On patrol in cyberspace: a look at progress among local, state, and federal efforts to combat cybercrime, including credit card fraud and identity theft. (Computer Security).
Less than an hour after the first message was sent, Georghiou was in handcuffs and on his way to the Stanislaus County Jail for soliciting sex with a minor. But the "minor," in this case, was actually Stanislaus County Sheriff's Department Detective Ken Hedrick, a member of the Sacramento Valley Hi-Tech Crimes Task Force.
The Georghiou case is just one of many success stories to come out of the computer crime task forces that have blossomed across the United States in recent years. A variety of these collaborative efforts now exist, some cobbled together locally out of sheer necessity, others built carefully at the federal level to overcome the difficulties inherent in cybercrime investigations. All of these groups have members with a passion for technology and a devotion to fighting today's cyber criminals.
As these task forces have evolved over the past few years, significant progress has been made. But serious challenges lie ahead.
Local efforts. In the 1990s, even as the Internet was beginning its expansion from a network of bulletin boards to a globally connected information superhighway, computer crime was catching the attention of some local prosecutors and police officers separately but simultaneously across the country. The growth of these grassroots efforts was not unlike the expansion of the Internet itself: a core of computer aficionados building local ad hoc networks, then linking to other networks and gradually expanding their reach.
Bradley Gross, a former Miami-Dade County assistant state attorney and now an attorney with Becker & Polikoff, is one of these pioneers. He first became involved in prosecuting computer crimes in the early 1990S in Nassau County, New York, where he worked in the county district attorney's office.
"Because I had been, for lack of a better way of putting it, a computer nerd for 20 years or so, I was given the task of advising them on all computer cases that came in," he says. Gross prosecuted the nation's first cyberstalking case in 1994. Other cases included computer fraud and trespass issues.
Gross moved to Florida and went to work for the economic crime division of the state attorney's office. Along with a team of detectives originally trained in investigating cellular-phone fraud, Gross set up a task force known as the Special Investigation Unit for Internet and Computer Fraud in 1999. It was tough going at first, he says, because resources and time were scarce.
"It was a one-man show," he remembers. "I had the support of the office in that they gave me the time and leeway to pursue these kinds of cases, but there was no money allotted just to investigating these types of crime." The detectives who worked with him had to split their time between his unit and units that worked on more traditional crimes.
Gross and his team soon discovered that there was no shortage of crimes to prosecute. His unit became involved with "a vast gray area of cases that were floating around, people getting ripped off in more than a de minimus fashion that no one was doing anything about."
The gray area existed for several reasons, including a lack of understanding about the nature of these crimes and a lack of resources available to law enforcement agencies, according to Gross. Most police agencies back then tended to shrug online fraud off as a civil matter, he says, or they left it to federal agencies.
But the federal agencies adhered to an unwritten rule that they would only pursue cases where the amount of the loss or the type of defendant met a certain threshold, because resources were limited. As a result, people who had been victimized for what they considered a large amount of money (tens of thousands of dollars) were left without a place to go for help, says Gross.
Once Gross's unit began to investigate these crimes, it was quickly apparent that they needed more resources than were available; because cases were crossing jurisdictional boundaries, the unit needed the assistance of other law enforcement agencies. "We simply didn't have the manpower or resources to go and cross over several jurisdictional lines to conduct an investigation 100 or 200 miles away from where we were, but where the effects [of the crime] were being felt," Gross says.
Members of the unit went to meet with their colleagues in other Florida police departments to try to develop cost-effective means of dealing with multijurisdictional cases. Before long, police officers with similar interests in computers and cybercrime throughout the state were contacting each other for help, building networking opportunities out of necessity.
But interest in what the team was doing quickly moved beyond Florida. Investigators from other states who heard about the unit's efforts and who wanted to set up similar investigative and prosecutorial units were soon visiting, Gross says, to discuss how the unit worked. Once these other jurisdictions established their own units, they became a resource for each other, and lines of communication--phone, fax, e-mail, and in particular listservs (online mailing lists of subscribers)--were established, connecting the unit's members with other local and state task forces, as well as agents from the FBI and the Secret Service.
