DC3 works closely with Ft. Meade cyber units

  • Published
  • By Bryan Spann
  • Ft. Meade Public Affairs Office

Anyone with a passing knowledge of Fort Meade knows that the installation is the center for cyber operations in the United States.

The U.S. operates seven federal cyber centers to cope with threats in the cyber domain. Three of those fall under the Department of Defense. Locally, the National Security Agency and U.S. Cyber Command operate two of those.

The third is the Department of Defense Cyber Crime Center (DC3).

Although DC3 has been in the area for more than 20 years, it is virtually unknown because it is tucked into an unassuming business park in Linthicum, not far from Thurgood Marshall Baltimore-Washington International Airport.

DC3 was established in 1998 within the Department of the Air Force.

“The DoD made the decision to align [DC3] under the Air Force as the executive agency,” said DC3 Executive Director Jeffrey Specht. “We’re aligned under the Inspector General of the Air Force and we’re tethered to the Air Force Office of Special Investigations for some law enforcement, counterintelligence and military-related mission sets. We’re designed to, and do support, the entire Department of Defense.”

About 500 people, mostly DoD civilians and contractors, provide the support with digital multimedia forensics, cyber analytics and cyber training.

DC3 also provides tools and solutions development as well as a vulnerability disclosure program that works with the private sector to identify vulnerabilities on DoD information systems.

While much of DC3’s work is classified, access is allowed in the Cyber Forensics Laboratory.

“All the [military] services have migrated towards to what I refer to as digital forensics consultants,” Specht said. “If you’ve got a computer or a laptop that has evidence of a crime, an infiltration, some type of intrusion, there’s some level of expertise in the field to do that work. When it reaches a certain stage when it can’t be done in the field, we have the capability to extract data from cellphones that can’t be unlocked, devices that are damaged or have been submerged.”

Criminal Investigations

About 55 percent of what the forensics laboratory does supports criminal investigations.

There is no typical crime. Investigations range from homicide and sexual assault to drug investigations and procurement fraud.

The majority of devices coming into the lab are cellphones, usually phones that can’t be unlocked in the field.

“As the technology continues to evolve and cellphone manufacturers get better at what they do, it’s becoming more and more difficult, obviously, to unlock devices,” Specht said. “So we have a high level of expertise and unique skill sets in terms of accessing phones.”

The first thing that may catch a visitor’s eye when entering the lab is a large-screen television with a blown-up, rotating, X-ray image of a cellphone. Getting those images is the first step when phones come into the lab.

“The three-dimensional X-rays that we conduct on damaged phones before we open them to do any type of repair is done through a standard machine that conducts three-dimensional X-rays,” said David Lutzow, chief of the laboratory’s Imaging and Extraction Section. We can do either a two-dimensional or three-dimensional X-ray. The three-dimensional X-ray gives a little more detail and color to make some differentiation between chips and diodes and batteries and things like that.”

While cellphones are the majority of what the lab deals with, all kinds of digital media is being probed — laptops, digital cameras, thumb drives and gaming systems.

Lutzow said that on one occasion, the lab had to build a computer from scratch that could run Windows 95 to extract some data from floppy discs.

Although geographically separated by a few miles from Fort Meade, DC3 does work closely with cyber units on the installation.

“Most of our collaboration is with our partners on Fort Meade: U.S. Cyber Command, the National Security Agency, the Naval Cyberware Group and [the Defense Information Systems Agency],” Lutzow said. “The cyber community that’s clearly present, we have strong partnerships with.”