9
May, 2018
tech_term_forensic_computer_400.jpg

Tech Term: Computer Forensics, Defined

tech_term_forensic_computer_400.jpg

Pop culture gives us an impression of what cyber investigations look like. Official-looking people, in impeccable suits, typing away at terminals and analyzing the data scrolling past them on their heads-up displays. In reality, computer forensics (as they are actually called) are a little less dramatic, and much more serious. For today’s tech term, we’ll dig into the field of computer forensics.

What are Computer Forensics, and What Are They Used For?
Computer forensics can be defined as the application of certain specialized techniques to locate and analyze the information on a computer or computer system, protecting it for use as evidence in a trial. Once the requisite warrants have been acquired, a forensic technician is tasked with isolating the device from outside influence by disconnecting it from the Internet before copying every file and poring over their contents for evidence.

The investigator must make a copy of these files so as to preserve the original evidence. Accessing a file can be enough to change it slightly, potentially rendering their evidence inadmissible.

Computer forensics can be leveraged in a wide variety of cases, as any given device may contain evidence of a crime to be, or that was, perpetrated, as well as effectively be the scene of the crime itself. An investigation dives deep, not only focusing on the presence of files, emails, or other documents pertinent to the case on the device, but also on an analysis of these items’ metadata, as it reveals when data appeared on a computer, when it was edited and saved last, and who the user was that carried out these actions.

These methods have been used to crack cases involving a dirty laundry list of crimes, as this sample of their uses suggests:

  • Intellectual Property Theft and Industrial Espionage
  • Employment Disputes
  • Bankruptcy Investigations
  • Inappropriate Email and Internet Usage in the Workplace
  • Regulatory Compliance
  • Forgeries and Fraud Investigations

Alternative Sources of Analysts
Of course, law enforcement are not the only bodies that maintain and utilize computer forensics labs. Six major companies, including Walmart, American Express, and Target, have accredited laboratories, and there are countless other independent labs that have not been accredited. These in-house labs can often outperform traditional law enforcement groups, as they are better able to keep their solutions on the cutting edge.

In fact, these labs are often recruited by law enforcement to assist in solving crimes. Target’s labs have announced in the past that they have assisted with “felony, homicide, and special-circumstances cases” on a volunteer basis for years, a spokesperson claiming in 2008 that a full quarter of cases worked by Target’s laboratory had nothing to do with the company.

How Does Your Technology Compare?
If you want a team on your side that will take as much care to protect your solutions as a computer forensics team does to track down cybercrime, give NuTech Services a call at 810.230.9455.

8
Sep, 2017
fbi_cybersecurity_400.jpg

Essential Cybersecurity Tips From The FBI

fbi_cybersecurity_400.jpg

In 2016 former President of the United States Barack Obama passed the Cybersecurity National Action Plan that implemented near-term action and developed a longer-term strategy of bringing awareness and protections to public computing systems connected to the Internet. The strategy is to make an immediate effort to empower citizens to protect their own privacy, while also maintaining public safety and national and economic security, as many of the most critical systems this nation utilizes are networked on the web.

For the average small business, it is more crucial than ever to avoid the pitfalls that lay on the internet. Victims of cybercrime deal with an endless number of issues, including drops in revenue, data loss, downtime, and fines/restitution if they are unable to keep their networks secure. Below are a number of line-items that the Federal Bureau of Investigation recommends to keep your data secure, and to avoid becoming a victim of the most pressing malware on the Internet today: ransomware.

  • Raise Awareness: Ensure that you make a point to make your staff cognizant of the threat of a ransomware infection.
  • Updates and Patches: Make sure to patch your operating systems, software, and firmware on all of your digital assets.
  • Auto Update Security Software: Lean on enterprise-level antivirus and anti-malware software to conduct regular scans and catch potential malware.
  • Limit Super Users: Ensure that you don’t just hand out administrator access to your mission-critical systems. Managing access is one of the best ways to keep untrustworthy entities out of your network.
  • Access Control: As stated above, access control is essential to ensure that you know who can and should be in parts of your network. If your users only need read-specific information, they don’t need write-access to files or directories, mitigating risk.
  • Filters and Application Control: Deploy software restrictions to keep programs from executing from location where ransomware may be found. This includes temporary folders found to support Internet browsers and compression/decompression programs.
  • Data Backup & Disaster Recovery Plan: Create data redundancy by having a comprehensive backup and recovery plan in place.
  • Multiple Storages: Ensure that each storage unit is stand-alone to avoid major problems with backups and other forms of storage.

Governments absolutely have to have a strategic plan on how to deal with cybercrime, and as a solid practice, businesses should follow suit. If you want to make sure your strategies are top-level, visit https://www.fbi.gov/investigate/cyber/news to see what the FBI is doing to protect their computing infrastructure. For more great security information, subscribe to our blog.

