Cyber Crimes Cyber Crimes Presented by Presented by Heidi Estrada Heidi Estrada Special Agent Special Agent Federal Bureau of Investigation Federal Bureau of Investigation Austin Resident Agency Austin Resident Agency San Antonio Division San Antonio Division
37
Embed
Cyber Crimes Presented by Heidi Estrada Special Agent Federal Bureau of Investigation Austin Resident Agency San Antonio Division.
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
One-stop, full service forensics laboratoryOne-stop, full service forensics laboratory Training center - to train all LEO Training center - to train all LEO Devoted to the examination of digital evidence in Devoted to the examination of digital evidence in
support of criminal investigationssupport of criminal investigations
www.rcfl.gov
Texas HB 2703Texas HB 2703
Law signed June 2003Law signed June 2003 Physical evidence not admissible unless Physical evidence not admissible unless
lab or other entity accreditedlab or other entity accredited If not accredited, need to retain sample If not accredited, need to retain sample
of physical evidenceof physical evidence After Sept. 2005 labs required to be After Sept. 2005 labs required to be
accreditedaccredited
The RCFL & YouThe RCFL & You LEO and Private Entity personnel can submit LEO and Private Entity personnel can submit
electronic evidence to the RCFL to be electronic evidence to the RCFL to be examinedexamined
OrOr
A law enforcement agency can join the RCFL:A law enforcement agency can join the RCFL: Send an officer to become a computer forensic Send an officer to become a computer forensic
examinerexaminer RCFL pays for training, equipment, space for that RCFL pays for training, equipment, space for that
examinerexaminer
TrainingTraining
Provided to any law enforcement Provided to any law enforcement personnel free of chargepersonnel free of charge
Use the RCFL classroomsUse the RCFL classrooms For class schedule, descriptions and For class schedule, descriptions and
registration: registration: www.ghrcfl.orgwww.ghrcfl.org Sign up onlineSign up online Forensic classesForensic classes Bag & Tag class / Image Scan class Bag & Tag class / Image Scan class
RCFLs support:RCFLs support:
TerrorismTerrorism HomicideHomicide National SecurityNational Security Violent CrimesViolent Crimes Child PornographyChild Pornography Theft or destruction of Intellectual Theft or destruction of Intellectual
PropertyProperty FraudFraud
RCFL ServicesRCFL Services
LaboratoryLaboratory - examination of digital evidence - examination of digital evidence TechnicalTechnical - advice on preparing search - advice on preparing search
warrants (digital), seizure of digital evidence, warrants (digital), seizure of digital evidence, techniques for handling digital evidencetechniques for handling digital evidence
TrainingTraining - Free technical training for both - Free technical training for both forensic examiners and non-forensic LEO forensic examiners and non-forensic LEO personnel (investigators)personnel (investigators)
On-SiteOn-Site - RCFL examiners can deploy to - RCFL examiners can deploy to locations to execute search warrants on sitelocations to execute search warrants on site
To Submit Evidence To Submit Evidence to the RCFLto the RCFL
Submit only digital evidenceSubmit only digital evidence Computers, hard drives, CDs, floppies, USB drives, Computers, hard drives, CDs, floppies, USB drives,
cameras, telephonescameras, telephones Separate these items from other evidence (paper Separate these items from other evidence (paper
documents, objects) - store in your own property roomdocuments, objects) - store in your own property room Search warrant or signed consent to search form Search warrant or signed consent to search form
must be with the evidencemust be with the evidence RCFL examiner can also go to a location and RCFL examiner can also go to a location and
make a forensic/digital copy on site (so you do make a forensic/digital copy on site (so you do not have to take the owner’s computer)not have to take the owner’s computer)
FY05: What the RCFLs Did FY05: What the RCFLs Did For UsFor Us
ServicesServices - Provided digital data - Provided digital data processing for state, local and processing for state, local and federal government agenciesfederal government agencies
Program GrowthProgram Growth - Total RCFLs grew - Total RCFLs grew to 9. Available to more than 3500 law to 9. Available to more than 3500 law enforcement agencies in 11 statesenforcement agencies in 11 states