Great minds think alike. Gross's efforts were duplicated a state away. Steve Edwards, the special agent in charge of the Georgia Bureau of Investigation's (GBI's) Financial Investigations Unit, explains that the Georgia State Computer Crimes Task Force was born as the financial services sector began to switch to computers more than a decade ago. Edwards says, "We'd been doing financial investigations for years, and often we'd go to a crime scene and we were looking for the paper evidence and there wouldn't be any," but there would be a computer. "Through evolution," he says, "we came to the realization that we needed to seize these computers, do computer forensics, and get the evidence properly."
Once the Georgia unit began to gain expertise in computer seizures and forensics, they started getting requests for help, and soon the team was assisting in homicide and drug cases where computers might hold evidence. Soon, Edwards says, the state was offering some additional resources and asking the unit to expand. But the task force still operates on a shoestring.
"This is a virtual task force," Edwards explains. Members include personnel from the GBI; the Georgia Technology Authority (GTA), which manages the state's computer and telecom services; the Georgia attorney general's office; local police agencies; and the FBI. "We don't have any physical building where we all come together. We have a listserv where we share information and resources cases.
When an agency member has cybercrime incident and doesn't have the resources to handle the problem alone, that member can quickly notify other members who can supply resources and manpower immediately. For example, last year one large state agency's server, which contained sensitive formation about university scholar ships, was apparently compromised. The state agency contacted Edwardss right away, but, he says, the system involved was enormous, meaning that investigators would need similarly huge amounts of storage space to store a copy of the drives so that a forensic examination could be done.
Edwards immediately phoned the FBI and GTA members of the task force. The team mobilized, collected evidence, and restored the system within 24 hours. The evidence led to two individuals within the state agency who had created bogus accounts and stolen money from the agency. Both were prosecuted, Edwards says, and the scheme was stopped before information from the compromised scholarships could be used maliciously.
Common cybercrimes. Local task forces can be involved in any type of computer crime that occurs in their communities, but the most common are crimes against children. Edwards estimates that about 65 percent of his task force's cases involve child pornography and pedophiles trying to entice children to meet them.
Ken Leissler, with Deloitte & Touche's Analytical & Forensic Technology Practice, started a computer crime task force in 1998 while he was a member of the Union County, New Jersey, police force. He says that 90 percent of the suspects in the several hundred cases his task force investigated during his tenure, which ended last June, were pedophiles. In line with the techniques used by Ken Hedrick, a member of Leissler's team would go online in an undercover capacity as a 13-year-old "looking to talk to somebody," and soon offers to chat--and to meet--were forthcoming.
Deputy Tom Letras of the Stanislaus County Sheriff's Department agrees that online crimes against children have increased. "What we're finding is that a lot of people who may not have been the type that would go out and aggressively stand across from a school and try and contact a child will do this over the Internet," he says. "They feel they're anonymous on the other side of this computer terminal," he notes. Pedophiles can quickly move on to the next chat if a child is not being responsive; not so in the real world, where a child might scream and identify the perpetrator.
When fighting online pedophiles, task forces have been particularly successful. "We had a 100 percent conviction rate; everybody pled guilty to every case we had," Letras says, with every case ending in either a plea or a conviction. Technology that logs the chat information helped his team to track down those who participated in the chats, helping the success rate. He also credits a New Jersey law called a "traveling statute," which states that if a person entices a child online to have sex or to meet to have sex, that person is guilty of a third-degree felony.
Local law enforcement agencies are also seeing a rise in other types of high-tech crimes. McKenzie says it surprises many that his county, whose main commodity is dairy products, has the same kinds of computer crimes that big cities face, particularly identity theft (he says he gets four or five new cases each week) and hacks of corporate networks. With the assistance of the high-tech task force, local police are now trained to investigate these crimes, and when they need specialized resources or the help of other jurisdictions, the task force is there to provide assistance, he says.
Gross says that Internet-fraud cases were common in his task force, as were piracy cases, where people had made illegal copies of videos, CDs, or DVDs; his office regularly worked with investigators from the Motion Picture Association of America and the Recording Industry Association of America to conduct raids on high-tech pirates.
