Cyber-Investigative Issues II In This Issue March 2014 The Flood Tide of Cyberfraud . .1 Volume 62 By Jonathan J. Rusch Number 2 Cybersecurity: The Urgent Challenge of Our Time . .16 United States By Sean B. Hoar Department of Justice Executive Office for United States Attorneys International Cooperation: A Primer of the Tools and Resources Washington, DC Available When Your Investigation Takes You Overseas . 23 20530 By Michael Chu H. Marshall Jarrett Director Overcoming the Unique Challenges Presented in “Time Bomb” Contributors’ opinions and statements should not be considered an Computer Intrusion Cases . 30 endorsement by EOUSA for any By Mark L. Krotoski policy, program, or service. The United States Attorneys’ Bulletin is published pursuant to From the P.R.C. to the F.C.I.—Cracking a Chinese Cybercrime 28 CFR § 0.22(b). Case . 47 The United States Attorneys’ Bulletin By Edward J. McAndrew is published bimonthly by the Executive Office for United States Attorneys, Office of Legal Education, The Degree of Fourth Amendment Protections Afforded to Foreign 1620 Pendleton Street, Columbia, South Carolina 29201. Searches . 63 By Mi Yung Park Managing Editor Jim Donovan Eenie, Meenie, Miney, Mo: Choosing and Working With an Expert Associate Editor in a Stolen Trade Secrets Case . 68 Carmel Matin By Scott L. Garland Law Clerk Jennifer Jokerst Child Pornography Conspiracies in the Digital Age: A Primer . 75 Internet Address By Sarah Chang and Keith Becker www.usdoj.gov/usao/ reading_room/foiamanuals. html Send article submissions and address changes to Managing Editor, United States Attorneys’ Bulletin, National Advocacy Center, Office of Legal Education, 1620 Pendleton Street, Columbia, SC 29201. The Flood Tide of Cyberfraud Jonathan J. Rusch Deputy Chief for Strategy and Policy Fraud Section Criminal Division Cyberfraud, also known as online fraud or Internet fraud, can be defined simply as “the use of the internet to get money, goods, etc. from people illegally by deceiving them.” CAMBRIDGE DICTIONARIES ONLINE, http://dictionary.cambridge.org/us/dictionary/british/cyberfraud. Over the past decade, as the World Wide Web has become increasingly indispensable for global communication and commerce, cyberfraud has become a flood tide that poses significant threats to individuals and businesses around the world. I. Incidence and prevalence of cyberfraud There are no comprehensive measures of cyberfraud worldwide. Various surveys and reports, however, provide some indications of its incidence and prevalence. The 2014 Identity Fraud Report by a private-sector research firm, Javelin Strategy & Research, found that the incidence of fraud involving the misuse of consumers’ legitimate existing accounts (including credit- and debit-card and non-card accounts) increased by 36 percent since 2012. JAVELIN STRATEGY & RESEARCH, 2014 IDENTITY FRAUD REPORT 11 (Feb. 2014). The Report specifically attributed that increase “to the increasing availability of compromised credentials online, in databases gleaned from data breaches and malware.” Id. The Report also found that existing non-card fraud, involving misuse of loan accounts, Internet accounts such as eBay and Amazon, and online payment accounts such as eBay, had increased nearly threefold since 2012, resulting in losses of $5 billion. Id. at 3, 14. The 2012 Annual Report of the Internet Crime Complaint Center (IC3), a partnership between the FBI and the National White Collar Crime Center, stated that the 289,874 consumer complaints it received in 2012 had an adjusted dollar loss of $525,441,110. That loss represents an 8.3 percent increase in reported losses since 2011. INTERNET CRIME COMPLAINT CENTER, 2012 ANNUAL REPORT 4 (May 4, 2013), available at http://www.ic3.gov/media/annualreport/2012_IC3Report.pdf. A 2013 survey of U.S. and Canadian online merchants found that in 2012, online payments fraud accounted for approximately $3.5 billion in revenue losses. CYBERSOURCE, 2013 ONLINE FRAUD REPORT 4 (2013), available at http://form s.cybersource.com/forms/fraudreport2013. In 2013, a number of leading U.S. retail businesses such as Target, Neiman Marcus, White Lodging, Harbor Freight Tools, Easton-Bell Sports, Michaels Stores, and ’Wichcraft reportedly all suffered data breaches of varying sizes stemming from compromise of point-of-sale terminals. See MCAFEE, MCAFEE LABS THREATS REPORT: FOURTH QUARTER 2013 5 (2013), available at http://www.mcafee.com/us/resources/reports/rp-quarterly-threat-q4-2013.pdf. Businesses may suffer additional adverse effects beyond the immediate loss of funds and customer data. One prominent example of this is Target, which experienced a major data breach in 2013. According to a consulting group, Target reportedly saw its customer traffic in January 2014, both