Lee Thostenson Stopping Cyber Crime

They investigate the transfer of millions of dollars, the trafficking of illegal drugs and

weapons, terrorism, and . They protect the livelihood and infrastructure of

businesses and government systems all over the world. No, I am not talking about members of a

S.W.A.T. team or C.I.A. operatives. I am referring to the men and women who make up the

agencies policing our internet for serious cyber crimes. Day by day the scale and number of

these crimes increases, and with that so does the need for protection. Although it is an electronic

battle, these agencies still use some of the same kinds of techniques they use to capture drug

lords or gangsters to capture cyber criminals. Undercover sting operations have worked well to

bring down hacker rings, and on the flip side, some of the bad guys have been hired by security

companies to help them. Money is the main motivation for the crimes (and there is plenty of it –

estimates of the size of the industry range from a couple hundred million dollars to over a trillion,) but criminal acts are also performed for revenge, to spite other countries or their policies, or just to prove the perpetrators can do it. Whatever the crime is, one thing is for sure.

There is a war going on that most people know little about.

It is obvious that cyber crime is a huge problem threatening technological advancement

and the integrity of the internet, as well as our own personal lives, but what exactly is it? Cyber

crime is generally defined as making any computer or computer network the target of criminal

activity. This can include theft, fraud, hacking (spreading malicious code, stealing information),

child pornography, denial of service (DoS) attacks, copyright infringement, drug and weapon

trafficking, embezzlement, SPAM, etc. Establishing and using botnets seems to be the most

popular and profitable new form of cyber crime. The term ‘botnet’ can refer to any collection of

1

autonomous software robots, but it usually means the type that run malicious software. The

botnet is usually running on multiple computers (sometimes millions) hidden from the user. Its

creator can control the group and steal bits of information and data from each computer.

How prevalent are these crimes? The head of the Southern California High Technology

Task Force, Lt. Rocky Costain, estimates that computer-related crimes make up approximately a quarter of all crimes his unit sees (Wolf). The Internet Crime Complaint Center’s annual report listed 275,284 complaints, resulting in the loss of $265 million in 2008 alone:

IC3 Complaints from 2004-2008

Year Complaints Received Dollar Loss

2004 207,449 $68.14 million

2005 231,493 $183.12 million

2006 207,492 $198.44 million

2007 206,884 $239.09 million

2008 275,284 $265 million

Data Courtesy of ic3.gov 1

Of that lost money, 32.9% came from non-delivery of merchandise, 25.5% from internet auction fraud, and 9.0% from credit and debit card fraud (“IC3 2008 Annual Report on Internet

Crime”). Add the $265 million to the amount of losses that go unreported as well as the complaints that are handled by other agencies, and these numbers are getting extremely high

(Wolf). Experts agree that only about one in seven crimes is reported. The 2005 FBI estimates actually put annual losses from cyber crime at about $67 billion in the U.S (Wolf.) A recent

Consumer Reports survey estimates that one in five online shoppers has been a victim in one way or another, and over the past year 1.7 million households were victims of online identity

2

theft. Aside from crimes that incur the loss of a specific dollar figure, cyber crime protection

agencies are constantly on the lookout for child pornography, acts that cause mass panic, efforts

to target national security, etc.

The fact that the internet is so new means that most of the laws outlawing cyber crimes

are very new and in the early stages of development. To put this in perspective, it took radio

thirty-eight years to reach 50 million users, the computer sixteen years, and the internet only four

(Koenig). Many people involved in investigating and prosecuting cyber criminals are not

familiar with many of the crimes they are dealing with. The President of the Foundation of

Internet Security and Technology in India says of cyber crime: “Politicians and judges do not

understand how to deal with it, and in fact few of them ever use the Internet. Police are reluctant

to register cases because they prove too difficult to prosecute” (Messmer). Also, these crimes

come from all over the world and are very difficult to trace. Criminals go to great lengths to

misdirect their attacks so that it looks like they are originating in a totally different place than

they actually are. To make things worse, some countries do not cooperate with foreign

enforcement agencies for security reasons, and other countries are especially lax in prosecuting

criminals. Some even are thought to be helping cyber criminals and hindering prosecution

efforts. Most security professionals agree that the majority of quality, large-scale attacks

originate from Russia (Messmer). Recently, criminals have been using the economic recession

as another tool to conduct crime. They are trying such things as sending out emails pretending to

be banks responding to the crisis and also making phony resume-builder sites to gather personal

information.

