Chapter 17

Chapter 17

Computer Crime

Hess 17-1

Introduction• Computer crimes are relatively easy to commit and

difficult to detect• Most computer crimes are not prosecuted• Crimes involving computers have become much more

sophisticated• Most computers on the planet are connected via the

Internet• A new breed of detective—the cybercrime investigator

Hess 17-2

SOURCES• IC3 2010 Internet Crime Report• 2010 CyberSecurity Watch Survey• 2010/2011 CSI Computer Crime and Security Survey• Created a fundamental change in law enforcement

agencies

Hess 17-3

The Scope and Cost of the Problem

COMMON TERMS• Cybercrime• Cybertechnology • Cyberspace • E-crime

Hess 17-4

Terminology and Definitions

THE NET VERSUS THE WEB• Net is a network of networks• Web is an abstract space of

information

LIVE CHAT ANDINSTANT MESSAGING

• Two or more people• Talk online in real time

Hess 17-5

Terminology and Definitions

OVERVIEW• Computer as target• Computer as tool• Computer as incidental to an offense• Be aware of the ever-expanding ways

Hess 17-6

Classification and Types of Computer Crimes

COMPUTER AS TARGET• Viruses and worms• Invariably involves hacking

COMPUTER AS TOOL• Traditional methods elevated• Many offenses overlap

Hess 17-7

Classification and Types of Computer Crimes

OVERVIEW• Reluctance or failure to report crime• Lack of training • Need for specialists • Fragility of the evidence • Jurisdictional issues

Hess 17-8

Special Challenges in Investigation

NONREPORTING OF COMPUTER CRIMES• Did not think law enforcement could help• Too insignificant to report

LACK OF INVESTIGATOR TRAINING• Cybercriminals are more technologically sophisticated• Law enforcement needs additional training

Hess 17-9

Special Challenges in Investigation

NEED FOR SPECIALISTS AND TEAMWORK• Cybercrime unit

FRAGILITY AND SENSITIVITY OF EVIDENCE• Computer evidence is very fragile• Can be altered or damaged easily• Could be rendered unusable

Hess 17-10

Special Challenges in Investigation

JURISDICTIONAL ISSUES• Traditional boundaries are complicated• Double criminality• Need for unified global approach• Federal versus state• Growing pains for this area of law

Hess 17-11

Special Challenges in Investigation

COMMON PROTOCOL• Secure, evaluate and document crime scene• Obtain a search warrant• Recognize, identify, collect and preserve the evidence• Package, transport and store evidence• Submit digital evidence • Document in an incident report

Hess 17-12

The Preliminary Investigation

SECURING AND EVALUATING THE SCENE• Basic ON/OFF tenet• Follow departmental policy • Ensure that no unauthorized person has access • Ensure condition of electronic device is not altered• Properly document

Hess 17-13

The Preliminary Investigation

OBTAINING A SEARCH WARRANT• Searches may be conducted by consent• Suspect unknown, warrant must be obtained• Have both a consent search form and a search warrant• Avoid destruction of evidence

Hess 17-14

The Preliminary Investigation

RECOGNIZING EVIDENCE• Conventional

Fingerprints Documents Hard drive

• Digital Electronic files E-mails

Hess 17-15

The Preliminary Investigation

DOCUMENTING DIGITAL EVIDENCE• Thorough notes, sketches and photographs• Document condition and location of computer system• Photograph the entire scene • Photograph the front and back of the computer

Hess 17-16

The Preliminary Investigation

COLLECTING PHYSICAL AND DIGITAL EVIDENCE• Evidence often contained on disks• Devices may have fingerprints• Avoid contact with recording surfaces• Evidence log• Chain of custody issues

Hess 17-17

The Preliminary Investigation

PACKAGING, TRANSPORTING AND STORINGDIGITAL EVIDENCE

• Keep away from magnetic fields• Store away from humidity extremes• Do not use plastic bags• Be aware of battery needs

Hess 17-18

The Preliminary Investigation

DATA ANALYSIS AND RECOVERY• Deleted files remain on hard drive• Forensic expert can make viewable• Recycle bin• Data remanence

Hess 17-19

Forensic Examination of Computer Evidence

WARRANT EXCEPTIONS• Contraband, fruits or instrumentalities of the crime• Prevent death or serious bodily injury• Has committed or is committing a criminal offense to

which the materials relate

Hess 17-20

Legal Considerations in Collecting and Analyzing Computer Evidence

DEVELOPING SUSPECTS• Most cybercrimes committed by outsiders• Three categories

Crackers Vandals Criminals

Hess 17-21

Follow-Up Investigation

ORGANIZED CYBERCRIME GROUPS• Generally not loyal to one another• Operate in countries with weak hacking laws

UNDERCOVER INVESTIGATION AND SURVEILLANCE• Headed by computer expert• Online undercover officer

Hess 17-22

Follow-Up Investigation

VULNERABILITY• Access via phone lines• Critical nature of law enforcement data • Agency’s network should be a top priority• Evidence logs • Other valuable data

Hess 17-23

Security of the Police Department’s Computers

GOVERNMENT MEASURES• USA PATRIOT Act• Foreign Intelligence Surveillance Act (FISA)• National Security Letter (NSL)• Child Protection and Sexual Predator Punishment Act• All states have enacted tough computer crime control

laws

Hess 17-24

Legislation

CYBER SPECIALISTS• Often requires a team

approach• Equipment owner• Database technicians• Auditors• Computer experts • Programmers

Hess 17-25

The Investigative Team

SOURCES• National Cybercrime Training Partnership (NCTP)• Electronic Crimes Task Forces (ECTFs)• Perverted Justice• NetSmartz

Hess 17-26

Resources Available

STRATEGIES• Educating top management • Educating employees • Instituting internal security precautions• Management

Commitment to defend against computer crime Organization-wide policies

Hess 17-27

Preventing Computer Crime

Summary• Computer crimes are relatively easy to commit and

difficult to detect• Basic tenet for first responders at computer crime

scenes is to observe the ON/OFF rule• Most cybercrimes against businesses are committed by

outsiders• Investigating such crimes often requires a team

approach

Hess 17-28