Wimpie: We investigate any crime where a computer is used as a tool. Any person can do a computer crime investigation, but to provide forensic evidence - evidence that is admissible in court - requires special techniques. Electronic evidence is the most easily tampered with.

Marthinus: There are three main areas: forensic computer crime investigations, which are crimes involving computers; forensic cyber crime investigations, which are crimes committed over the Internet; and then we help companies to improve their computer security.

How did you become a cyber PI ?

Wimpie: I was in the SAPS where I was trained in forensic computer crime investigations.

What are the most common cyber crimes ?

Wimpie: Mostly it's fraud, in the form of falsifying documents on bank or company letterheads, scanning and printing of money, and the good old money transfers. But a lot of what we deal with is corporate espionage and theft of information. This is the information age and so crime today is all about information.

Hacking into computers requires a bit more brainpower than the good old stick-'em-up bank robbery. Is the profile of criminals changing?

Wimpie: Cyber criminals are definitely younger and better educated.

Marthinus: The average age is from 21 to about 38, although many hackers and code crackers - what we call code kiddies - are much younger - from nine to about 21 years.

Are these kids serious criminals, or just having fun ?

Wimpie: Some of it is mischief, but some if it is serious crime. Criminal organizations are using them more and more because they can't be prosecuted and they're cheap. For R10 000 you can get a kid in standard eight to move R20 million from a bank account. This is definitely where it's going. And with so much of the modern economy reliant on computers, even mischievous intent can have dangerous consequences.

So how safe is my bank account?

Hmmm the banks won't admit that this sort of thing is happening, but it does. Of course, if you show that money has been transferred from your account they will reinstate the money, even before they investigate

Can you profile a hacker the way other cops do with serial killers ?

Wimpie: Yes, each hacker has his or her own tools and profiles. For example one

might scan a company's free Internet information, then he or she will identify which machines the company is using, and which operating system. Then they get into the company's systems. Marthinus: They each have their own nicknames, which are usually based on cartoon villains, their games heroes, or even historic figures and celebrities. You get to know them and their methods.

Wimpie: This is why the standard security software packages that are sold to companies to protect their systems are useless, because hackers never use standard methods. Each case is different.

Are hackers generally losers who never get out ?

Wimpie: : I would say they are often people who don't have a social life, yes. They don't get out much and don't really know how to communicate with people, so they are drawn to the computer. Some are simply malicious and do damage for the sake of it. Others are professionals who are also successful in other areas, like engineers.

Marthinus: Women are catching up too. Hackers used to be nearly all male, but there are many more women now, too.

Do they have secret cyber get-togethers where they trade boasts?

Wimpie: There are hacker organisations. The main South African one is called A2600. Then there are some international groups like SOS - Sons of Satan - and the Cult of the Dead Cow.

How does one become a member ?

Wimpie: It's not easy to join. Usually they set up an environment for you to get into or they ask you to get into a system that they are battling to get into. That's the start of the acceptance phase. Initially I think hackers joined to gain knowledge and share expertise, but more of a criminal element is now creeping in, and criminal organisations are recruiting their members.

So are there hackers for hire?

Wimpie: Well, we've been approached by companies to steal information or to give out information about other companies. We've been threatened, too. Our biggest investigation involved over R1 000 million and we were threatened a good few times during that. That's why we have two covert offices. The physical work is not done from this office.

Do hackers create viruses or are they created by software companies who want to sell more anti-virus programmes ?

Wimpie: Ha, ha! It's a possibility. Since anti-virus solutions were created, the number

of viruses has boomed. There are more than 100 000 now. You can make your own conclusions about that.

Marthinus: What we often have to work out is whether we're dealing with a new virus or whether it's an attack on a particular person or system.

So you can have a virus that targets one person ?

Marthinus Yes, absolutely.

How secure is Internet banking, for example ?

Wimpie: Every time you connect to the Internet you're connecting to the rest of the world. That can never be safe.

What about my lengthy alphanumeric password ?

Wimpie: Passwords are no good. There isn't a password I know that can't be broken. PGP is a fairly secure encryption system, but now hackers can capture your keystrokes to get your passwords. Even biometrics - the use of fingerprints or voice identification - isn't foolproof. If I can capture that process, I can duplicate it. In other words, if I can get the person's fingerprint off the system I can give it back to the system any time. And that's possible.

So why even bother ?