The Sacramento Valley task force deals with high-tech crimes ranging from theft of cellular-phone and digital-satellite services to high school kids hacking into their grade reports, according to Sergeant Adam Christianson, who supervises a satellite office of the Sacramento Valley Hi-Tech Task Force.
New tools. To deal with complexities of fighting online crime, computer crime task forces are taking advantage of new technologies. Letras says that Detective Hedrick has used an electronic voice synthesizer to dupe would-be pedophiles who want to make sure their intended victim is indeed a child. The synthesizer makes his voice sound like a little girl's, thus convincing the predator to proceed. Many task forces also use computer forensics software (and affiliated training programs).
Unfortunately, says Fred Cotton, who directs training services at SEARCH, Inc., a California-based organization that assists states with computer technology issues, most companies that make high-tech tools don't aim for the tiny law enforcement market, meaning that tailored products end up being expensive. "Some just can't afford it, and that's one reason they banded into task forces: so they could afford some of the equipment it takes to do it," he says.
Christianson says that his group found that partnering with technology companies offers a way to solve computer crimes without always having to rely on in-house technology or experts. In one case, his investigators were able to track the rightful owner of a stolen iBook notebook computer by calling an established contact at Apple with the notebook's serial number. These relationships help save the investigators the time of writing search warrants or getting subpoenas.
Federal efforts. Many law enforcement agencies at the federal level have also established computer crime units to target multistate or even international crimes, such as those committed by identity-theft rings. But these agency-specific units sometimes overlap with the jurisdictions of similar units within other federal agencies. For example, the FBI has a special investigative unit for computer crimes targeting children, as does the U.S. Customs Service. These units also sometimes need to coordinate with state and local organizations, such as those already discussed. Some programs have been established to better coordinate all of these resources.
One such program is the Secret Service's Electronic Crimes Task Force (ECTF) initiative, which is one of the largest and most well known efforts to provide a "one-stop shop" for federal and local law enforcement agencies tasked with fighting computer crimes.
In the ECTF model, specially trained Secret Service agents bring together diverse members to find and share resources and knowledge.
For example, the first ECTF, established in New York City in 1995, comprises a community of 50 federal, state, and local law enforcement agencies and more than 200 corporations, as well as prosecutors and academic leaders. The NYECTF has made more than 860 arrests involving electronic crime losses in excess of $730 million. It has also trained more than 13,000 law enforcement personnel, prosecutors, and private-industry personnel.
High-profile cases it has been involved with include the prosecution of John Gotti, Jr., in 1999 and the 2001 case of multiple identity thefts by a New York City busboy who stole personal financial information of celebrities chosen from the Forbes list of the 400 richest people in America. He used that information to try to transfer money from their online brokerage accounts to fraudulent accounts.
The NYECTF has been so successful that the USA Patriot Act of 2001 called for a nationwide network of task forces based on the New York model; eight more now exist across the country, from Boston to San Francisco.
Progress is being made elsewhere as well. After the Patriot Act was passed, the Secret Service expanded its efforts to help state and local agencies increase their skills in computer forensics investigations, says John Large, assistant special agent in charge of the Secret Service's Miami field office.
One "train the trainer" program that the Miami ECTF carried out proved particularly popular, Large says. "We took five or six local detectives from various cities and paid for their training" so that they received forensic skills identical to Secret Service agents. Trainees "also received s100,000 worth of equipment after completing the training" with which they could conduct forensic exams, Large says.
John Frazzini, now vice president of intelligence operations with iDefense, a private intelligence security firm in Virginia, was until recently a Secret Service agent working with the ECTF. Frazzini founded the Washington, D.C., electronic crime task force and helped develop other Secret Service task forces nationwide. He says that federal initiatives differ from local ones in many ways, but the most important is scope.
"Oftentimes the state-run task forces focus on smaller-level crimes, such as smaller identity theft crimes, whereas the federal task forces are focused much more on transnational major crimes," he says. "State task forces don't necessarily have the reach to he able to conduct investigations beyond their jurisdiction; that's where they could leverage their association with the Secret Service task forces, in order to have a broader reach."