It is clear that many different factors are working against cyber-crime enforcement. For these reasons, a person would think that the strategies for investigation should still be improving,

3

as well as the effectiveness of the prosecution of the criminals. Since the money to be gained by

engaging in cyber crime continues to increase, as well as the savvy of its perpetrators, cyber

crime continues to flourish. At the same time law enforcement is likely to improve.

So who are the invisible guardians of the integrity of the internet? A lot of the

effectiveness in minimizing cyber crime depends on the victims reporting the crimes. The

Internet Crime Complaint Center (IC3) is the most prominent medium for this. The IC3 is a

partnership between the Federal Bureau of Investigation (FBI), the National White Collar Crime

Center (NW3C), and the Bureau of Justice Assistance (BJA). Filing a complaint involves the

party that is thought to be defrauded or a friend or relative giving the IC3 all of their information,

telling who they believe to be the culprit, and providing specific details on what happened to

them. The IC3 then refers the complaint to the right agency or law enforcement, whether it be local, state, national, or international. Every complaint is referred, but not guaranteed to be investigated by the agency or agencies it is referred to. The main pluses of the IC3 are that it is an easy-to-use way for victims to get their complaint heard, hopefully get their money back, and also alert law enforcement and other authorities about new , viruses, and other crimes.

The IC3 typically deals only with acts such as fraud, theft, hacking, and crimes of that nature, so time-sensitive problems such as cyber terrorism and online threats are taken up by other agencies

(“IC3 2008 Annual Report on Internet Crime”).

The FBI plays the biggest role in stopping all types of cyber crime, with 56 field offices

in the United States. Citizens can file online complaints or contact these offices. The FBI

describes their mission in stopping cyber crime as “fourfold.” Their intentions are to deal with

sexual predators and child pornography, and in their own words, “computer intrusions and the

spread of malicious code,” threats to national security, and “criminal enterprises engaging in

4

Internet fraud” (“Federal Bureau of Investigation – Cyber Investigation.”) To fulfill one of

those missions, stopping computer intrusions and hacking, the FBI has pulled out a variety of

stops. Growing ties with other agencies such as the Department of Defense and the Department

of Homeland Security are a major help in their efforts. They have their own “Cyber Division” to

deal with such attacks, as well as 93 Computer Crimes Task Forces. They also have “cyber

squads” at all of the field offices and their headquarters, made up of a highly trained staff

specializing in computer intrusions. The FBI also has Cyber Action teams that “travel around

the world on a moment’s notice to assist in computer intrusion cases” and “gather vital

intelligence that helps us identify the cyber crimes that are most dangerous to our national

security and to our economy” (“Federal Bureau of Investigation – Cyber Investigation”).

In regard to crimes such as child pornography and sexual predation, arguably the most

effective way to stop them is to educate children so that they never happen. The FBI has

published a brochure called A Parent’s Guide to Internet Safety and has provided numerous links

to safety websites and tips for keeping the internet safe for children. Even so, children and teens

don’t always act in their own best interest, so to combat these crimes and prevent them from

occurring, the FBI has started the “Innocent Images National Initiative” (IINI). The IINI was formed in 1995 after the 1993 investigation of two previously identified sexual offenders led to the conclusion that communication through computers was a growing technique for sending and receiving illegal pornographic content as well as recruiting minors for illegal sexual conduct.

The IINI now commands the most personnel out of all of the cyber crime divisions in the FBI and accounts for 39% of investigations conducted by the FBI Cyber Crime Division (“Federal

Bureau of Investigation – Innocent Images National Initiative.”) In addition to investigating producers and possessors of child pornography and those who are willing to engage in sexual

5 activity with a minor, the IINI looks to identify victims and take further measures to keep the internet safe. They originally scoured chat rooms looking for offenders, but have since expanded their searches to websites, internet news groups, internet relay chat channels, eGroups, Peer-2-

Peer file-sharing programs, and bulletin boards or online forums. Stopping these types of crimes involves FBI agents going undercover on these media, using false names and information to have conversations with possible pedophiles. The IINI has also developed the Innocent Images case management system to log all data retrieved during an investigation, analyze, update, and review the data, and use it to identify suspects and leads. The Innocent Images International Task Force was created in 2004 to bring together child exploitation enforcement from all around the world and now includes enforcement officers from 22 countries. From1996 to 2007, the program experienced a 2062% increase in cases opened, a 1003% increase in information and indictments, a 2501% increase in arrests, locates, and summons, and a 1404% increase in convictions and pretrial diversions (“Federal Bureau of Investigation – Innocent Images National

Initiative”).

