Assignment 2: Digital Computer Crime

INTRODUCTION The emergence of computer technologies and the growing threats created by digital crimi- nals and terrorists have worked to produce a wide array of challenges for law enforcement officials charged with protecting individuals, private businesses, and governments from these threats. In response, political leaders and police administrators have increasingly rec- ognized the need to emphasize new priorities and foster new and innovative organizational strategies designed to counter the advent and continued growth of computer crimes. This chapter begins with an overview of federal roles and responses as they relate to computer crimes. The discussion focuses on the responses and organizational initiatives enacted by prominent federal law enforcement agencies as well as the role of the Department of Homeland Security (DHS) in these efforts. The chapter concludes with a description of the ways in which local law enforcement agencies have joined the fight against computer crime. This chapter emphasizes the need to strengthen the capabilities of local agencies by identifying several factors that have thus far limited local law enforcement efforts. FEDERAL ROLES AND RESPONSES For the most part, federal agencies have spearheaded law enforcement efforts against com- puter crime because these agencies possess the technical expertise and political clout to gar- ner significant financial and operational resources at the national level. These agencies have increasingly reorganized in an effort to channel resources directly at preventing digital crimes and apprehending computer criminals, including the creation of special sections within these organizations, the recruitment of new personnel who possess specialized tech- nical expertise in this area, and the creation of new collaborative units that combine the resources of multiple agencies. Additionally, several agencies have developed partnership 11 Law Enforcement Roles and Responses ▪ ▪ ▪ ▪ ▪ CHAPTER OBJECTIVES After completing this chapter, you should be able to ■ Provide an overview of the roles and responses of federal law enforcement agencies concerning digital crimes and any interagency partnerships to deal with these offenses. ■ Describe local law enforcement responses to computer crime. ■ Identify the factors that have limited local law enforcement efforts against digital crime. 257 ISBN 1-323-00652-4 Digital Crime and Digital Terrorism , Third Edition, by Robert W. Taylor, Eric J. Fritsch, and John Liederbach. Copyright 258 Chapter 11 • Law Enforcement Roles and Responses programs with other law enforcement agencies, private industry, and the public in an attempt to improve collaboration and cooperation to thwart digital criminals.

The Department of Justice The U.S. Department of Justice (DOJ) was established in 1870. The organization is headed by the chief law enforcement officer of the federal government—the attorney general. The attorney general represents the United States in legal matters generally and gives advice and opinions regarding matters of jurisprudence to the president. In cases of extreme importance, the attorney general may appear before the U.S. Supreme Court as the federal government’s representative attorney. Under the attorney general is a vast array of sections and organizational subunits designed to oversee the administration of justice on the federal level. These agencies include (1) the U.S. Attorney’s Office, repre- senting the federal government in court and prosecuting federal suspects; (2) the major federal investigative agencies, including the Federal Bureau of Investigation (FBI), the Drug Enforcement Administration (DEA), and the Bureau of Alcohol, Tobacco, Fire- arms, and Explosives (ATFE); (3) the U.S. Marshals Service; and (4) the U.S. Bureau of Prisons. 1 The DOJ has stepped up efforts to respond to the legal threats posed by cyber- criminals. The cornerstone of these efforts is the Criminal Division’s Computer Crime and Intellectual Property Section (CCIPS). CCIPS began as the Computer Crime Unit of DOJ in 1991. This unit primarily prosecuted violations of the Federal Code covered by Title 18, Section 1030, of the Computer Fraud and Abuse Act. The scope of DOJ jurisdiction in such crimes was expanded with the enactment of the National Informa- tion and Infrastructure Protection Act of 1996. In accordance with this Act, as well as the DOJ’s recognition of the need to increase prosecutorial resources aimed at combat- ing computer crimes, the department elevated the unit to section status in 1996 and adopted the moniker CCIPS. 2 The section employs dozens of attorneys who focus solely on legal issues raised by computer and intellectual property crimes. CCIPS attorneys specialize in prosecuting crimes related to encryption, e-commerce, intellectual property crimes, electronic pri- vacy laws, computer hacker investigations, and search and seizure cases involving com- puters. Members of the CCIPS section advise federal prosecutors on computer crimes cases, and CCIPS attorneys normally take the lead in litigating computer and intellec- tual property crimes on behalf of the federal government. In addition, CCIPS staff members comment on the legality of proposed computer crime legislation that is designed to mitigate computer crime threats. CCIPS works in close collaboration with the U.S. Attorney’s Office in the prosecution of computer crimes. Finally, there is a sub- unit within CCIPS called the Computer Hacking and Intellectual Property (CHIP) unit. CHIP units focus on prosecuting computer hacking, fraud, and intellectual prop- erty cases. This specialized unit has proven highly successful and has been expanded multiple times to include 25 units across the country. 3 The CCIPS also has an Intellec- tual Property Task Force, which was created in 2004 as a way to improve prosecutions and guide cases against piracy and counterfeiting. 4 While CCIPS primarily operates as a prosecutorial arm of the department, the section has also attempted to remedy the growing need for training and interagency cooperation. CCIPS attorneys conduct hundreds of training seminars every year for other federal attorneys in an effort to educate those prosecutors outside of the section ISBN 1-323-00652-4 Digital Crime and Digital Terrorism , Third Edition, by Robert W. Taylor, Eric J. Fritsch, and John Liederbach. Copyright Chapter 11 • Law Enforcement Roles and Responses 259 in regard to relevant legislation and effective prosecutorial strategies for cases involving computer crime. They also offer training to law enforcement agencies and engage in diplomatic missions to build strong relationships between the U.S. and foreign law enforcement officials. The Federal Bureau of Investigation The FBI was established in 1908 as the investigative branch of the U.S. DOJ. The FBI carries a broad mandate that authorizes the organization to protect the United States from terror and foreign intelligence agencies, as well as to investigate any federal crime that has not been specifically designated to another federal agency. These broad legal areas can include civil rights crimes, violent federal crimes, organized crime and drugs, and financial crimes. The FBI employs over 13,075 special agents who operate out of the Washington, DC headquarters, 56 field offices, and over 400 satellite offices globally. The FBI plays an important role in the investigation of cyber- crime. In fact, protection of the United States from cyber-based attacks and high- technology crimes is its third priority, behind terror and foreign intelligence. This suggests that cybercrime has become a high priority for investigation, over and above physical real-world crimes. The bureau’s role in fighting computer crime is fourfold:

