CCIU - Detectives in the digital age
May 28, 2010
TIME waits for no one, and in today's digital age, neither does crime. No other medium has evolved as rapidly as the Internet, providing its users unparalleled access to news, information, services and entertainment by simply clicking a mouse. Surfing the Web has become the norm, but there are sharks in the waters.
'Lurking below the surface, cyber criminals hunt, plot, scheme and attack unsuspecting systems, networks and users. E-mail scams, hacks and viruses are the tools of their trade. However, the U.S. Army Criminal Investigation Command's Computer Crimes Investigative Unit patrols this world, stalking those who exploit it, and bringing them to justice.
'The military presents a very large target for both international and domestic hackers,' said Special Agent Michael Milner, the director of the CCIU. 'That makes our mission extremely challenging, because there isn't an 'off switch' for the Internet.'
'Behind a vaulted door, in an unassuming red brick building on Fort Belvoir, Va., lays the battlespace of the Army's digital detectives. As the sole entity for conducting criminal investigations of intrusions and malicious activities involving Army computer networks, CCIU maintains a constant watch over the Army digital footprint. With personnel assigned at Belvoir, and an office at Fort Huachuca, Ariz., the members of CCIU are tasked with a challenging mission and a global area of operations.
''Basically, our special agents go in and conduct virtual autopsies on hacked systems,' Milner said. 'From there, we figure out exactly what happened and then go after the bad guys.'
'Army CID recognized the expanding role of computers in criminal activities and investigations, and provisionally established CCIU as the Computer Crime Investigative Team in January 1998. Prior to this, only a single forensic examiner at the U.S. Army Criminal Investigation Laboratory was dedicated to investigating computer crime.
'We were originally created out of the Field Investigative Unit, a specialized unit within CID that investigates classified programs, and given the primary responsibility for investigating intrusions into U.S. Army computer networks,' Milner said. 'Now, as the Army moves to an ever more net-centric environment, the opportunity for cyber crime will only continue to increase.'
'In September 1998, the team became the Computer Crime Resident Agency and moved to Fort Belvoir. The CCRA was redesignated in November 1999 as the Computer Crime Investigative Unit and separated from FIU, becoming a subordinate element of the 701st Military Police Group (CID). In January 2000, CCIU was officially established as a criminal investigative organization within CID.
'Because investigations of this nature require a specialized level of computer expertise, special agents assigned to CCIU receive advanced computer training from the Defense Cyber Investigations Training Academy, the Federal Law Enforcement Training Center and other technical experts. CCIU special agents also use their extensive knowledge of information technology to provide guidance to other CID special agents who conduct investigations involving computers.
'By its very nature, and due to the rigorous training required, CCIU is made up of civilian special agents. Many served in uniform as CID special agents, before specializing in computer crimes and cyber security.
'Since its creation, CCIU has been a key element in the successful prosecution of numerous computer intrusion matters, and has been recognized around the globe. CCIU, as well as its special agents and alumni, have been honored for their expertise and development of technological products in the realm of cyber security.
'An example of this was the creation of the Rapid Extraction and Analysis Program. With a global mission, Milner said staffing challenges prevented agents from physically responding to every cyber incident, and CCIU needed a solution. The REAP was that solution.
The program was developed in-house, at no cost to the government, and allowed non-CCIU personnel to deploy the program across various Army computer platforms. Once deployed, the program preserves collected digital evidence in an automated manner following computer intrusions, expedites critical threat information to network defenders, and analyzes malicious software.
'What's great about the program is when the bad guys do one thing, we can adapt,' said Special Agent David Shaver, who as a result of his work developing the REAP, was selected as the 2009 August Vollmer Excellence in Forensic Science Award winner. The Vollmer award is a national award and is the highest recognition for current or past contribution by an individual in the field of forensic science.
'CCIU is one of the best outfits working in cyber law enforcement today,' said Howard Schmidt, special assistant to the president of the United States and cyber-security coordinator. Schmidt, who is a former CID special agent, was appointed by President Barack Obama to head cyber security for the White House while serving at CCIU.
'Without my time in CID and government service, I don't know if I would have had the insight and depth of understanding of government and how it relates to cyber security,' he said. 'I think that staying involved in those communities helped tremendously.'
'Currently, Milner is serving as the senior U.S. advisor to the Iraq Ministry of Interior's National Information and Investigation Agency-Iraq's equivalent to the FBI-providing strategic counsel on criminal investigative and intelligence matters. This marks the first time a CID leader has been assigned to a senior staff position with U.S. Forces-Iraq.