8/14/2019 Assisting Law Enforcement

1/27

1

Scene of the Cybercrime:Scene of the Cybercrime:Assisting Law EnforcementAssisting Law Enforcement

In Tracking Down andIn Tracking Down andProsecuting CybercriminalsProsecuting Cybercriminals

8/14/2019 Assisting Law Enforcement

2/27

2

Please allow mePlease allow me

to introduce myselfto introduce myself

Debra Littlejohn Shinder, MCSEDebra Littlejohn Shinder, MCSE Former police sergeant/police academy

and college criminal justice instructor

Technical trainer Networking, operating systems, IT security

Author Cisco Press, Syngress Media, Que, New

Riders

TechRepublic, CNET,Cramsession/Brainbuzz

Consultant Businesses and government agencies

8/14/2019 Assisting Law Enforcement

3/27

3

What Im going to talkWhat Im going to talk

about todayabout today What is cybercrime and is it reallyWhat is cybercrime and is it really

a problem?a problem?

Who are the cybercriminals?Who are the cybercriminals?

Why should you want to help lawWhy should you want to help law

enforcement officers catch them?enforcement officers catch them?

The Great Governmental DivideThe Great Governmental Divide

How techies can build a bridgeHow techies can build a bridge

Building the cybercrime caseBuilding the cybercrime case

8/14/2019 Assisting Law Enforcement

4/27

4

Civil vs. Criminal LawCivil vs. Criminal Law

Two separate systems of lawTwo separate systems of law

What are the differences?What are the differences?

Double jeopardy doesnt applyDouble jeopardy doesnt apply Constitutional protections when doConstitutional protections when do

they apply?they apply?

Breach of contract is not a crime

except when it is.

8/14/2019 Assisting Law Enforcement

5/27

5

Defining cybercrimeDefining cybercrime

Cybercrime is any illegal act committedCybercrime is any illegal act committed

using a computer network (especiallyusing a computer network (especially

the Internet).the Internet).

Cybercrime is a subset of computerCybercrime is a subset of computer

crime.crime.

What do we mean by illegal?Bodies of law:

Criminal, civil and administrative

8/14/2019 Assisting Law Enforcement

6/27

6

Who are theWho are the

cybercriminals?cybercriminals? Its not just about hackersIts not just about hackers

Using the Net as a tool of the crimeUsing the Net as a tool of the crime

White collar crime

Computer con artists

Hackers, crackers and network attackers

Incidental cybercriminalsIncidental cybercriminals

Accidental cybercriminalsAccidental cybercriminals

Situational cybercriminalsSituational cybercriminals

8/14/2019 Assisting Law Enforcement

7/27

7

Who are theWho are the

cybervictims?cybervictims? CompaniesCompanies Security? Whats that?

Bottom liners

IndividualsIndividuals Naive/Newbies

Desparados

Pseudovictims

In the wrong place at the wrong time

SocietySociety

8/14/2019 Assisting Law Enforcement

8/27

8

Who are theWho are the

cyberinvestigators?cyberinvestigators? IT professionalsIT professionals

Corporate security personnelCorporate security personnel

Private investigatorsPrivate investigators Law enforcementLaw enforcement

Ultimate destination

This is where theauthority lies

How can all

Work together?

When and why

the police should be

Called in

8/14/2019 Assisting Law Enforcement

9/27

9

Whats in it for me?Whats in it for me?

Why should IT personnel cooperateWhy should IT personnel cooperate

with police in catchingwith police in catching

cybercriminals?cybercriminals?

What are the advantages?What are the advantages?

What are the disadvantages?What are the disadvantages?

What are the legalities?

What happens if you dont cooperate?

8/14/2019 Assisting Law Enforcement

10/27

10

The GreatThe Great

(Governmental) Divide(Governmental) Divide Law enforcement cultureLaw enforcement culture

Highly regulated

Paramilitary (emphasis on para)

By the book

The Police Power myth

Weight of lawagency policy

political factors

Public relations

8/14/2019 Assisting Law Enforcement

11/27

11

Police SecretsPolice Secrets

Most officers are not as confident asMost officers are not as confident as

they appearthey appear

Command presence required

The bluff is in

Most cops feel pretty powerlessMost cops feel pretty powerless

Cops dont like feeling powerless

Most cops dont understandMost cops dont understand

technologytechnology

Cops dont like not understanding

8/14/2019 Assisting Law Enforcement

12/27

12

This leads toThis leads to

A touch of paranoiaA touch of paranoia

Us vs. Them attitudeUs vs. Them attitude

Cops against the world

The truth about the thin blue lineThe truth about the thin blue line

The blue wall of silenceThe blue wall of silence

Best kept secret:

Cops are human beings

8/14/2019 Assisting Law Enforcement

13/27

13

Why cops and techiesWhy cops and techies

dont mixdont mix Lifestyle differencesLifestyle differences

Elitist mentality on both sidesElitist mentality on both sides

Adversarial relationshipAdversarial relationship Many techies support or at least admire

talented hackers

Its human nature to protect your own

Many cops dont appreciate the

difference between white and black hat

Bad laws

8/14/2019 Assisting Law Enforcement

14/27

14

What cops and techiesWhat cops and techies

have in commonhave in common Long, odd hoursLong, odd hours

Caffeine addictionCaffeine addiction

Dedication to/love of jobDedication to/love of job Want things to make senseWant things to make sense

Problem solvers by natureProblem solvers by nature

What can tech people do

to solve the problem

of how to work with law enforcement?