(1) to capture the criminals behind serious computer intrusions and the spread of malicious code, (2) to stop online sexual predators who produce or share child por- nography and meet and exploit children, (3) to stop operations targeting U.S. intel- lectual property, and (4) to dismantle national and transnational organized crime groups engaging in Internet fraud. The FBI is also leading the charge to investigate and prosecute cybercrimes. 5 The bureau’s Cyber Division works in tandem with the Criminal Investigative Division in the investigation of domestic threats generated by computer-related crimes. Typically, its caseloads focus on child pornography, followed by fraud, com- puter intrusions, and intellectual property theft. There are also 93 computer crime task forces across the country that provide a partnership between the bureau, federal, state, and local law enforcement agencies to better solve crimes. 6 A program called Cyber Action Teams has also been developed, which have a small number of specially trained agents who are experts in malware and forensics. 7 These teams travel as needed to various spots around the world to assist in the investigation of computer intrusions and gather intelligence on threats and cybercrimes that threaten national security. In addition, the FBI has developed and supports the Regional Computer Foren- sics Laboratory (RCFL) Program. 8 This is a partnership between the bureau, state, local, and federal law enforcement agencies within a geographical area. RCFLs provide computer forensic lab support and training programs in support of criminal investiga- tions and the prevention of terror incidents. The first such RCFL was established in San Diego, California, in 1999. 9 The FBI then created a National Program Office in 2002 to oversee and facilitate the creation of other RCFLs around the country. 10 In addition, the bureau has partnered with the National White-Collar Crime Cen- ter (NW3C) to operate the Internet Crime Complaint Center (ICCC or IC3). The IC3 provides victims of Internet fraud a mechanism to report suspicious online activities.

The IC3 also provides other federal agencies a “central repository for complaints related to Internet fraud.” The goal of the IC3 is to identify wider Internet fraud patterns and ISBN 1-323-00652-4 Digital Crime and Digital Terrorism , Third Edition, by Robert W. Taylor, Eric J. Fritsch, and John Liederbach. Copyright 260 Chapter 11 • Law Enforcement Roles and Responses trends to aid in the enforcement of these crimes. 11 The bureau also works with the Computer Security Institute to produce an annual survey of cybercrime and computer security incidents in the private sector as a means of understanding the scope of the problems faced by individuals in this industry. 12 The FBI has also developed relationships with private and public sector partners to improve its ability to protect computerized critical infrastructures. 13 The federal government owns and operates many of these critical infrastructure systems; these law enforcement agencies would be the primary responders in the event of a national crisis. Likewise, the private sector currently operates the vast majority of these sys- tems, and private sector employees often have the greatest expertise in identifying and solving technical problems. Thus, the FBI developed “InfraGard,” a program began in 1998 as a joint initiative of the DOJ and what was then the National Infra- structure Protection Center. This program is now housed in the bureau’s Cyber Divi- sion, where there are approximately 86 chapters around the country with 54,677 members. 14 The program is designed to facilitate the exchange of information among academic institutions, the business community, and the FBI and serves as a prime example of the FBI’s agenda for partnerships and interagency collaboration in the fight against cybercrimes. BOX 11.1 Electronic Surveillance in the Age of Social Networks The term “electronic surveillance” traditionally referred to law enforcement actions such as wire- tapping designed to listen in on the telephone conversations of suspected criminals. Federal law enforcement agencies have a long (and sometimes dubious) history involving the use of tra- ditional wiretapping as a tool for domestic intelligence gathering. The digital revolution and the emergence of social networks as a major platform of communication have led to debate regarding the proper role of federal law enforcement and whether agencies such as the FBI should be allowed to essentially “wire-tap” Web sites such as Facebook and Twitter to enhance intelligence gathering and quickly identify and apprehend criminal suspects. The FBI recently identified what they refer to as the “Going Dark” problem, or the increasing inability of fed- eral law enforcement agencies to effectively collect evi- dence derived from electronic communications via the Web. The agency suggests that the “Going Dark” problem prevents them from gathering available evidence in crim- inal cases involving child exploitation, pornography, organized crime, terrorism, and espionage. 1 In 2010, DHS awarded a contract to General Dynamics to provide social media monitoring to support the agency’s National Operations Center. The contract specifies that the company will provide DHS daily social network summaries, weekly data reports, and monthly status reports. 2 In 2012, the FBI published a request for information (RFI) looking for private companies that could build a social network monitoring system that would allow the FBI to quickly identify and locate break- ing events, incidents, and emerging threats. The RFI states that social media has become a primary source of intelli- gence because it has become the premier first response to key events and possible developing situations. 3 The FBI’s initiative has given rise to considerable debate. Should federal law enforcement agencies be allowed to monitor social networks for evidence of criminal wrong- doing? If so, what types of communications should be subject to law enforcement scrutiny? To what extent will the collec- tion of communications on the Web extend beyond legiti- mate criminal investigations and violate the privacy rights of law-abiding citizens? Will these and other similar initiatives to “wire-tap” social networks change the way in which you use them to communicate with friends and family members?

