1. 1
Scene of the Cybercrime:Scene of the Cybercrime:
Assisting Law EnforcementAssisting Law Enforcement
In Tracking Down andIn Tracking Down and
Prosecuting CybercriminalsProsecuting Cybercriminals
2. 2
Please allow mePlease allow me
to introduce myselfto introduce myself âŚâŚ
⢠Debra Littlejohn Shinder, MCSEDebra Littlejohn Shinder, MCSE
â Former police sergeant/police academy
and college criminal justice instructor
â Technical trainer
⢠Networking, operating systems, IT security
â Author
⢠Cisco Press, Syngress Media, Que, New
Riders
⢠TechRepublic, CNET,
Cramsession/Brainbuzz
â Consultant
⢠Businesses and government agencies
3. 3
What Iâm going to talkWhat Iâm going to talk
about todayabout today
⢠What is cybercrime and is it reallyWhat is cybercrime and is it really
a problem?a problem?
⢠Who are the cybercriminals?Who are the cybercriminals?
⢠Why should you want to help lawWhy should you want to help law
enforcement officers catch them?enforcement officers catch them?
⢠The Great Governmental DivideThe Great Governmental Divide
⢠How techies can build a bridgeHow techies can build a bridge
⢠Building the cybercrime caseBuilding the cybercrime case
4. 4
Civil vs. Criminal LawCivil vs. Criminal Law
⢠Two separate systems of lawTwo separate systems of law
⢠What are the differences?What are the differences?
⢠Double jeopardy doesnât applyDouble jeopardy doesnât apply
⢠Constitutional protections â when doConstitutional protections â when do
they apply?they apply?
Breach of contract is not a crime â
except when it is.
5. 5
Defining cybercrimeDefining cybercrime
Cybercrime is any illegal act committedCybercrime is any illegal act committed
using a computer network (especiallyusing a computer network (especially
the Internet).the Internet).
Cybercrime is a subset of computerCybercrime is a subset of computer
crime.crime.
What do we mean by âillegal?â
Bodies of law:
Criminal, civil and administrative
6. 6
Who are theWho are the
cybercriminals?cybercriminals?
⢠Itâs not just about hackersItâs not just about hackers
⢠Using the âNet as a tool of the crimeUsing the âNet as a tool of the crime
â White collar crime
â Computer con artists
â Hackers, crackers and network attackers
⢠Incidental cybercriminalsIncidental cybercriminals
⢠Accidental cybercriminalsAccidental cybercriminals
⢠Situational cybercriminalsSituational cybercriminals
7. 7
Who are theWho are the
cybervictims?cybervictims?
⢠CompaniesCompanies
â Security? Whatâs that?
â Bottom liners
⢠IndividualsIndividuals
â Naive/Newbies
â Desparados
â Pseudovictims
â In the wrong place at the wrong time
⢠SocietySociety
8. 8
Who are theWho are the
cyberinvestigators?cyberinvestigators?
⢠IT professionalsIT professionals
⢠Corporate security personnelCorporate security personnel
⢠Private investigatorsPrivate investigators
⢠Law enforcementLaw enforcement
Ultimate destination
This is where the
authority lies
How can all
Work together?
When and why
the police should be
Called in
9. 9
Whatâs in it for me?Whatâs in it for me?
⢠Why should IT personnel cooperateWhy should IT personnel cooperate
with police in catchingwith police in catching
cybercriminals?cybercriminals?
⢠What are the advantages?What are the advantages?
⢠What are the disadvantages?What are the disadvantages?
What are the legalities?
What happens if you donât cooperate?
10. 10
The GreatThe Great
(Governmental) Divide(Governmental) Divide
⢠Law enforcement cultureLaw enforcement culture
â Highly regulated
â Paramilitary (emphasis on âparaâ)
â âBy the bookâ
The âPolice Powerâ myth
Weight of law
agency policy
political factors
Public relations
11. 11
Police SecretsPolice Secrets
⢠Most officers are not as confident asMost officers are not as confident as
they appearthey appear
â Command presence required
â The bluff is in
⢠Most cops feel pretty powerlessMost cops feel pretty powerless
â Cops donât like feeling powerless
⢠Most cops donât understandMost cops donât understand
technologytechnology
â Cops donât like not understanding
12. 12
This leads toâŚThis leads toâŚ
⢠A touch of paranoiaA touch of paranoia
⢠ââUs vs. Themâ attitudeUs vs. Themâ attitude
â Cops against the world
⢠The truth about the thin blue lineThe truth about the thin blue line
⢠The blue wall of silenceThe blue wall of silence
Best kept secret:
Cops are human beings
13. 13
Why cops and techiesWhy cops and techies
donât mixdonât mix
⢠Lifestyle differencesLifestyle differences
⢠Elitist mentality â on both sidesElitist mentality â on both sides
⢠Adversarial relationshipAdversarial relationship
â Many techies support or at least admire
talented hackers
â Itâs human nature to protect âyour ownâ
â Many cops donât appreciate the
difference between white and black hat
â Bad laws
14. 14
What cops and techiesWhat cops and techies
have in commonhave in common
⢠Long, odd hoursLong, odd hours
⢠Caffeine addictionCaffeine addiction
⢠Dedication to/love of jobDedication to/love of job
⢠Want things to âmake senseâWant things to âmake senseâ
⢠Problem solvers by natureProblem solvers by nature
What can tech people do
to solve the problem
of how to work with law enforcement?
