FREE e-Newsletter
Important News - Hot Topics
Get them Now!

DrugTest 5000 - Draeger Safety Diagnostics Inc
In the past, roadside drug screening has been difficult because it involved the...

Exclusive Webinar!

Originally aired: June 17, 2014  ‚óŹ 2PM EST

View Webinar Archive Here

Integrated Law Enforcement Complements and Completes Law Enforcement Capabilities

Discover how the combination of intelligence analysis, lead generation, agency collaboration, and communications integration can help you uncover issues faster and take action sooner. Learn how innovative IBM law enforcement solutions can extend the capabilities within your organization to deal with new and emerging threats, improve officer safety, reduce criminal activity, and protect the public. 

Join IBM industry expert Stephen Dalzell and members from the MDPD, IT and homeland security departments of the Miami Dade police department to hear more!

Click here to view archive

 

Cover Story

How To Investigate Cybercrime

Tracking bad guys on the Net takes the experience of a detective and the know-how of a tech head.

November 01, 2003  |  by - Also by this author

Back when the term “computer” meant mainframes and reel-to-reel tape drives, computer criminals were masterminds who used their programming talents to glean millions of dollars from banks and corporations. These crooks were so ingenious in their schemes that many banks and corporations cut deals to hire them as security consultants rather than send them to prison.

Today, the average desktop workstation has all the computing power of one of those old mainframes, the average American home has at least one computer, and computer criminals are no longer masterminds, just crooks and creeps doing what crooks and creeps do. Today and every day, thousands of people worldwide are being victimized by computer crime. That’s why just about every major municipal or county law enforcement agency in the United States now has a new breed of detective: the computer crime or “cybercrime” investigator.

It’s easy to pinpoint the reason why cybercrime has statistically exploded since the mid-1990s. Just about every computer on Earth is now connected via a once obscure research tool called the Internet. Once derided as a passing fad and the CB radio of the ‘90s, the Internet and its graphic component the Worldwide Web have become so prevalent since 1995 that they have altered almost all fields of human endeavor, including crime.

If it were possible to murder someone by sending computer code across the Internet, people would do it. After all, they commit just about every other type of crime via the computer. Name a form of theft, fraud, or exploitation, and it is probably now being perpetrated or abetted by computer. The computer crime hit parade includes distribution of child pornography, credit card fraud, industrial espionage, harassment, breaking and entering (hacking), solicitation of prostitution, conspiracy, child molestation (“traveler” cases), malicious mischief, and property destruction (viruses), and that barely scratches the surface.

So the need for cybercrime investigators is indisputable. But how do you go about transforming yourself into a cybersleuth?

Getting Started

Contrary to public perception, most cybercrime investigators are not propeller head geeks who spend all of their time on the Net, nor are they black-suited guys in sunglasses whose first name seems to be “special” and last name “agent.” A lot of the best cybercrime investigators are just local detectives who have branched into a new field.

Slomo Koenig, a detective with the Rockland County (N.Y.) Sheriff’s Department, has been working as a cybersleuth and computer forensics expert since 1997, and he believes any experienced investigator who is not afraid of technology can become an excellent computer crimes detective.

“I can teach a good detective how to investigate computer crime much faster than I can teach a computer guy to become a good detective,” explains Koenig. “If you already have good investigative skills, then all I have to teach you is what is considered evidence in the digital world, how you can contaminate that evidence, and how you preserve that evidence. But if you don’t understand what evidence is or how to go about conducting an investigation, then that makes the job a lot harder.”

Koenig’s comment shouldn’t be construed as a license for detectives without special training to start working cybercrimes. There are some basic skill sets you will need before you can start chasing evildoers on the Internet.

“You have to have a thorough understanding of how the technology works,” says Sgt. Ronald Levine of the Foothill-DeAnza College District Police Department in Los Altos Hills, Calif. “If an officer or deputy doesn’t have computer skills, they’re going to have to come up to speed and understand how the technology works before he or she can become an effective investigator,” adds Levine, who has been involved in computer crime investigation since the early 1980s.

Going After ‘Em

The typical cybercrime investigation begins like most other investigations with a citizen complaint. Perhaps a local individual has been defrauded of several thousand dollars on an Internet auction site, and he or she contacts your agency.

Your first step in such an investigation is to find the Internet protocol (IP) address of the individual who defrauded the citizen who filed the complaint. An IP address is a series of numbers and letters that is attached to every piece of data that moves on the Internet. When the auction crook set up his or her auction, that code was registered with the auction company.

Big dot-com companies like Web auction sites have their own security specialists. So once you have identified the host of the auction site, you will probably work with the company’s security people to gain access to the IP address of the Internet Service Provider (ISP) used by the person who set up the bad auction. They may cooperate fully, or you may need a subpoena, warrant, or court order just for the IP address.

