Policing in today’s world is a profession that requires continuously evolving technical expertise as criminals become increasingly tech savvy. Cybercrime investigations can be complicated, not only because of the technology involved, but because these crimes often involve numerous jurisdictions and organizations, requiring case load management and best practices to result in successful prosecutions.
Cybercrime refers to crimes that are facilitated by the use of computers and related equipment and frequently involves use of the Internet. While the Internet is designed for the use of information sharing, research, education and leisure activities, it provides a powerful tool for those involved in criminal activity. Common Cybercrimes
The most common computer crime in my jurisdiction is the overseas scam. This crime is typically initiated via bulk e-mails to unsuspecting parties. The e-mails come from a person who claims to be a political prisoner or in some type of peril. The perpetrator pleads with the e-mail recipient to help unlock some cache of money by cashing a check to be sent to the recipient.
The recipient is then instructed to keep a portion of the money for his efforts and send the remaining money to the suspect using a cash transfer service. The victims usually find out that the checks are fraudulent when a bank or law enforcement agency calls to inform them.
Another growing scam being perpetrated via e-mail is the Internet lottery. This type of scam, as well as the overseas scam, preys on people’s greed and desperation. With the lottery scam, the victim is notified that some tremendous cash award requires the deposit of a specified amount to be wired to the lottery claims office as a processing fee for the release of the lottery winnings. The victim realizes his error in judgment when the “winnings” never arrive.
Our investigation of the lottery scam usually starts with the victim coming forward and giving us information about how he was approached. We have to trace the history of the contact and how the crime was perpetrated using the original e-mail. Early in this process, access to the victim’s computer storage devices is needed, as well as search warrants for the suspect’s (when identified) computers and software so that investigators can ensure the validity of their findings for prosecution.
In the likely event that the crime is initiated outside the state and continental U.S., my agency will report it to our local FBI office for their follow-up investigation. They can then reach out to their network of agents in other countries for assistance in solving the crime.
For these types of crimes, the best local law enforcement practice is prevention. Law enforcement agencies must take an active role in informing citizens through media releases and community education programs. The scams must be explained thoroughly, including how victims may be contacted, what the unsuspecting victim would be asked to do, and what the likely result will be—in most cases, stolen money.
Identity Theft and Check Scam
Another scam that recently occurred in my jurisdiction started with an identity theft report from out of state. The victim reported that her credit card had been stolen in Florida and used in North Carolina for unauthorized purchases. Her credit card company then notified her that her card had been used at a Lowe’s hardware store for suspicious purchases. The victim was able to provide the store location and transaction time based on information from her credit card company.
It was determined that the suspect used the stolen credit card number for online purchases and had arranged to pick up the purchases at a Lowe’s store in North Carolina. Investigators worked with Lowe’s corporate security to review surveillance video, which revealed the perpetrator and led to a review of the store’s outside parking lot surveillance.
In this case, a video revealed the suspect pulling her vehicle to the front of the store to load the fraudulently purchased merchandise. Department of Motor Vehicles records led to verification that the vehicle and owner matched the suspect in the video. Luckily, the suspect used her true name with her online transaction and provided her real identification at the Lowe’s pick-up.
Search warrants were obtained for the suspect’s residence. While searching the residence pursuant to the Lowe’s fraud, investigators noticed something else unusual: stacks of Western Union and WalMart money orders and other bulk checks totaling more than $430,000.
The suspect was identified as a point of contact and distribution for an overseas scam, this one a fraudulent check operation. She was believed to be cashing checks, keeping a portion and sending funds to collaborators in Nigeria. The suspect was additionally found to be distributing checks to family members and other unsuspecting persons to have them cashed at multiple financial institutions.
The complexity of the operation made it more difficult for law enforcement to detect. In this case, evidence in plain sight led officers to believe that the computer was used for the additional offenses perpetrated. So, they seized the computers and equipment from the residence.
This posed a new problem for law enforcement: Did the initial search warrant cover the storage and files within the computer? The answer was no. Subsequent search warrants are needed for further computer file searches unless a valid consent can be obtained from the suspect. A search warrant prevents any issues of scope of consent inherent to a computer search.
The investigators who handled this case had training in forensic computer crimes and understood the electronic evidence had to be handled properly for the benefit of full prosecution in federal court. The officers knew that they must not open files or alter the computer contents in any way until the additional warrant was secured. Best practice is to then “mirror” the hard drive and preserve the original. The copied hard drive is then used for subsequent evidence searches to limit the possibility of the original hard drive being damaged or corrupted, and evidence lost.
Resources for Cybercrime Investigation
Our ability to prevent, detect and solve cybercrimes is only as good as our officers’ cybercrime investigation expertise. That means that all local law enforcement officers need education in computer investigations—from the lowest level line officer to the police chief. We need to understand what to do, and equally important what not to do, to solve the crime without inadvertently corrupting evidence.
There are several federal agencies that assist with the investigation of cybercrime, including the FBI, the U.S. Secret Service, U.S. Immigration and Customs Enforcement, the U.S. Postal Inspection Service, and the Internet Crime Complaint Center.
Additionally, the U.S. Department of Justice’s Computer Crime and Intellectual Property Section (CCIPS) hosts the Web site www.cybercrime.gov which offers good insight and information about computer- and Internet-based crimes.
Many local agencies do not have the expertise or jurisdiction to investigate cybercrimes to their fullest extent. This Web site provides guidance about proper search and seizure for electronic evidence and how to determine which law enforcement organizations to contact for assistance with specific types of cybercrimes.
According to the Internet Crime Complaint Center, a repository for Internet crime complaints, cybercrimes have increased dramatically each year. In the eight years since the complaint tracking began, submissions have gone from 16,838 in 2000 to 275,284 in 2008. Internet crimes increased 33 percent between 2007 and 2008 alone, and this trend is likely to continue.
As crimes become more complex, law enforcement agencies must be equipped to aid and educate our citizens in relation to cyber-type crimes. While individual agencies have an obligation to provide such education and training, officers must take the initiative to pursue continued education through certification programs and, whenever possible, a formal bachelor’s or master’s degree. Kaplan University, for example, has a tremendous online criminal justice program. Kaplan students pursuing bachelor’s degrees in criminal justice can choose from several concentrations, including one in computer crime.
The computer crime concentration includes courses such as Internet Vulnerabilities and the Legal Implications of Monitoring Activity in Cyberspace, Investigating Cybercrime, Computer Forensics and Protecting Digital Assets. These courses represent the type of knowledge and skill building that can equip law enforcement professionals to prevent, investigate and solve this fast-growing classification of crime.
It is critical for local police departments and other law enforcement organizations to share information about cybercrimes with federal partners and the Internet Crime Complaint Center database so that agencies can collectively monitor these crimes. All agencies need to take a serious look at these emerging crime trends and challenge their officers to educate themselves to combat this emerging threat to local communities. The issue of education needs to be integral to our plans for preventing, investigating and solving cybercrimes.
Thomas Anderson is the chief of police with Statesville, N.C., and a faculty member of Kaplan University’s School of Criminal Justice. He may be reached at firstname.lastname@example.org.
Photos courtesy of Michele Pore at Kaplan University.