20
Mar, 2017
police_ransomware_400.jpg

These Police Officers Called for Backup… and it was Infected with Ransomware

police_ransomware_400.jpg

The police exist to serve, protect, and enforce the law, but who can we turn to if even the cops are made victim of a cyberattack? This is the question the residents of Cockrell, Texas have to answer, as their police department fell victim to a ransomware attack known as the Osiris Ransomware.

Before you start to worry too much about this terrible new strain of ransomware, you should know that “Osiris” has been identified as a recent version of the Locky ransomware. The police department likely only referred to it as “Osiris” due to their encrypted files all sporting the extension “.osiris.”

This began as many ransomware attacks do; an on-screen message notified the police that their files had been locked, and would only be unlocked if the department paid up the demanded $4,000. As happens far too often, the ransomware was introduced into their system when a member of the department opened a spoofed email that appeared to be an official department communication. In keeping to best practices, the police’s IT department elected to restore the infected server’s files from a backup.

Unfortunately, the backup they had to restore from was taken after their systems had been infected, meaning that all they had were more locked and infected files.

This caused Cockrell authorities no small amount of trouble, as the encrypted files included years and years of photographic and video evidence to be used to prosecute cases. Time will only tell how much of an impact this will have on legal proceedings.

These events serve as a warning to all who rely on data in order to do their job, including businesses everywhere. It is essential to remember that your security is only as good as the people who are given access to your data. Furthermore, it reinforces the importance of keeping more than just one backup of your system. Backing up incrementally, and storing archived backups off site will usually safeguard a business from having the entire backup corrupted in the event of ransomware like this.

Reach out to us at 810.230.9455 so we can optimize your IT to protect you against ransomware and other critical issues.

3
Oct, 2016
pin_theft_400.jpg

Alert: New ATM Scam Can Steal 32,000 Card Numbers Per Machine

pin_theft_400.jpg

Banks and companies that manage automated teller machines, better known as ATMs, have been warned against another method thieves have been utilizing to commit identity theft–by no less than the Secret Service.

Machines in Connecticut and Pennsylvania have been found to have periscope skimmer devices attached inside, especially in those machines with openable lids that provide relatively easy access to the inner workings. The device is placed in such a way as to allow the probe of the device to read the magnetic strip on the card as the machine’s user makes the mistake of utilizing that particular ATM.

Estimates place the device’s battery life at 14 days per charge, with enough storage to collect 32,000 card numbers. Fortunately, the device doesn’t seem to collect PIN numbers, but that is also unfortunate, as it indicates that these devices were possibly part of a practice run in preparation for a real robbery.

Despite the apparent lack of a PIN collection device on this version of the periscope skimmers, it is a good habit to cover the entry pad with your free hand as you input your number on most ATM devices, just in case the thieves have placed a hidden camera on the device, or accessed the native camera, which can capture your credentials as you type.

The new use of chip-based cards won’t help you much, either, as many ATMs still require the magnetic strip in order to accept the card as legitimate.

Unfortunately, as these skimmers are placed internally, there isn’t much of a method of identifying these devices by sight. The best advice to protect yourself from these scams, therefore, is to think a bit like a criminal trying to place a device. Is the ATM in a busy place with lots of potential eyes on it, or is it set aside, secluded and solitary? Is the top accessible, allowing for a cybercriminal to access the machine’s inner workings through the lid? Be on the lookout for all of these suspicious traits.

As a precaution, do your best to utilize ATMs in high-traffic areas, with plenty of eyes around as to serve as witnesses for as many hours of the day as possible. Also, avoid ATMs where the body of the machine may be accessed easily, and use those that are embedded in a wall as often as possible. Those well-lit ATMs that are embedded in the walls of banking institutions are the ideal ones to use, as the high surveillance banks utilize will protect the machine (already well-defended on three sides by the building’s construction) from tampering, as well as you from a cash-machine mugging attempt. Plus, most ATMs also have a built-in camera.

Of course, if dealing with finances pertaining to your business, it may be most advisable to utilize the tellers that aren’t automated, or to handle your banking online behind the online protections that NuTech Services can put in place for your business.

Call 810.230.9455 to discuss the security improvements that we can provide.

26
Sep, 2016
fbi_encryption_400.jpg

According to FBI Director, Privacy is a Misnomer

fbi_encryption_400.jpg

There’s an ongoing debate concerning whether the United States Constitution gives the American government the right to access data held on electronic devices by its citizens. In case they didn’t make themselves heard clearly enough, the director of the FBI, James Comey, has released a statement at Symantec’s Annual Government Symposium. You might not like his answer.

