrate or attack
networks.
Describe a normal day at work.
Chappell: There is no such thing as a "normal day" at work at the Protocol
Analysis Institute. Approximately 1/3rd of my time is spent on
the road working on live networks, lecturing at industry
conferences or teaching private or public classes on security or
protocol analysis. When I am in the office, the day begins with
e-mail -- typically there are numerous e-mails containing trace
files (files that detail the traffic that has crossed a
network).
Some of these trace files illustrate security breaches or attack tools. Others contain unusual traffic that is negatively affecting network performance. Reading these files is not unlike reading a foreign language unless you understand TCP/IP and application communications. At some point in each day I try to work on the Internet Safety for Kids program -- getting online to search for predators or building out additional materials to support the program.
Finally, I'll start working with new security tools or perhaps begin writing about these tools or networking communications.
What is the most challenging crime you've ever
pursued/still pursuing?
Chappell: A bank experienced an internal "lock down" -- an IT employee who
had created a privileged empire on the network. In essence, this
employee was granted too many privileges -- he controlled the
internal infrastructure and would not share access information or
details with other IT employees.
The management was not happy with the employee's actions and feared that this employee could hold the bank as a digital hostage if the employee were not treated well. In this case, we tapped into the network to 'listen' to the employee's traffic. This provided us with enough knowledge of the employee's actions to validate management's concern.
As a follow-up, we keylogged the employee's system to gather all the system passwords and evidence required to support management's intent to terminate and prosecute the employee.
Who is the most challenging criminal you've ever
pursued/still pursuing?
Chappell: Currently, I am spending many hours focused on online predators
who attempt to lure children away for sexual exploits.
Who, in your opinion, is the most dangerous cybercriminal
and why?
Chappell: The most dangerous cyber criminal is the internal employee (or
ex-employee) that is accessing company information on a daily
basis. A perusal of the US
Department of Justice Computer Intrusion Case listing
illustrates the problem with privileged access to corporate
information.
Which group/gang is the most dangerous online and
why?
Chappell: Although there are several cybergangs in action today, just like
in the physical world, I find the lone wolf to be the most
dangerous entity.
Collectively, these individuals spend thousands of hours working on exploits and attacks -- looking for weaknesses in operating systems, network borders or applications.
How do you measure your performance?
Chappell: My role is to train law enforcement and network personnel to
identify network weaknesses, locate criminal activity and follow
through with the appropriate agency to ensure pristine collection
of evidence if the case will go to trial.
We've read stories about criminal gangs allegedly
blackmailing online betting companies, threatening denial of
service attacks unless they pay up ... is this a common
occurrence and if not, do you see this type of activity
increasing? Any idea who's behind this or where these gangs
originate from? Is it advisable for victims to report such
activity if they're threatened?
Chappell: Blackmailing is rarely monetarily successful for the attackers,
but it is a serious threat to the victim corporation. One of my
clients was gang-hacked because they publicly pursued an
individual who had breached their security.
They spent numerous hours building a "back channel" for communications with their customers and branch offices while performing research and reconnaissance on the attacking group. Law enforcement became involved to track down the US-based suspects. The company was correct in bringing in law enforcement to help - International cases are more difficult.
In terms of ranking, what's your top 5 categories of
cybercrime (eg Internet blackmail, child pornography, social
engineering, virus writing etc)?
Chappell: The list is:
1. Security flaws and vulnerabilities (unpatched and unaudited
systems are especially vulnerable)
2. Worms and viruses
3. Spyware (this is a huge issue that often gets
overlooked)
4. Employees (current or former) with access to privileged
information
5. Child sexual exploitation (this is a personal issue)
In working with local and international law enforcement
agencies, what do you find most challenging? Red tape? Language
barriers?
Chappell: Unfortunately, many law enforcement groups do not have the
technical knowledge or budget to hire or train officers in the
area of network communications. In some cases (as in California),
we have a four-year rotation that requires an officer to change
focus every four years ... for example, if an officer comes into
the HT (high tech) area today, they will be fully-trained in
investigative and forensic work and then rotated out to another
specialty after four years.
In addition, the private sector hires away many LE (law enforcement) professionals at an enhanced salary. In my experience, the LE groups I have trained are some of the most appreciative and attentive students -- they have a personal drive to learn and succeed.
What more needs to be done to fight cybercrime?
Chappell: We need greater budgets for training and more technical tools to
assist law enforcement. In addition, international cooperation
among agencies is improving, but still needs to remain a focus.
One example of a technical tool created to assist LE is CETS
(Child
Exploitation Tracking System) developed by Microsoft and the
Toronto Police Service Sex Crimes unit. This is EXACTLY what we
need!
Which area of law enforcement requires the most funding to
fight cybercrimes and why?
Chappell: I am sure each LE group would state that they need more funding
-- I believe the cybercrime task forces throughout the world need
more funding. In addition, awareness and international expansion
of organisations such as HTCIA should help sharing resources and
knowledge.
Are you heavily involved in fighting the illegal
distribution of music and movies online, be it clamping down on
peer-to-peer networks or otherwise?
Chappell: I do present courses on how P2P networks work, what their
signatures are, what the legal ramifications are to a corporation
or an individual if they are in possession of illegal or
copyrighted materials. As you can see in the US, we are finally
getting some judgments and punishments to help pursue and arrest
guilty parties.
My personal quest is to crack down on the P2P exchange of child pornography depicting sexual torture.
The youth of today grow up in an environment surrounded by
computers and high-tech gadgets. Do you forsee a time when the
number of computer crimes will exceed traditional crimes (such as
petty theft, mugging, bank robberies etc)?
Chappell: Absolutely -- whereas an individual may not be brazen enough to
walk in and rob a bank, Internet anonymity may empower them to
attack a target electronically.
What keeps you up at night?
Chappell: Over the past year or so I have had recurring nightmares related
to cases involving children who are lured by online predators.
This is by far the most emotional and personally satisfying work
I do. Your international readers can visit www.inhope.org for international
Internet child sex law enforcement agencies.
Would you recommend Internet Explorer or other browsers
such as Firefox and Opera for financial transactions over the
Net?
Chappell: Certainly Internet Explorer has had its share of vulnerabilities
-- there are methods to thwart "secure" communications regardless
of the browser used, however. I use a variety of browsers, but
recommend people check bank and credit card statements
carefully.
Is Linux really more secure than Windows?
Chappell: Windows (and Microsoft) have a big target on their foreheads --
because Windows is so prevalent, a hacker interested in having
the most impact is going to focus on that operating system. Linux
also has its vulnerabilities -- it is not completely secure.
Published 2 August 2005 6:00PM
this is awesome! well done!