When a fired employee encrypts the sales database, who ya gonna call?
"I've got a code," said the desperate voice on the telephone. "Can you break it?"
Andy Clark is used to getting panicky calls like this one. Clark is a director of Inforenz, a leading computer forensics investigation company based in Surrey, England, that helps companies and law enforcement agencies recover stubbornly encrypted data. He's also something of a magnet for unusual cases that go beyond digging up proof of embezzlement or leaked trade secrets. "We're at the bottom of the food chain," Clark says. "When everyone else has run out of steam, they come to us."
The steamless caller on the phone was Mark Dawson, son of actress Diana Dors, the famous 1950s British blonde bombshell. Just before her death in 1984, Dors had given her son a written code containing the location of her £2 million fortune (approximately US $3.5 million); she said her third husband, Alan Lake, had the key. Before Dawson could contact Lake, however, Lake committed suicide--and the code remained a jumble of letters on a yellowing piece of paper. Clark told Dawson that Inforenz would take the case.
Clark, 49 , grew up near Brighton, England, with the ideal background for a future forensics specialist. A teenage hacker "in the proper sense of the word," he wrote self-modifying code to boost the performance of PDP 8 and 11 machines, the popular minicomputers sold by Digital Equipment Corp. "I understood machines in a machine-code environment," Clark says. "I thought down to the bit and byte level."
That kind of thinking is important in his current line of work. Computer forensics is the art of unearthing data and clues left in computers and networks, whether to recover lost information or find evidence of a crime. "When trying to extract information from a huge amount of noise, you need to sometimes bury yourself at the bit level," he says. "It's a high level of systems engineering, with low-level, nuts-and-bolts engineering."
After completing his degree in electrical engineering at Brighton Polytechnic in 1980, Clark worked on navigation and communications systems for a company called Singer/Link in West Sussex, which made flight simulators for commercial and military aircraft. Then, one day in 1984, Clark saw a TV program that changed his life. It featured a new piece of hardware that protected financial data flowing between computers by encrypting it. Intrigued, he interviewed at the company, Open Computer Security, based in Brighton, and was hired to be its research and development director.
In his new job, he worked on small, self-contained cryptographic hardware, including early versions of smart cards for banks and financial institutions. And he found his calling. "I was intrigued by the process, the mathematics, and the implementation," Clark recalls. "It was extremely applied...it was extraordinary." Strong encryption and tamper-resistant technologies, he explains, were only just appearing in the commercial world, having previously been the sole domain of governments and militaries.
Clark spent seven years at Open Computer Security, leaving in 1991 to start his own software encryption company. Two years ago, after selling his company, he cofounded Inforenz, a company that breaks into the same kind of wares he once created. "A lot of our work is spent in trying to reverse-engineer cryptographic products to check and prove their integrity," he says.
In a Typical Inforenz case, a disgruntled employee has encrypted a substantial amount of a company's data, rendering it unreadable. To recover the data, Clark and his team of six engineers examine an exact digital duplicate of the employee's computer hard drive using a combination of third-party tools, as well as tools Inforenz has developed in-house. Clark declined to reveal technical details of Inforenz's process. But the company's secret weapon, he says, is a parallel computer platform called Deep Thought.
Deep Thought was purpose-built to crack codes. Because Inforenz deals with a variety of ciphers, Deep Thought was created with a general-purpose architecture; rather than relying on custom-made chips for specific ciphers, it was built from commercially available components and modules. As a result, it's good for cracking a wide range of codes. "If someone comes in with encrypted data," Clark says, "we put it in Deep Thought and attempt different decryption techniques, such as intelligent password guessing." If that doesn't work, he says, "two people will sit down at it until their brains hurt."
As computer crime grows, the forensics field needs at least a few more brains. Other leading computer forensics companies include Guidance Software in Pasedena, Calif., Vericept in Denver, and Vontu in San Francisco. Richard Mogull, a research director for Gartner Inc., a research and advisory firm in Stamford, Conn., says that although the growth of the field hasn't been quantified, "someone with digital forensics skills will be in demand."
For engineers interested in breaking into the field, Clark, who is also head of the nonprofit International Association for Cryptologic Research, based in Santa Barbara, Calif., suggests gaining experience in high-tech crime units within law enforcement agencies. Academic programs are emerging as well, such as a master's of science in computer forensics at Cranfield University in England.
Sometimes, though, cracking the code is not high tech at all. After taking on the high-profile Diana Dors case, Inforenz determined that the information was encrypted with the Vigenere code, a 16th-century system--well known to cryptanalysts--that was developed by a French diplomat. Inforenz solved the puzzle, revealing a number of surnames and locations. Though the code has been cracked, the mystery lives on. The fortune has yet to be recovered.
To Probe Further
Inforenz offers a demonstration program that analyzes Vigenere codes, complete with a copy of the Dors cipher for you to test your cryptological skills.