1 C aproni , V. (2011). Statement Before the House Judiciary Com- mittee, Subcommittee on Crime, Terrorism, and Homeland Secu- rity, February 17. Retrieved July 20, 2013, from http://fbi.gov/news 2 N akashima , E. (2012). “DHS Monitoring of Social Media Con- cerns Civil Liberties Advocates.” Washington Post , January 13. Retrieved July 20, 2013, from http://www.washingtonpost.com 3 R ush , D. (2012). “FBI to Step Up Monitoring of Social Media Sites Amid Privacy Concerns.” The Guardian , January 26. Retrieved July 20, 2013, from http://www.guardian.co.uk ISBN 1-323-00652-4 Digital Crime and Digital Terrorism , Third Edition, by Robert W. Taylor, Eric J. Fritsch, and John Liederbach. Copyright Chapter 11 • Law Enforcement Roles and Responses 261 The National Security Agency The National Security Agency (NSA) bills itself as the nation’s preeminent “cryptologic organization.” In more familiar language, the NSA is primarily responsible for design- ing and maintaining computerized coding systems designed to protect the integrity of U.S. information systems. 15 It has also become the lead agency responsible for monitor- ing and protecting all of the federal government’s computer networks from acts of cyberterrorism. 16 In direct relation to these responsibilities, NSA agents are also responsible for detecting and exploiting weaknesses in an adversarial country’s com- puterized secret coding systems. Headquartered in Fort Meade, Maryland, the NSA has been providing the nation with “code-breaking” capabilities since these operations began against the Japanese in the Pacific theater of World War II. The NSA’s role in providing information system security and information assurance has expanded with the parallel growth in computerized communications technology during the Cold War and the ensuing decades. 17 The NSA’s role in protecting classified computer data demands an eclectic mix of agents who specialize in a wide range of professional fields, including researchers, com- puter scientists, mathematicians, and engineers. Though much of the work of NSA agents remains secretive in nature, the agency’s expertise in the area of information systems has led to a number of collaborative initiatives intended to improve informa- tion security research, knowledge, and expertise through the federal law enforcement system. For example, the NSA has recently created the INFOSEC Service Center designed to increase research initiatives concerning computer security by the federal government. The NSA has also helped to form the National Computer Security Center (NCSC), which is designed as an avenue to create partnerships among the federal law enforcement and intelligence communities. 18 The NSA has also assumed an active role in providing information security train- ing to both government and private entities through the National INFOSEC Education and Training Program. This program provides training for security specialists, includ- ing risk assessment, security design, and information security evaluation. Through these initiatives, the NSA aims to provide government agencies and the private sector information system security expertise. 19 Additionally, the NSA works to provide infor- mation security through security tools, security products, threat warnings, analysis of attacks, and security bulletins. 20 The Federal Trade Commission The Federal Trade Commission (FTC) was created in 1914 primarily as a way for the government to “trust bust” or apply regulations ensuring a free marketplace for U.S.

consumers and business enterprises. In this regard, the FTC enforces antitrust viola- tions that could hamper consumer interests, as well as federal consumer protection laws against fraud, deception, and unfair business practices. The commission’s primary enforcement mechanism is the Bureau of Consumer Protection, which is divided into seven divisions: (1) enforcement, (2) advertising practices, (3) financial practices, (4) marketing practices, (5) planning and information, (6) consumer and business educa- tion programs, and (7) privacy and identity protection. 21 As the federal government’s primary mechanism for protecting consumer mar- kets, the FTC has been forced to apply its traditional enforcement tools in an increas- ingly computer-related marketplace. Consumers and businesses alike have grown ISBN 1-323-00652-4 Digital Crime and Digital Terrorism , Third Edition, by Robert W. Taylor, Eric J. Fritsch, and John Liederbach. Copyright 262 Chapter 11 • Law Enforcement Roles and Responses accustomed to the exchange of goods and services through electronic mediums, espe- cially the Internet. Indeed, so-called e-commerce generates hundreds of billions of dollars in revenue annually, making the Internet economy comparable in size to the energy, automobile, and telecommunications industries. In response to the growth of Internet commerce, the FTC attempts to minimize fraudulent and deceptive business practices that occur online and educate consumers regarding safe avenues to conduct e-commerce. 22 The commission has been involved primarily in the enforcement of traditional criminal activities that now often occur online, including false marketing claims, credit card repair scams, financial pyramid schemes, and fraudulent business opportunity schemes. Since 1994, the FTC has brought hundreds of federal law enforcement actions against a variety of defendants based on fraudulent online services. 23 In fact, the FTC filed 38 actions in federal court from March 2007 through February 2008 and obtained 111 judgments and orders requiring defendants to pay over $240 million in remedies related to consumer fraud. 24 In addition to these traditional marketplace crimes, the commission has stepped up efforts to combat invasions of consumer privacy that occur online. The growth of e-commerce has resulted in consumers increasingly providing personal financial and medical information online, thus expanding the threat that this BOX 11.2 The NSA, Counterterrorism, and Privacy Rights The NSA has become the nation’s lead agency responsible for monitoring and protecting the federal government’s computer networks from acts of cyberterrorism. The Sep- tember 11, 2001, terrorist attacks that resulted in the destruction of the twin World Trade Center towers led to the implementation of warrantless surveillance programs operated through the NSA to monitor phone calls, e-mails, text messages, and other forms of communication as part of the war on terror. The initial data collection program— the Terrorist Surveillance Program—operated for several years before 2007 when some aspects of the program were declared unconstitutional. 1 A new clandestine electronic surveillance program operated through the NSA— PRISM—began under the supervision of the U.S. Foreign Intelligence Surveillance Court. 2 In June 2013, a technical contractor for the NSA Edward Snowden publicly leaked alleged details of the PRISM program. His disclosure instigated considerable controversy and debate in regard to individual privacy rights and questions about whether these programs should continue. The documents leaked by Snowden identified several companies that participated in the PRISM program, including Microsoft, Yahoo, Google, and Facebook. 3 The NSA program is designed to inter- cept the communications of potential foreign terrorists as those communications pass through computer networks in the United States. After the program was publicly dis- closed, the NSA claimed that PRISM and other similar programs had helped to prevent more than 50 potential terrorist attacks worldwide. 4 PRISM cannot be used to investigate the commu- nications of domestic targets; however, the information leaked by NSA contractor Snowden involved allegations that the program included the warrantless interception and collection of telephone communications data of U.S. citizens. The  controversy resulting from PRISM and NSA intelligence gathering as part of the war on ter- ror continues. Do you think the U.S. government should be allowed to collect large-scale data on the communi- cations of U.S. citizens without a warrant? Do you believe that these counter-terrorism programs can oper- ate within the framework of the Constitutional right to privacy?

