Month: January 2019

With the addition of five new forensic labs, STRmix™ – the sophisticated forensic software used to resolve mixed DNA profiles previously thought to be too complex to interpret – is now being used by 43 federal, state, and local agencies in the U.S.

The five new agencies now using STRmix™ to resolve DNA profiles are:

• The South Carolina Law Enforcement Division, which provides manpower and technical assistance to law enforcement agencies and conducts investigations on behalf of the state;
• The Colorado Bureau of Investigation, which performs forensic and laboratory services and criminal investigations at the request of local and state law enforcement, agencies, and district attorneys;
• Bode Cellmark Forensics, which serves the law enforcement and identification markets and provides both state-of-the-art human DNA analysis and innovative DNA collection products;
• Nebraska State Patrol, Nebraska’s only statewide full-service law enforcement agency, serving the state since 1937; and
• University of Nebraska Medical Center Human DNA Identification Laboratory, which provides methods for determining the person of origin for biological specimens to resolve issues of parentage and suspected specimen misidentification, and provide physical evidence for law enforcement agencies and private attorneys.

“STRmix™ software has greatly improved the usability of DNA. Agencies, for example, are reporting an uptick of interpretable DNA in gun cases from approximately 40% to more than 70%,” explains John Buckleton DSc, FRSNZ, Forensic Scientist at the New Zealand Institute of Environmental Science and Research (ESR). “As a result, evidence is available in a much higher fraction of criminal cases than in the past.”

Dr. Buckleton, who developed STRmix™ in collaboration with ESR’s Jo-Anne Bright and Duncan Taylor from Forensic Science South Australia (FSSA), adds, “We need to help labs, prosecutors, and defenders to achieve justice outcomes and avoid labs making extreme efforts to clear cases, but obtaining uninterpretable results.”

According to Dr. Buckleton, this is particularly true with respect to sexual assault cases. Pointing out that labs increasingly are being asked to clear their Sexual Assault Kit backlogs, he notes, “Given the considerable resources being invested in materials and staff time to clear those backlogs, we need to help labs to increase the outcomes from their investment with a higher rate of interpretable results.”

To date, STRmix™ has been used successfully in numerous U.S. court cases, including 28 successful admissibility hearings. It is also in various stages of installation, validation, and training in more than 60 other U.S. labs.

Internationally, STRmix™ has been used to interpret DNA evidence in more than 100,000 cases since 2012. It is currently being used in all nine state and territory labs in Australia and New Zealand, as well as 11 forensic labs in England, Scotland, Ireland, Finland, Dubai, and Canada. The code for three versions of the software has now been independently examined and in all cases admitted.

STRmix™ Ltd. introduced a new version of the software, STRmix™ v2.6, in August 2018. The new version features a user interface that has been completely redeveloped and refreshed, providing users with vastly improved usability and workflow. Version 2.6 also enables a range of contributors to be entered when performing a deconvolution, and any type of stutter to be added and configured.

For more information about STRmix™ visit www.strmix.com.

(125)

A new year is the time for lots of pledges of how things will be done differently: new targets to meet, processes to drive forward and the chance to make positive changes.

It’s not surprising that the information and cyber security industries aren’t exempt from this, as it’s no secret that both industries faced more than a few challenges last year. First came the build-up and introduction of the General Data Protection Regulation (GDPR) in May 2018, putting severe fines in place for any future data breaches. Then there was the challenging political and economic climate, the scare of being the next victim of a high-profile data breach and the rise of new technology such as Artificial Intelligence (AI) and machine learning to contend with. All in all, it wasn’t an easy year.

However, the volume of data breaches alone is not the shocking factor, and should no longer be the focus for any CISO looking to make a difference to their organisation’s cyber security strategy. The difference now is the size and scale of the data breaches and the nature of the sensitive and critical data stolen; hackers have moved on from email addresses to instead seek out passport numbers and CVV data from credit cards, and are able to spend far longer strolling around an organisation’s network without being detected. Take the Marriott International data breach from November 2018 as an example; hackers had been able to access the network for four years with no unusual activity detected or any alerts raised. It has since been revealed approximately 5.25 million unique unencrypted passport numbers were part of the vast volume of data stolen.

Supporting IT evolution

Networks can quickly become a web of users, devices and applications, all requiring different access controls and requirements to keep the data safe. In line with this, organisations have evolved beyond perimeter-only security models to increasingly lock down data – both at rest and in motion. A fundamental part of this is encryption, but to be effective, encryption must enhance, not constrain IT evolution.

However, embedding cyber security solutions into an organisation’s network creates a number of challenges in itself: higher complexity, scalability becoming a real headache and key management and key rotation becoming almost impossible across large estates. What’s more, as organisations have layered technology on top of technology, the technology stack itself has become complex and huge amounts of resources and operational overhead are needed to manage it. In today’s digital world where flexibility and business agility should be at the top of the agenda, having an unresponsive security solution tied to the network is just not an option; it creates a static environment, uninviting of innovation and new technology.

Introducing Information Assurance

Encryption needs to be deployed as a function within an Information Assurance (IA) security overlay, on top of an organisation’s existing network and independent of the underlying transport infrastructure. This makes the network itself irrelevant, with emphasis instead placed on applications and IA posture.

This approach also has economic and commercial benefits. Taking security intelligence out of the network allows it to focus on its core task: managing and forwarding traffic. With routers and switches no longer needing large security feature sets, organisations can save money and resource and invest this in a true IA security posture with data protection at its core.

