A cyber cop's netted interest

By ADAM GIFFORD

When the police electronic crime laboratory advertised two positions at the end of last year, only seven of the 150 applicants made the shortlist.

That is an indication of the rare mix of skills, experience and attributes required for entry into one of the fastest growing IT niches.

It didn't help their prospects that 20 per cent failed to get the right application form, and a similar number didn't follow the instructions on the form - this is after all an organisation where methodical attention to detail and process is the name of the game.

Supervising e-crime analyst Barry Foster says police jobs are highly sought after because of the quality training offered. That training also means experienced staff get poached by consulting firms setting up e-risk departments, so vacancies are going to come up.

The electronic crime laboratory has 17 non-sworn staff, including management and administration. Customs has a few e-crime specialists, Internal Affairs has a seven-person unit tracking down people who use the internet to trade offensive material, and there is also a growing number of private sector companies who can interrogate a hard disc and make it give up its secrets.

Foster's entry into the field came during a spell in the military police, where an interest in computers and problem-solving led him into the area of computer security.

"We need people with some form of legal knowledge, some form of investigative or auditing experience, and a technical knowledge of operating systems, hardware and software, so all our people are required to get A+ certification and other specialised industry qualifications," Foster says.

"They also need to be curious, to have very well developed problem-solving skills, and the ability to stick with a problem long-term."

He says electronic crime is growing, which is why the police set up the lab two years ago for forensic and investigative support.

"Over the past five or six years we have gone from maybe 100 cases and 1000 exhibits to more than 300 cases last year in Auckland alone with close to 7000 exhibits," Foster says.

"As the head of the FBI electronic crime lab has said, all crime has the capacity to be cyber-crime.

"During the investigation of the murders at the Panmure RSA, I had to go on to the scene and look at the computers to narrow down the time of the crime from a five-hour window to 45 minutes, by identifying what was the last activity."

About a third of the lab's work now involves drug cases, fraud and indecent publications account for just under a third each, and the rest is the whole gamut of police activity.

John Thackray, a former British police officer who moved to New Zealand several years ago to set up the police e-crime capability, says a lot of e-crime never gets to the police.

"If someone is breaking into a bank by electronic means, it could be very embarrassing, so they bring in people like us to investigate," says Thackray, who now runs Thackray Forensics, a private firm with seven investigators with police or military backgrounds.

"Even if we do identify the employee or hacker, it gets dealt with in-house and across the table between lawyers."

Thackray Forensics also gets called into employment disputes, where staff may be suspected of taking company data or intellectual property or surfing for porn on work computers.

"People can be accused of doing something on the net based on analysis by IT professionals, which can be misleading. It could just be incorrect interpretation, where pop-ups and pop-unders or even viruses are causing the problems," Thackray said.

"Doing this kind of work, you need not just the technical skills but the gut feeling investigative ability."

Technical people can also be blind to non-technical options - such as asking a person for their password, rather than trying to develop a clever hack to work it out.

Philip Whitmore, senior manager at PricewaterhouseCooper's global risk management division, says he is always looking to strike a balance between people with deep technical skills and those with wider business experience who understand risk.

The division advises on the technology and procedures organisations need to keep their data secure, tests systems and does forensic work when fraud or intellectual property theft is suspected. Maintaining the chain of evidence is most crucial, Whitmore says.

"Often forms will get their IT department to go in and look at things, but as soon as you turn a computer on, you are changing things.

"For us this is a steady growth area."