1 Staff. (2006). “Lawyers Group Criticizes Surveillance Program.” The Washington Post , February 14. Retrieved July 17, 2013, from http://washingtonpost.com 2 G ellman , B., and P oitras , L. (2013). “US Intelligence Mining Data from Nine US Internet Companies in Broad Secret Pro- gram.” The Washington Post, June 6 . Retrieved July 17, 2013, from http://washingtonpost.com 3 Ibid. 4 G erstein , J. (2013). “NSA: PRISM stopped NYSE Attack.” Politico , June 19. Retrieved July 17, 2013, from http://politico.com ISBN 1-323-00652-4 Digital Crime and Digital Terrorism , Third Edition, by Robert W. Taylor, Eric J. Fritsch, and John Liederbach. Copyright Chapter 11 • Law Enforcement Roles and Responses 263 information could be used fraudulently through theft or other means. The FTC has brought 17 actions challenging companies on inadequate data security practices that leave sensitive consumer data vulnerable to compromise. 25 The FTC has developed the Identity Theft Program, designed to provide assis- tance to local and federal law enforcement agencies attempting to curb the misuse and theft of personal information through online access. The program aids these agencies in enforcing the Identity Theft and Assumption Deterrence Act of 1998, which is a fed- eral response to the widespread incidence of identity theft in recent years. The Act emphasizes that personal information is increasingly used against individuals and busi- nesses to commit fraud online. Under this Act, the FTC was required to create a data- base of identity theft victim complaints, to provide useful information to consumers and educate them regarding protecting the use of personal information online, as well as to provide a means to refer victims of identity theft to law enforcement authorities.

These mandates resulted in the creation of the Consumer Sentinel, which is a central- ized database of identity theft complaints used to compile statistics regarding the inci- dence of identity theft. 26 This database contains over 4 million fraud and identity theft complaints, which can be searched by over 1,700 law enforcement agencies around the world to share information and develop case leads. 27 The Postal Service The U.S. Postal Service’s widely known primary mission is to provide safe, affordable, and universal mail service to the nation. The nation’s mail service delivery agency has also operated one of the country’s oldest federal law enforcement agencies—the U.S.

Postal Inspection Service—since 1830. Congress empowered the Postal Service to “investigate postal offenses and civil matters relating to the Postal Service.” In order to accomplish this task, the U.S. Postal Inspection Service was established to perform “investigative and security functions essential to a stable and sound postal system.” Thus, the two main functions of the U.S. Postal Inspection Service are to provide busi- nesses with a safe avenue for the exchange of funds and securities and provide private citizens a safe and secure way in which to transmit correspondence. The Postal Inspec- tion Service employs over 1,500 agents nationwide, including approximately 650 uni- formed postal police officers who monitor and inspect critical postal facilities. 28 These agents investigate and enforce over 200 federal laws covering the illegal and fraudulent use of the U.S. mail service. 29 In terms of the investigation and prosecution of computer crimes, the U.S. Postal Inspection Service must frequently conduct joint investigations with other federal agencies, primarily because many types of computer crimes involve the use of the mail system to accomplish computer-related fraudulent activities or to transport materials related to computer crimes. In these types of cases, the jurisdiction of the Postal Inspec- tion Service may overlap with that of any number of local or federal agencies, including the U.S. Secret Service, the FBI, and the DOJ. The U.S. Postal Service’s primary con- cerns in the area of computer crime are identity theft, child exploitation and pornogra- phy, and electronic crimes. 30 As detailed elsewhere in this volume, identity theft involves acquiring key pieces of someone’s identifying information, including name, address, date of birth, and Social Security Number in order to impersonate them. Under Title 18, Section 1028, of the U.S.

Federal Code, postal inspectors share jurisdiction in these cases because they often involve mail that is stolen in order to obtain the above information. In addition, identity ISBN 1-323-00652-4 Digital Crime and Digital Terrorism , Third Edition, by Robert W. Taylor, Eric J. Fritsch, and John Liederbach. Copyright 264 Chapter 11 • Law Enforcement Roles and Responses thieves will use computers in order to elicit bogus credit cards and checks from financial institutions through the U.S. mail. In response to these crimes, the U.S. Postal Service has instituted the Mail Theft Reporting System (MTRS). MTRS aims to identify patterns in mail theft across geographic regions as well as compile statistics relating to mail theft victims and monetary losses. In 2007 alone, postal inspectors arrested 2,071 suspects of credit card and identity theft offenses. 31 The U.S. Postal Inspection Service also plays a key role in combating the produc- tion and distribution of child pornography. Increasingly, child pornography crimes have been classified as computer related because they often involve the use of the Inter- net in production and downloading of pornographic images. In fact, 95 percent of all cases of child exploitation involve both computers and physical mail. 32 Postal inspec- tors become involved when these computer-generated images are distributed through the U.S. mail. The primary legal vehicle to enforce these crimes used by postal inspec- tors is Title 18 of the U.S. Federal Code, Sections 1470, 2251, and 2252–2254; investiga- tors have arrested 155 individuals related to these offenses. 33 In addition, postal inspectors share jurisdiction in any electronic crime that involves the misuse of the U.S. mail. These crimes can include consumer fraud schemes that originate on the Internet through e-mail solicitations, since these crimes often eventually involve use of the U.S. mail in the delivery of fraudulent documents and/or fraudulently obtained currency. Among the most widely cited of these crimes is the Nigerian advance fee fraud letter and e-mail scam in which Nigerian nationals send let- ters and e-mails to U.S. citizens. The letters or e-mails invariably ask the recipient for some kind of fee as a precondition to the transfer of large amounts of money from Nigeria. American citizens have lost over millions of dollars due to these schemes.

Thus, the Postal Inspection Service has developed resources to help combat these crimes, including a joint task force with the DOJ. The Department of Energy The U.S. Department of Energy (DOE) was created in 1977 in order to consolidate existing federal energy programs and activities. The DOE’s main responsibilities include the administration of domestic energy production, the promotion of renew- able energy resources, and the promotion of energy conservation and efficiency. The department has increasingly relied on computerized technologies to operate and administer the nation’s energy-producing infrastructure. The growth in computer crime has created an increasing need to protect these critical infrastructure systems from both domestic and international threats. These threats can involve the introduc- tion of malicious codes designed to interfere with the operation of energy production systems. 34 In response to these threats, the Office of the Chief Information Officer at DOE provides a range of resources to provide timely information on cyber-security threats.

