ITWales.com

INTERVIEW: Neil Barrett

Staff Writer


Professor Neil Barrett

ITW: You are currently visiting fellow of Computer Crime at the University of Glamorgan can you tell us something about the work being carried out there?

NB: The University of Glamorgan runs one of the very few graduate courses covering the subject of computer crime. The course teaches the disciplines of information security, the recovery of digital evidence, the analysis of that evidence and its presentation in court. Given how many crimes now involve this form of evidence - where the computer has been the victim, the tool or a witness to the crime - then this is a very important field, and the students on the course will be particularly well-armed with expertise in handling the problems.

As well as the teaching, Glamorgan university also provides a service to the local police in Wales, analysing computer evidence in a wide variety of cases. At the end of this month, for example, I will be appearing in court in Swansea to present evidence in an Internet paedophilia case, evidence that was initially recovered by the team at Glamorgan.

And finally, the members of the Glamorgan group also carry out research into new ways of obtaining and analysing such evidence from a variety of different kinds of device and media. The work of this group is recognised as being particularly useful, not simply to the Welsh police to law enforcement as a whole.


ITW: How seriously should small businesses be taking IT security?

NB: Much more so than they do now. IT security enables businesses of all sizes to be confident in the confidentiality, integrity and availability of their information - that their secrets stay secret, their data is accurate, and that it is available for processing when they need it to be. And from the perspective of their customers, that their credit card details are protected, that the information stored about them is accurate, and that the systems are accessible to them over the Internet 24 by 7.

When any small business suffers a security breach - when web pages are defaced, databases rifled, viruses intrude - it is by no means uncommon for that company to suffer severe losses. This is in terms of lost revenue resulting from the problem, the costs of repairing the problem and, in many cases, the lost revenue potential as customers lose confidence in the business. Many small businesses collapse following such events - events which good information security would have prevented.


ITW: Currently, what percentage of computer crime is being investigated/punished? Does government need to act to strengthen laws relating to computer crime?

NB: The laws themselves are actually very strong already: only denial of service attacks are not explicitly covered by the criminal laws at present, and there are already steps being taken to correct that failing.

As to the percentage investigated and punished, nobody in truth actually knows. Only a relatively low percentage of computer crimes are ever reported to the police - my own experience suggests that the police only hear about 1 in 15 of the serious crimes that might be handled by companies internally. This is improved somewhat by the National High Tech Crime Unit's 'intelligence' work - in which they offered confidentiality to companies that would report incidents even when they weren't seeking to press charges. This has provided an increased visibility of the scale of the problem, important if the police are ever to receive the resources that they need to tackle the problems properly.

Of the crimes that are reported for investigation, only a low percentage of this is actually punished. The punishment under the Computer Misuse Act is quite light in comparison to the damage that might be caused, and many prosecutors seek only a small number of charges under the first section of the act - carrying low fines and community service sentences in the main.
The exception to this is where the crime relates to Internet paedophilia, where the punishment is much more severe and therefore much more effective.


ITW: If your computer is hacked/attacked what actions can you take and is jurisdiction a problem when it comes to investigating crime by an international?

NB: If your computer is hacked, the first decision to take is whether to report it or not. If you believe that there is a serious enough situation, the first step is to contact the local police force and to report it as an offence. Wales is fortunated in having the High-Tech Crime Unit (Wales) based in Swansea, with wide experience of these investigations.

It is important if you intend to press charges that you seek to protect the evidence on the computer, so if possible remove the hacked computer from the network and protect it from changes until it can be examined by experts.

Jurisdiction can be a problem, but it's a problem that we are used to facing. There is substantial international cooperation between police forces now, following the work of the G8 working groups on the problem to ensure that there are no 'Safe Havens' for internet criminals. So, the international element may well prove a headache in terms of obtaining the evidence quickly, but it will not prove a block to obtaining it in due course.


ITW: A lot of commercially available firewalls prevent hack attacks, however the pop up messages about 'someone is attacking your computer' frighten and annoy internet users.
Is there any point in your average PC user knowing that they're under attack and that the firewall has stopped it?

NB: That's a hard question to answer, since it depends on the person. Personally, I prefer to know - at least for the serious attacks - but I know that others prefer not to be bothered by things already handled by the firewall. For most people - that is, most non-IT security people - it's probably best not to raise those alerts for inbound traffic.

For outbound traffic, however, I think it is vital that all users know. The outbound traffic results from a virus or worm which has managed to infect the computer with a backdoor through which a hacker can connect. The first alert (assuming that the antivirus has been bypassed) will be the connection request alert on the outbound connection - even the most inexperienced of users will need to know that something has happened and be given the chance to prevent it.


ITW: An interesting aspect of computer security and forensics is that many people working in the field apparently started out as hackers. How would yo u suggest someone who wanted to work in this field could get started, without breaking the law or upsetting their local sysadmin?

NB: Get training... Which is why the course at Glamorgan is so very important. It takes people with a relevant degree and trains them in all aspects of information security and investigation measures. It really is the best approach for someone who wants to go through this route without either joining the police (to investigate such crimes) or the criminals (to perform such crimes).


ITW: How can we ensure that as computer crime levels increase the number of professionals is sufficient to investigate or help prevent it?

NB: By making information security a core element of the ICT teaching in school; by encouraging universities to provide information security training as a part of general computer science education; and by making the computer operating systems themselves less vulnerable to such attacks.


ITW: On a lighter note.. Gary Glitter taking his laptop to PC World and asking them to "take a look" when he knew it was loaded with child pornography was obviously not the best thing for him to do. What's the most bizarre thing you've seen anyone do in your career?

NB: Most bizarre? Well, I once worked on a commercial case to investigate someone who had downloaded pornography onto his work computer. When we analysed the computer, we found lots of pornography, but also a lot of photographs that he'd taken of himself. The most hilarious were where he'd dressed up as a baby, with a nappy and bonnet, and was being breast-fed by a
pretty wet nurse he'd talked into taking part... Given that he weighed-in at a very hairy twenty stones it wasn't a pretty sight - but I guess it takes all sorts, doesn't it?

Neil Barrett delivered a public lecture entilted 'The Legal and Evidential Issues of Computer Crime' on 16th November at the University of Wales Swansea for more information click here

Home, Services, Events, Features, Interviews, Profiles, Reviews, News, Resources, Press