National RecognitionNational Recognition - Harvard - Harvard University’s 2005 Innovations in University’s 2005 Innovations in American GovernmentAmerican Government
FY05: What the RCFLs Did FY05: What the RCFLs Did For UsFor Us
Training - Training - Digital Forensic tools & techniquesDigital Forensic tools & techniques Investigator tools & techniquesInvestigator tools & techniques
Support to Major InvestigationsSupport to Major Investigations Increased Number of Participating Increased Number of Participating
AgenciesAgencies 90 total participating agencies90 total participating agencies
13 state agencies13 state agencies 54 local agencies54 local agencies 23 non-FBI federal agencies23 non-FBI federal agencies
Types of Evidence Types of Evidence ExaminedExamined
Created by San Diego RCFLCreated by San Diego RCFL Allows non-FBI RCFL Forensic Allows non-FBI RCFL Forensic
Examiners to finish their tenure at an Examiners to finish their tenure at an RCFL, then return to their parent RCFL, then return to their parent agency and maintain their agency and maintain their certification and skillscertification and skills
Being implemented nationwide Being implemented nationwide during FY06during FY06
Case Agent Investigative Case Agent Investigative Review Training (CAIR)Review Training (CAIR)
Purpose:Purpose: for investigators to use the FBI’s for investigators to use the FBI’s Review Net system to review forensic Review Net system to review forensic exam resultsexam results
Review Net:Review Net: a tool which allows a tool which allows investigators to review the forensic results investigators to review the forensic results of an exam via the FBI’s Intranetof an exam via the FBI’s Intranet
CAIR:CAIR: one-day training course, hands-on, one-day training course, hands-on, comes with a “refresher CD” so students comes with a “refresher CD” so students can refer to it after the course is finishedcan refer to it after the course is finished
How an RCFL WorksHow an RCFL Works FBI provides:FBI provides:
Manages the day-to-day operations. The Manages the day-to-day operations. The Director is a management level individual from Director is a management level individual from an RCFL member agency (state, local, federal). an RCFL member agency (state, local, federal).
Member supervision:Member supervision: Remains with the officers’ or agents’ “home Remains with the officers’ or agents’ “home
agency” for non-RCFL mattersagency” for non-RCFL matters Laboratory procedures outlined by the RCFL Laboratory procedures outlined by the RCFL
Program Office, FBIHQ, Laboratory DivisionProgram Office, FBIHQ, Laboratory Division
On The HorizonOn The Horizon
Expanding the RCFL program: service area Expanding the RCFL program: service area growing from 11 to 16 states during FY06 growing from 11 to 16 states during FY06 (with a total of 11 RCFLs)(with a total of 11 RCFLs)
Implementing Review Net: Implementing Review Net: Currently, only people with access to the FBI’s Currently, only people with access to the FBI’s
Intranet can access Review Net. Intranet can access Review Net. Soon, RCFL participating members from non-Soon, RCFL participating members from non-
FBI agencies will also access it within an RCFL.FBI agencies will also access it within an RCFL. Eventually, participating members from non-Eventually, participating members from non-
FBI agencies will access it from their own office FBI agencies will access it from their own office spacespace
On The HorizonOn The Horizon
ASCLD/LAB AccreditationASCLD/LAB Accreditation - At least - At least four RCFL’s are expected to submit four RCFL’s are expected to submit their accreditation applications their accreditation applications during FY06during FY06
Adding RCFL PersonnelAdding RCFL Personnel - Increased - Increased digital processing caseloads mean digital processing caseloads mean more RCFL examiners are needed more RCFL examiners are needed nationwidenationwide
Member AgenciesMember Agencies
Participating agencies and their Participating agencies and their personnel receive:personnel receive: 7 weeks of forensic examiner training7 weeks of forensic examiner training Exposure to the most technologically Exposure to the most technologically
Examiners must also conduct five searches and five exams under the supervision of an FBI-certified forensic examinerExaminers must also conduct five searches and five exams under the supervision of an FBI-certified forensic examiner
Complete one advanced FBI-sponsored class per year
Complete two additional outside classes per year
