Lee Thostenson Stopping Cyber Crime
They investigate the transfer of millions of dollars, the trafficking of illegal drugs and
weapons, terrorism, fraud and identity theft. They protect the livelihood and infrastructure of
businesses and government systems all over the world. No, I am not talking about members of a
S.W.A.T. team or C.I.A. operatives. I am referring to the men and women who make up the
agencies policing our internet for serious cyber crimes. Day by day the scale and number of
these crimes increases, and with that so does the need for protection. Although it is an electronic
battle, these agencies still use some of the same kinds of techniques they use to capture drug
lords or gangsters to capture cyber criminals. Undercover sting operations have worked well to
bring down hacker rings, and on the flip side, some of the bad guys have been hired by security
companies to help them. Money is the main motivation for the crimes (and there is plenty of it –
estimates of the size of the industry range from a couple hundred million dollars to over a trillion,) but criminal acts are also performed for revenge, to spite other countries or their policies, or just to prove the perpetrators can do it. Whatever the crime is, one thing is for sure.
There is a war going on that most people know little about.
It is obvious that cyber crime is a huge problem threatening technological advancement
and the integrity of the internet, as well as our own personal lives, but what exactly is it? Cyber
crime is generally defined as making any computer or computer network the target of criminal
activity. This can include theft, fraud, hacking (spreading malicious code, stealing information),
child pornography, denial of service (DoS) attacks, copyright infringement, drug and weapon
trafficking, embezzlement, SPAM, etc. Establishing and using botnets seems to be the most
popular and profitable new form of cyber crime. The term ‘botnet’ can refer to any collection of
1
autonomous software robots, but it usually means the type that run malicious software. The
botnet is usually running on multiple computers (sometimes millions) hidden from the user. Its
creator can control the group and steal bits of information and data from each computer.
How prevalent are these crimes? The head of the Southern California High Technology
Task Force, Lt. Rocky Costain, estimates that computer-related crimes make up approximately a quarter of all crimes his unit sees (Wolf). The Internet Crime Complaint Center’s annual report listed 275,284 complaints, resulting in the loss of $265 million in 2008 alone:
IC3 Complaints from 2004-2008
Year Complaints Received Dollar Loss
2004 207,449 $68.14 million
2005 231,493 $183.12 million
2006 207,492 $198.44 million
2007 206,884 $239.09 million
2008 275,284 $265 million
Data Courtesy of ic3.gov 1
Of that lost money, 32.9% came from non-delivery of merchandise, 25.5% from internet auction fraud, and 9.0% from credit and debit card fraud (“IC3 2008 Annual Report on Internet
Crime”). Add the $265 million to the amount of losses that go unreported as well as the complaints that are handled by other agencies, and these numbers are getting extremely high
(Wolf). Experts agree that only about one in seven crimes is reported. The 2005 FBI estimates actually put annual losses from cyber crime at about $67 billion in the U.S (Wolf.) A recent
Consumer Reports survey estimates that one in five online shoppers has been a victim in one way or another, and over the past year 1.7 million households were victims of online identity
2
theft. Aside from crimes that incur the loss of a specific dollar figure, cyber crime protection
agencies are constantly on the lookout for child pornography, acts that cause mass panic, efforts
to target national security, etc.
The fact that the internet is so new means that most of the laws outlawing cyber crimes
are very new and in the early stages of development. To put this in perspective, it took radio
thirty-eight years to reach 50 million users, the computer sixteen years, and the internet only four
(Koenig). Many people involved in investigating and prosecuting cyber criminals are not
familiar with many of the crimes they are dealing with. The President of the Foundation of
Internet Security and Technology in India says of cyber crime: “Politicians and judges do not
understand how to deal with it, and in fact few of them ever use the Internet. Police are reluctant
to register cases because they prove too difficult to prosecute” (Messmer). Also, these crimes
come from all over the world and are very difficult to trace. Criminals go to great lengths to
misdirect their attacks so that it looks like they are originating in a totally different place than
they actually are. To make things worse, some countries do not cooperate with foreign
enforcement agencies for security reasons, and other countries are especially lax in prosecuting
criminals. Some even are thought to be helping cyber criminals and hindering prosecution
efforts. Most security professionals agree that the majority of quality, large-scale attacks
originate from Russia (Messmer). Recently, criminals have been using the economic recession
as another tool to conduct crime. They are trying such things as sending out emails pretending to
be banks responding to the crisis and also making phony resume-builder sites to gather personal
information.