This includes the management of the entire DOE cyber security program, including desktop and application hosting for employees. 35 In addition, the DOE-Cyber Incident Response Capability (CIRC) is an organization that provides the DOE with incident response, reporting, tracking, and security support. This includes incident-reporting capabilities, security bulletins, and software tools. The CIRC is also designed to enhance communications between the DOE and private contractors who use these energy sys- tems so that critical infrastructures can remain protected from cyber attacks. 36 ISBN 1-323-00652-4 Digital Crime and Digital Terrorism , Third Edition, by Robert W. Taylor, Eric J. Fritsch, and John Liederbach. Copyright Chapter 11 • Law Enforcement Roles and Responses 265 The Department of Homeland Security The preceding section describing the manner in which federal agencies are organized to combat computer crime discussed each agency in separate terms and characterized the strategies of any single agency as independent and separate from those of the other agencies involved in the fight against computer crime. The attempt to classify these agencies in independent fashion is intended not only to help the reader understand the different roles of each federal agency discussed, but may be viewed as an indication of the historically “piecemeal” nature of law enforcement actions at the federal level. Fed- eral law enforcement agencies have a long history of failing to coordinate and cooperate not only in the relatively recent fight against computer crime but also with regard to a host of more traditional crime problems, including organized crime, the “war on drugs,” and more general intelligence-gathering operations. The cost associated with these disjointed federal law enforcement strategies became fatally and critically clear on September 11, 2001, when these domestic agen- cies collectively failed to detect and prevent the terrorist plot against the World Trade Center and the Pentagon. With the need for federal cooperation becoming abundantly clear in the face of such attacks, President Bush launched an initiative to create a cabi- net-level department designed to improve information sharing among federal law enforcement agencies, consolidate a host of over 100 federal offices in these depart- ments, and increase interagency coordination in the fight against domestic terror. The recently established DHS is the result of these efforts. 37 DHS has a wide range of organizational components and has subsumed a number of previously discussed federal agencies under the DHS umbrella, including the Direc- torate for National Protection and Programs, Directorate for Science and Technology, Directorate for Management, Office of Policy, Office of Health Affairs, Office of Intel- ligence and Analysis, Office of Operations Coordination, Federal Law Enforcement Training Center, Domestic Nuclear Detection Office, National Cyber Security Center, Transportation Security Administration (TSA), Customs and Border Protection, Citi- zenship and Immigration Services, Immigration and Customs Enforcement, the Secret Service, Federal Emergency Management Agency, and the Coast Guard. 38 The agency now employs over 200,000 federal employees who have been transferred or subsumed from other federal agencies. 39 The National Cyber Security Division (NCSD) of DHS is of significant impor- tance in the fight against computer crime. The NCSD is housed within the Office of Cyber Security and Communications and opened in 2003 with the charge of protecting cyber infrastructure. Specifically, the NCSD has a twofold task: (1) to build and main- tain an effective national cyberspace response system and (2) to implement a cyber risk management program to protect critical infrastructure. 40 There are several programs in place to aid in the achievement of these two tasks, including the National Cyber Alert System, which offers a free subscription service to security alerts and tips to better protect systems and infrastructure. This system also allows individuals to report threats and incidents directly to DHS. 41 The Cyber Cop Portal program is also run through NCSD, which provides a Web-based resource for information sharing and collaboration between law enforcement agencies around the world. There are over 5,300 investigators who use this tool as a means to help capture computer criminals. The NCSD also manages the National Vulnerability Database, which acts as a clearinghouse for information on software and hardware vulnerabilities.

ISBN 1-323-00652-4 Digital Crime and Digital Terrorism , Third Edition, by Robert W. Taylor, Eric J. Fritsch, and John Liederbach. Copyright 266 Chapter 11 • Law Enforcement Roles and Responses Individuals can access this database as a way to improve and automate computer secu- rity processes and compliance. There is also a Software Assurance Program designed to develop more secure software at the outset to minimize the number of vulnerabilities and therefore increase computer security. 42 The umbrella of the NCSD also includes the US-Computer Emergency Readi- ness Team, or CERT. The US-CERT provides response support and defense against cyber attacks in the executive branch of government, as well as support for public, private, and international partners. The CERT provides information on new and exist- ing vulnerabilities in all manner of computer systems, as well as resources to help patch and secure networks. It also offers security and threat reports and acts as an information clearinghouse on cyber security matters. 43 The NCSD also manages the National Cyber Response Coordination Group, which is composed of 13 federal agencies that respond to cyber attacks. This entity is designed to coordinate the federal response to a nationally significant cyber inci- dent, operating through law enforcement, intelligence agencies, and the US-CERT. 44 The NCSD also coordinates the Cyber Storm exercise to assist in the protection of cyber infrastructure. This event takes place every two years and is an attempt to assess the capability of government, public, and private entities to respond to a national cyber incident. The Cyber Storm training exercise simulates attacks against multiple infrastructure resources to understand the procedures, processes, tools, and responses of agencies to such an attack. 45 These exercises are key to improving cyber security and incident response in the event of a serious threat to cyber infra- structure. U.S. Immigration and Customs Enforcement The U.S. Immigration and Customs Enforcement (ICE) agency is the largest and pri- mary investigative arm of the U.S. DHS. 46 ICE is responsible for identifying and inves- tigating weaknesses within the nation’s borders, developing intelligence concerning threats, removing foreign nationals, and enforcing over 400 federal statutes. The agency was formed in 2003 as part of the Homeland Security Act and is the result of a merger of several federal agencies, including the Customs Service, Immigration and Natural- ization, and the Federal Protective Service. ICE has approximately 15,000 employees in 400 offices in the United States and 50 offices around the world. 47 The ICE agency plays a pivotal role in enforcing Internet-related crimes because of its responsibility to protect resources within the U. S. borders and the inherently international nature of cyberspace crimes. In particular, ICE operates the Cyber Crimes Center (C3), which has four subsections focused on child exploitation, computer foren- sics, cyber crimes, and information technology and administration. 48 The C3 also offers training for local, federal, and international law enforcement agencies. The Child Exploitation Section (CES) exists to investigate producers and distribu- tors of child pornography and abuse, as well as sex tourism. The CES operates in con- junction with international law enforcement agencies to investigate and prosecute these offenses. This section also coordinates Operation Predator, which is an ongoing multi- agency international investigation of child exploitation and crimes against children.