Anyone who has an Internet account knows that the ISP is a subscription service that grants the user access to the Internet. What most people, including many crooks and cops, don’t know is that ISPs have records of everything a subscriber does on the Internet.

That’s the good news for investigators. The bad news is that the records are digital information with a very finite existence. In other words, if you’re investigating a cybercrime involving the Internet, you better move fast.

How fast depends on the policy of the ISP in question. Large ISPs often keep their data for as much as 30 days, but that’s not true in all cases. Data storage is a major cost center for ISPs, and some save money by dumping the data very quickly.

“There’s no law that requires people to maintain the data,” says Koenig. “Once we sent a subpoena to an ISP, requesting their records, and their answer was, ‘Sorry. We only keep our records for 30 minutes.’”

Because ISPs would rather dump data than store it, Koenig says one of the most important weapons in a cybercrime investigator’s arsenal is a letter requesting that the ISP preserve the data until the investigator can secure a subpoena, warrant, or court order requiring the ISP to turn over its records.

The preservation letter does not legally require the ISP to turn over its records. But many ISPs will cooperate with a request to preserve data.

Once you get the records from the ISP, you’re probably in business. In order to subscribe to the service, the auction thief had to give personal information like his or her physical address. Yes, they can use false information and fake credit cards, but even that information can be valuable.

Here or There

When you have an address and a name for the suspect, your investigation is likely to involve another agency. Cybercrimes are not like in-person physical crimes. The victim is often in another state from the suspect. And that means you may work for the Dallas Police Department and suddenly need to serve a warrant in Reno.

Experienced cyber police say that jurisdictional disputes are rare occurrences during cybercrime cases and that other agencies are likely to cooperate with your investigation.

Tags: How-To Guides, Cybercrime, Child Pornography, Investigations


Comments (9)

Displaying 1 - 9 of 9

new learner @ 11/11/2011 9:16 AM

Well i m working on a live case which is abt some money its a cyber crime

and this knowledge is very much nice for learner good one and plz provide me some more information plz

ladu.jackson @ 4/25/2012 10:30 AM

i need to know cyber crime work, its importance, how to carry cyber crime investigation and how to implement cyber crime in a developing country, some evidence of cyber crime investigation

BAFANA LEPOTA @ 10/5/2012 3:09 AM

GOOD JOB

louis @ 10/22/2012 2:16 AM

Id love to an investigator

don fox @ 7/26/2013 2:37 AM

my colleague at work and my son some 8000 miles and my wife have received maliceous e mails about me from a false e mail address. these accusations are so bad it has caused a break up of our marriage, AND they are all false

don fox @ 7/26/2013 2:40 AM

How can i track this person . one email from a non existing Yahoo acount , another who have used a large company in states and another ( same person ) from the netherlands

US. (INDP) AGENT:TK, STRI @ 3/20/2014 7:57 PM

Not at this point and time!......

Lyn @ 3/28/2014 9:59 AM

Been harrassed for 3 months now, emails constantly accessed, had to request new PW for mails, credit card, ebay. etc. opend new e-mail but mysteriously closed. Cellphones accessed & controlled with security pin . Calls can be cut or re-routed. My no. was even changed but provider has no explaination. Frustrating, what advice do you have for this. Law enfrcement says "no economic loss" so no help yet!

WILLINGTON @ 8/14/2014 2:23 PM

I AM A DETECTIVE IN GHANA POLICE SERVICE AND CURIOUS TO BE AN EXPECT IN CYBER CRIME INVESTIGATIONS.THIS IS GOOD BUT I NEED MORE.

Join the Discussion





POLICE Magazine does not tolerate comments that include profanity, personal attacks or antisocial behavior (such as "spamming" or "trolling"). This and other inappropriate content or material will be removed. We reserve the right to block any user who violates this, including removing all content posted by that user.

Other Recent Stories

Motorola APX 7000L: Two Radios in One
Motorola Solutions is preparing for the future with its new hybrid LMR/cellular data...

Get Your FREE Trial Issue and Win a Gift! Subscribe Today!
Yes! Please rush me my FREE TRIAL ISSUE of POLICE magazine and FREE Officer Survival Guide with tips and tactics to help me safely get out of 10 different situations.

Just fill in the form to the right and click the button to receive your FREE Trial Issue.

If POLICE does not satisfy you, just write "cancel" on the invoice and send it back. You'll pay nothing, and the FREE issue is yours to keep. If you enjoy POLICE, pay only $25 for a full one-year subscription (12 issues in all). Enjoy a savings of nearly 60% off the cover price!

Offer valid in US only. Outside U.S., click here.
It's easy! Just fill in the form below and click the red button to receive your FREE Trial Issue.
First Name:
Last Name:
Rank:
Agency:
Address:
City:
State:
  
Zip Code:
 
Country:
We respect your privacy. Please let us know if the address provided is your home, as your RANK / AGENCY will not be included on the mailing label.
E-mail Address:

Police Magazine