Additionally, by introducing a software-defined approach to data security ensures the data is protected in its entirety – regardless of whatever network or transport it goes across. The approach enables a centralised orchestration of IA policy and centrally enforces capabilities such as software-defined application segmentation using cryptography, key management and rotation. Segmentation brings further benefits through its ability to block lateral movement once an attacker has breached the perimeter defences.

It’s no secret that key changes to security strategies throughout 2018 could have prevented or reduced the impact of numerous high-profile data breaches, and it all comes down to a change in mindset. Rather than thinking of network security, the emphasis instead needs to be placed on data security and IA, with security deployed as a network overlay. So, as the new year begins to get into full swing, now is the time to make changes and see what the benefits will be.

Dan Panesar, VP EMEA, Certes Networks

(31)

(45)

(130)

In light of the recent breaking story about Google, where they were fined by the French regulator £44 million, below is comment from cybersecurity firm Veracode’s director of solutions architecture (EMEA), Paul Farrington.

Google one of the biggest handlers and processors of data in the world has been subjected to a huge fine of 50 million euros (£44m) for violation of regulation set about by GDPR. The French data regulator CNIL has made an example of Google for their breaches in failing to provide adequate transparency and obtaining valid consent. Veracode believes this fine is the start of a challenging 2019 for businesses when it comes to compliance. 

With International Data Protection Day soon, it should come as timely reminder organisations must get their houses order with data protection and governance. Better data protection can be achieved through four key practices: Visibility, Security, Integrity and Recovery. Failure to adequately adhere to GDPR can see organisations being handed financial penalties like Google. 

Paul Farrington, director of solutions architecture (EMEA) at Veracode

“The fine against Google is an indication of the serious focus on privacy and security by regulators. Global enterprises must take steps to ensure security hygiene and compliance with standards to reduce their risk and protect data.”

(68)

A malicious MS Word document, titled “eml_-_PO20180921.doc,” which contains auto-executable malicious VBA code and spreads through phishing campaigns has been found by researchers at Fortinet’s FortiGuard Labs. In the case of this malicious MS Word document, victims who open the document are prompted with a security warning that macros have been disable. If the user then clicks on “enable content,” the NanoCore remote access Trojan (RAT) software is installed on the victim’s Windows system. Egress Software’s CTO, Neil Larkins comments:

“This latest strain of NanoCore RAT (1.2.2.0) is known to execute a series of malicious behaviours, including password stealing and keylogging, and makes it difficult for victims to eradicate by injecting code that preserves the malware in the infected system’s memory. As reports show, this strain is currently being transmitted via an infected Word document attached to phishing campaigns – so it is imperative people are on the lookout for this attachment and therefore, as much as possible, avoid downloading the malware in the first place.

Sophisticated phishing emails are designed to look as real as possible, and can, to the untrained eye, appear nearly identical to an email from a trusted sender or real person, particularly if an email account has been compromised or spoofed. On top of this, the malicious Word document used to transmit NanoCore RAT 1.2.2.0 leverages people’s repeat behaviour of clicking to enable Microsoft macros within Office documents. As a first step, users should always think twice before opening attachments from unknown senders – particularly if they have a suspicious-looking or unfamiliar file name (like ’eml_-_PO20180921.doc’). Often, cyber-criminals take a scattergun approach to sending phishing emails, targeting a large audience with the aim of being successful with a proportion of recipients. As a result, even though the email may look and sound realistic, it’s likely the recipient hasn’t heard of or worked with the sender before – which should raise an immediate red flag. Users should always be encouraged to raise these incidents with their internal security team and, on personal devices, can rely on the research of organisations like Fortinet to steer them in the right direction as well.

Although it’s concerning to see another strain of NanoCore RAT emerge, despite its creator already being sentenced to serve almost three years in federal prison, new technologies are also evolving to help tackle new threat – and organisations should be on the lookout to use these wherever possible. The application of machine learning, deep learning and NLP has made it increasingly possible to mitigate this risk. By analysing various attributes, including the sender’s authenticity, smart technology can now recognise patterns and highlight anomalies – including whether or not the sender of an email can be trusted.”

(98)

(45)

On Tuesday 22nd January the House of Lords Science and Technology Select Committee will question Dr Gillian Tully, the Forensic Science Regulator, on the forensic science market and her ability to enforce standards.

In written evidence to the Committee, the Forensic Science Regulator stated that there is a ‘lack of strategic leadership and clearly understood policy and strategy for forensic science in England and Wales’. The Committee has also heard evidence that there are significant concerns about the sustainability of the current forensic science market in the UK.

Over the course of the session, the Committee will ask Dr Tully what effective oversight of forensic science should look like and whether the criminal justice system is being equipped with the highest quality of forensic science.

The Session will begin at 3:25pm in Committee Room 4 of the House of Lords. Giving evidence will be:

• Dr Gillian Tully, Forensic Science Regulator

Questions the Committee are likely to ask include:

• How would statutory powers help with dealing with low compliance to ISO standards and the Regulator codes?
• Given that the human factor is so important in the interpretation of forensic evidence how do you assess individual competency given that every case is different?
• Who should be responsible and accountable for forensic science service provision?
• Is enough being done to prepare for the increasing role that digital forensics will have in the future?

Dr Gillian Tully is also speaking at the Forensics Europe Expo Conference for more information regarding the event please visit: https://www.forensicseuropeexpo.com/conference

DFMag is also exhibiting at the Forensics Europe Expo, register for the event and visit our stand: https://clarion.circdata-solutions.co.uk/Microsites/RFG/publish/FEE19/

(94)

(39)

(46)