15. 15
Building team spiritBuilding team spirit
⢠Ability to âthink like the criminalâAbility to âthink like the criminalâ
â Important element of good crime detection
â Difficult for LE when they donât know the
technology
⢠ITâs roleITâs role
â You know the hacker mindset
â You know what can and canât be done with
the technology
â You know where to look for the clues
Police know â or should know â
law, rules of evidence, case building,
court testimony
16. 16
Bridging the GapBridging the Gap
⢠ââTalk the talkâTalk the talkâ
â Technotalk vs police jargon
⢠Learn the conceptsLearn the concepts
â Legal
â Investigative procedure
⢠Understand the âprotocolsâUnderstand the âprotocolsâ
â âUnwritten rulesâ
17. 17
Building the CaseBuilding the Case
⢠Detection techniquesDetection techniques
⢠Collecting and preserving digitalCollecting and preserving digital
evidenceevidence
⢠Factors that complicate prosecutionFactors that complicate prosecution
⢠Overcoming the obstaclesOvercoming the obstacles
19. 19
Collecting and PreservingCollecting and Preserving
Digital EvidenceDigital Evidence
⢠File recoveryFile recovery
⢠Preservation of evidencePreservation of evidence
⢠Intercepting transmitted dataIntercepting transmitted data
⢠Documenting evidence recoveryDocumenting evidence recovery
⢠Legal issuesLegal issues
â Search and seizure laws
â Privacy rights
â Virtual âstingsâ (honeypots/honeynets)
Is it entrapment?
20. 20
Factors that complicateFactors that complicate
prosecution of cybercrimeprosecution of cybercrime
⢠Difficulty in defining the crimeDifficulty in defining the crime
⢠Jurisdictional issuesJurisdictional issues
⢠Chain of custody issuesChain of custody issues
⢠Overcoming obstaclesOvercoming obstacles
Lack of understanding of technology
(by courts/juries)
Lack of understanding of law
(by IT industry)
21. 21
Difficulty inDifficulty in
defining the crimedefining the crime
⢠CJ theoryCJ theory
â mala in se
â mala prohibita
⢠Elements of the offenseElements of the offense
⢠Defenses and exceptionsDefenses and exceptions
⢠Burden of proofBurden of proof
⢠Level of proofLevel of proof
Civil vs. criminal law
Statutory, Case and Common Law
22. 22
Jurisdictional issuesJurisdictional issues
⢠Defining jurisdictionDefining jurisdiction
⢠Jurisdiction of law enforcementJurisdiction of law enforcement
agenciesagencies
⢠Jurisdiction of courtsJurisdiction of courts
⢠Types of jurisdictional authorityTypes of jurisdictional authority
⢠Level of jurisdictionLevel of jurisdiction
23. 23
Chain of CustodyChain of Custody
⢠What is the chain of custody?What is the chain of custody?
⢠Why does it matter?Why does it matter?
⢠How is it documented?How is it documented?
⢠Where do IT people fit in?Where do IT people fit in?
24. 24
Overcoming theOvercoming the
obstaclesobstacles
⢠Well defined roles andWell defined roles and
responsibilitiesresponsibilities
⢠The prosecution âteamâThe prosecution âteamâ
â Law enforcement officers
â Prosecutors
â Judges
â Witnesses
What can CEOs and IT managers do?
25. 25
Testifying in aTestifying in a
cybercrimes casecybercrimes case
⢠Expert vs evidentiary witnessExpert vs evidentiary witness
⢠Qualification as an expertQualification as an expert
⢠Testifying as an evidentiary witnessTestifying as an evidentiary witness
⢠Cross examination tacticsCross examination tactics
Three types of evidence:
Physical evidence
Intangible evidence
Direct evidence
26. 26
Summing it upSumming it up
⢠Cybercrime is a major problem â andCybercrime is a major problem â and
growinggrowing
⢠Cybercrime is about much more thanCybercrime is about much more than
hackershackers
⢠There is a natural adversarialThere is a natural adversarial
relationship between IT and policerelationship between IT and police
⢠Successful prosecution of cybercrimeSuccessful prosecution of cybercrime
must be a team effortmust be a team effort
⢠IT personnel must learn investigationIT personnel must learn investigation
and police must learn technologyand police must learn technology
27. 27
The book:The book:
Defining and Categorizing CybercrimeDefining and Categorizing Cybercrime
A Brief History of the Rise of CybercrimeA Brief History of the Rise of Cybercrime
Understanding the People on the Scene of theUnderstanding the People on the Scene of the
CybercrimeCybercrime
Understanding Computer and NetworkingUnderstanding Computer and Networking
BasicsBasics
Understanding Network Intrusions and AttacksUnderstanding Network Intrusions and Attacks
Understanding Cybercrime PreventionUnderstanding Cybercrime Prevention
Implementing System SecurityImplementing System Security
Implementing Cybercrime Detection TechniquesImplementing Cybercrime Detection Techniques
Collecting and Preserving Digital EvidenceCollecting and Preserving Digital Evidence
Understanding Laws Pertaining to ComputerUnderstanding Laws Pertaining to Computer
CrimesCrimes
Building and Prosecuting the Cybercrime CaseBuilding and Prosecuting the Cybercrime Case
Training the Cybercrime Fighters of the FutureTraining the Cybercrime Fighters of the Future
Scene of the Cybercrime
by Debra Littlejohn Shinder