Many police departments have computer crime units, which focus on hacking, intrusions, etc. and they may even include a computer forensic examiner or two. However, even in these department they can quickly become overwhelmed if every crime involving the Internet was handled exclusively by their unit. Most small departments have little ability to respond to Internet based crime.
Many times these cases get sent to federal agencies for their attention, which may or may not follow up based upon the loss or harm involved. The point is all crimes committed or facilitated through the Internet are too numerous to be solely addressed by specialized units and/or the federal agencies.
There is also an erroneously held belief by some in law enforcement that Internet crimes are not their problem, noting “The Internet is not my Jurisdiction.” This belief fails to recognize that victims and/or offenders may in fact be in their jurisdiction. No police department should be ignoring Internet crimes effecting their community or criminals operating in their area, abet online.
Todd has a saying, which I fully support, “Make the Internet your regular beat.” We believe that all officers, from the patrolmen up to the chief, have to understand Internet crime and its investigative process. We also believe that agencies must have an online presence to not only investigate these cases but show that they patrol and prevent them when possible. In short, all law enforcement in the 21st Century needs to be able to address crimes with an Internet component.
I would also add that we believe civil investigators need to have the skills and knowledge our book covers as civil matters are increasing having an Internet component as well.
The book does a great job of breaking down complex concepts and technical jargon into a readable narrative. What advice would you give to investigators (or students) that are hesitant to invest time into learning about cybercrime because it seems “too technical?”
First, I think you have to dispense with the idea that anyone involved in law enforcement in the 21st Century, can just let crime involving computers and/or the Internet be left to someone else. More and more evidence involves data found on computers or the Internet. Even crimes that had nothing to do with the Internet leave online traces to witnesses and even evidence. Take the example of the Boston Marathon Bombings. The bombing had nothing to do with the Internet. However, witnesses, photographs, etc. were obtained from Twitter traffic from individuals on the scene after the attack. These leads were eventually capitalized to correctly identify the suspects. Another example is the sex crime case that occurred in Steubenville Ohio. The crime itself had nothing to do with the Internet. However, the social media traffic by witnesses and suspects no doubt played a big rule in the investigative process of the crime. So you see it really is not a choice of whether they should invest time in developing these skill and knowledge. It will be a necessity if it isn’t already.
Okay, now for my advice for how one goes about gaining cybercrime knowledge. It is really the same answer to the question of how one goes about eating an elephant. You must do it one bite at a time and in more than one siting. The same applies to learning about cybercrime. You take small steps; digest the information and then move on to the next topic. I think our book is the first step in that process. To be a modern investigator one doesn’t have to become a computer forensic examiner. However, you do have to know where online evidence can be found, document it, collect it and preserve it. Our book lays out that foundation as it pertains to Internet evidence.
What would you say is the single biggest challenge that investigators face when investigating cybercrimes?
Probably the biggest challenge is when criminals really understand how to be anonymous online and rigorously use the processes and techniques to conceal their identity. This is a challenge but as we have seen in the recent arrests involving Silk Road and other sites on Tor, even the so called “smartest” criminals make mistakes. Investigators have to be prepared to capitalize on those mistakes whenever and where ever they occur.
In the book, you devote sections to topics such as tracing IP addresses and gaining anonymity online. The information you provide is technically “public” knowledge but it is certainly not common knowledge. While writing the book, did you ever feel the danger of giving away too much information? That is, reporting information that may be exploited by cyber-criminals?
This is a very good question. You are right this information is readily available online. It really is no secret. More and more criminals are aware of these techniques. If not, they do online research to find out how to do something. The problem is that there are probably more bad guys than good guys that are aware of these techniques. We hope our book tips the scales in favor of the giving the good guys the informational edge. However, there were a few times where we did leave out details concerning a sensitive high tech law enforcement technique that was not widely known.
You mention that police may use the Internet in a reactive (responding to crimes after they have occurred) as well as a proactive (efforts to prevent crime) manner. What are the most pressing legal/ethical issues with regard to proactive Internet investigations?
Agencies and their investigators have to do their job in a manner that enforces the law but does not violate their citizenry’s rights. Some of the issues concern entrapment, privacy, and in the United States the Bill of Rights, such as freedom of speech, association.
To help make sure agencies are on right side of the legal and ethical issues, before doing proactive Internet investigations the following should occur: 1) have a policy governing the investigation of Internet crimes; 2) have a defined plan of the investigation before going online; 3) use a computer that if compromised will not allow for further compromise of the agency or company network; 4) obtain training for the investigation of Internet related crimes; and last 5) understand the changing legal landscape regarding the use of information you find on the Internet.
This is not just for the law enforcement agencies either. Corporate and private investigators also need to follow these principles.
Can you tell us what you are currently working on? Can we expect another cybercrime book from you in the near future?
Well, now I am keeping pretty business discussing the book and trying to get it the hands of law enforcement and investigative communities. Even so, I have some ideas, such as a book to help the general public minimize their cyberrisk and stay safe online. We will see.
And, finally, what the hell are bitcoins??
Ha Ha, good question. Bitcoin is a digital currency created in 2009 by a pseudonymous developer Satoshi Nakamoto. They are created by individuals using computers which create this cyptocurrency by solving mathematical equations. These equations verify and record all bitcoin transactions payments. In exchange for using their computer resources to run these equations individuals received transaction fees in the form of bitcoins. This process is called "mining." No one regulates the creation of bitcoins. It is all through the solving of these equations, which all record all bitocin transactions. A set amount of bitcoins is to be created, 21 million bitcoins I believe, which is estimated to be reached by 2140. Most bitcoins are obtained not by mining but by exchanging regular currency for bitcoins. They can also be converted back to regular currency for a fee. Current exchange rate on February 4, 2014, was 1 Bitcoin = $803.99. The exchange rate is still rather volatile.
Bitcoins allow individuals to buy and sell goods without a third party entity, such as a bank or credit card processing company. Bitcoin owners are identified not by their name but ownership of a cryptographic keys. These keys make up the bitcoin wallet. This gives individuals a sense of anonymity, which criminals want, when dealing with illegal transactions.
Bitcoins have been used to purchase legal as well was as illegal goods. The Silk Road arrests noted earlier involved individuals allegedly selling drugs for bitcoins. Individuals also like bitcoins because there is no government controlling its value, such as by determining how many are in circulation at anyone time.
Besides being used for illegal transactions, bitcoins also can be a target for theft or fraud. Whether Bitcoins become fully accepted by the market place is still up in the air. The interesting thing again is technology has created a new currency, which can be used for good or criminal purposes.
Click here for our podcast featuring Art discussing his earlier book The Cybercrime Handbook for Community Corrections.