Growth of IINI

1996 (Year) 2007 (Year)

Cases Opened 113 2443

Information and Indictments 99 1092

Arrests, Locates, and 68 1769

Summons

Convictions and Pretrial 68 1023

Diversions

Data Courtesy of FBI- IINI

6

Everyone knows about the FBI’s Most Wanted List, but few have consulted their Most

Wanted List for Cyber Crimes. Here users can see the faces of wanted fugitives, get email

updates and news feeds about them, and submit tips to assist in catching them (“Federal Bureau of Investigation – Featured Fugitives – Cyber Crime”). In addition to the official list, there is a

Cyber Crime’s Most Wanted web site that keeps an updated list of wanted cyber criminals.

Obviously this isn’t the most effective method, since most criminals are going to be traced or caught in the act, but it gives the enforcement of cyber crime more attention and removes the anonymity of some of its most serious perpetrators.

Another important FBI initiative is “Operation Web Snare.” This is an effort to target a large array of cyber crime operations by pooling resources from the Department of Justice, the

FBI, the IC3, the U.S. Postal Inspection Service, the U.S. Secret Service, the Federal Trade

Commission, and the Bureau of Immigration and Customs Enforcement. The Operation includes over 150 investigations, dealing with over $210 million dollars lost by over 870,000 victims.

The investigations under Operation Web Snare have resulted in “100 arrests/convictions”

(“Federal Bureau of Investigation – Cyber Investigations”). The sheer dollar amount of the losses reiterates the need for more and more cyber crime enforcement, since these dollar amounts are more than likely only a fraction of the actual amount lost.

Aside from the IC3 and FBI, InfraGard is one of the leading organizations in stopping cyber crime. It is a collaborative organization designed to protect the country’s infrastructure. It began as an FBI project and is now an information-sharing organization comprised of a variety of members such as businesses and universities. Any company can join InfraGard. Each chapter is linked to an FBI field office and is assigned an FBI Special Agent Coordinator. Members are given information that will help them protect themselves in return for providing the government

7

with information that may help them stop crimes against the nation (“InfraGard”). Other major players in the cyber crime enforcement game include the Department of Justice and the NATO

Cyber Warfare Center.

The next question is, how do they find qualified individuals to do this kind of work? This is a problem since there are countless criminals and hackers that have been honing their skills for years and are great at what they do, but good detectives with comparable tech savvy to the hackers they investigate are hard to come by. The barrier to entry into the profession is high,

since officers must have a very high level of training as well as the desire to be cyber detectives

as opposed to conventional investigators. Also, private industry is taking many of the highly

talented cyber crime investigators away from the government and giving them more money to

work on their own security (Messmer). For these reasons, agencies are left with minimum staff

members, making it difficult for them to commit personnel to a task force (Wolf).

Training for such positions is quite difficult due to the rapidity with which the field is

changing. A lot of training for new officers/investigators comes in the form of brief, but intense

courses. The National Investigation Academy offers a three-week course at the

University of Tennessee designed to improve the skills of investigators by putting them in real-

world scenarios using the most up-to-date information and technology (“CCIT | National

Cybercrime Investigation Academy”). The International Association of Computer Investigative

Specialists (IACIS) is a non-profit computer forensics training organization in which people with

no previous cyber crime experience can obtain training through a once-a-year, two-week-long class. A “Certified Forensic Computer Examiner” certificate as well as a Certified Electronic

Evidence Collection Specialist Certification (CEECS) can be obtained through this training

(IACIS).

8

When researching this topic, one can easily conclude after a few minutes of searching that the world is more aware of the effects and amount of cyber crime than on what we can do to prevent it or prosecute the criminals. One thing is clear, however: the most effective ways to stop cyber criminals is for private sector and government agencies to work together as much as

possible by pooling resources and information. A lot of progress has been made in that respect,

and work is still being done. As stated before, collaboration between the FBI, the Department of

Defense, the Department of Homeland Security, and the IC3 is at the forefront of cyber crime

enforcement.

