Search:  

 Blog     e-Newsletter       Resource Library      Directories      Webinars     Apps     EBooks
   AFCEA logo
 

Government Works to Stop Actual Bad Guys In the Virtual Realm

March 2009
By Rita Boland
E-mail About the Author

 
Investigating and prosecuting cybercrimes are diverse and fluid fields.

The dark-hearted members of the human race have found ways to exploit innovations for their own selfish means throughout time. Now, with the ever-growing global dependence on computer networks, criminals are finding new ways to disrupt lives in the real world through enterprise in the cyber one. The U.S. Department of Justice and its allies have adapted their methods and techniques over the past decade and continue to adjust to prevent the morphing illegal activities in cyberspace, whether the computer crime itself is the full intent or only part of a larger scheme.

During the past 10 years, the Department of Justice (DOJ) has seen changes in intrusions and cybercases, from the crimes themselves to the types of criminals carrying out the illegal actions. Previously, most computer crimes were perpetrated by lone-wolf hackers acting independently, often for fame, publicity or the thrill. Today, cybercrime has become more organized, with financial gain serving as the main motive for most actions. Attacks often are aimed at financial institutions or designed for identity theft. And instead of some solitary computer geek giggling away as he hacks into networks from his basement, groups of people are now coming together, sometimes in tight organizations and sometimes in more loosely knit associations, to achieve a financial end.

Though the DOJ has seen instances where organized crime uses the Internet to handle some of its activities, most of the online organizations the department battles lack a hierarchy. Instead, people use social networking tools such as instant messaging, forums and e-mail to connect and work together in groups. They buy themselves information so people in different countries or across one nation can work together to perpetrate a crime.

This type of networking allows for greater specialization in a particular field. In the past, when cybercrime was conducted mainly by individuals, each criminal had to obtain all the pieces necessary to carry out the transgression. For example, someone aiming to commit financial fraud might need three pieces of information—a credit card number, a fake credit card and a fake identification—to steal money. Now, officials at the DOJ are dealing with more specialized criminals who band together and collaborate to benefit from one another’s individual areas of expertise. People skilled at stealing credit card numbers would sell that information to individuals who are experts at encoding fake credit cards. In 2004, the department made a major bust in this area, taking down a large operation known as Shadow Crew, which was basically a marketplace for selling identification information.

One of the DOJ’s greatest challenges is the increasing organization of groups committing cybercrime as well as the increasing intersection of organized and hacking crime groups. International organized criminals are using computer networks to steal hundreds of millions of dollars from the U.S. economy. Groups in Romania, for example, are expanding their operations to the recruitment of hackers to help carry out fraud schemes in the United States and other European locations. “The department is working cooperatively—and in large measure successfully—with Romanian law enforcement and prosecutors to help address this threat,” says John Lynch, deputy chief for computer crime in the computer crime and intellectual property section at the DOJ.

In other efforts to address the problem of organized crime in cyberspace, the DOJ has prioritized and targeted these groups and has employed resources across the government to address the factions. The resources include collecting and synthesizing law enforcement and intelligence information on these targets. In addition, the department continues to expand cooperative cybercrime operations efforts with foreign law enforcement agencies. The Law Enforcement Strategy to Combat International Organized Crime announced by the U.S. Attorney General in April 2008 specifically addresses the threats these groups pose in cyberspace, including the ability of groups to wreak havoc in locations far from their physical geographies.

In terms of cybercrime and cybersecurity, the cooperative strategy builds on years of foundational work by the DOJ in international organizations such as the G8, Interpol and the Council of Europe. “Our efforts in these groups involve both building the legal infrastructure so that criminals do not find safe havens in countries that do not have the laws to prosecute them, as well as building the operational infrastructure, ensuring that police and prosecutors are prepared to investigate and prosecute high-tech crime, and to cooperate with other countries in doing so,” Lynch explains.

Operationally, prosecutors and law enforcement in the United States work on new tools and methods to collaborate and exchange information quickly and efficiently. One example is the Federal Bureau of Investigation’s (FBI’s) N-DEx initiative, which brings together law enforcement information from across agencies and jurisdictions so that it can be searched quickly and efficiently. 

These crimes being perpetrated in cyberspace and the methods of carrying them out force the DOJ to adapt its techniques both in apprehending and prosecuting the guilty parties. “It creates challenges in both respects,” Lynch says. Actually identifying the people responsible for computer crimes is difficult and requires the use of many resources from the department’s law enforcement partners. Finding the perpetrators of computer crimes can be a two-fold effort. First, law enforcement officials have to locate the cyber identity of the guilty party. Once that is complete, they still have to dig beyond the nickname to attribute the activities to an actual person.

To do this, officials follow both electronic and money trails, and they sometimes find the money trail to be more efficient to trace. Lynch explains that the DOJ and its partners must integrate the information they receive from the cyberside of an investigation with old-fashioned techniques such as forensic accounting and surveillance of people picking up money.

Jurisdiction also is often an issue in cybercrimes. Because cyberspace covers all geographies, criminals working together might be in different parts of one country or different countries. Crimes cross state, district and other boundaries, and Lynch acknowledges that working with state and local law enforcement, international partners and other agencies to identify different people involved with a criminal effort and to prosecute them successfully can create challenges.

