Data Matching for Financial Transactions

November 25, 2008 — 585

UK law enforcement agencies are stepping up the use of data matching to trap money launderers and terrorist finance operations using information gleaned from the Suspicious Activity Reports (SARs) which banks and other financial institutions are required to file.

The development is revealed in the latest report on SARs activity from the Serious Organised Crime Agency, which said that the acquisition of further data matching tools by the UK Financial Intelligence Unit (UKFIU) will enable the bulk export and import of data and “allow a better, more timely and proactive service to be provided to law enforcement”.

The annual report issued on behalf of the SARs Regime Committee insisted that the activity meets the requirements of the Data Protecction Act.

But it revealed the intention to widen its scope and invite suggestions for data matching exercises “from a wide range of bodies, beyond the traditional law enforcement community. The UKFIU will select the data sets to match on a case by case basis.”

It urged “reporters”, including accountants, financial advisers, money changers and others as well as the banks and financial institutions, to provide “full and correct data [in the datasets used for matching and in the information submitted in SARs] to assist with this and ensure the effectiveness of such exercises”.

The vast majority of reporters now file SARs electronically, and the committee has dropped plans to require this from the remaining handful using paper methods.

The UKFIU has launched a procurement process to increase the use of IT to enhance activity in a “SARs transformation” process due to be rolled out next year

Source

Posted in Forensics, UK Law. Tags: . No Comments »

Ever wondered why you get Junk Mail at your new home?

November 25, 2008 — 585

Ever wondered why you get Junk Mail at your new home? Its because your local council sells the details to junk mail companies.

In fact selling the electoral role is a pretty steady income for most councils.

Currently the Ministry of Justice are in discussion about banning this practice, but the MoJ have stated that they will look at the overall effect of just a ban “not just on the individual but the economy as a whole”. Which makes the ban unlikely. Also the junk mail industry has never reacted well to such a suggestion, stating, amazingly, that such an action would not be “environmentally friendly”!

Its nice to know that the MoJ have our data nicely protected, after they have lost so much of it.

Tags: ,
Posted in Data Misuse, UK Law. Tags: . No Comments »

Progressive disk size limitations.

November 24, 2008 — 585

PC-XT limit                                                                10MB

FAT12 – {Floppy or DOS 1 HDD)                          16MB

FAT16 (DOS 3, 1 sector/cluster)                            32MB

Interrupt 13 (Hardware)                                            528MB

FAT16 (DOS4+)                                                       2048MB

BIOS limitation (8 bit head max out @256)           4024MB

Int 13 + LBA limitation                                              8096MB

Ext Int 13+LBA                                                          137GB

Win XP FAT32 Limitation                                        32 GB            

Posted in Forensics. No Comments »

$350 per Card 15 million Cards

November 24, 2008 — 585

According to research published by Symantec, currently there are around 15 million stolen credit cards available for purchase on the “internet underground”, and the average amount stolen per credit card is $350.

From this Symantec have extrapolated out and calculated that there is around $5.3 billion of illegal “credit” available.

There  many of these 15 million credit cards will be closed down,by the owner/bank, before any money can be spent on them.

 

 

 

Tags: ,
Posted in Data Theft. No Comments »

More IT Threats?

November 23, 2008 — 585

According to the latest Internet Threat Report, it is predicted that 2009 will see an increase in politically motivated attacks such as attacks on Georgia.

This matches up with the reports by the US Congress and the attacks reported on NASA (both which blamed the Chinese for information warfare attacks).

Tags: , ,
Posted in Data Theft. Tags: . No Comments »

Lectures: Evidence and Procedure

November 23, 2008 — 585

Lectures on Evidence and Procedure

Lecture 1: Legislation and Procedures: Civil and Criminal Laws

Lecture 2: Evidence, Exhibits, and Chain of Custody

Lecture 3: Legislation and Procedures: Search and Seizure

Lecture 4: Legislation and Procedures: Planing an Investigation and Ethics

Lecture 5: Evidence and Procedure: Court Systems

Lecture 6: Evidence and Procedure Practical

Tags: , , ,
Posted in Forensics, UK Law. Tags: , . No Comments »

Data Theft: NASA

November 23, 2008 — 585

It has been revealed in 2008, that NASA was the victim of hackers in 2005, who, allegedly stole data about the shuttle

In April 2005 hackers accessed NASA’s famous space center in Florida – Kennedy Space Center .

During this time a program called “Stame.exe” was installed on the computers and collected information about the shuttle and sent it back to Taiwan, which has, of  course, close links to China (willingly or otherwise).

This news comes at the same time as news of the Congress report is into the dubious activities of China is released. Coincidence

Tags: , , , ,
Posted in Data Theft. Tags: . No Comments »

Data Theft: From the US by China

November 23, 2008 — 585

The US Congress has warned that US defence documentation, from contractors, have been stolen, by the Chinese.

This is a pretty big claim to make, but one that they have backed up over the years and they have not been subtle in the claim. The report available here, and down loaded here, makes several interesting claims including:

Page 162:“U.S. computer security authorities detected a series of cyber intrusions in 2002 into unclassified U.S. military, government, and government contractor Web sites and computer systems. This large-scale operation, code named Titan Rain by the U.S. government, was attributed to China.”

Page 164:“China has an active cyber espionage program” and “Many individuals are being trained in cyber operations at Chinese military academies”

Page 166: China’s strategists believe the United States is dependent on information technology and that this dependency constitutes an exploitable weakness”

Information warfare, coming to a cinema near you?

Tags: , , , ,
Posted in Data Theft. Tags: , . No Comments »

$1 billion data theft – From Intel

November 23, 2008 — 585

It is alleged that highly secret technical documents were stolen from Intel, with a total value of $1 billion.

13 top secret Intel documents were down loaded by Pani Bishwwamohan, and Indian technical employee of Intel. These documents were accessed just before Pani joined Intel’s arch rival AMD.

The value of those documents, presumably in R&D time is put at $1billion.

At the first hearing Pani pleaded not guilty

Tags: , ,
Posted in Data Theft. Tags: . No Comments »

Link File

November 22, 2008 — 585

Link Files, also known as shortcut files, have the extension LNK and are most commonly found in the “recent” folder in the users profile. A user can double click on these and it will open document it points to.

Other LNK files can be found in the System Restore and office folders. Link files are very useful as they contain a wealth of data other files.

Every time a file is opened, be it a word document, a text file, or a picture, LNK file is created, with the name of the file and placed in the “Recent” folder of the users profile.  This link file has 4 dates in the MFT (Created, Last Written/File Modified, Accessed, Entry Modified/MFT entry modified).

For example if the Word Document “Hello.DOC” was opened on 1st Jan 2008 then the hello.doc.lnk is created, as it has just been created its four dates would all be 1st Jan 2008.

While this information is not particular exciting, that data WITHIN the LNK file is.

Inside the LNK file are the following fields:

  1. Creation date of the file it points to
  2. Access date of the file it points to
  3. Modified data of the file it points to
  4. File path of the file it points to
  5. Size of the file it points to.

There are also other fields, but these are not relevant at this point.

Therefore if the word document “Hello.DOC”, was created on 1 June 2007, modified on 1st Oct 2007, and then accessed 1st Jan 2008 – all of that information would be stored within the LNK, as would its location.

Even if a file has never been on the computer where the link file was, e.g a file on a server, or a removable media, then the LNK file will still retain this information.

This allows a forensics investigator to gain information about files that were never on the computer they are examining.

 

 

 

 

 

 

 

 

Tags: , ,
Posted in Forensics. No Comments »
« Older posts