For example, he says, if a local police officer investigating an identity theft case needs to collect information on a hacker located in Eastern Europe, obtaining that information will be difficult or impossible; however, if the officer is working through a federal task force, more resources are available and it becomes more likely that the information can be obtained.
Frazzini emphasizes that the Secret Service task forces are a conduit through which information can be changed between agencies, not a way for the agency to take credit--or responsibility--for every case that members bring through the doors.
One way the Secret Service has helped expand the reach of local law enforcement officials is by getting them deputized by the U.S. Marshals Service. "If they needed to use their federal authority, whether subpoena power or search warrant, or needed to use the resources of the Secret Service to have a lead run out, then they would utilize their capability as deputy U.S. Marshals" to assist in that investigation, Frazzini explains.
Types of cases. While the Secret Service ECTFs focus primarily on financial crimes, the Office of Juvenile Justice and Delinquency Prevention of the U.S. Department of Justice has established a grant program to fund dozens of Internet Crimes Against Children (ICAC) task forces across the country; these units, working together with local officers, like Hedrick of the Sacramento Valley Hi-Tech Crimes Task Force, target online child exploitation, traffickers in child pornography, and Internet pedophiles.
The efforts of these federal task forces can overlap. Frazzini says that while investigating and prosecuting purveyors of child pornography is not the primary focus of the ECTFs, they can nevertheless help investigators pursue such cases, because local investigators could contact the proper federal authorities, such as the U.S. Customs Service or the FBI's Innocent Images National Initiative, through their mutual affiliation with the ECTFs.
Networking. Some federal efforts, such as the FBI's InfraGard program, offer what cybercrime experts say is the most important advantage of computer crime task forces: networking opportunities. As Frazzini explains, knowing who to go to for help when a cybercrime occurs is critical, whether you're in law enforcement or in a private company.
An ancillary benefit of the task-force model is that it facilitates information sharing among law enforcement officials and prosecutors at the local level, says W.R. McKenzie, deputy district attorney from the Stanislaus County District Attorney's office. Detectives learn the latest trends both with regard to what criminals are doing and with regard to the investigative techniques that law enforcement agencies are using, he says.
This model has also changed the way in which investigators and prosecutors work together, says McKenzie. When a crime such as a homicide or robbery takes place, detectives investigate and then report to the DA's office. But with crimes investigated through the task force, "as a prosecutor I can get involved in the cases at a much earlier stage. We can talk about what's the best way to investigate," he says. Ultimately if the cases end up at trial, "we want to make sure we've got the best investigation up front that we could have," says McKenzie. When they achieve that goal, he says, the cases often get settled out of court.
Challenges. While these various task forces have begun to accomplish their missions with increasing skill and efficiency, significant challenges remain. Major concerns include acquiring funding, managing increasing caseloads, and finding qualified personnel. Another major challenge is building trust between the public and private sectors.
Funding. While some aspects of computer crime task forces can be implemented fairly inexpensively, such as creating a listserv for members or setting up network opportunities a few times each year, building a successful unit involves plenty of expenses. From a personnel perspective, law enforcement agents need to be allowed to dedicate their time to investigating cybercrime, rather than splitting their efforts with other types of investigations, those involved say.
Equipment costs can also be prohibitive for cash-strapped agencies. Leissler says that his New Jersey task force found one way to circumvent the need for buying new equipment. "We utilized a lot of seized computers from bad guys, and turned them into machines that would help us do proactive work," he says.
But Edwards says that his Georgia Financial Investigations Unit task force has found so far that equipment seized from perpetrators has not been particularly useful, because it usually is not up to date. "Saving and processing the evidence on equipment that is two-and-a-half years old takes about 55 hours" in a typical case, he says. On the latest versions, the same evidence is processed in 50 minutes.
Much of the newer equipment was obtained using grants from the government, says Edwards, but those funds are no longer available. Now, he worries, "We're relying strictly on state funding, and the funds are just not there."
Caseload. By all accounts, task forces are facing ever-increasing amounts of work, no matter what the focus (from pedophilia peddling to credit-card fraud). In 1994, when the GBI first started doing computer forensics, Edwards says that his unit handled about 30 cases. Last year it handled 175, and each case had an average of three computers associated with it.