Operation Predator was developed in 2003 and has led to more than 10,000 arrests and 5,000 deportments from the United States for foreign nationals involved in child por- nography and sex crimes. 49 ISBN 1-323-00652-4 Digital Crime and Digital Terrorism , Third Edition, by Robert W. Taylor, Eric J. Fritsch, and John Liederbach. Copyright Chapter 11 • Law Enforcement Roles and Responses 267 The Cyber Crimes Section (CCS) investigates and enforces laws pertaining to a wide variety of cybercrimes, including international money laundering, intellectual property rights violations, human smuggling, illegal exports, and arms trafficking. The CCS conducts undercover stings and investigations over the Internet and has con- ducted a variety of operations, such as Operation Apothecary, to arrest and prosecute the sale and distribution of counterfeit pharmaceuticals and controlled substances over the Internet. 50 The Computer Forensics Section offers digital evidence recovery and analysis for ICE agents as well as other law enforcement agencies. In particular, it has 125 computer forensic agents (CFAs) who retrieve and analyze digital evidence as well as assist in the development of warrants for the seizure of digital evidence. 51 Forensic agents also pro- vide expert testimony for cases in support of criminal investigations. The Information Technology and Administrative Section provides operational and technical services to support the other three arms of the C3. The Secret Service The U.S. Secret Service was created in 1865 to serve a dual purpose: to provide protec- tive services to the president and other cabinet members and to safeguard the nation’s financial payment system against fraud and counterfeit financial instruments. In the massive reorganization of federal agencies after 9/11, the U.S. Secret Service became a key entity within the U.S. DHS to combat computer crime. The agency’s responsibilities have increased tremendously as a result of the revolution in computerized information systems and the growth of the Internet as a vehicle for financial transactions. For example, the ever-increasing sophistication of computerized reproduction capabilities has expanded the potential for the production of counterfeit financial instruments. In addition, the development of Internet communications has facilitated the rapid communication of encrypted messages and financial fraud schemes using phony debit and credit card transactions and electronic funds transfers (EFTs). Finally, the agency’s protection responsibilities in terms of special events have grown to include the safeguarding of computerized telecommunications and power systems integral to these events. The convergence of these related factors has thrust the Secret Service into the role of the federal government’s primary law enforcement weapon against com- puter and cybercrime. 52 The Secret Service’s Financial Crimes Division is the agency’s primary tool in the fight against computer crime. The division’s main responsibilities include the enforce- ment of three high-profile computer-related crimes. First, the division is charged with identifying and investigating financial institution fraud (FIF). Since 1990, the Secret Ser- vice has been granted concurrent jurisdiction with the DOJ to investigate fraud commit- ted against financial institutions, such as banks and savings and loans. Primary FIF schemes include the creation of counterfeit financial instruments (primarily cash) through desktop publishing systems. Recent Secret Service investigations have pointed to large increases in the production of counterfeit corporate checks and negotiable instruments that have paralleled the advent of sophisticated desktop publishing systems and copying technologies. Title 18, Section 514, of the U.S. Federal Code was enacted in 1996 in order to stem the growing tide of phony cash and checks in circulation. 53 Second, the Secret Service has primary jurisdiction in cases involving access device fraud. Access device fraud falls under Title 18, Section 1029, of the U.S. Federal ISBN 1-323-00652-4 Digital Crime and Digital Terrorism , Third Edition, by Robert W. Taylor, Eric J. Fritsch, and John Liederbach. Copyright 268 Chapter 11 • Law Enforcement Roles and Responses Code (the “credit card statute”) and involves the fraudulent use of credit card num- bers, personal identification numbers (PINs), and computer passwords. In addition to these access device frauds, the Secret Service has increasingly investigated the theft of computer codes located within cellular phones that are used to track billing informa- tion. The Secret Service estimates that losses resulting from access fraud cases run into the billions; the agency arrested over 2,400 individuals for access fraud crimes in 1996 alone. 54 Third, the Secret Service has primary jurisdiction in the investigation of general computer fraud relating to computers and computer systems of “federal interest.” These computers can be used as instruments of crime through hacking or other means as well as tools to produce fraudulent negotiable instruments or store private account informa- tion. The Secret Service has recently trained over 1,200 agents in computer forensics designed to detect and investigate these crimes through the agency’s Electronic Crimes Special Agent Program (ECSAP). 55 The Financial Crimes Division houses the Electronic Crimes Branch, which spe- cializes in detecting and investigating credit card and other access device fraud. The Electronic Crimes Branch provides computer equipment and technical assistance to special agents concerning lab analysis of computer-related evidence and storage equip- ment, the seizure of computerized evidence, and the administrative management of all computer-related investigations. 56 In recognition of the Secret Service’s primary role in combating computer and cybercrime and the need for interagency cooperation, provisions of the USA PATRIOT Act point to the development of a “network” of task forces that span federal jurisdictions.

These task forces include federal, state, and local law enforcement agency personnel and have been primarily aimed at addressing the increasingly global nature of computerized financial fraud. Specific task forces have included the Metro Alien Task Force, the West African (Nigerian) Task Force, and the Asian Organized Crime Task Force. 57 The most successful task force developed has been the Electronic Crimes Task Force (ECTF), which brings together law enforcement agencies, as well as prosecutors, private industry, and academia. 58 The ECTF mission is to prevent, detect, and investigate attacks against finan- cial and critical infrastructures. There are now 24 ECTFs around the country, which pro- vide support and resources to help investigate electronic crimes. STATE AND LOCAL ROLES As the sections above indicate, the growing danger posed by computer crimes has clearly resulted in an increasing enforcement emphasis at the federal level. Indeed, the current struggle against international terrorist threats—culminating with the Septem- ber 11, 2001, attacks against the World Trade Center and the Pentagon—seems to have galvanized national-level efforts to protect critical computer infrastructures at the fed- eral level. The threats related to computer crimes, however, have also become a growing concern to law enforcement officials at the state and local levels. While federal officials employed by the myriad agencies detailed above seem to have successfully garnered both public and political attention concerning the need for resources aimed at address- ing the computer crime problem, law enforcement personnel at the local level continue to encounter a host of issues that have hampered efforts to combat computer crimes effectively within their own jurisdictions. This section will provide an overview regarding what is being done to fight computer crime at the state and local levels of ISBN 1-323-00652-4 Digital Crime and Digital Terrorism , Third Edition, by Robert W. Taylor, Eric J. Fritsch, and John Liederbach. Copyright Chapter 11 • Law Enforcement Roles and Responses 269 enforcement, with an emphasis on identifying the critical areas of need that have thus far limited efforts to combat computer crime at the local level. The number of local, state, county, and regional computer crime task forces con- tinues to increase, largely because these agencies have experienced more computer- related criminal activities within their jurisdictions, and citizens and private entities have become increasingly willing to report these activities to local law enforcement departments. For example, a recent survey of local law enforcement computer crime experts found that 80 percent of the respondents indicated a “measurable increase” in the reporting of computer and electronic crimes, especially traditional fraud and theft crimes using computer devices. 59 At the same time, local officers may not have the capacity or understanding of computer crimes necessary to properly investigate these offenses. For example, the most pressing computer crimes enforced by these agencies appear to be those related to “harmful computer content,” especially child pornography and exploitation, threaten- ing communications, and stalking. 60 These types of computer crimes are followed in priority by computer-related frauds (e.g., online shopping schemes and EFT fraud), other technology-based crimes (e.g., encryption used to hide criminal activities such as drug trafficking), and computer hacking crimes. Higher-profile computer crimes, such as threats to critical national infrastructure systems, are rarely handled solely by local and state investigators because they often require federal expertise and resources. 61 Despite the ever-increasing caseload of computer crimes, there appears to be a lack of recognition and support from upper-level management within local police agencies in terms of providing the resources necessary to counter these threats. The majority of these cases receive a low priority at the local level. The fact that computer crime cases have not received the necessary recognition and support from local law enforcement administrators has created several areas in which local-level agencies must improve if computer crimes are to be effectively enforced.