online and in stores, reach its lowest point in 3 years, as 33 percent of U.S. households shopped at Target in January of that year, compared with 43 percent in January 2013. Hadley Malcolm, Target sees drop in customer visits after breach, USA TODAY (Mar. 11, 2014), http://www.usatoday.com/story/money/busin ess/2014/03/11/target-customer-traffic/6262059/. Public and private enterprises in other regions of the world have also come to see cyberfraud as a formidable threat. A recent survey of merchants in the United Kingdom found that in 2012, merchants reported that 1.65 percent of e-commerce revenues were lost to fraud. CYBERSOURCE, THE TURNING MARCH 2014 United States Attorneys’ Bulletin 1 POINT: 2013 UK ECOMMERCE FRAUD REPORT 3 (2013), available at http://forms.cybersource.com/for ms/ukfraudreport2013. This number, incidentally, is 1.8 times greater than the 0.9 percent of online revenue that U.S. and Canadian enterprises reported were lost to fraud in 2012. CYBERSOURCE, 2013 ONLINE FRAUD REPORT 4 (2013), available at http://forms.cybersource.com/forms/fraudreport2013. In March 2014, CIFAS, the United Kingdom’s fraud prevention service, reported that 90 percent of identity fraud on plastic payment cards was occurring online. CIFAS, FRAUDSCAPE 9 (2014), available at http://www.cifas.org.uk/fraudscape_twentyfourteen. In Australia, the Australia Institute of Criminology 2012 online survey of Australian consumers found that 95 percent of the respondents had received a scam invitation of some type, with email as the most common method of delivering a fraudulent solicitation (reported by 72 percent of respondents), and that 8 percent of respondents reported having lost money—approximately AU $8,000 per person on average. PENNY JORNA & ALICE HUTCHINGS, AUSTRALIAN INSTITUTE OF CRIMINOLOGY, AUSTRALASIAN CONSUMER FRAUD TASKFORCE: RESULTS OF THE 2012 ONLINE CONSUMER FRAUD SURVEY, TECHNICAL AND BACKGROUND PAPER 56 v, xii, 7–11 (2013), http://www.aic.gov.au/media_ library/publications/tbp/tbp056/tbp056.pdf. The survey also noted that the mean loss to scams was AU $7,908, even though the median loss was only AU $500, see id. at xii, 11, which appears due to the reporting of other scams in which victims were defrauded of lesser amounts of money, such as the so- called “Microsoft” (computer-repair) scam and work-at-home schemes. See id. at 10. And in Oman, in the first quarter of 2013 a leading financial institution reportedly suffered a loss of nearly U.S. $39 million— around 10.5 percent of the bank’s estimated 2013 earnings—from a cyberfraud scheme that used prepaid cards to make fraudulent funds transfers. See Beatrice Thomas, Bank Muscat posts $266m profit, despite cyber fraud exposure, ARABIANBUSINESS.COM (Oct. 28, 2013), http://www.arabianbusiness.com/bank- muscat-posts-266m-profit-despite-cyber-fraud-exposure-524501.html. II. Extortion- and intimidation-based schemes Although there are many varieties of fraud schemes that exploit the Internet and computing, one of the most noteworthy cyberfraud trends has been the growth of schemes that go beyond traditional fraud techniques and use extortionate, intimidating, or other fear-inducing language to make victims believe they have no choice but to send the funds that the schemes demand. As shown below in Table 1, there are seven distinguishable types of such schemes, defined in terms of (1) whether the threat is direct or indirect (that is, directed at the victim being contacted or at another person known to the victim), and (2) what type of harm is threatened (that is, whether the scheme threatens physical harm, law enforcement action such as arrest, harm to financial data, or psychological harm). ______________________________________________________________________________ Table 1: Cyberfraud Schemes Involving Extortionate, Intimidating, or Fear-Inducing Language Type of Threat Direct Threat Indirect Threat Physical Harm Jamaican-Operated Lottery “Grandparent” - Assault/Accident , Email Address Book Law Enforcement Action (e.g., Arrest) Ransomware “Grandparent” – Arrest, Email Address Book Harm to Financial Data Phishing/Malware “Technical Support” Psychological Harm Sexual Blackmail — ______________________________________________________________________________ A. Jamaican-operated lottery schemes The most egregious example of cyberfraud using direct threats of physical harm is the version of fraudulent lottery schemes that Jamaica-based persons conduct. Though largely similar to traditional lottery schemes, which falsely promise victims substantial lottery winnings once they have paid bogus 2 United States Attorneys’ Bulletin MARCH 2014 “fees” or “taxes,” Jamaica-based schemes routinely go beyond traditional fraudulent pitches by email or telephone and use express