The topic summary according to the HTCIA Ottawa website:

In order to foster innovation, the culture of a university environment must support the principles of academic freedom and the sharing of information. The traditional principles of IT security (e.g. control of information assets) are often directly opposed to this concept. This presentation will examine the unique issues and challenges associated with managing? IT security in the University environment, and will also discuss the non-traidtional approaches that must be employed to improve IT security in a University.

The speaker will be Jamie Campbell, CISSP, Manager of Information Security and Operating Platforms at Carleton University. We’re very much looking forward to having Jamie speak.

Even if you are unable to come to see Jamie speak on March 2, 2010 please drop by the new HTCIA Ottawa website to check out the new look and feel. I think you’ll agree that the design and implementation team did a great job!

A quick note on the upcoming speaker for the HTCIA Ottawa Chapter. Bruce Cowper of Microsoft Canada will be speaking on the Top Security Threats for 2010. The date for the presentation is February 9, 2010 and it is at Russell’s Lounge at the Ottawa Police Association.

Bruce is an excellent speaker and I would encourage anyone in the Ottawa area who is interested in technology security and investigations to join us at the event.

Here are some useful Microsoft Excel formulas and tools which I have found to be useful in fraud investigation. These tips and tools assume some level of understanding of Excel, but are far below the level of using macros and other advanced features.

Creating a Time-line in Excel

I have identified two sources for this. First if you’re working on an older version of Excel you can use the templates at Vertex42 LLC or Mr. Excel.

If you are using a version of Excel that is the 2007 or later, you can use the template that is included in the software. For a tutorial on the function there is one available on the Microsoft website.

Link Analysis in Excel

There are a couple of ways of doing this. The simplest way is to set up a spreadsheet with set of columns that reflect things such as Person/Entity Name, Address 1, Address 2, City, Province/State, telephone number, fax number, etc. After you have populated your worksheet you can then use the Pivot Table function to see the links that may exist for example, it might identify entities that share the same fax number or address.

The Pivot Table function is found under the Data menu and although it does not provide a graphical representation (it is text/chart based), it still effective to identify links between contact points. There is commercial software available that will do a much better job of providing graphical representations of link analysis charts but on simple files or if you are on a budget that does not allow you to purchase more expensive software this solution can help.

The key is to ensure that your data is entered in exactly the same format. For example if you are entering phone numbers you must choose between the format (xxx) xxx-xxxx and the format xxx-xxx-xxxx (without the brackets on the area code). You cannot do some data entry in one format and some in the other or the pivot table will not identify the links.

In order to achieve this consistency you may wish to create sub-lists on other spreadsheets linked to drop-down menus in your main sheet. This is accomplished using the Validation function in Excel which is also under the Data tab.

One solution which I have not yet had the opportunity to test is called NodeXl which is a graphical link analysis tool built on top of Microsoft Excel. I have come across a few references on the web from sources which I regularly review, including Analysts Corner and http://www.kdnuggets.com/software/social-network-analysis.html.

Comparing Two Lists

Ever have to compare two lists of items, such as a list of vendors or a list of social network friends to see if a value exists on both lists? Check out the post on IACA Analyst Toolbox site’s by an individual named Michael Chesbro. The formula in the output column is: =VLOOKUP(A1:A10,$D$1:$D$7,1,FALSE).

You can add some conditional formatting on your output column to make the results of interest a little more vibrant.

The Find Function

This is about as simple as it gets but so very helpful. You access this function by pressing “Ctrl f”. A search box will appear that lets you search through your spreadsheet (or workbook) for a specific term. For example if you have a list of vendors in a spreadsheet and you need to see if “bad guy co.” is on your list of vendors, this is the function that you need. It is not all that useful in small lists because you can manually scan the list faster than using the function.

Another example is when you want to see how similar terms are used across multiple spreadsheets within a work book. Say for instance that you are aware that a specific payment of interest is called “fundraiser”, you may search through the entire workbook for other payments labeled “fundraiser” to see where they appear. To do this you simply hit Ctrl F, click on Options and select “within workbook.”