Other jurisdictions report a similar explosion in high-tech crimes. In 1995, the year the Sacramento Valley Hi-Tech Task Force was launched, officers investigated 178 cases and arrested 148 suspects. In 2001 (the latest year for which statistics are available), it investigated 764 cases, making 276 arrests. More than half of the arrests were for various financial frauds, particularly identity theft. "That's the one that's killing us," says Christianson. In Modesto alone, several hundred identity-theft cases are open, and the town assigned extra detectives solely to those crimes, according to McKenzie.
The number of cases is certain to skyrocket, experts say, not only because cybercrime itself is increasing, but also because cybercrime investigators are needed even for traditional crimes where a computer is present.
Training. The training of personnel is costly for task forces. While cyberskills training is available from various organizations, including SEARCH, the Federal Law Enforcement Training Center, and the National White Collar Crime Center, these courses often require personnel to travel far. Leissler helped the state of New Jersey reduce training costs by having his own staff serve as in-state trainers for other police agencies throughout the state.
As mentioned previously, the Secret Service is creating new opportunities for extensive training through the ECTFs. Yet difficulties remain. Large says that the slots available for training nonfederal law enforcement officials are limited. And training classes specialize in certain niches; some focus on corporate investigations, others on financial crimes, computer forensics, or general investigations. So agencies find that they need to send officers to several training classes to get different perspectives; one benefit is that these officers then pass their training along to others in the organization.
Another element of training is getting everyone, from parents to prosecutors and judges, educated in the issues of cybercrime. Christianson has found that educating the public about identity theft, for example, leads to fewer incidents. Task-force members give seminars at police academies and at meetings of prosecutors, while the GBI's Edwards provides speakers to schools and business associations. Edwards also trains judges and even the Georgia defense bar. But this training process never ends because as technology evolves, cybercrime changes and the issues need to be revisited.
Personnel. Edwards says that finding and keeping the right people is a continuing challenge. "There are just not that many people out there in the job market that have the skills we're looking for," he says. "Oftentimes we have to train them in house, but once we get them where we want them, the private sector has an interest in the same skills, and so they're always trying to recruit our people."
But the flow of IT brainpower from government to the private sector may be starting to rum around, says Cotton. Since the dot-corn boom ended, he says, there's a move back to government, "because there are no jobs in the private sector.
Trust Without question, the biggest challenge is developing trust between public and private groups. "If the trust level is not elevated between the private sector and law enforcement, those task force environments will not work, period," asserts Frazzini. Companies have to trust that "when they come to law enforcement with their darkest secrets, that law enforcement is going to handle it in an appropriate way that's not going to revictimize them."
This has long been a point of contention between businesses that suffer a cybercrime attack and law enforcement agencies whose officials fret that without information from victims, cybercriminals will never be brought to justice. Michael Overly, CISSP, a partner in the e-Business and Information Technology Practice at the law firm of Foley & Gardner, says that law enforcement has made some positive changes, in part thanks to the increasing popularity of programs such as ECTF and InfraGard.
"There was a clear perception in private industry that many of the computer crimes units were essentially a bull in a china shop when they would do these investigations," Overly explains. Now, he says, "I think they have absolutely realized that and they are working very hard to overcome that reputation."
The road ahead. Despite their advancements, investigators are still only scratching the surface of cybercrime. Alan Paller, director of research for the SANS Institute, notes that the increased effort to have successful prosecutions and tougher sentences, plus laws that make tracking Web-based criminals easier, is a giant step in the right direction.
In less than a decade, computer crime task forces have transformed the way in which law enforcement investigates a host of crimes. But when asked if law enforcement is winning the war on cybercrime, Sergeant Christianson admits, "We're just barely keeping our heads above the water."
Peter Piazza is assistant editor of Security Management
|Printer friendly Cite/link Email Feedback|
|Date:||Apr 1, 2003|
|Previous Article:||Forward Thinking for a changing world: Asis International 2003 49th Annual Seminars & Exhibits. (Seminar Preview and Advance Registration).|
|Next Article:||U.S. Judicial decisions. (Legal Reporter).|