Scene of the Cybercrime:

Assisting Law Enforcement

In Tracking Down and
Prosecuting Cybercriminals

1
 Please allow me
to introduce myself …
• Debra Littlejohn Shinder, MCSE
– Former police sergeant/police academy
and college criminal justice instructor
– Technical trainer
• Networking, operating systems, IT security
– Author
• Cisco Press, Syngress Media, Que, New
Riders
• TechRepublic, CNET,
Cramsession/Brainbuzz
– Consultant
2
• Businesses and government agencies
 What I’m going to talk
about today
• What is cybercrime and is it really
a problem?
• Who are the cybercriminals?
• Why should you want to help law
enforcement officers catch them?
• The Great Governmental Divide
• How techies can build a bridge
• Building the cybercrime case
3
 Civil vs. Criminal Law
• Two separate systems of law
• What are the differences?
• Double jeopardy doesn’t apply
• Constitutional protections – when do
they apply?

Breach of contract is not a crime –

except when it is.
4
 Defining cybercrime
Cybercrime is any illegal act committed
using a computer network (especially
the Internet).

Cybercrime is a subset of computer

crime.

What do we mean by “illegal?”

Bodies of law:
Criminal, civil and administrative
5
 Who are the
cybercriminals?
• It’s not just about hackers
• Using the ‘Net as a tool of the crime
– White collar crime
– Computer con artists
– Hackers, crackers and network attackers
• Incidental cybercriminals
• Accidental cybercriminals
• Situational cybercriminals
6
 Who are the
cybervictims?
• Companies
– Security? What’s that?
– Bottom liners
• Individuals
– Naive/Newbies
– Desparados
– Pseudovictims
– In the wrong place at the wrong time
• Society
7
 Who are the
cyberinvestigators?
• IT professionals
• Corporate security personnel
• Private investigators
• Law enforcement
Ultimate destination

This is where the

authority lies
When and why
the police should be How can all
Called in Work together? 8
 What’s in it for me?
• Why should IT personnel cooperate
with police in catching
cybercriminals?
• What are the advantages?
• What are the disadvantages?

What are the legalities?

What happens if you don’t cooperate?

9
 The Great
(Governmental) Divide
• Law enforcement culture
– Highly regulated
– Paramilitary (emphasis on “para”)
– “By the book”

The “Police Power” myth

Weight of law
agency policy
political factors
Public relations
10
 Police Secrets
• Most officers are not as confident as
they appear
– Command presence required
– The bluff is in
• Most cops feel pretty powerless
– Cops don’t like feeling powerless
• Most cops don’t understand
technology
– Cops don’t like not understanding
11
 This leads to…
• A touch of paranoia
• “Us vs. Them” attitude
– Cops against the world
• The truth about the thin blue line
• The blue wall of silence

Best kept secret:

Cops are human beings

12
 Why cops and techies
don’t mix
• Lifestyle differences
• Elitist mentality – on both sides
• Adversarial relationship
– Many techies support or at least admire
talented hackers
– It’s human nature to protect “your own”
– Many cops don’t appreciate the
difference between white and black hat
– Bad laws
13
 What cops and techies
have in common
• Long, odd hours
• Caffeine addiction
• Dedication to/love of job
• Want things to “make sense”
• Problem solvers by nature

What can tech people do

to solve the problem
of how to work with law enforcement?
14
 Building team spirit
• Ability to “think like the criminal”
– Important element of good crime detection
– Difficult for LE when they don’t know the
technology
• IT’s role
– You know the hacker mindset
– You know what can and can’t be done with
the technology
– You know where to look for the clues
Police know – or should know –
law, rules of evidence, case building,
15
court testimony
 Bridging the Gap
• “Talk the talk”
– Technotalk vs police jargon
• Learn the concepts
– Legal
– Investigative procedure
• Understand the “protocols”
– “Unwritten rules”

16
 Building the Case
• Detection techniques
• Collecting and preserving digital
evidence
• Factors that complicate prosecution
• Overcoming the obstacles

17
 Cybercrime
Detection Techniques

• Auditing/log files
• Firewall logs and reports
• Email headers
• Tracing domain name/IP addresses
• IP spoofing/anti-detection techniques

18
 Collecting and Preserving
Digital Evidence
• File recovery
• Preservation of evidence
• Intercepting transmitted data
• Documenting evidence recovery
• Legal issues
– Search and seizure laws
– Privacy rights
– Virtual “stings” (honeypots/honeynets)
Is it entrapment? 19
 Factors that complicate
prosecution of cybercrime
• Difficulty in defining the crime
• Jurisdictional issues
• Chain of custody issues
• Overcoming obstacles

Lack of understanding of technology

(by courts/juries)

Lack of understanding of law

(by IT industry) 20
 Difficulty in
defining the crime
• CJ theory
– mala in se Civil vs. criminal law
– mala prohibita
• Elements of the offense
• Defenses and exceptions
• Burden of proof
• Level of proof

Statutory, Case and Common Law

21
 Jurisdictional issues
• Defining jurisdiction
• Jurisdiction of law enforcement
agencies
• Jurisdiction of courts
• Types of jurisdictional authority
• Level of jurisdiction

22
 Chain of Custody

• What is the chain of custody?

• Why does it matter?
• How is it documented?
• Where do IT people fit in?

23
 Overcoming the
obstacles
• Well defined roles and
responsibilities
• The prosecution “team”
– Law enforcement officers
– Prosecutors
– Judges
– Witnesses
What can CEOs and IT managers do?
24
 Testifying in a
cybercrimes case

• Expert vs evidentiary witness

• Qualification as an expert
• Testifying as an evidentiary witness
• Cross examination tactics

Three types of evidence:

Physical evidence
Intangible evidence
Direct evidence
25
 Summing it up
• Cybercrime is a major problem – and growing
• Cybercrime is about much more than hackers
• There is a natural adversarial relationship
between IT and police
• Successful prosecution of cybercrime must be a
team effort
• IT personnel must learn investigation and police
must learn technology

26
 Scene of the Cybercrime
The book: by Debra Littlejohn Shinder

Defining and Categorizing Cybercrime

A Brief History of the Rise of Cybercrime
Understanding the People on the Scene of the
Cybercrime
Understanding Computer and Networking
Basics
Understanding Network Intrusions and Attacks
Understanding Cybercrime Prevention
Implementing System Security
Implementing Cybercrime Detection Techniques
Collecting and Preserving Digital Evidence
Understanding Laws Pertaining to Computer
Crimes
Building and Prosecuting the Cybercrime Case
Training the Cybercrime Fighters of the Future
27