The caveat here is the same as the caveat on many of the other tips provided. Your data format must match the format of the entries in the worksheet or you are not going to necessarily find what you are looking for (pardon the pun).

A work-around for this is using only a part of the search term which you are likely to find included in your source data. Rather than searching for “bad guy co” which may be listed as “badguyco” or “thebadguycompany” on your list of vendors, you may just want to search for the term “guy” (without quotes of course).

Separate Terms

If for whatever reason you need to separate whole terms into separate parts which is called parsing, the “Text to Columns” function under Data on the toolbar is very useful.

For example, let’s assume that you imported some HTML code into Excel from a website you were reviewing. After sorting a few different ways you end up with a series of rows that look something like:

Column A

id=abcd
id=defg
id=lkjl
id=lkjn

For your analysis you would like to use only the id values rather than including the “id=”. To do this simply access the Text to Columns function, click other and put the equal sign in the “other” space provided. This would end up producing the following:

Column A
id
id
id
id

Column B
abcd
defg
ikjl
lkjn

Other sources

If you are a Certified Fraud Examiner and you’re interested in learning more Excel tips and tricks I would also suggest that you review the “Fear Not the Software” articles from various issues of Fraud Magazine. The articles are written by Richard B. Lanza (and occasionally other contributors) and are very insightful.

Mandatory Disclaimer: Evince Services, Inc. is in no way related to Microsoft, but Excel is a commonly used software and therefore a possible low-cost solution for some reader’s problems. NodeXL®, Excel® and Microsoft® are registered trademarks of Microsoft Corporation. Mr. Excel® is a registered trademark of Tickling Keys, Inc.

For government departments that are considering developing a forensic audit capacity I would recommend the article written by Alan Gilmore in the Financial Management Institute of Canada’s FMI*IGF Journal Volume 20, No. 1, Autumn 2008. The article is published in both English and French and is available from the Financial Management Institute’s website.

A brief welcome to the students of the Internet Research as an Investigative Tool course at Algonquin College.

I am very excited to have the opportunity to work with you all over the next 10 weeks and look forward to the new ideas and approaches that inevitably surface from classes like these.

Chris

If you have 10 minutes and are interested in the future direction of Canadian copyright law I would invite you to watch the video posted below. It’s from the Globetechnology (as in The Globe and Mail newspaper) YouTube Channel. It features two videoed interviews with Michael Giest, University of Ottawa Law Professor and Barry Sookman, IP lawyer from the firm McCarthy Tétrault. The questions are asked and then the respondent’s comments are played back to back.

If you’re a reader interested in tools and resources for social network analysis (the traditional kind and the web 2.0 kind) then you’ll want to give Digital Bear a look. This site has a lot of cool stuff.

According to Dusan Writer’s Metaverse the FBI is now using Second Life to post pictures of its 10 most wanted, to connect to the FBI’s job board and to connect to the Internet Crime Complaint Center. Its good to see another example of policing agencies adopting new technologies to reach a broader audience.

I have recently completed reading Steven Davis’ book “Protecting Games.” In short I would recommend it to anyone interested in security and investigation aspects of multi-player digital games or games involving the Internet, regardless of the genre they are involved in. I really enjoyed the book and have already found it a useful resource for my work.

With that in mind there are a few things I think prospective readers should know about the book in advance:

1) It is aimed at the business of games. In fact a particularly appropriate quote from the book to summarize this is on page 243 “…game companies are not governments; their goal is to maximize revenues and keep their customers satisfied not meet out “justice””.

The thrust of the book is about platform owners protecting their investments. Outside of the fairly obvious issues of the protection of children and compliance with laws, the book does not really take a moral or ethical stance on piracy, privacy, griefing, ownership of intellectual property, etc. but it addresses these issues as concerns of an ongoing business interested in sustainability and growth.

