Read an Excerpt
Cyber Crime InvestigationsBridging the Gaps Between Security Professionals, Law Enforcement, and Prosecutors
By Anthony Reyes
SyngressCopyright © 2007 Elsevier, Inc.
All right reserved.
Chapter OneThe Problem at Hand
Midway upon the journey of our life I found myself within a forest dark, For the straightforward pathway had been lost. .... I cannot well repeat how there I entered, So full was I of slumber at the moment In which I had abandoned the true way —Dante Alighieri The Divine Comedy—Inferno
Solutions in this chapter:
* The Gaps in Cyber Crime Law * Unveiling the Myths Behind Cyber Crime * Prioritizing Evidence * Setting the Bar too High
In the literary classic The Inferno, Dante wakes up from a semiconscious state only to find himself lost in the Dark Woods of Error. Uncertain how he came to stray from the True Way, Dante attempts to exit the woods and is immediately driven back by three beasts. Dante, faced with despair and having no hope of ever leaving the woods, is visited by the spirit of Virgil. Virgil, a symbol of Human Reason, explains he has been sent to lead Dante from error. Virgil tells him there can be no direct ascent to heaven past the beasts, for the man who would escape them must go a longer and harder way. Virgil offers to guide Dante, but only as far as Human Reason can go (Ciardi, 2001).
As with Dante, I too frequently "strayed from the True Way into the Dark Woods of Error" when investigating cyber crime. Often times, I found myself lost as a result of a lack of available information on how to handle the situations I confronted. Yet other times I wasn't quite sure how I got to the point where I became lost. As a cyber crimes investigator, you've undoubtedly encountered similar situations where there was little or no guidance to aid you in your decision-making process. Often, you find yourself posting "hypothetical" questions to an anonymous list serve, in the hopes that some stranger's answer might ring true. Although you've done your due diligence, sleepless nights accompany you as you contemplate how your decision will come back to haunt you.
We recently witnessed such an event with the Hewlett-Packard Board of Directors scandal. In this case, seasoned investigators within HP and the primary subcontracting company sought clarity on an investigative method they were implementing for an investigation. The investigators asked legal counsel to determine if the technique being used was legal or illegal. Legal counsel determined that the technique fell within a grey area, and did not constitute an illegal act. As a result, the investigators used it and were later arrested. This situation could befall any cyber crimes investigator.
Cyber crime investigations are still a relatively new phenomenon. Methods used by practitioners are still being developed and tested today. While attempts have been made to create a methodology on how to conduct these types of investigations, the techniques can still vary from investigator to investigator, agency to agency, corporation to corporation, and situation to situation. No definitive book exists on cyber crime investigation and computer forensic procedures at this time. Many of the existing methodologies, books, articles, and literature on the topic are based on a variety of research methods, or interpretations on how the author suggests one should proceed. The field of computer forensics is so new that the American Academy of Forensic Sciences is only now beginning to accept it as a discipline under its general section for forensic sciences. I suspect that cyber crime investigations and the computer forensic methodologies are still in their infancy stages and that the definitive manual has yet to be written.
In the following pages and chapters, areas of difficulties, misconceptions, and flaws in the cyber investigative methodology will be discussed in an attempt to bridge the gaps. This book is by no means intended to be the definitive book on cyber crime investigations. Rather, it is designed to be a guide, as Virgil was to Dante, to help you past the "Beasts" and place you back on the road to the True Way. While I anticipate readers of this book to disagree with some of the authors' opinions, it is my hope that it will serve to create a dialogue within our community that addresses the many issues concerning cyber crime investigations. Dante was brought to the light by a guide—a guide that symbolized Human Reason. We, too, can overcome the gaps that separate and isolate the cyber-investigative communities by using this same faculty, our greatest gift.
In the Hewlett-Packard case, legal consul did not fully understand the laws relating to such methodologies and technological issues. The lesson for investigators here is don't sit comfortable with an action you've taken because corporate consul told you it was okay to do it. This is especially true within the corporate arena. In the HP case, several investigators were arrested, including legal consul, for their actions.
The Gaps in Cyber Crime Law
When I started my stint as a "Cyber Detective" many cyber crime laws were nonexistent, information on the topic was scarce, and there were only a handful of investigators working these types of cases. Today, cyber crime laws are still poorly worded or simply don't apply to the types of crimes being investigated. Additionally, many cyber crimes laws still vary from state to state. Attempts to address cyber crimes in the law are thwarted by the speed at which technology changes compared to the rate at which laws are created or revised.
