Steve Marshall announces Alabama cybercrime lab
Alabama Attorney General Steve Marshall on Wednesday announced the formation of a new cybercrime Lab located in the Attorney General’s office to assist law enforcement officials in the state with cyber-related investigations. “For law enforcement, investigating cybercrime and accessing digital evidence present real challenges. But these hurdles can be overcome when agencies work together to combine expertise and training,” said Marshall. “The Cybercrime Lab provides cutting edge tools to enable our investigators to more effectively conduct online investigations of criminal activity, ranging from child sexual exploitation and human trafficking to network intrusions and data breaches. Equally important, the Cybercrime Lab will serve as a resource for federal, state and local law enforcement in Alabama seeking assistance in accessing criminal evidence stored on digital devices.” The Alabama Attorney General’s Office was joined by U.S. Attorney for the Middle District of Alabama, Louis Franklin, the Federal Bureau of Investigation, officials with the U.S. Secret Service, U.S. Department of Homeland Security Investigations, the Alabama Fusion Center, and the Alabama Office of Prosecution Services in announcing the new lab. The AG’s office has also joined the Alabama Focus Group on Skimming in launching a new web link for owners of victimized payment card systems and law enforcement for the reporting of suspected debit/credit card skimming devices, the collected information will then be used to investigate and prosecute criminals involved in illegal skimming operations within state. “Cybercrime is ever increasing and touches most people in some form,” added Franklin. “As the level of cybercrime becomes more sophisticated, it is important that our investigative techniques are expansive enough to combat these criminals. This cybercrime lab will give us extra tools in our investigative toolbox to identify and prosecute those cyber offenders.” According to the AG’s office, over the last year cyber agents with the Alabama Attorney General’s Office have already assisted more than 30 agencies in cyber investigations, including unlocking cell phone evidence in homicides, tracking down credit/debit card skimmers, and unmasking criminals behind identity theft cases. These agents have also helped businesses and local governments recover nearly $1 million potentially lost in cyber theft cases. The new Cybercrime Lab will expand the ability of the Attorney General’s Office to conduct such investigative work.
Blake Dowling: Consumers can avoid feeling the ‘email Bern’ by hackers
Debbie Wasserman Schultz got to “Feel the Bern” in the form of a hostile crowd of Florida delegates at the Democratic National Committee. Why were these Bern Victims so fired up? The email scandal of course, which led to Schultz’s resignation. The pro-Clinton digital documentation that was revealed in this breach and scandal is a mess. There are several old school rules of thumb that my grandparent’s used to use which were “make sure to get it in writing” and “make sure to not put that in writing.” You should have the same approach to writing emails. “I don’t care if anyone reads this ever.” If it’s not that, delete. Emails can be sent/forwarded to the wrong people, handed over to the courts, watched by the National Security Agency, and for Debbie and the gang at the DNC, hacked. The DNC realized something was wrong going back as far as April. They brought in a professional security firm to analyze their network; they found a breach, blocked it, but it was too late. The bad guys had been inside their world for a year, and they had already taken everything they wanted. It is suspected that a nation state was behind the hack (Russian-backed cybercrime syndicate – Guccifer 2.0 is suspected), and I was asked by the Orlando Sentinel this week how you stop something like that? (See my Q & A with Paul Owens later this week.) The short answer is; you don’t. If you have the resources to build nuclear weapons and fly in space, you can pile up enough code, hackers, hardware and software to perpetuate a successful cyber threat against anyone. Like Bill Clinton and the intern, it’s going to happen eventually. What you need to be thinking about is how to minimize the threat. Your password is your front line of defense. To those of you that have a password that is a variation of the word password or a word that can be found in the dictionary. FAIL. Those rules from information technology experts have been read over and over: use a number, a capital letter, and a symbol in every password gives you some security. There are software programs designed to auto-hack passwords, and by following these protocols, you might just stop a threat in its tracks. The most common attacks are Trojans, Phishing schemes, denial of service (DOS) attacks, Ransomware/Malware (Cryptolocker), and password attacks/brute force attacks. In conjunction with a strong password, put your email somewhere smart. Don’t use a free hosting service for email. There are a dozen examples of free email, but I will minimize my risk of a nasty letter in the mail and not call them by name. You get what you pay for, both in life and email. Use a cloud platform with a “Tier 4” data center. Tier 4 is defined as critical servers and computer systems in a Data Center, with fully redundant subsystems (cooling, power, network links, storage, etc.) and compartmentalized security zones controlled by biometric access control methods. If you have your email on a local server, make sure a state of the art firewall is deployed, and in all cases have up to date hardware with the latest patches, as well as anti-virus and antispam solutions in place. Lastly, if an attack, breach or theft occurs, have a solid backup of your email and data in place. The Russians, Chinese, the 14 people in North Korea with internet access and the wacko next door could all be potential cyber criminals. You can buy kits on the dark web to become a cybercriminal in about seven minutes. So keep thinking defensively, to that end, another way to keep the bad guys out is “two-factor authentication.” This is a method of confirming a user’s identity by utilizing a combination of two different components. These components may be something that the user knows, something that the user possesses or something that is inseparable from the user. An example from everyday life is the withdrawing of money from an ATM. You have to have a bank card (something that the user possesses, 1 factor) and a PIN (personal identification number, 2 factor) allows the transaction to be carried out. The same goes to logging into a commercial site, when they text you a code to enter. Criminals are not getting dumber, but the average American is; see the Pokémon Go craze if you need further evidence. So when it comes to email, keep your eyes wide-open, and security top of mind. Be safe out there. ___ Blake Dowling is chief business development officer at Aegis Business Technologies. His technology columns are published by several organizations. Contact him at dowlingb@aegisbiztech.com or at www.aegisbiztech.com.
