College's center takes a byte out of cybercrime

Coursework focuses on managing threats to computer systems

`Anyone can fall victim'

Anne Arundel

September 24, 2001|By Stephen Kiehl | Stephen Kiehl,SUN STAFF

The most advanced technology for getting a message into enemy territory was once to shave the head of a slave, write the message on his scalp, then wait for his hair to grow back before sending him out.

Bob Ward related this story last week to the first class of sleuths at Anne Arundel Community College's new Maryland Cybercrime Center of Excellence. But intercepting enemy communications, they are learning, now takes tools more sophisticated than clippers and razors.

At the cybercrime center, one of the first of its kind in the state, students learn new methods of uncovering and unscrambling secret messages, whether hidden in computer graphics or music files. Such work has gained new urgency: The FBI believes that the hijackers involved in the terrorist attacks nearly two weeks ago coordinated their efforts through encrypted e-mail messages.

Ward, the teacher of the first course, said that doesn't surprise him, given the plentiful free programs on the Internet that scramble and hide messages.

"Why would that not be the case?" said Ward, who is a security systems engineer. "I don't want anybody else reading my e-mail, so I use an encryption program. Anybody can do it."

Last week, the community college began offering a series of six courses that bestows the title "cybercrime specialist" on those who complete it. The college is working with the National Security Agency to earn certification for the program.

Business executives, lawyers, law enforcement officers and government workers signed up to learn ways to detect, combat and prevent an increasingly costly form of crime. They sat at rows of computers and explored the weak points of networks.

Companies are spending billions of dollars to fight cybercrime and losing billions more to cybercriminals, according to the FBI and to surveys of businesses and federal agencies. Computer viruses cost companies worldwide more than $17 billion last year, according to Computer Economics, a California research firm.

Despite the losses, law enforcement agencies have been slow to respond to the threat of cybercrime, experts said.

"For a while, it has been thought of as a novelty and not a serious threat," said Neil Johnson, associate director of the Center for Secure Information Systems at George Mason University in Fairfax, Va.

Not anymore.

As more becomes known about how the attacks on the World Trade Center and the Pentagon were planned, Anne Arundel Community College officials expect interest in their cybercrime center to increase.

"This is obviously a huge need in the work force, to bone up on cybercrime and how to prevent it, investigate it and detect it," said Koh Herlong, project manager for the cybercrime center.

The cybercrime courses aren't your typical community college fare. They're targeted at professionals, run three to five days, and cost as much as $2,200 - much more than the college's standard tuition of $60 a credit hour.

One of the six people who took last week's course, "Principles of Information Security and Protection," was John Taylor, a police officer at the University of Maryland, Baltimore County. He said the UMBC computer network, with thousands of users, is tough to police. He hopes the course will help him protect the network and investigate crimes such as e-mail harassment.

"With a system as big as ours, anyone can fall victim to a criminal element," Taylor said.

The cybercrime center was developed with the Windermere Group of Annapolis, which provides data-security services to 15 federal agencies and more than 100 companies. The courses are taught at Windermere's headquarters on Defense Highway in Annapolis.

The center includes a computer laboratory and a mock courtroom, where students will study how to handle evidence and try cybercrime cases.

That course will be taught by Nina Santucci, general counsel for Windermere. She said some of the most frequent cybercrimes involve embezzlement and the theft of trade secrets.

"Now it's not just that disgruntled employees take home pens from their desk," she said. "It's stealing funds from your company."

Sophisticated decryption tools will be presented in a later course, "Data Hiding and Steganography," to be offered in the spring. Computer steganography is the hiding of messages in graphics, pictures and e-mail headers - a new twist on what ancient civilizations did by shaving their slaves' heads to conceal messages.

"There are a number of tools freely available on the Web to do this," Johnson said. "Some give step-by-step instructions on how to hide information."

The suspicion that plotters of the terrorist attacks might have encrypted their messages has led several lawmakers to call for tighter restrictions on computer software that scrambles data.

But those efforts run up against privacy rights and civil liberties, computer experts say.

"I can understand why they'd want to do that," Johnson said, "but it would be extremely foolish. These [encryption] tools are used around the world for international trade. It's a legitimate business, not just for terrorists."

Baltimore Sun Articles
Please note the green-lined linked article text has been applied commercially without any involvement from our newsroom editors, reporters or any other editorial staff.