Critical Needs at the State and Local Levels of Enforcement Officers involved in combating computer crime at the local and state level must be sup- plied with an increase in resources and technology in order to fight computer crime more effectively. These areas can be broadly grouped into four “critical needs”: (1) training, (2) equipment, (3) updated criminal codes designed to complement current enforcement efforts, and (4) resources for tapping federal expertise and equipment related to computer crime enforcement. 62 The need for training appears to be paramount at the local level. Currently, most local agencies fail to provide any training in computer crime to patrol personnel. This lack of training at the entry level can have severe consequences in regard to prosecuting computer crimes, especially in terms of protecting computer crime scenes and collecting forensic evidence. An untrained patrol officer can easily inadvertently destroy comput- erized evidence if not trained in protecting such evidence. 63 Related to training needs at the entry level, most local departments do not possess the technical expertise needed to train those officers interested in becoming computer forensic specialists. Often, these officers must obtain specialized training from outside sources such as private industry or the federal government. Some researchers and administrators have cited the need for a national certification program aimed at producing more specially trained computer experts at the local level. Others have noted that the career path for “computer crime ISBN 1-323-00652-4 Digital Crime and Digital Terrorism , Third Edition, by Robert W. Taylor, Eric J. Fritsch, and John Liederbach. Copyright 270 Chapter 11 • Law Enforcement Roles and Responses specialists” at the local level can often be limited, and career advancement within many local agencies would require reassignment to another priority division. 64 The need for computer crime training appears to go hand in hand with the pro- curement of additional resources and equipment. While federal personnel have increas- ingly used the growing awareness of computer crime at the national level as an avenue for larger equipment expenditures, these dollars have largely failed to trickle down to the local level. 65 The resulting disparity in equipment between federal and local cyber cops can most clearly be seen in the inability of most local agencies to decipher encrypted computer evidence. 66 Surveys of local computer crime experts indicate that for those jurisdictions that currently have computer evidence laboratories, more than 50 percent do not have adequate capabilities to read encrypted evidence. Much of the problem related to the lack of equipment can be traced to insufficient funding behind efforts to control computer crime. Many local experts have cited the need to use equip- ment that has been purchased personally because local departments fail to provide adequate resources from within the organization. 67 As detailed elsewhere in this text, the explosion in computer technologies and communications has stymied legislative attempts to enact statutes that are current and can be applied to the use of these new technologies. In short, state laws have been largely unable to keep pace with technology. The gap evident between the pace of tech- nological change and the enactment of legal codes has been especially problematic for computer crime specialists and prosecutors at the local level. For example, there are no legal mechanisms designed to allow the enforcement of subpoenas across state lines. 68 In the case of crimes that occur over the Internet, the lack of these mechanisms can effectively halt computer crime investigations at the local level. So too, severe differ- ences exist across jurisdictions in terms of the definition of what constitutes an elec- tronic crime. Some states continue to define many computer crimes as misdemeanor offenses, thereby reducing local law enforcement incentives to increase enforcement resources in this area. 69 Finally, those officers who are active in the enforcement of computer crimes at the local level have cited a lack of informational resources that would enable them to easily utilize the extensive technical expertise and equipment resources that currently exist at the federal level. Currently, there is no comprehensive source of information contain- ing a list of federal contact persons who could aid local investigators. Such a “guide- book” could include not only a list of prominent federal agents who are experts in the field of computer crime but also prominent computer forensic laboratories, forensic equipment available for local use, and federally approved equipment manufacturers to aid local agencies that are interested in upgrading their computer crime resources. 70 Summary American law enforcement agencies have assumed a variety of roles and responses to the new and increasing threats posed by computer crimes and terrorism. This chapter has provided an overview of how a number of federal agencies have responded to these threats, including the Secret Service, the Department of Justice, the Federal Bureau of Inves- tigation, the National Security Agency, the Federal Trade Commission, the Postal Service, Immigra- tion and Customs Enforcement, the Department of Energy, and the Department of Homeland Security.

