Monday 17 October 2011

Cyber Detective/Mata-mata Jenayah Maya

An introduction of myself and the development of this field in Malaysia.




In the future, I will share more on digital forensics R&D.
___________________________________________________________________________________
Cyber detective
By EE-LYN TAN

The rise of technology-related crime has brought computer forensic analysts to the fore.

FANCY becoming a crime scene investigator (CSI) in cyberspace? Thanks to television shows like CSI, people are now more aware of what computer forensic analysts like Aswami Fadillah Mohd Ariffin does for a living.

Although what is depicted is not always accurate, the digital forensics head at Cybersecurity Malaysia says television has done a great job of promoting his profession.

“You can't really enhance a poor image with the click of a mouse like what you see on TV. It's a lot more complicated,” says the 36-year-old with a laugh.


ASWAMI: I love how challenging the job can be.
Aswami graduated with an electronic engineering degree from the University of Liverpool, United Kingdom, in 1996, and has worked on several high profile cases.

Recently, he was called as an expert witness in the murder trial of Mongolian Altantuya Shaariibuu. He helped police extract data from handphones, SIM cards and laptops.

Aswami is currently pursuing a Masters of Management at Universiti Malaya, part-time.

My job involves ...

... the use of science and technology to investigate and establish facts in the court of law.

I work with digital evidence, which includes data recovery and code breaking of CD-ROMS, USB thumb drives and handphones.

It is our job to investigate when there are incidents of intrusion or malicious activity such as important data being deleted in systems as well as hacking and fraud.

For example, when a malicious text message is sent, we will retrieve the data and work with the telecommunications company to trace the origin and submit the information for prosecution.

At the end of the day, we are involved in determining whether an individual has been involved in wrongdoings or is innocent.

Analysts are required to detect cyber crimes.
We are also starting to venture into video and audio forensics, which is rapidly developing.

My morning starts with ...

... browsing e-papers to catch up with the latest in technology as it is very important to be updated.

Throughout the day, I'll also have meetings with lawyers to go through any issues or evidence.

Besides that, I will review reports and vet through case analyses with my team of 10 analysts.

I also manage our budget and keep an eye on expenditure.

To qualify, you need ...

... a degree in electronic engineering, preferably with experience in research and development.

Be warned: If you send a malicious text message, computer forensic analysts will be hot on your trail.
A qualification in computer science or computer engineering is also quite common in this field.

A master’s degree is also valued.

We train and mentor new graduates. This is important so that they can then work independently.

It is common for analysts to share and talk about their cases and give each other feedback.

The best person for the job is...

... someone who has a strong personality, is creative, innovative, positive, passionate and patient.

When doing a case analysis, it can get very tense and there is also a lot to do, so it's important to be patient.

Passion is another element that will help because when you're passionate about what you do, the job isn't boring.

As a computer forensic analyst you want to get results and solve cases, so that keeps you going.

This job involves a combination of technology and law so some legal knowledge would help.

But you can also learn the legal aspect on the job so you don’t need prior knowledge.

Prospects for the future ...

... are very bright. I recently attended an international conference and discovered that Malaysia is not very far behind the rest of the world in terms of computer forensics although we are still relatively new in the field.

In the past, we used to have to consult analysts from abroad because we didn't have this expertise in Malaysia.

The demand for analysts is going to grow as the number of “cyber crimes” or computer-related crimes are on the rise.

I love my job because ...

... of its uniqueness. No two cases are alike.

I love the challenge and feeling of knowing that I am learning something new every day.

Besides law and technology, deduction also plays a role – you figure out certain things about people from just their behaviour, which can be very interesting.

What I dislike the most ...

... is when I'm unable to solve a case.

For example, sometimes we are provided with CCTV footage that is of very low quality and there is no way to enhance the footage, which makes life very difficult.

A millionaire by 30?

I don't see why not. We've got millionaire lawyers so why can't there be millionaire computer forensic analysts? (laughs!)

Fresh graduates can expect to earn between RM2,000 and RM2,500 a month.

With education, effort and experience, it's possible to become a senior analyst in two to three years and earn about RM7,000.

But this depends on the individual.

____________________________________________________________________________________

RENCANA UTAMA

Si mata-mata jenayah maya
Kes Altantuya, Lingam pencetus dimensi baru forensik digital negara

SIAPA yang tidak tahu kes melibatkan video klip peguam Datuk V.K. Lingam dan kamera litar tertutup (CCTV) Altantuya Shaaribuu yang hangat diperkatakan kini. Namun tidak ramai yang tahu insan yang kadangkala mengambil masa berminggu-minggu untuk merungkai kesahihan bukti kes berprofil tinggi itu.

