In Oklahoma, Businesses and LEOs Fight Cybercrime

July 24, 2006
As crimes change, new collaborations form between corporate investigation teams and authorities

Jul. 23--In a small, dimly lit computer lab at the Mid-Continent Tower, Gavin Manes and his examiners look for signs of greed and crime.

It doesn't involve fancy lasers, ultraviolet lights or brushes. They're looking for digital fingerpints -- hidden computer data that might reveal a misdeed that cost a business thousands or millions of dollars.

"We frisk that computer and we find everything. What are your employees doing, not necessarily to steal something from you, that may still cost you money eventually?" said Manes, president and founder of Digitical Forensics Professionals Inc. in Tulsa.

Oklahoma businesses are working closer than ever with authorities and private firms to thwart hackers, data thieves, malicious code spreaders and cyber terrorists.

Oklahoma has some obvious targets: The state's aerospace industry, with more than 40,000 jobs, has close ties with the military. Oklahoma's oil and gas industry has been rejuvenated, and community leaders are pushing development of high-tech firms.

Incidents do happen. In 2003, the Tulsa World reported that Tulsa police got word from the FBI, via an informant, that hackers might be scanning wireless networks of local financial institutions, looking for system weaknesses.

Authorities cited a Web site listing banks and large retail businesses that did not encrypt their wireless data.

Oklahoma is also a part of the national picture.

Organized crime figures from the former Soviet Union are threatening a variety of businesses in the United States, especially the control and accounting systems of the energy sector, said Sujeet Shenoi, a University of Tulsa computer science professor and national expert on cyber security.

Terrorists have also discussed using computers to steal money from businesses to fund their operations, he said.

The number of system intrusion investigations handled by Oklahoma City's FBI bureau has doubled in the past year, said James Adams, FBI supervisory agent in Oklahoma City and leader of the state's cyber crime prevention efforts. He declined to release specific numbers about intrusions.

Additional agents and analysts were deployed in several cities -- including Oklahoma City -- to assist in investigations of intellectual property crime, the FBI said in June.

Federal agents have also been holding monthly cyber-awareness presentations for businesses and industries in Oklahoma, Adams said.

"The threat is out there, every day," Adams said in an interview. "The vulnerabilities to systems, from hardware to software, are known to the bad guys. There's proprietary, personal and financial information, and those are the things they want to obtain and exploit.

"It takes everyday vigilance to protect those systems."

Nationally, cyber crime is a sensitive, under-reported problem for businesses, according to a Computer Security Institute/FBI survey in 2005.

Virus attacks continued to be the greatest source of financial losses, totaling $42 million in 2005. But unauthorized access to systems showed a dramatic increase last year, when such access and theft of proprietary information cost $30 million in losses.

Utility, transportation and telecommunications companies spend the most, per employee, for computer security. Eighty-seven percent of the organizations surveyed -- including governments and private businesses -- conducted security audits in 2005, up 5 percent. But only a quarter of those responding said they have cyber insurance.

The survey warned that passwords, biometrics, anti-virus software and intrusion detection systems "cannot totally reduce an organization's risk of computer security breaches" and the associated financial losses.

One good sign, the survey said, is that financial losses declined dramatically in 2005, to $130 million among 639 organizations willing to esimate losses. That's down from $141 million in 2004 among 269 organizations.

In Oklahoma, the number of Internet crime complaints in Oklahoma spiked to 1,862 in 2005, up from 643 complaints in 2004, according to a database compiled by the Internet Crime Complaint Center.

Seventy-five percent of the complaints involved auction fraud or nondelivery of merchandise or payment.

The database is a cooperative effort between the FBI and National White Collar Crime Center.

Tony Whitledge, former director of the IRS Electronic Crimes Unit, said the corporate focus on securing data is an evolution, and sometimes a business "has to get beat up pretty bad" for executives to pay attention.

"You take a large corporation that's aware of threats, or taken a hit, and they will have security staff and do a pretty good job of securing their network and resources. But take a very small business that hires someone to put a network together, and they may not be security-aware at all," said Whitledge, who now runs his own computer forensics firm in Washington, D.C.

