Crime Lab Casts Net Ahead of Cyber Criminals

By Judith Snyderman
Special to American Forces Press Service

Dec. 15, 2009 - Public fascination with television's "CSI" forensic detectives and with the virtual reality depicted in the "Matrix" films may be partly responsible for the high level of interest garnered by a Defense Department contest to solve cyber crimes. The Digital Forensics Challenge was created by Jim Christy, director of future exploration at the Defense Department Cyber Crime Center, better known as DC3.

"We had 1,153 teams play from 61 different countries [in this year's contest], so it was kind of amazing," Christy said in a Dec. 9 "Armed with Science: Research and Applications for the Modern Military" podcast interview.

Though contestants work on invented puzzles, researchers harvest real crime-solving tools from their efforts. Those tools can help them stay ahead of criminal activity ranging from hacking to espionage to child pornography.

Christy is a veteran in the field of solving digital crimes. In 1986, at the dawn of the digital age, he cracked his first major case.

"We had five hackers from West Germany that were working for the Soviet KGB and hacking [Defense Department] systems," he said. Christy soon realized the emergence of a new risk associated with storing information on computers instead of on discrete pieces of paper tucked away in file cabinets. "Unclassified information in aggregation can have an impact on national security," he said.

Today, he said, virtually every aspect of every crime has a digital component.

"Everybody has a PDA, everybody has a smartphone, everybody has a GPS device, and I don't know too many people who don't have a computer in their office and a computer in their house," Christy said.

Four years ago, the DC3 was receiving broken CDs from Afghanistan and Iraq. Since they didn't have the tools to recover data from the disk fragments and were short on resources, Christy started the digital challenge to cast a wide net for solutions.

"When people registered, we'd send them a broken CD knowing what was on it, and 11 teens actually came back that first year with a solution," Christy said.

This year's challenge was more difficult because entrants were not told exactly what they were looking for, said Curt Barnard, a cyber operations graduate student at the Air Force Institute of Technology. Bernard is part of a civilian cyber corps fellowship program connected to the National Science Foundation, and he's a member of the team that recently won the 2009 Digital Forensics Challenge.

"They gave us a hard-drive image and told us to look for evidence regarding a crime," Barnard said. He said it took a standard forensics tool kit plus free programs and some original computer programming scripts written by team members to complete the analysis and decipher hidden information.

DC3 ran this year's contest in partnership with the SANS Institute, a high-tech security firm, and a cyber crime group called IMPACT. Bernard and his teammates won a trip to DC3's upcoming cyber crime conference that starts Jan. 22 in St. Louis.

But the real reward may come after DC3 completes testing the investigative methods developed by a number of teams in the competition.

"Part of forensics is to be accurate, repeatable, and predictable," Christy said. "So everything has to be really documented well so that another forensic examiner can pick up your report and come to the same conclusion, with the same evidence."

DC3 shares its new discoveries and tools that are proven to work with the law-enforcement and digital-forensics communities. After more than two decades solving cyber crime, Christy said, he's learned never to become complacent.

"If you don't like change, you don't want to be in this environment," he said. "You always have to strive to look at the next threat that's coming down the pike -- what is the next vulnerability that's coming down the pike, and how do we address it? Because, unfortunately, we don't solve cases like they do on television, in 15 minutes."

(Judith Snyderman works in the Defense Media Activity's emerging media directorate.)