It is clear that many different factors are working against cyber-crime enforcement. For these reasons, a person would think that the strategies for investigation should still be improving,
3
as well as the effectiveness of the prosecution of the criminals. Since the money to be gained by
engaging in cyber crime continues to increase, as well as the savvy of its perpetrators, cyber
crime continues to flourish. At the same time law enforcement is likely to improve.
So who are the invisible guardians of the integrity of the internet? A lot of the
effectiveness in minimizing cyber crime depends on the victims reporting the crimes. The
Internet Crime Complaint Center (IC3) is the most prominent medium for this. The IC3 is a
partnership between the Federal Bureau of Investigation (FBI), the National White Collar Crime
Center (NW3C), and the Bureau of Justice Assistance (BJA). Filing a complaint involves the
party that is thought to be defrauded or a friend or relative giving the IC3 all of their information,
telling who they believe to be the culprit, and providing specific details on what happened to
them. The IC3 then refers the complaint to the right agency or law enforcement, whether it be local, state, national, or international. Every complaint is referred, but not guaranteed to be investigated by the agency or agencies it is referred to. The main pluses of the IC3 are that it is an easy-to-use way for victims to get their complaint heard, hopefully get their money back, and also alert law enforcement and other authorities about new frauds, viruses, and other crimes.
The IC3 typically deals only with acts such as fraud, theft, hacking, and crimes of that nature, so time-sensitive problems such as cyber terrorism and online threats are taken up by other agencies
(“IC3 2008 Annual Report on Internet Crime”).
The FBI plays the biggest role in stopping all types of cyber crime, with 56 field offices
in the United States. Citizens can file online complaints or contact these offices. The FBI
describes their mission in stopping cyber crime as “fourfold.” Their intentions are to deal with
sexual predators and child pornography, and in their own words, “computer intrusions and the
spread of malicious code,” threats to national security, and “criminal enterprises engaging in
4
Internet fraud” (“Federal Bureau of Investigation – Cyber Investigation.”) To fulfill one of
those missions, stopping computer intrusions and hacking, the FBI has pulled out a variety of
stops. Growing ties with other agencies such as the Department of Defense and the Department
of Homeland Security are a major help in their efforts. They have their own “Cyber Division” to
deal with such attacks, as well as 93 Computer Crimes Task Forces. They also have “cyber
squads” at all of the field offices and their headquarters, made up of a highly trained staff
specializing in computer intrusions. The FBI also has Cyber Action teams that “travel around
the world on a moment’s notice to assist in computer intrusion cases” and “gather vital
intelligence that helps us identify the cyber crimes that are most dangerous to our national
security and to our economy” (“Federal Bureau of Investigation – Cyber Investigation”).
In regard to crimes such as child pornography and sexual predation, arguably the most
effective way to stop them is to educate children so that they never happen. The FBI has
published a brochure called A Parent’s Guide to Internet Safety and has provided numerous links
to safety websites and tips for keeping the internet safe for children. Even so, children and teens
don’t always act in their own best interest, so to combat these crimes and prevent them from
occurring, the FBI has started the “Innocent Images National Initiative” (IINI). The IINI was formed in 1995 after the 1993 investigation of two previously identified sexual offenders led to the conclusion that communication through computers was a growing technique for sending and receiving illegal pornographic content as well as recruiting minors for illegal sexual conduct.
The IINI now commands the most personnel out of all of the cyber crime divisions in the FBI and accounts for 39% of investigations conducted by the FBI Cyber Crime Division (“Federal
Bureau of Investigation – Innocent Images National Initiative.”) In addition to investigating producers and possessors of child pornography and those who are willing to engage in sexual
5 activity with a minor, the IINI looks to identify victims and take further measures to keep the internet safe. They originally scoured chat rooms looking for offenders, but have since expanded their searches to websites, internet news groups, internet relay chat channels, eGroups, Peer-2-
Peer file-sharing programs, and bulletin boards or online forums. Stopping these types of crimes involves FBI agents going undercover on these media, using false names and information to have conversations with possible pedophiles. The IINI has also developed the Innocent Images case management system to log all data retrieved during an investigation, analyze, update, and review the data, and use it to identify suspects and leads. The Innocent Images International Task Force was created in 2004 to bring together child exploitation enforcement from all around the world and now includes enforcement officers from 22 countries. From1996 to 2007, the program experienced a 2062% increase in cases opened, a 1003% increase in information and indictments, a 2501% increase in arrests, locates, and summons, and a 1404% increase in convictions and pretrial diversions (“Federal Bureau of Investigation – Innocent Images National
Initiative”).