In the future, Adams said, the FBI wants to work closer with some 200 Oklahoma companies that handle government contracts.

"We want to stand next to a company that becomes victimized through a computer intrusion," he said. "We want to locate the bad guy, and we want to go after them.

"The efforts made by us here in Oklahoma are, hopefully, changing things to where industry and governments feel more comfortable contacting law enforcement."

In cyber space, the major line of defense for Oklahoma businesses is Oklahoma InfraGard , a nonprofit partnership between the FBI and the private sector.

Any attacks or intrusions on corporations in Oklahoma are reported to InfraGard. The chore of extracting information from computers can be referred to private forensics firms, or to one of the FBI's Regional Computer Forensic Laboratories across the United States.

The labs closest to Oklahoma are in Kansas City and Dallas.

Founded in 2002, Oklahoma InfraGard has more than 400 members, the fourth-largest chapter in the nation, Adams said. The memberships include public and private businesses, colleges and universities, tech companies, public utilities, police and other organizations. There are InfraGard chapters in all 50 states.

InfraGard is an outgrowth of partnerships, the most important change in the FBI since the terrorist attacks of 2001, FBI Director Robert Mueller has said. Until 2003, "cyber investigations were conducted on an ad-hoc basis."

Originally, Oklahoma InfraGard was formed so members could share vital information intended to protect critical infrastructure, including gas, oil, electrical, water, financial, transportation, telecommuncation and emergency-service facilities.

Today, the group also spends time discussing, in private, security problems facing their businesses.

Dan Biby, an InfraGard board member, said businesses are taking more precautions.

"Firewalls, secure networks, security policies and education of employees are all helping us thwart attacks," said Biby, who is also president and founder of Brookside Group, a firm that helps businesses prepare and respond to disasters.

"There's continual, 24/7, 365-day-a-year activity that must be in place to maintain that security. And budgets are tight," he said.

David Daniels, an InfraGard board member and co-owner of a Bixby-based Web hosting company, Internetworks, thinks businesses are taking more initiative to protect themselves. Firewall and anti-spyware products are going in the shopping cart with new computers.

"Two or three years ago, I heard a lot of individual clients who said they don't care if someone else sees their stuff," Daniels said. "That turned around two years ago, when worms took over other people's computers and were sending out spam."

Digitical Forensics Professionals, founded in 2004, works closely with banks, oil and gas companies and other sectors, along with local police departments and the Oklahoma State Bureau of Investigaiton.

According to Manes, insiders with too much access to data are the biggest liability to Oklahoma businesses. IT staff should be closely monitored, Manes said, since they "have the keys to your kingdom. You've got to lock down the perimeter and look at who's getting access."

Another mistake, Manes said, is that businesses don't enforce their computer use policies. For example, employees who e-mail themselves work files and information to Hotmail or Yahoo accounts at home are taking their work outside corporate protection, he said.

Managers should also tailor their computer-use policies to the needs of their business.

"There's a right fit for your company. And it doesn't come from going to a Web site and downloading someone else's computer use policy in your industry and saying, 'Bam, now I've got a policy,' " Manes said.

Cyber terrorism is another major concern for businesses.

In theory, anyone with knowledge and a satellite phone could cause power and phone outages, adversely impact refinery operations, fire missiles from a Navy ship or shut down FAA systems -- affecting not just four planes, but 400 or even 4,000 at a time, Oklahoma's Joint Homeland Security Task Force has said.

The TU Cyber Corps program has been training what it calls "elite squadrons" of computer security experts to be the country's first line of defense against global cyber threats. The program has received millions of dollars in federal grants.

The Center for Information Security, which provides institutional research, education and outreach efforts in information assurance and forensics, is also located at the university and is the lead agency for Cyber Corps.

TU's Shenoi said there's still a lot of room for improvement.

"If you protect the hardware and software, but not data and people, you'll still have a problem," he said.