Collaboration is the key, but when it comes right down to investigating, how do these

agencies catch an anonymous criminal with no physical crime scene? Investigators use a variety

of techniques to gain information and infiltrate the targeted criminal activity. One of the most

important is going undercover, of which the 2008 FBI takedown of the major cyber criminal ring

“DarkMarket” is a great example. DarkMarket was a cyber club for criminals to meet and

exchange information such as passwords and credit card numbers and even physical equipment

for performing other crimes. At one point, the club consisted of 2500 members, and carefully

screened its new members. FBI Supervisory Special Agent Keith Mularski infiltrated the group

using the alias “Master Splyntr,” and he eventually became a respected member and

administrator of the Dark Market (McMillan). Master Splyntr was able to save millions of

dollars by alerting potential targets as his evidence and information on many of DarkMarket’s

members and their activities built up. He was online for absurd amounts of time every single day

(up to 18 hours) to build the trust of the group members and continually build intelligence

(McMillan). Mularski worked with numerous countries in the bust, including Turkey and the

United Kingdom. The three-year-long undercover operation resulted in 56 arrests and may have

9

prevented the loss of $70 million (Gore). Mularski attempted to keep his true identity secret, but

it escaped after a reporter discovered his name in some court documents. Even after the story

was printed, many of Master Splyntr’s DarkMarket buddies refused to believe he was an FBI

agent (McMillan). The DarkMarket takedown is one of the most effective cyber crime

operations to date.

There are other ways to trace these criminals. Hackers can go through many different intermediate computers throughout several different countries, all the while spoofing their IP

addresses. This makes them very difficult to trace, but it can be done. An investigator can trace a hacker through one computer at a time, assuming the victim has taken the correct measures and the ISPs still have the correct logs, but subpoenas and court orders are often needed to do this

(Morris).

Using yet another different type of investigation, a recent probe into a well-known botnet gave investigators some insight into how botnets work, what the criminals are looking for, and who they are targeting. Until the hackers fixed their own “security” hole, University of

California researchers gained control over the “Torpig” or “Sinowal” botnet for ten days and watched over 180,000 computers that had been hacked. The researchers were able to accumulate over 70 GB of personal data. The botnet grabbed passwords and collected personal data when users visited bank and other financial web sites. The researchers are working with the FBI and

ISP’s to notify all of those that are possible victims. Also, in a major child exploitation bust in

2005, investigators used the new technology of a “mobile lab” to arrest seven men who arranged to have sex with people who they thought were thirteen and fourteen-year-old girls. According to the chief of the criminal investigative division of the attorney general’s office, David

10

Boatright, the point of the mobile van was to provide sufficient technology for rural areas that

might not have the ability to support it (Graczyk).

Busts like these are promising signs that our authorities have their successes in stopping cyber crime, but the fact remains that the odds of getting caught for a smart online criminal are too small. Hacking started out as a challenge and as a way to buck authority, but has since turned into a very profitable business. Until the risks of participating in cyber crime start to outweigh the possible gain, crime will continue to increase. To increase the risks for criminals,

government agencies and law enforcement need to stay at the same level or above the level of

the criminals. The current recession makes this difficult in three respects: less government

spending will be available for the increasing technology, personnel, and resources needed for

enforcement; fewer jobs and less available income will make crime more attractive; and

criminals will be able to use the recession to take advantage of less fortunate victims with

economic-recession scams. Yet technology continues to advance, agencies continue to gather

more information, and progress continues to be made. The war goes on.

11

Bibliography

“CCIT | National Cybercrime Investigation Academy.” 14 Apr. 2009

“Federal Bureau of Investigation - Cyber Investigations.” 12 Apr. 2009

“Federal Bureau of Investigation - Featured Fugitives - Cyber Crime.” 2009. 12 Apr. 2009

“Federal Bureau of Investigation - Innocent Images National Initiative.” 12 Apr. 2009

Gore, Martha R. “Cybercriminals Arrested By FBI.” 2008. 4 May 2009

Graczyk, Michael. “USATODAY.com- Authorities use mobile lab in cybercrime bust.” 2005. 5 May 2009

“IC3 2008 Annual Report on Internet Crime.” 31 Mar. 2008. IC3. 2 Apr. 2009 http://www.ic3.gov/media/2009/090331.aspx

“InfraGard.” 12 Apr. 2009

Kirk, Jeremy. “Botnet Probe Turns up 70G Bytes of Personal, Financial Data." 2009. 4 May 2009

Koenig, Dan. “Investigation of Cyber Crime and Technology Related Crime.” Mar. 2002. 2 Apr. 2009

McMillan, Robert. “Three Years Undercover With Cybercriminals.” 2009. 5 May 2009

Messmer, Ellen. “Ineffective Law Enforcement, Bad Economy Fueling Cybercrime.” 2008. 4 May 2009

Morris, Daniel A. “US Attorney's Bulletin: Tracking a Computer Hacker.” 5 May 2009

12

Wolf, Ulf. “Cyber-Crime: Law Enforcement Must Keep Pace With Tech Savvy Criminals.” 29 Jan. 2009. 13 Apr. 2009

13