Wimpie: What you need are intrusion detection techniques. Basically it's an alarm that goes off when it detects someone trying to hack into your system. Once this goes off you can start to track them, and you can start to close up systems. That's how we operate. We do what's called an external probe. We get into a company's system from the outside, using the same steps as hackers would, in order to identify the system's weaknesses.

Can a private person protect themselves in this way ?

Wimpie: Systems like the ones we set up are too expensive for individuals, but maybe in about five years' time there will be ones that anyone will be able to afford.

Marthinus: We do operate a secure Internet service provider called www.csfs.co.za - for only R55 extra each month.

What happens to bad hackers when they get caught ?

Wimpie: At the moment there are no laws against hacking, although the government is working on that. Mostly, what happens is it's an employee, who then gets fired, or the hacker will be prosecuted for fraud, malicious damage to property or industrial espionage. But you have to actually catch them doing it, or prove beyond reasonable doubt that it was them.

Marthinus: If a system isn't secure, it's like having money in an unlocked safe when there are ten people in the building - it could have been anyone. Many hackers use this as a defence and get away with it. Or they use other people's computers to launch their attacks from.

You mean even my Internet account isn't safe ?

Wimpie: The Internet service providers should keep a record of all the log-ons for a certain period of time. It might be worth checking if yours does that. If they do, and

someone uses your computer to commit a crime, all you have to do is find out what time they logged on. You can then go to Telkom and get records of everyone who was dialled up to your ISP's number at that time. Then you trace those numbers.

Are there any actions you cannot take to convict someone ?

Wimpie: The monitoring of private emails on the Internet is not admissible as evidence, unless it's done by the SAPS. But you can do forensic investigations on a company's network. In other words, you can monitor email and actions on the company's network, as all the computers and the information on them belongs to the company - even if it happens to be something personal. Only if you've been authorised by the company, of course. Actions done on the Internet are also admissible, but only those done against the particular company on whose behalf you are investigating.

And finally, are all emails monitored by the government for code words like bomb ?

Wimpie: I know that every email to and from America is monitored and scanned for a range of words. If one of the words appears the email goes to a scanbox and is read. The European Union has just set aside 55 million to create an underground intelligence centre to monitor everything going in and out. Every country in the world will eventually do this, if they're not already.



				What does a cyber Pi do ?