In a research report published by the National Institute of Justice in 2001, researchers determined that uniform laws, which kept pace with electronic crimes, were among the top ten critical needs for law enforcement (National Institute of Justice, 2001). It found that laws were often outpaced by the speed of technological change. These gaps in the law were created by the length of time it took for legislation to be created or changed to meet the prosecutorial demands of cyber crimes.
In 2003, I worked a child pornography case that demonstrated the gap between the legal framework and changing technology. In this case, I arrested a suspect who was a known trader in the child pornography industry. He had set up a file server that traded pictures and videos of child porn. This site was responsible for trading child porn with hundreds of users around the world on a daily basis. So the idea was to take over control of the file server and record the activities of the users who logged on. Knowing that I would essentially be recording the live activity of unsuspecting individuals, it was prudent to think I would need a wiretap order from the court. The only problem was that child pornography was not listed as one of the underlying crimes for which you could obtain a wiretap order under the New York State Criminal Procedure Code. Some of the crimes for which wiretapping was allowed at the time included murder, arson, criminal mischief, and falsifying business records—but not child pornography. As a result, we relied on the fact that New York State was a one-party consent state. This allowed me to record my side of the conversation—in this case, the computer activity. However, a problem still arose with the issue of privacy as it pertained to the IP addresses of the individuals logging in. The legal question was whether the unsuspecting users had a reasonable expectation of privacy as it related to their IP address. This issue caused great debates among the legal scholars involved. Nevertheless, we erred on the side of caution and obtained a trap and trace order. This court order allowed us to record the inbound connections of unsuspecting suspects and trace their connection back to their Internet service provider. We then issued subpoenas to identify the connection location and referred the case to the local jurisdiction. In the end, numerous arrests were made and cases where generated around the world. This is an example where the legal framework did not address our situation.
One-party consent state The wiretap laws differ from state to state, and the # party consent refers to the number of parties that must consent to the recording of a conversation in a given state. Two-party states require that both parties consent to the recording of the conversation. Many times you may hear a recording when calling a company informing you that the conversation is going to be recorded. This helps fulfill the consent requirement for states that require both parties to consent. In the case discussed, one-party consent means that only one of the conversation's participants needs to agree in order to record the conversation. Traditionally, one-party consent applied to only telephone conversations, but in today's world, consent can include the recording of electronic communications.
Trap and trace Trap and trace refers to a court order that allows law enforcement to capture calls to and from a location. Originally, it applied only to telephones but with the advent of computers and Voice over IP, it now encompasses other types of communication methods.
Notes from the Underground ...
Whenever there is a question of whether or not a warrant should be written, err on the side of caution. Get the warrant; chances are your intuition is right. So remember my little phrase: "when in doubt, write it out."
Even though legal issues identified in the cyber porn example existed back then, little has changed to date. Revisiting the Hewlett-Packard Board of Directors scandal, the investigative techniques included pretexting and e-mail tracing. Lawyers, academic scholars, and investigators have raised the issue of whether or not HP's actions during the investigation were in fact illegal. According to news reports, there were no specific federal laws prohibiting HP's use of these investigative techniques (Krazit, 2006). Randal Picker, a professor of commercial law, also stated that he believes the techniques are legal, but that evidence collected from these techniques may not be admissible in a court of law (Picker, 2006).
Getting back to the child porn example from 2003, would it surprise you to know that during the writing of this chapter I perused the New York State Legislature's Web site under the Criminal Procedure Law and still found that none of the laws pertaining to Article 263 (Sexual Performance by a Child) of the Penal Law are listed as designated offenses for which a wiretap order could be granted? Fear not, they at least updated the law to include Identity Theft (New York State, 2006). As you can see, these types of legal issues will continue to be raised as lawmakers and legislators struggle to find ways to respond adequately, and immediately, to change when technology affects the law.
Unveiling the Myths Behind Cyber Crime
Investigating cyber crime can be very intimidating to a technophobe. I recall walking into police stations, prosecutor's offices, and court rooms and seeing the faces of those on duty when I told them I had a crime that involved a computer. Many an expression would transform from a welcoming look to that of abject fear. Maybe the fear comes from the fact that most folks born prior to the year 2000 just weren't exposed to computers. I remember playing with "Lincoln Logs" and a "Barrel of Monkeys" growing up. Today, my nine-year-old son creates his own Web sites, and competes for rank when playing "Call of Duty 3" on his X-Box Live system. My older son, who's only 13, can maneuver quite well in the Linux environment.
Excerpted from Cyber Crime Investigations by Anthony Reyes Copyright © 2007 by Elsevier, Inc.. Excerpted by permission of Syngress. All rights reserved. No part of this excerpt may be reproduced or reprinted without permission in writing from the publisher.
Excerpts are provided by Dial-A-Book Inc. solely for the personal use of visitors to this web site.