2) It is broad. The book covers a lot of ground from general security; piracy, gold farming/frauding; payment systems; gambling; how to deal with law enforcement, etc.

The potential criticism of this approach is that it could end up being too broad for some readers interests if they are looking for very specific information. I would not describe that as a fault of the book, it would be impossible to cover every detail of every subject in one text.

For example, the first three sections of the book describe various security issues such as cheating, piracy and hacking, as well as listing some of the methods that platform owners have tried in the past to mitigate these issues. The book describes many, many of these solutions, but does so in general terms to recognize that 1) each platform may have different, specific design requirements and; 2) there are commercial software security solutions that are well understood in the industry and therefore do not require additional explanation in the book. There are references to how code might be structured, but beware if you’re looking for long sections of detailed programming code however, because they won’t be found here.

The same can be said about the other legal and process related domains covered in the book.

People who are subject matter experts may find that the book is light in their particular areas of expertise; but that is okay. It is detailed enough that they will benefit from seeing how their area of expertise intersects with others. Furthermore, it is always useful to learn from activities in other, closely related industries or genres.

3) It is well researched. On page 362 Davis issues a slight taunt at the reader “I’ve included hundreds of footnotes in this book to lend credence to my argument that game security is an important issue (how many have you checked, by the way?)”

I haven’t checked the number of footnotes in the book but there are a lot. For example Chapter 29 cites 37 different sources in the footnotes. There is also a 7 page index of “selected game security incidents” that is worth reviewing. Finally, the book includes a few formulae that are useful for business cases, such as calculating the net potential loss due to piracy for example.

For security or law enforcement professionals who require content for their presentations and business cases these examples be very useful.

The inclusion of Marcus Eikenberry’s commentary is also great for context. I especially liked the story about the Russian carders selling game codes.

Finally Joseph Price was very helpful for providing insight into the law (from a U.S. perspective) that may arise with respect to game security, piracy, the protection of children, etc. I’m sure that in the future versions of this book, Price could write full chapters on comparing jurisdictional approaches to these issues.

I was happy to see that Davis addresses the issues of privacy, identity and anonymity in the book. Throughout the text he identifies several ways that the actions of players within the game might be tied to them, but he does concede that the threat of litigation or fines from government authorities for improperly securing player’s personal information can be very financially damaging to game operators. It may be beneficial to collect this information but platforms have to be very wary of how it is collected, disclosure, retention, protection, etc.

I was also in agreement with his point that at the moment, virtual worlds and MMORPGs are more likely to be used by, or targeted by criminals rather than terrorists for any number of types of bad behavior from money laundering to piracy. He makes some compelling arguments about this in the later chapters of his book which echo those of Bruce Schneier.

Finally the constant theme in the book is that security must be considered at the outset of game design, rather than as an afterthought when production is near completion. He identifies a few pretty practical ways of organizing development teams to make sure that happens.

I am happy to recommend this book as a good general resource for professionals in the game industry as well as those with an interest in the field such as researchers and members of government agencies.

I’m also interested in reading what other people have to say, please either post here or write something on your own site and send me a link.

For critical emergency management services it is imperative to have information on a timely basis. It can take a long time to deploy people to an area to of concern before you get real time information on what is happening so why not get up to date information on twitter or blogs that is produced by citizen journalists at the scene. This is one of the tools used by LAFD firefighter Brian Humphrey to keep an eye on trends and issues that might affect emergency management according to Wired Magazine.

Furthermore, by monitoring disease trends as reported by social and traditional media world wide, researchers and citizens can gain an understanding of what issues they might face next. If you (or your manager) needs convincing that this would be a helpful tool you should check out the talk given by Larry Brilliant at the Technology Entertainment Design (TED) conference in 2006.

A good place to learn about some tools that can help with this exercise is the WebIntel blog where they have published their “Top Five Health & Disease Monitoring and Warning Sources”. Incidentally, there are actually seven tools provided, now that’s value!