Growth of IINI
1996 (Year) 2007 (Year)
Cases Opened 113 2443
Information and Indictments 99 1092
Arrests, Locates, and 68 1769
Summons
Convictions and Pretrial 68 1023
Diversions
Data Courtesy of FBI- IINI
6
Everyone knows about the FBI’s Most Wanted List, but few have consulted their Most
Wanted List for Cyber Crimes. Here users can see the faces of wanted fugitives, get email
updates and news feeds about them, and submit tips to assist in catching them (“Federal Bureau of Investigation – Featured Fugitives – Cyber Crime”). In addition to the official list, there is a
Cyber Crime’s Most Wanted web site that keeps an updated list of wanted cyber criminals.
Obviously this isn’t the most effective method, since most criminals are going to be traced or caught in the act, but it gives the enforcement of cyber crime more attention and removes the anonymity of some of its most serious perpetrators.
Another important FBI initiative is “Operation Web Snare.” This is an effort to target a large array of cyber crime operations by pooling resources from the Department of Justice, the
FBI, the IC3, the U.S. Postal Inspection Service, the U.S. Secret Service, the Federal Trade
Commission, and the Bureau of Immigration and Customs Enforcement. The Operation includes over 150 investigations, dealing with over $210 million dollars lost by over 870,000 victims.
The investigations under Operation Web Snare have resulted in “100 arrests/convictions”
(“Federal Bureau of Investigation – Cyber Investigations”). The sheer dollar amount of the losses reiterates the need for more and more cyber crime enforcement, since these dollar amounts are more than likely only a fraction of the actual amount lost.
Aside from the IC3 and FBI, InfraGard is one of the leading organizations in stopping cyber crime. It is a collaborative organization designed to protect the country’s infrastructure. It began as an FBI project and is now an information-sharing organization comprised of a variety of members such as businesses and universities. Any company can join InfraGard. Each chapter is linked to an FBI field office and is assigned an FBI Special Agent Coordinator. Members are given information that will help them protect themselves in return for providing the government
7
with information that may help them stop crimes against the nation (“InfraGard”). Other major players in the cyber crime enforcement game include the Department of Justice and the NATO
Cyber Warfare Center.
The next question is, how do they find qualified individuals to do this kind of work? This is a problem since there are countless criminals and hackers that have been honing their skills for years and are great at what they do, but good detectives with comparable tech savvy to the hackers they investigate are hard to come by. The barrier to entry into the profession is high,
since officers must have a very high level of training as well as the desire to be cyber detectives
as opposed to conventional investigators. Also, private industry is taking many of the highly
talented cyber crime investigators away from the government and giving them more money to
work on their own security (Messmer). For these reasons, agencies are left with minimum staff
members, making it difficult for them to commit personnel to a task force (Wolf).
Training for such positions is quite difficult due to the rapidity with which the field is
changing. A lot of training for new officers/investigators comes in the form of brief, but intense
courses. The National Cybercrime Investigation Academy offers a three-week course at the
University of Tennessee designed to improve the skills of investigators by putting them in real-
world scenarios using the most up-to-date information and technology (“CCIT | National
Cybercrime Investigation Academy”). The International Association of Computer Investigative
Specialists (IACIS) is a non-profit computer forensics training organization in which people with
no previous cyber crime experience can obtain training through a once-a-year, two-week-long class. A “Certified Forensic Computer Examiner” certificate as well as a Certified Electronic
Evidence Collection Specialist Certification (CEECS) can be obtained through this training
(IACIS).
8
When researching this topic, one can easily conclude after a few minutes of searching that the world is more aware of the effects and amount of cyber crime than on what we can do to prevent it or prosecute the criminals. One thing is clear, however: the most effective ways to stop cyber criminals is for private sector and government agencies to work together as much as
possible by pooling resources and information. A lot of progress has been made in that respect,
and work is still being done. As stated before, collaboration between the FBI, the Department of
Defense, the Department of Homeland Security, and the IC3 is at the forefront of cyber crime
enforcement.