These wide-ranging agencies have worked inde- pendently to adapt their specialized law enforce- ment expertise to these new problems. The federal government has increasingly recognized the need for these disparate agencies to collaborate in the ISBN 1-323-00652-4 Digital Crime and Digital Terrorism , Third Edition, by Robert W. Taylor, Eric J. Fritsch, and John Liederbach. Copyright Chapter 11 • Law Enforcement Roles and Responses 271 fight against computer crime and terror. Moreover, local- and state-level law enforcement agencies have attempted to assume their own role in enforc- ing computer crimes. Although a relatively small number of these agencies have responded success- fully to these threats through increasing funding and the formation of multiagency task forces, these agencies have largely been limited by several fac- tors, most notably a lack of funds, personnel, and technology. Review Questions 1. Which federal law enforcement agency has assumed pri- mary responsibilities in the area of access device fraud, including the fraudulent use of credit card numbers, per- sonal identification numbers, and computer passwords? 2. Which federal agency is responsible for the prosecution of computer fraud and abuse violations through the Com- puter Crime and Intellectual Property Section (CCIPS)? 3. Which federal agency investigates cybercrime and is currently responsible for the management of the Infra- Gard private/public partnership program? 4. Which agency within the Department of Homeland Security is responsible for managing cyber-critical infrastructure? 5. What are some of the impediments to computer crime investigations at the local level? 6. What are some of the key needs in local law enforce- ment agencies to improve their response to computer crimes? Endnotes 1 . http://www.usdoj.gov 2 . http://www.usdoj.gov/criminal/cybercrime/ccpolicy 3 . http://www.usdoj.gov/opa/pr/2006/June/06_ag_379.html 4 . http://www.cybercrime.gov 5 . http://www.fbi.gov/cyberinvest/cyberhome.htm 6 . Ibid. 7 . Ibid. 8 . http://www.rcfl.gov 9 . Ibid. 10. Ibid. 11. http://www.ic3.gov 12. Ibid., p. 12. 13. http://www.nipc.gov 14. R othschild , M atthew . (February 2, 2008). “Exclusive! The FBI Deputizes Business.” The Progressive. Retrieved March 1, 2009, from http://www.progressive.org/mag_rothschild0308 15. http://www.nsa.gov 16. N akashima , E llen . (January 1, 2008). “Bush Order Expands Network Monitoring: Intelligence Agencies to Track Institu- tions.” The Washington Post. Retrieved February 9, 2008, from http://www.washingtonpost.com/wp-dyn/content/arti- cle/2008/01/25/AR2008012503261_pf.html 17. Ibid., p. 28. 18. Ibid. 19. Ibid. 20. http://www.nsa.gov/ia/ia_at_nsa/index.shtml 21. http://www.ftc.gov 22. S windle , O. (September 11, 1999). “E-Commerce: Tomor- row’s Economy—Taxing and Regulation the Old-fashioned Way.” Remarks before the Georgia Public Policy Forum. 23. http://www.ftc.gov/bcp/internet/cases-internet.pdf 24. Fe deral Trade Commission. (2009). “FTC Annual Report, 2008.” Retrieved March 28, 2009, from http://www.ftc.gov/ os/2008/03/ChairmansReport2008.pdf 25. Ibid. 26. Fe deral Trade Commission. (August 14, 2002). Seminar.

“Attacking Identity Theft Together: Usable Tools for Law Enforcement.” Dallas, Texas. 27. Ibid, p. 24. 28. http://www.usps.com 29. Ibid. 30. Ibid. 31. Ibid. 32. Ibid. 33. Ibid. 34. http://www.doe.gov 35. http://cio.energy.gov/about.htm 36. http://www.doecirc.energy.gov/aboutus.html 37. http://www.dhs.gov 38. http://www.dhs.gov/xlibrary/assets/DHS_OrgChart.pdf 39. Ibid., p. 62. 40. http://www.dhs.gov/xabout/structure/editorial_0839.shtm 41. Ibid. 42. Ibid. 43. Ibid. 44. Ibid. 45. Ibid. 46. http://www.ice.gov 47. Ibid. 48. Ibid. 49. Ibid. 50. Ibid. ISBN 1-323-00652-4 Digital Crime and Digital Terrorism , Third Edition, by Robert W. Taylor, Eric J. Fritsch, and John Liederbach. Copyright 272 Chapter 11 • Law Enforcement Roles and Responses 51. Ibid. 52. J ackson , W. (2003). “E-Crime Squad.” Government Computer News 22(2). 53. http://www.ustreas.gov 54. Ibid. , p. 2. 55. http://www.secretservice.gov 56. Ibid., p. 4. 57. Ibid. 58. Ibid. 59. S tamnbaugh , H., B eupre , D.S., I coye , D.J., B aker , R., C as- saday , W., and W illiams , W.P. (March 2001). “Electronic Crime Needs Assessment for State and Local Law Enforce- ment.” National Institute of Justice. 60. Ibid., p. 75. 61. Ibid. 62. Ibid. 63. Ibid. 64. Ibid. 65. Ibid. 66. Ibid. 67. Ibid. 68. Ibid. 69. Ibid. 70. Ibid. ISBN 1-323-00652-4 Digital Crime and Digital Terrorism , Third Edition, by Robert W. Taylor, Eric J. Fritsch, and John Liederbach. Copyright INTRODUCTION This chapter focuses on the current state of the field in computer crime investigations. The personnel available to an investigation will dramatically influence the type and scope of inves- tigations that may be undertaken. Understanding the roles of and skills needed by such per- sonnel is vital to planning appropriate investigations. Although there is no single policy or plan for investigations, this chapter presents an overview of investigations, with special emphasis on the process of the investigation. The chapter breaks investigations into three basic types: single-scene, multiple-scene, and network investigations. Each type of investiga- tion requires different skills from personnel involved. Single-scene investigations require the skills found in trained law enforcement investigators. The skills used in a single-scene investi- gation form the building blocks of the more complex investigations. Thus, while building on single-scene skills, multiple-scene investigations require additional networking and coordina- tion skills. Coordination of multiple searches at various locations is the realm of an experi- enced criminal investigator. The networking skills may be provided by a subject matter expert (e.g., a computer consultant). Finally, network crimes require the skills of multiple-scene 12 The Investigation of Computer-Related Crime ▪ ▪ ▪ ▪ ▪ CHAPTER OBJECTIVES After completing this chapter, you should be able to ■ Explain and understand the search warrant application process appropriate to electronic evidence at a single-location crime scene. ■ Identify hardware and storage devices potentially containing evidence of a crime. ■ Explain and understand the legal standards and best current practices for the documentation of a single-location electronic crime scene. ■ Explain and describe the best current practices for the collection, preservation, transportation, and storage of electronic evidence. ■ Distinguish between single-scene, multiple-scene, and network crimes. ■ Communicate an understanding of network architectures and standards relevant to network investigations. ■ Identify sources of assistance for multiple-scene and network operations. ■ Identify categories of evidence and probable locations of that evidence. ■ Broadly outline procedures for preserving and collecting network trace evidence. 273 ISBN 1-323-00652-4 Digital Crime and Digital Terrorism , Third Edition, by Robert W. Taylor, Eric J. Fritsch, and John Liederbach. Copyright