Di sebalik pengaruh siri penyiasatan televisyen popular CSI yang menampilkan pelakon seperti Gary Sinise, Melina Kanakaradey Bonaseva dan Anna Belknap, negara kita tidak ketinggalan memiliki penyiasat forensik digital ‘alam maya’.

Wartawan AMREE AHMAD dan MEGAT LUTFI MEGAT RAHIM menyelami ‘dunia’ penyiasat forensik digital bersama Ketua Forensik Digital CyberSecurity, Aswami Fadillah Mohd. Ariffin, 38, di pejabatnya di Seri Kembangan, Selangor baru-baru ini.


ASWAMI FADILLAH MOHD ARIFFIN

KOSMO! Ahad: Anda tidak gentar menjadi saksi pada perbicaraan yang mendapat liputan meluas seluruh negara kini?

ASWAMI FADILLAH: Sebenarnya pihak forensik digital, CyberSecurity bekerjasama dengan semua pihak terutamanya pihak polis dan Badan Pencegah Rasuah (BPR) bagi setiap kes yang memerlukan bantuan kami.

Setakat ini, pihak pengurusan hanya memberi autoriti kepada saya dan seorang lagi pakar forensik digital untuk menjadi saksi pada perbicaraan mahkamah daripada 20 orang kakitangan yang terdapat dalam bahagian kami.

Merujuk kepada soalan anda, saya harus bersedia 100 peratus. Jika tidak lidah akan kelu berbicara saat orang menumpukan perhatian pada saya.

Bagaimana memastikan bahan bukti dalam keadaan baik?

Sebenarnya imej digital yang disimpan dalam kad memori tidak akan rosak sekiranya dipindahkan ke mana-mana termasuk komputer peribadi memandangkan bukti itu dalam bentuk elektronik. Ia akan kekal kerana pemindahan itu dibuat secara keseluruhan dalam bentuk yang tepat.

Isu ketulenan dan keaslian fail serta imej yang disalin dan dipindah tidak timbul kerana semuanya adalah tulen sekalipun ditukar kepada format berbeza.

Kami juga mendapat pengiktirafan daripada Piawaian Teknologi Kebangsaan iaitu sebuah pertubuhan yang membuat piawaian dan mengesahkan semua peralatan forensik.

Macam mana pula alatan yang digunakan?

Saya tidak memilih alatan sebenarnya. Saya akan menggunakan setiap alatan yang dapat memudahkan siasatan yang dijalankan. Apa yang penting, penganalisis itu sendiri harus berfikiran analitikal dan yakin untuk merungkai kesulitan yang dihadapi.

Disebabkan itu ada yang tidak bercuti sehingga dua minggu dan bekerja sehingga lewat malam bagi memastikan kami bersedia dengan siasatan yang teliti dan rapi.

Berapa lama tempoh yang diberi untuk mengendalikan satu-satu kes?

Sebetulnya tiada tempoh masa yang diberikan tetapi saya dan rakan bersedia setiap masa apabila mendapat arahan.

Berapa peruntukan yang dikeluarkan pihak kerajaan bagi menangani ancaman dunia siber kini?

Tiada fakta yang tepat sebenarnya. Jika 2002, bekas Menteri Tenaga, Komunikasi dan Multimedia, Datuk Amar Leo Moggie menyatakan Malaysia mengalami kerugian RM22 juta kerana terpaksa menyelesaikan pelbagai masalah akibat ancaman dan serangan berkaitan ICT, saya yakin angka itu bertambah dari semasa ke semasa.

Setakat ini, seluruh dunia membelanjakan AS$9 bilion bagi menyediakan peralatan untuk menangani ancaman berkaitan ICT dan saya yakin kerugian yang dialami melebihi angka tersebut.

Bagaimana pula kadar kenaikan jenayah siber setiap tahun?

Jenayah meningkat setiap tahun pada perkiraan 40 hingga 50 peratus. Ini berdasarkan teknologi yang semakin berkembang serta kadar jenayah berjalan seiring dengannya. Selain itu, penjenayah semakin licik dengan teknologi. Kita harus sama memantapkan diri dengan ilmu teknologi setiap masa.

Apa pendekatan digunakan penjenayah siber kini?

Penjenayah sekarang bijak. Mereka tidak akan berbincang melalui telefon dan berjumpa semata-mata. Mereka turut menggunakan kod tertentu yang sukar difahami dan kita memerlukan masa untuk mengesan dan mengambil tindakan.

Bagaimana harapan saudara mengenai masa depan dunia forensik digital?

Selaras dengan peningkatan kes-kes yang melibatkan ICT, saya berharap kerajaan dapat menubuhkan Mahkamah Digital seperti di Amerika Syarikat untuk memastikan segala prosiding dapat dilakukan dengan segera dan lebih cekap.