Do you remember the controversy concerning Apple and the FBI? It was a case that swept the country and encroached on unprecedented ground. The FBI demanded that Apple release information on how to unlock an encrypted iPhone that was connected to a terrorist attack, but Apple chose to vehemently refuse the FBI, stating that it would be endangering the entirety of their consumer base by doing so. The FBI threatened Apple with lawsuit after lawsuit, but in the end they were able to unlock the device without Apple’s help.

The popular trend of providing mobile devices with encryption has led to increased complications during investigations, and Comey chose to clarify the Bureau’s stance on the privacy of the typical American citizen. While there has to be a reasonable expectation of privacy in houses, vehicles, and even mobile devices, Comey claims that these expectations can reasonably be revoked in a court of law. He says: “With good reason, the people of the United States–through judges and law enforcement–can invade our public spaces.”

This statement prompts yet another question: how does a personal device qualify as a public space? According to Comey, a mobile device actually can be considered a public space: “Even our memories are not absolutely private in the United States,” Comey said. “Even our communications with our spouses, with our lawyers, with our clergy, with our medical professionals are not absolutely private. Because a judge, under certain circumstances, can order all of us to testify about what we saw, remembered, or heard. There are really important constraints on that. But the general principle is one that we’ve always accepted in the United States and has been at the core of our country: There is no such thing as absolute privacy in America. There is no place outside of judicial authority.”

Additionally, Comey made sure to point out that the FBI has no business telling American citizens how to live and govern themselves, and that the tech companies don’t either. You might recall the open letter that many tech companies addressed to the the FBI last April, demanding that the government cease issuing mandates that would require tech companies to provide encryption keys for their software.

It’s natural that these Silicon Valley giants don’t agree with Comey. In fact, there are even those amongst his peers who don’t believe he’s right on the matter. Nuala O’Connor, the President and CEO of the Center for Democracy & Technology, as well as the first Federal chief Privacy Officer for Homeland Security, is one of them. She says, “He could not be more wrong on encryption.”

O’Connor is hardly the only one of his contemporaries who disagree with Comey. Two other notable former government officials had something to say about the FBI’s stance on encryption, and they both spoke at the RSA Cybersecurity Conference. Former Department of Homeland Security Secretary Michael Chertoff claims that forcing Apple to provide software that can hack into an encrypted iPhone would be like “creating a bacterial biological weapon.” Similarly, Mike McConnell, a former Director of National Intelligence, claimed that “ubiquitous encryption is something the nation needs to have.”

This isn’t a problem that only technology companies have to deal with. It’s something that all users of smart technology (and most technology in general) have to endure. After all, any rulings in favor of the FBI’s stance could be detrimental to user privacy. For example, in the case of Apple creating a software that can crack their iPhone’s encryption, what would happen if this software were stolen and exploited by hackers? It would become a major problem, just like the NSA’s surveillance vulnerabilities that were stolen and sold on the Black Market just this past summer.

In light of Comey’s response, what are your thoughts on the FBI’s stance on encryption? Do you think that government agencies have the right to access devices, despite invading the privacy of its citizens? Do you think that this “greater good” argument holds water? Share your thoughts in the comments.

2
May, 2016
congress_to_hear_arguments_for_ecpa_reform_400.jpg

A Law From 1986 Shouldn’t Govern Email Privacy in 2016

congress_to_hear_arguments_for_ecpa_reform_400.jpg

Are you familiar with the protections in place that ensure that your digital communications remain private? What’s keeping an entity like the government from going through your emails? In the United States, the government uses a loophole in an outdated law to access the digital information they want from its citizens. If you’re concerned about privacy, you need to be informed about such laws and loopholes.

For the US government, this loophole is found in the Electronic Communications Privacy Act (ECPA). Key to this discussion is the fact that the law was originally passed in 1986. We don’t have to tell you how different the technological landscape was in 1986, much less digital communications like email. The loophole to ECPA is that it considers any stored electronic communications over 180 days old to be “abandoned,” and thus, law enforcement agencies can access it after the 180-day mark without a warrant. Obviously, the original version of ECPA was passed without having any idea how dependent the world would become on sharing and storing digital communications 30 years into the future.

Recently, legislative action has taken place to try and close this loophole. CompTIA reports:

On April 13th, the House Judiciary Committee unanimously passed an amended version of the Email Privacy Act (H.R. 699)… The Email Privacy Act would put an end to this outdated 180 day rule and require a warrant for law enforcement to access the content of all stored communications. While the current iteration of the bill is not perfect, we were happy to see that it does not contain a carve out to the warrant requirement for civil agencies, nor does it alter ECPA’s emergency exception procedures.

The idea here is to protect users of email and cloud services, along with the service providers themselves. As society continues to become more dependant upon digital communications, having discussions like this and knowing who has access to your data is increasingly important.

Were you aware of this loophole before reading this article? Do you feel this is cause for concern, or do you not care if the government reads your emails? Share your opinion with us in the comments.