Collaboration is the key, but when it comes right down to investigating, how do these
agencies catch an anonymous criminal with no physical crime scene? Investigators use a variety
of techniques to gain information and infiltrate the targeted criminal activity. One of the most
important is going undercover, of which the 2008 FBI takedown of the major cyber criminal ring
“DarkMarket” is a great example. DarkMarket was a cyber club for criminals to meet and
exchange information such as passwords and credit card numbers and even physical equipment
for performing other crimes. At one point, the club consisted of 2500 members, and carefully
screened its new members. FBI Supervisory Special Agent Keith Mularski infiltrated the group
using the alias “Master Splyntr,” and he eventually became a respected member and
administrator of the Dark Market (McMillan). Master Splyntr was able to save millions of
dollars by alerting potential targets as his evidence and information on many of DarkMarket’s
members and their activities built up. He was online for absurd amounts of time every single day
(up to 18 hours) to build the trust of the group members and continually build intelligence
(McMillan). Mularski worked with numerous countries in the bust, including Turkey and the
United Kingdom. The three-year-long undercover operation resulted in 56 arrests and may have
9
prevented the loss of $70 million (Gore). Mularski attempted to keep his true identity secret, but
it escaped after a reporter discovered his name in some court documents. Even after the story
was printed, many of Master Splyntr’s DarkMarket buddies refused to believe he was an FBI
agent (McMillan). The DarkMarket takedown is one of the most effective cyber crime
operations to date.
There are other ways to trace these criminals. Hackers can go through many different intermediate computers throughout several different countries, all the while spoofing their IP
addresses. This makes them very difficult to trace, but it can be done. An investigator can trace a hacker through one computer at a time, assuming the victim has taken the correct measures and the ISPs still have the correct logs, but subpoenas and court orders are often needed to do this
(Morris).
Using yet another different type of investigation, a recent probe into a well-known botnet gave investigators some insight into how botnets work, what the criminals are looking for, and who they are targeting. Until the hackers fixed their own “security” hole, University of
California researchers gained control over the “Torpig” or “Sinowal” botnet for ten days and watched over 180,000 computers that had been hacked. The researchers were able to accumulate over 70 GB of personal data. The botnet grabbed passwords and collected personal data when users visited bank and other financial web sites. The researchers are working with the FBI and
ISP’s to notify all of those that are possible victims. Also, in a major child exploitation bust in
2005, investigators used the new technology of a “mobile lab” to arrest seven men who arranged to have sex with people who they thought were thirteen and fourteen-year-old girls. According to the chief of the criminal investigative division of the attorney general’s office, David
10
Boatright, the point of the mobile van was to provide sufficient technology for rural areas that
might not have the ability to support it (Graczyk).
Busts like these are promising signs that our authorities have their successes in stopping cyber crime, but the fact remains that the odds of getting caught for a smart online criminal are too small. Hacking started out as a challenge and as a way to buck authority, but has since turned into a very profitable business. Until the risks of participating in cyber crime start to outweigh the possible gain, crime will continue to increase. To increase the risks for criminals,
government agencies and law enforcement need to stay at the same level or above the level of
the criminals. The current recession makes this difficult in three respects: less government
spending will be available for the increasing technology, personnel, and resources needed for
enforcement; fewer jobs and less available income will make crime more attractive; and
criminals will be able to use the recession to take advantage of less fortunate victims with
economic-recession scams. Yet technology continues to advance, agencies continue to gather
more information, and progress continues to be made. The war goes on.
11
Bibliography
“CCIT | National Cybercrime Investigation Academy.” 14 Apr. 2009
“Federal Bureau of Investigation - Cyber Investigations.” 12 Apr. 2009
“Federal Bureau of Investigation - Featured Fugitives - Cyber Crime.” 2009. 12 Apr. 2009
“Federal Bureau of Investigation - Innocent Images National Initiative.” 12 Apr. 2009
Gore, Martha R. “Cybercriminals Arrested By FBI.” 2008. 4 May 2009
Graczyk, Michael. “USATODAY.com- Authorities use mobile lab in cybercrime bust.” 2005. 5 May 2009
“IC3 2008 Annual Report on Internet Crime.” 31 Mar. 2008. IC3. 2 Apr. 2009 http://www.ic3.gov/media/2009/090331.aspx
“InfraGard.” 12 Apr. 2009
Kirk, Jeremy. “Botnet Probe Turns up 70G Bytes of Personal, Financial Data." 2009. 4 May 2009
Koenig, Dan. “Investigation of Cyber Crime and Technology Related Crime.” Mar. 2002. 2 Apr. 2009
McMillan, Robert. “Three Years Undercover With Cybercriminals.” 2009. 5 May 2009
Messmer, Ellen. “Ineffective Law Enforcement, Bad Economy Fueling Cybercrime.” 2008. 4 May 2009
Morris, Daniel A. “US Attorney's Bulletin: Tracking a Computer Hacker.” 5 May 2009
12
Wolf, Ulf. “Cyber-Crime: Law Enforcement Must Keep Pace With Tech Savvy Criminals.” 29 Jan. 2009. 13 Apr. 2009
13