			Wimpie: We investigate any crime where a computer is used as a tool. Any person can do a computer crime investigation, but to provide forensic evidence - evidence that is admissible in court - requires special techniques. Electronic evidence is the most easily tampered with. Marthinus: There are three main areas: forensic computer crime investigations, which are crimes involving computers; forensic cyber crime investigations, which are crimes committed over the Internet; and then we help companies to improve their computer security. How did you become a cyber PI ? Wimpie: I was in the SAPS where I was trained in forensic computer crime investigations. What are the most common cyber crimes ? Wimpie: Mostly it's fraud, in the form of falsifying documents on bank or company letterheads, scanning and printing of money, and the good old money transfers. But a lot of what we deal with is corporate espionage and theft of information. This is the information age and so crime today is all about information. Hacking into computers requires a bit more brainpower than the good old stick-'em-up bank robbery. Is the profile of criminals changing? Wimpie: Cyber criminals are definitely younger and better educated. Marthinus: The average age is from 21 to about 38, although many hackers and code crackers - what we call code kiddies - are much younger - from nine to about 21 years. Are these kids serious criminals, or just having fun ? Wimpie: Some of it is mischief, but some if it is serious crime. Criminal organizations are using them more and more because they can't be prosecuted and they're cheap. For R10 000 you can get a kid in standard eight to move R20 million from a bank account. This is definitely where it's going. And with so much of the modern economy reliant on computers, even mischievous intent can have dangerous consequences. So how safe is my bank account? Hmmm the banks won't admit that this sort of thing is happening, but it does. Of course, if you show that money has been transferred from your account they will reinstate the money, even before they investigate Can you profile a hacker the way other cops do with serial killers ? Wimpie: Yes, each hacker has his or her own tools and profiles. For example one might scan a company's free Internet information, then he or she will identify which machines the company is using, and which operating system. Then they get into the company's systems. Marthinus: They each have their own nicknames, which are usually based on cartoon villains, their games heroes, or even historic figures and celebrities. You get to know them and their methods. Wimpie: This is why the standard security software packages that are sold to companies to protect their systems are useless, because hackers never use standard methods. Each case is different. Are hackers generally losers who never get out ? Wimpie: : I would say they are often people who don't have a social life, yes. They don't get out much and don't really know how to communicate with people, so they are drawn to the computer. Some are simply malicious and do damage for the sake of it. Others are professionals who are also successful in other areas, like engineers. Marthinus: Women are catching up too. Hackers used to be nearly all male, but there are many more women now, too. Do they have secret cyber get-togethers where they trade boasts? Wimpie: There are hacker organisations. The main South African one is called A2600. Then there are some international groups like SOS - Sons of Satan - and the Cult of the Dead Cow. How does one become a member ? Wimpie: It's not easy to join. Usually they set up an environment for you to get into or they ask you to get into a system that they are battling to get into. That's the start of the acceptance phase. Initially I think hackers joined to gain knowledge and share expertise, but more of a criminal element is now creeping in, and criminal organisations are recruiting their members. So are there hackers for hire? Wimpie: Well, we've been approached by companies to steal information or to give out information about other companies. We've been threatened, too. Our biggest investigation involved over R1 000 million and we were threatened a good few times during that. That's why we have two covert offices. The physical work is not done from this office. Do hackers create viruses or are they created by software companies who want to sell more anti-virus programmes ? Wimpie: Ha, ha! It's a possibility. Since anti-virus solutions were created, the number of viruses has boomed. There are more than 100 000 now. You can make your own conclusions about that. Marthinus: What we often have to work out is whether we're dealing with a new virus or whether it's an attack on a particular person or system. So you can have a virus that targets one person ? Marthinus Yes, absolutely. How secure is Internet banking, for example ? Wimpie: Every time you connect to the Internet you're connecting to the rest of the world. That can never be safe. What about my lengthy alphanumeric password ? Wimpie: Passwords are no good. There isn't a password I know that can't be broken. PGP is a fairly secure encryption system, but now hackers can capture your keystrokes to get your passwords. Even biometrics - the use of fingerprints or voice identification - isn't foolproof. If I can capture that process, I can duplicate it. In other words, if I can get the person's fingerprint off the system I can give it back to the system any time. And that's possible. So why even bother ? Wimpie: What you need are intrusion detection techniques. Basically it's an alarm that goes off when it detects someone trying to hack into your system. Once this goes off you can start to track them, and you can start to close up systems. That's how we operate. We do what's called an external probe. We get into a company's system from the outside, using the same steps as hackers would, in order to identify the system's weaknesses. Can a private person protect themselves in this way ? Wimpie: Systems like the ones we set up are too expensive for individuals, but maybe in about five years' time there will be ones that anyone will be able to afford. Marthinus: We do operate a secure Internet service provider called www.csfs.co.za - for only R55 extra each month. What happens to bad hackers when they get caught ? Wimpie: At the moment there are no laws against hacking, although the government is working on that. Mostly, what happens is it's an employee, who then gets fired, or the hacker will be prosecuted for fraud, malicious damage to property or industrial espionage. But you have to actually catch them doing it, or prove beyond reasonable doubt that it was them. Marthinus: If a system isn't secure, it's like having money in an unlocked safe when there are ten people in the building - it could have been anyone. Many hackers use this as a defence and get away with it. Or they use other people's computers to launch their attacks from. You mean even my Internet account isn't safe ? Wimpie: The Internet service providers should keep a record of all the log-ons for a certain period of time. It might be worth checking if yours does that. If they do, and someone uses your computer to commit a crime, all you have to do is find out what time they logged on. You can then go to Telkom and get records of everyone who was dialled up to your ISP's number at that time. Then you trace those numbers. Are there any actions you cannot take to convict someone ? Wimpie: The monitoring of private emails on the Internet is not admissible as evidence, unless it's done by the SAPS. But you can do forensic investigations on a company's network. In other words, you can monitor email and actions on the company's network, as all the computers and the information on them belongs to the company - even if it happens to be something personal. Only if you've been authorised by the company, of course. Actions done on the Internet are also admissible, but only those done against the particular company on whose behalf you are investigating. And finally, are all emails monitored by the government for code words like bomb ? Wimpie: I know that every email to and from America is monitored and scanned for a range of words. If one of the words appears the email goes to a scanbox and is read. The European Union has just set aside 55 million to create an underground intelligence centre to monitor everything going in and out. Every country in the world will eventually do this, if they're not already.