Pass yearly proficiency test
To maintain certification:
RCFLs in TexasRCFLs in Texas
North TX RCFL North TX RCFL (Dallas)(Dallas) Dallas PDDallas PD FBI - Dallas DivisionFBI - Dallas Division Garland PDGarland PD Grand Prairie PDGrand Prairie PD Plano PDPlano PD Richardson PDRichardson PD TX AGTX AG US Attorney - NDTXUS Attorney - NDTX
Greater Houston Greater Houston RCFLRCFL FBI - HoustonFBI - Houston Harris County - Pct 4 Harris County - Pct 4
Constable’s OfficeConstable’s Office Harris County - Pct 5 Harris County - Pct 5
Constable’s OfficeConstable’s Office Harris County SOHarris County SO Houston PDHouston PD Pasadena PDPasadena PD Tomball PDTomball PD
RCFLs NationwideRCFLs Nationwide
North TX RCFL North TX RCFL (Dallas)(Dallas)
Chicago RCFLChicago RCFL Heart of America Heart of America
RCFL (Kansas City)RCFL (Kansas City) New Jersey RCFLNew Jersey RCFL Silicon Valley RCFL Silicon Valley RCFL Greater Houston Greater Houston
RCFLRCFL
Intermountain Intermountain West RCFL (Salt West RCFL (Salt Lake City, Utah)Lake City, Utah)
Rocky Mountain RCFL - Denver, CORocky Mountain RCFL - Denver, CO Miami Valley RCFL - Dayton, OHMiami Valley RCFL - Dayton, OH Philadelphia RCFL - Philadelphia, PAPhiladelphia RCFL - Philadelphia, PA Western New York RCFL - Buffalo, NYWestern New York RCFL - Buffalo, NY
www.rcfl.govwww.rcfl.gov
Training Portal - course descriptions, Training Portal - course descriptions, schedule, registrationschedule, registration
National Program - employment National Program - employment opportunities, accreditation, opportunities, accreditation, locationslocations
Crimes Against Children / ExploitationCrimes Against Children / Exploitation
Intellectual Property Rights ViolationsIntellectual Property Rights Violations
Identity Theft / FraudIdentity Theft / Fraud
What Does the FBI Consider What Does the FBI Consider a Cyber Crimea Cyber Crime??
Is the computer a target?Intrusions
Or…. is the computer a tool?Computer Facilitated Crime/
Internet Fraud
IntrusionIntrusion Motive: Motive:
To impair, damage, alter the computer systemTo impair, damage, alter the computer system To steal valuable data (credit card #s, SSANs)To steal valuable data (credit card #s, SSANs)
Can evolve into other substantive violationsCan evolve into other substantive violations An intrusion into a bank for the purpose of An intrusion into a bank for the purpose of
stealing $$$stealing $$$ An intrusion into a business or university An intrusion into a business or university
database for the purpose ofdatabase for the purpose of stealing SSANsstealing SSANs
COMPUTERS AS A COMPUTERS AS A TARGETTARGET
COMPUTERS AS A TOOLCOMPUTERS AS A TOOLComputer Facilitated CrimesComputer Facilitated Crimes
A convenient way to commit a host A convenient way to commit a host of crimesof crimes
Examples include:Examples include: bank fraudbank fraud phishingphishing credit card fraudcredit card fraud child pornographychild pornography identity theftidentity theft theft of intellectual propertytheft of intellectual property
What Does a Hacker What Does a Hacker Look Like?Look Like?
New Legislation: Cyber New Legislation: Cyber StalkingStalking
47 United States Code 223 - 47 United States Code 223 - telecommunications harassment telecommunications harassment statutestatute
Amended January 5, 2006Amended January 5, 2006 Section 113 of the Violence Against Section 113 of the Violence Against
Women Act - addition to 47 USC 223Women Act - addition to 47 USC 223
Section 113Section 113
Prohibits anyone from using a Prohibits anyone from using a telephone or telecommunications telephone or telecommunications device without disclosing his identity device without disclosing his identity and and with intent to annoy, abuse, with intent to annoy, abuse, threaten, or harass any personthreaten, or harass any person
Penalties: Up to 2 years Penalties: Up to 2 years imprisonment or finesimprisonment or fines
ChallengesChallenges
The new law is intended to curb free The new law is intended to curb free speechspeech
Has a “chilling effect” on First Has a “chilling effect” on First Amendment rightsAmendment rights
ACLU: subjective nature of the word ACLU: subjective nature of the word “annoy” means law too vague, thus “annoy” means law too vague, thus unconstitutionalunconstitutional
Who is Affected by this Who is Affected by this Law?Law?
Internet users: blogs, online bulletin Internet users: blogs, online bulletin boards/opinion sites, message boards/opinion sites, message boardsboards
AdvertisersAdvertisers Political Activists Political Activists