Scene of the Cybercrime: Assisting Law Enforcement In Tracking Down and Prosecuting Cybercriminals 1
Please allow me to introduce myself … • Debra Littlejohn Shinder, MCSE – Former police sergeant/police academy and college criminal justice instructor – Technical trainer • Networking, operating systems, IT security
– Author • Cisco Press, Syngress Media, Que, New Riders • TechRepublic, CNET, Cramsession/Brainbuzz
– Consultant • Businesses and government agencies
2
What I’m going to talk about today • What is cybercrime and is it really a problem? • Who are the cybercriminals? • Why should you want to help law enforcement officers catch them? • The Great Governmental Divide • How techies can build a bridge • Building the cybercrime case 3
Civil vs. Criminal Law • • • •
Two separate systems of law What are the differences? Double jeopardy doesn’t apply Constitutional protections – when do they apply?
Breach of contract is not a crime – except when it is. 4
Defining cybercrime Cybercrime is any illegal act committed using a computer network (especially the Internet). Cybercrime is a subset of computer crime. What do we mean by “illegal?” Bodies of law: Criminal, civil and administrative
5
Who are the cybercriminals? • It’s not just about hackers • Using the ‘Net as a tool of the crime – White collar crime – Computer con artists – Hackers, crackers and network attackers
• • •
Incidental cybercriminals Accidental cybercriminals Situational cybercriminals 6
Who are the cybervictims? • Companies – Security? What’s that? – Bottom liners
• Individuals – Naive/Newbies – Desparados – Pseudovictims – In the wrong place at the wrong time
• Society 7
Who are the cyberinvestigators? • • • •
IT professionals Corporate security personnel Private investigators Law enforcement Ultimate destination
When and why the police should be Called in
This is where the authority lies How can all Work together?
8
What’s in it for me? • Why should IT personnel cooperate with police in catching cybercriminals? • What are the advantages? • What are the disadvantages? What are the legalities? What happens if you don’t cooperate? 9
The Great (Governmental) Divide • Law enforcement culture – Highly regulated – Paramilitary (emphasis on “para”) – “By the book” The “Police Power” myth Weight of law agency policy political factors Public relations 10
Police Secrets • Most officers are not as confident as they appear – Command presence required – The bluff is in
• Most cops feel pretty powerless – Cops don’t like feeling powerless
• Most cops don’t understand technology – Cops don’t like not understanding 11
This leads to… • A touch of paranoia • “Us vs. Them” attitude – Cops against the world
• The truth about the thin blue line • The blue wall of silence Best kept secret: Cops are human beings 12
Why cops and techies don’t mix • • •
Lifestyle differences Elitist mentality – on both sides Adversarial relationship – Many techies support or at least admire talented hackers – It’s human nature to protect “your own” – Many cops don’t appreciate the difference between white and black hat – Bad laws 13
What cops and techies have in common • • • • •
Long, odd hours Caffeine addiction Dedication to/love of job Want things to “make sense” Problem solvers by nature What can tech people do to solve the problem of how to work with law enforcement? 14
Building team spirit • Ability to “think like the criminal” – Important element of good crime detection – Difficult for LE when they don’t know the technology
• IT’s role – You know the hacker mindset – You know what can and can’t be done with the technology – You know where to look for the clues Police know – or should know – law, rules of evidence, case building, court testimony
15
Bridging the Gap • “Talk the talk” – Technotalk vs police jargon
• Learn the concepts – Legal – Investigative procedure
• Understand the “protocols” – “Unwritten rules”
16
Building the Case • Detection techniques • Collecting and preserving digital evidence • Factors that complicate prosecution • Overcoming the obstacles
17
Cybercrime Detection Techniques • • • • •
Auditing/log files Firewall logs and reports Email headers Tracing domain name/IP addresses IP spoofing/anti-detection techniques
18
Collecting and Preserving Digital Evidence • • • • •
File recovery Preservation of evidence Intercepting transmitted data Documenting evidence recovery Legal issues – Search and seizure laws – Privacy rights – Virtual “stings” (honeypots/honeynets) Is it entrapment?
19
Factors that complicate prosecution of cybercrime • • • •
Difficulty in defining the crime Jurisdictional issues Chain of custody issues Overcoming obstacles Lack of understanding of technology (by courts/juries) Lack of understanding of law (by IT industry)
20
Difficulty in defining the crime • CJ theory – mala in se – mala prohibita
• • • •
Civil vs. criminal law
Elements of the offense Defenses and exceptions Burden of proof Level of proof Statutory, Case and Common Law
21
Jurisdictional issues • Defining jurisdiction • Jurisdiction of law enforcement agencies • Jurisdiction of courts • Types of jurisdictional authority • Level of jurisdiction
22
Chain of Custody • • • •
What is the chain of custody? Why does it matter? How is it documented? Where do IT people fit in?
23
Overcoming the obstacles • Well defined roles and responsibilities • The prosecution “team” – Law enforcement officers – Prosecutors – Judges – Witnesses What can CEOs and IT managers do? 24
Testifying in a cybercrimes case • • • •
Expert vs evidentiary witness Qualification as an expert Testifying as an evidentiary witness Cross examination tactics Three types of evidence: Physical evidence Intangible evidence Direct evidence
25
Summing it up • Cybercrime is a major problem – and growing • Cybercrime is about much more than hackers • There is a natural adversarial relationship between IT and police • Successful prosecution of cybercrime must be a team effort • IT personnel must learn investigation and police must learn technology
26
The book:
Scene of the Cybercrime by Debra Littlejohn Shinder
Defining and Categorizing Cybercrime A Brief History of the Rise of Cybercrime Understanding the People on the Scene of the Cybercrime Understanding Computer and Networking Basics Understanding Network Intrusions and Attacks Understanding Cybercrime Prevention Implementing System Security Implementing Cybercrime Detection Techniques Collecting and Preserving Digital Evidence Understanding Laws Pertaining to Computer Crimes Building and Prosecuting the Cybercrime Case Training the Cybercrime Fighters of the Future 27