NEWS AT SEI
This library item is related to the following area(s) of work:Security and Survivability
This article was originally published in News at SEI on: March 1, 2001
Imagine your surprise if one ordinary day at work you receive an email claiming that your company's computers were used to help launch a major denial-of service attack, or if you receive a call from management saying that someone is threatening to expose corporate trade secrets unless they receive a big payoff? Or imagine your dismay if you discover a fellow employee has used your company's computer to illegally trade Metallica songs! What do you do?
For many companies today, being the victim of computer crime, whether it is simple misuse or a major violation, is no longer a rare occurrence. What happens next? Trying to discover and repair the damage is just part of the story. For many people responsible for network and computer security, the next step is to take a deep breath, reach for the phone and call the Federal Bureau of Investigation (FBI). This article (originally published in collaboration with the FBI as a CERT Coordination Center [CERT/CC] tech tip [http://www.cert.org/tech_tips/FBI_investigates_crime.html]) explains some of the guidelines, policies and resources used by the FBI when it investigates computer crime and gives you some ideas about how you can help an investigation succeed.
The FBI has implemented various technical programs to address the growing complexity of computer investigations. FBI legal attachés stationed in 41 countries enable the FBI to use sophisticated methods to investigate and coordinate a response to cyber incidents around the world. In Washington, DC, the National Infrastructure Protection Center (NIPC) is a special unit that coordinates computer crimes investigations throughout the United States. The FBI trains and certifies computer forensic examiners for each of the 56 FBI field offices in the United States to recover and preserve digital evidence. The FBI maintains a computer forensic laboratory in Washington, DC, for advanced data recovery and for research and development.
Computer crimes can be separated into two categories: (1) crimes facilitated by a computer and (2) crimes where the computer is the target (the focus of this article). Computer-facilitated crime occurs when a computer is used as a tool to aid criminal activity. This can include storing records of fraud, producing false identification, reproducing and distributing copyright material, collecting and distributing child pornography, and many other crimes.
Crimes where computers are the targets are unlike traditional types of crimes. Technology has made it more difficult to answer the questions of who, what, where, when, and how. Therefore, in an electronic or digital environment, evidence is now collected and handled differently from how it was handled in the past.
The FBI is sensitive to a victim’s concerns about public exposure, so any decision to investigate is jointly made between the FBI and the United States Attorney and takes the victim’s needs into account.
The FBI investigates incidents when both of the following conditions are present:
Federal law enforcement can only gather proprietary information concerning an incident in the following ways:
The following steps will help you document an incident and assist federal, state, and local law enforcement agencies in their investigations (be sure to act in accordance with your organization’s polices and procedures):
To initiate an investigation, contact your local FBI office or the appropriate federal, state, or local law enforcement agency. To report an incident, call the FBI NIPC Watch and Warning Unit at (202) 323-3205.
The FBI uses a number of federal statutes to investigate computer crimes. The following are used most frequently:
Note: Each state has different laws and procedures that pertain to the investigation and prosecution of computer crimes. Contact your local police department or district attorney’s office for guidance.
Eric Hayes is a member of the technical staff and a senior technical writer/editor in the Networked Systems Survivability (NSS) Program at the Software Engineering Institute (SEI). The CERT Coordination Center is a part of this program. Before joining the SEI, Hayes worked in the Information Services Department at the Norwest Corporation as an editor of standard operating procedures (SOP) manuals and served as the team lead for SOP editors. Prior to that, he founded Hayes Communications, which offered services such as marketing, fundraising, research, Web page production, and public relations writing. Hayes received a BA in English writing from the University of Pittsburgh. At the graduate level, he has studied rhetoric at the University of Wisconsin at Milwaukee, technical editing at the University of Minnesota at Minneapolis, and technical writing at Carnegie Mellon University. Hayes is a member of the Society for Technical Communication.
For more information
Please tell us what you
think with this short
(< 5 minute) survey.