Brussels, 06 Nov 2003
Society is rapidly becoming wired, buying and selling goods and services with the touch of a button. But cyber-space's convenience is also its Achilles heal – giving criminals unrivalled access to private financial information. With the launch of its on-line evidence kit CTOSE, the EU will sniff out the crooks.
E-criminals had better watch out
The Web offers unbridled freedom to exchange information and conduct transactions for a growing range of products and services. But, for many, the uncertainty of such transactions is a major deterrent. The European Commission and its partners have developed a way of handling electronic information to protect against on-line fraud and, in the process, build up society's faith in the Internet.
Just as a mechanic needs his tools to be within easy reach, the new technique puts all the necessary parts of an investigation into a 'computer incident' at the disposal of the respective authorities – whether they be systems administrators, IT security staff, police or court officials. The EU-funded project CTOSE (Cyber Tools On-line Search for Evidence) has developed a framework of best practices for identifying, collecting, analysing, storing and presenting electronic evidence.
"Cyber-crime hides behind our computer screen, and in the wires of global communication networks and services," said European Research Commissioner Philippe Busquin in a statement to mark the completion of the computer forensic tools. He stressed that, while business is a prime target, public authorities and even individuals are vulnerable to computer fraud, hacking and viruses. This weakens trust in the Net as a means of conducting business.
"Millions of e-mail inboxes and networks have recently been crippled by computer viruses. This innovative methodology developed by the Commission will not only help combat cyber-crime, it will also increase user confidence in carrying out secure transactions in everyday life," said Mr Busquin.
The weight of evidence
The CTOSE project came to fruition in September thanks to the combined efforts of industry, research institutes and the EU. French telecommunications and security specialist Alcatel and UK security company QinetiQ worked with researchers at the universities of Namur (BE), St. Andrews (UK) and Stuttgart (DE). Representing the Commission were the Joint Research Centre's Institute for the Protection and Security of the Citizen and the Information Society Technologies division.
A major contribution to the success of the project came from some 50 experts in the domain – the so-called 'special interest group' – whose specialist knowledge included computer law, high-tech forensics and the IT security situation in financial institutions. The next step is to make sure the new methods and tools – which include a cyber-crime advisory tool, a legal advisor and demonstrations of cyber-attacks – are further developed and applied.
"The global nature of such [on-line] abuses makes co-operation at European level essential for developing systems – legal, scientific and technological – which get tough on criminals," concludes an EU publication entitled 'Forensic science'. For further reading on EU forensic research and activities, the November edition of RTD info includes a feature entitled 'The scientist and the inspector'.