8/14/2019 Assisting Law Enforcement

15/27

15

Building team spiritBuilding team spirit

Ability to think like the criminalAbility to think like the criminal Important element of good crime detection

Difficult for LE when they dont know thetechnology

ITs roleITs roleYou know the hacker mindset

You know what can and cant be done with

the technologyYou know where to look for the clues

Police know or should know

law, rules of evidence, case building,

court testimony

8/14/2019 Assisting Law Enforcement

16/27

16

Bridging the GapBridging the Gap

Talk the talkTalk the talk

Technotalk vs police jargon

Learn the conceptsLearn the concepts

Legal

Investigative procedure

Understand the protocolsUnderstand the protocols

Unwritten rules

8/14/2019 Assisting Law Enforcement

17/27

17

Building the CaseBuilding the Case

Detection techniquesDetection techniques

Collecting and preserving digitalCollecting and preserving digital

evidenceevidence

Factors that complicate prosecutionFactors that complicate prosecution

Overcoming the obstaclesOvercoming the obstacles

8/14/2019 Assisting Law Enforcement

18/27

18

CybercrimeCybercrime

Detection TechniquesDetection Techniques

Auditing/log filesAuditing/log files

Firewall logs and reportsFirewall logs and reports

Email headersEmail headers

Tracing domain name/IP addressesTracing domain name/IP addresses

IP spoofing/anti-detection techniquesIP spoofing/anti-detection techniques

8/14/2019 Assisting Law Enforcement

19/27

19

Collecting and PreservingCollecting and Preserving

Digital EvidenceDigital Evidence File recoveryFile recovery

Preservation of evidencePreservation of evidence

Intercepting transmitted dataIntercepting transmitted data

Documenting evidence recoveryDocumenting evidence recovery

Legal issuesLegal issues

Search and seizure laws

Privacy rights

Virtual stings (honeypots/honeynets)

Is it entrapment?

8/14/2019 Assisting Law Enforcement

20/27

20

Factors that complicateFactors that complicate

prosecution of cybercrimeprosecution of cybercrime

Difficulty in defining the crimeDifficulty in defining the crime

Jurisdictional issuesJurisdictional issues

Chain of custody issuesChain of custody issues

Overcoming obstaclesOvercoming obstacles

Lack of understanding of technology(by courts/juries)

Lack of understanding of law

(by IT industry)

8/14/2019 Assisting Law Enforcement

21/27

21

Difficulty inDifficulty in

defining the crimedefining the crime CJ theoryCJ theory

mala in se

mala prohibita

Elements of the offenseElements of the offense

Defenses and exceptionsDefenses and exceptions

Burden of proofBurden of proof Level of proofLevel of proof

Civil vs. criminal law

Statutory, Case and Common Law

8/14/2019 Assisting Law Enforcement

22/27

22

Jurisdictional issuesJurisdictional issues

Defining jurisdictionDefining jurisdiction

Jurisdiction of law enforcementJurisdiction of law enforcement

agenciesagencies

Jurisdiction of courtsJurisdiction of courts

Types of jurisdictional authorityTypes of jurisdictional authority

Level of jurisdictionLevel of jurisdiction

8/14/2019 Assisting Law Enforcement

23/27

23

Chain of CustodyChain of Custody

What is the chain of custody?What is the chain of custody?

Why does it matter?Why does it matter?

How is it documented?How is it documented?

Where do IT people fit in?Where do IT people fit in?

8/14/2019 Assisting Law Enforcement

24/27

24

Overcoming theOvercoming the

obstaclesobstacles

Well defined roles andWell defined roles and

responsibilitiesresponsibilities

The prosecution teamThe prosecution team Law enforcement officers

Prosecutors

Judges

Witnesses

What can CEOs and IT managers do?

8/14/2019 Assisting Law Enforcement

25/27

25

Testifying in aTestifying in a

cybercrimes casecybercrimes case

Expert vs evidentiary witnessExpert vs evidentiary witness

Qualification as an expertQualification as an expert

Testifying as an evidentiary witnessTestifying as an evidentiary witness

Cross examination tacticsCross examination tactics

Three types of evidence:Physical evidence

Intangible evidence

Direct evidence

8/14/2019 Assisting Law Enforcement

26/27

26

Summing it upSumming it up

Cybercrime is a major problem and growingCybercrime is a major problem and growing

Cybercrime is about much more than hackersCybercrime is about much more than hackers

There is a natural adversarial relationshipThere is a natural adversarial relationship

between IT and policebetween IT and police

Successful prosecution of cybercrime must be aSuccessful prosecution of cybercrime must be ateam effortteam effort

IT personnel must learn investigation and policeIT personnel must learn investigation and police

must learn technologymust learn technology

8/14/2019 Assisting Law Enforcement

27/27

27

The book:The book:

Defining and Categorizing CybercrimeDefining and Categorizing Cybercrime

A Brief History of the Rise of CybercrimeA Brief History of the Rise of Cybercrime

Understanding the People on the Scene of theUnderstanding the People on the Scene of the

CybercrimeCybercrime

Understanding Computer and NetworkingUnderstanding Computer and Networking

BasicsBasicsUnderstanding Network Intrusions and AttacksUnderstanding Network Intrusions and Attacks

Understanding Cybercrime PreventionUnderstanding Cybercrime Prevention

Implementing System SecurityImplementing System Security

Implementing Cybercrime Detection TechniquesImplementing Cybercrime Detection Techniques

Collecting and Preserving Digital EvidenceCollecting and Preserving Digital EvidenceUnderstanding Laws Pertaining to ComputerUnderstanding Laws Pertaining to Computer

CrimesCrimes

Building and Prosecuting the Cybercrime CaseBuilding and Prosecuting the Cybercrime Case

Training the Cybercrime Fighters of the FutureTraining the Cybercrime Fighters of the Future

Scene of the Cybercrimeby Debra Littlejohn Shinder