For example, the first knowledge of an identity-theft ring might come from the New York Police Department when someone tries to pass a fake credit card. That individual may be linked to people in a foreign country or other parts of the United States who provided the card. Officials in various locations must cooperate and share information to begin piecing together what criminals are doing. A federal or local task force could focus on a particular city or group, but groups may extend across time zones and continents. When various agency personnel do attribute crimes to individuals, they might need to obtain information from law enforcement officials in other countries and jurisdictions to prosecute the guilty parties in the United States or to ensure they are prosecuted in the appropriate country.

While officials at the DOJ declined to comment on specific current or future cyberoperations, Lynch did explain that the department continues to evaluate the changing shape of criminal behavior. Any information discovered through those efforts will be rolled into the department’s future initiatives. He shares that officials always are looking at the threat and criminal landscape as well as working with their law enforcement partners to ensure appropriate reaction to threats. Other areas where the DOJ holds its cards close include specific technologies used in the detection and prosecution of criminals—these are open for discussion only when they come up in court—and research and development activities.

Though the department does not comment directly on its research and development, it does work with partners across the public and private sector to ensure the acquisition of necessary capabilities. Beyond basic law enforcement technology, officials with the department must be aware of financial and banking systems operation, and they must share information they learn during investigations with the private sector so institutions can secure themselves better in the future. The DOJ works to ensure a healthy line of information among prosecutors, responders and the private sector. The agency strives to ensure it obtains threat and vulnerability information. That usually does not go directly to prosecutors, but to investigative agencies, underlining the need for robust information-sharing practices.

Investigators and prosecutors have a number of methods available to them when trying to track down cybercrimes. Statutes and standards in place enable law enforcement officers to request search warrants from a court to obtain necessary information from contract service providers. Basic customer information also can be obtained with a subpoena. The DOJ continues to examine the tools for investigating crimes on the network to ensure they keep up with current technologies. Officials also continually examine the balance between privacy and law enforcement needs.

Despite the pervasive nature of cybercrime, Lynch says it is only one of several high-priority fields in the DOJ. The highest priority is terrorism, and much of the department’s work deals with national security issues. In many cases, cyberoperations become a part of other operations. Lynch explains that his office has consulted with law enforcement agencies, and the criminal division works closely with the national security division to ensure that best efforts are applied to investigating terrorist operations.

Lynch explains that cybercrime and cyberhacking are his focus area; however, information related to computer networks has effects across all types of criminal activities. The Child Protection and Obscenity Section of the DOJ, for example, has a large cyberfocus to address child pornography that is being traded online. Across the criminal landscape, perpetrators use computers to commit crimes, so Lynch’s division provides advice and assistance to help equip its partners with the information they need to investigate those misdeeds. Terrorism prosecutors in the National Security Division, for instance, need knowledge of computer operations and how to  store information on computer systems legitimately to identify how groups are communicating using computer technologies.

Lynch shares that the military and intelligence communities focus on the cyberterrorism threat in partnership with the DOJ. State-sponsored computer crimes often come to the department as a law enforcement issue. When officials first see an intrusion into a network, they have to determine if the intruder is an individual criminal, a member of an organized crime group or someone working to disrupt national security. The DOJ works with the intelligence community and the FBI to ensure that information about the threat is appropriately shared and handed off to the right people at the right time in the process.

Lynch says that quantifying personal risk versus institutional risk is difficult. If investigators find someone’s personal information is being used for financial theft, they might not know immediately how criminals obtained that information. It could have been stolen when a person voluntarily offered the information in response to a phishing e-mail. Or, the information could have been collected through malicious software that records keystrokes on a computer system. Additionally, information could have been stolen from a bank, retailer or public database.

As cybercrime and cyberoperations continue to advance and change, the law has to adjust as well. Several recommendations for changes to the U.S. Code for computer crime were enacted by Congress in August 2008. Updates to the computer crime statute have occurred several times over the last decade to ensure criminality is covered adequately. Lynch explains that when looking at appropriate statutory approaches, the DOJ tries to avoid language that is too specific about technologies and methods so the statute can be used to prosecute new forms of criminality as they emerge. Language should remain neutral when describing crimes and how they are carried out, because otherwise when a new technology comes along, changes must be made to the laws and regulations.

The legislative process often moves more slowly than the criminals who are developing means for exploiting the system. To counter this effect, authors try to keep the legislative language as broad as possible to ensure officials can prosecute crimes. Lynch explains that much of what occurs is simply new ways of committing the same crime and that the department wants to ensure the public understands that is illegal.

Web Resources
Department of Justice Computer Crime and Intellectual Property Section: www.usdoj.gov/criminal/cybercrime/index.html
Federal Bureau of Investigation Cyber Investigations: www.fbi.gov/cyberinvest/cyberhome.htm
Law Enforcement Strategy to Combat International Organized Crime: www.usdoj.gov/ag/speeches/2008/ioc-strategy-public-overview.pdf
N-DEx: www.fbi.gov/hq/cjisd/ndex/ndex_home.htm