December 02, 2014


In this day of advanced electronics, when everyone is constantly connected to the Internet and the daily interaction with the World Wide Web is widespread, we in law enforcement are no different. We have b e c o m e “CONNECTED” to the point that our officers’ daily tasks are dependent upon and interconnected with software, hardware and the Internet.  

Today’s law enforcement officer is a bona fide member of the advanced twenty-first century electronic age. But as law enforcement agencies implement new technology to keep up with today’s public safety demands, they often find themselves in a dilemma of relying on existing resources when making this transition. Often, a department will appoint somebody who has some technical experience to be the IT Administrator, but due to budgetary constraints, cannot provide formal education to them on administering the new technology they have been put in charge of. Sometimes, required hardware and software to properly construct firewalls and provide protection from attacks is not installed, most likely, again, due to budgetary limitations. Sometimes corners are cut by just not implementing the proper security barriers and protective domes to protect the networks that house these new, advanced, mission-critical systems.

  Law enforcement agencies have recently seen an increase in system attacks attempting to cripple the networks they rely upon on a daily basis to protect the citizens of their communities. Without measures and controls securing your network, your data is vulnerable to one or more of these attacks. Some attacks are minor, such as when unauthorized data is changed or monitored within the physical location, or via external connections to public and private networks. Some are much more serious and encompass data being altered, corrupted or records completely wiped out. Some are even direct or indirect attacks on networks used to connect law enforcement assets working with data to complete their assignments.

The basic attacks to a system and/or network can be classified into the following categories:

   • Eavesdropping (Sniffing): Your data is in an unsecure format and is monitored and read by an unauthorized party as it travels to its authorized destination.

   • Data Modification: The individual(s) that are attacking your data or network can modify or damage your data or network without the knowledge of the recipient or the sender.

   • Identity Spoofing (IP Address falsely assumed): Attackers will use a falsely assumed IP address to construct data packets using a false IP address that appears to be at a valid address from a legitimate, authorized party. After gaining entry to the network,the attacker(s) can rewrite, reroute, or delete valid data.

   • Password-Based Intrusions: Attacker (s) will use brute force or social engineering to obtain valid passwords that are then used by the attacker(s) to access the target networks or applications. They will then have the same rights and authorization as the valid password user had. For example, if an administrator’s password is compromised, the attacker (s) will have the same access level to the network and/or application as the valid user has, in this instance, an administrator. As an administrator, the attacker(s) will then have the ability to access user lists, change user permissions, add users to the tables, modify hardware configurations, modify, change, or delete data.

   • Denial of Service Attacks (DOS): A DOS prevents the normal use of your computers, servers, or applications by authorized users. Upon attacking your network with a DOS attack, the individual(s) may commence with a false attack which directs the available resources to handle this initial diversionary attack. Meanwhile, a secondary or multiple attacks are initiated on the targeted system as available resources are concentrating on the initial, diversionary attack. Other types of DOS attacks include the sending of invalid application data, causing abnormal behavior in the application(s) or network services. A DOS causes an overload of the computer or a network with traffic resulting in a shutdown, or a blocking of the valid traffic, which results in a loss of access to the network resources by authorized personnel.

  • Man in the Middle Attack: When an entity between the valid users (sender and receiver) is monitoring and controlling valid data transparently to the valid users, and has the ability to reroute the data or gain competitive advantage by using the data.

   • Compromised-Key Attack: An attacker or attackers gain access to an electronic pass key to gain access to application data without any of the authorized sender/ receiver parties knowing that the data-key and the data has been compromised. The attacker(s) may then manipulate the data, and use the compromised key to formulate many other keys that may allow the attacker( s) to compromise other organization data.

   • Packet Sniffer: Attacker(s) use a software or hardware device that will read, monitor, capture or reroute date packets that are encapsulated, but not encrypted. The device allows the attacker(s) to view the data inside of the encapsulated packets and gain