Scene of the Cybercrime:

1
Scene of the Cybercrime

• Assisting Law Enforcement
• In Tracking Down and Prosecuting Cybercriminals

2
Please allow meto introduce myself

• Debra Littlejohn Shinder, MCSE
• Former police sergeant/police academy and college
  criminal justice instructor
• Technical trainer
• Networking, operating systems, IT security
• Author
• Cisco Press, Syngress Media, Que, New Riders
• TechRepublic, CNET, Cramsession/Brainbuzz
• Consultant
• Businesses and government agencies

3
What Im going to talkabout today

• What is cybercrime and is it really a problem?
• Who are the cybercriminals?
• Why should you want to help law enforcement
  officers catch them?
• The Great Governmental Divide
• How techies can build a bridge
• Building the cybercrime case

4
Civil vs. Criminal Law

• Two separate systems of law
• What are the differences?
• Double jeopardy doesnt apply
• Constitutional protections when do they apply?

Breach of contract is not a crime except when
it is.
5
Defining cybercrime

• Cybercrime is any illegal act committed using a
  computer network (especially the Internet).
• Cybercrime is a subset of computer crime.

What do we mean by illegal? Bodies of
law Criminal, civil and administrative
6
Who are the cybercriminals?

• Its not just about hackers
• Using the Net as a tool of the crime
• White collar crime
• Computer con artists
• Hackers, crackers and network attackers
• Incidental cybercriminals
• Accidental cybercriminals
• Situational cybercriminals

7
Who are the cybervictims?

• Companies
• Security? Whats that?
• Bottom liners
• Individuals
• Naive/Newbies
• Desparados
• Pseudovictims
• In the wrong place at the wrong time
• Society

8
Who are the cyberinvestigators?

• IT professionals
• Corporate security personnel
• Private investigators
• Law enforcement

Ultimate destination This is where the authority
lies How can all Work together?
When and why the police should be Called in
9
Whats in it for me?

• Why should IT personnel cooperate with police in
  catching cybercriminals?
• What are the advantages?
• What are the disadvantages?

What are the legalities? What happens if you
dont cooperate?
10
The Great (Governmental) Divide

• Law enforcement culture
• Highly regulated
• Paramilitary (emphasis on para)
• By the book

The Police Power myth Weight of law agency
policy political factors Public relations
11
Police Secrets

• Most officers are not as confident as they appear
• Command presence required
• The bluff is in
• Most cops feel pretty powerless
• Cops dont like feeling powerless
• Most cops dont understand technology
• Cops dont like not understanding

12
This leads to

• A touch of paranoia
• Us vs. Them attitude
• Cops against the world
• The truth about the thin blue line
• The blue wall of silence

Best kept secret Cops are human beings
13
Why cops and techiesdont mix

• Lifestyle differences
• Elitist mentality on both sides
• Adversarial relationship
• Many techies support or at least admire talented
  hackers
• Its human nature to protect your own
• Many cops dont appreciate the difference between
  white and black hat
• Bad laws

14
What cops and techieshave in common

• Long, odd hours
• Caffeine addiction
• Dedication to/love of job
• Want things to make sense
• Problem solvers by nature

What can tech people do to solve the problem of
how to work with law enforcement?
15
Building team spirit

• Ability to think like the criminal
• Important element of good crime detection
• Difficult for LE when they dont know the
  technology
• ITs role
• You know the hacker mindset
• You know what can and cant be done with the
  technology
• You know where to look for the clues

Police know or should know law, rules of
evidence, case building, court testimony
16
Bridging the Gap

• Talk the talk
• Technotalk vs police jargon
• Learn the concepts
• Legal
• Investigative procedure
• Understand the protocols
• Unwritten rules

17
Building the Case

• Detection techniques
• Collecting and preserving digital evidence
• Factors that complicate prosecution
• Overcoming the obstacles

18
Cybercrime Detection Techniques

• Auditing/log files
• Firewall logs and reports
• Email headers
• Tracing domain name/IP addresses
• IP spoofing/anti-detection techniques

19
Collecting and Preserving Digital Evidence

• File recovery
• Preservation of evidence
• Intercepting transmitted data
• Documenting evidence recovery
• Legal issues
• Search and seizure laws
• Privacy rights
• Virtual stings (honeypots/honeynets)

Is it entrapment?
20
Factors that complicateprosecution of cybercrime

• Difficulty in defining the crime
• Jurisdictional issues
• Chain of custody issues
• Overcoming obstacles

Lack of understanding of technology (by
courts/juries) Lack of understanding of law (by
IT industry)
21
Difficulty indefining the crime

• CJ theory
• mala in se
• mala prohibita
• Elements of the offense
• Defenses and exceptions
• Burden of proof
• Level of proof

Civil vs. criminal law
Statutory, Case and Common Law
22
Jurisdictional issues

• Defining jurisdiction
• Jurisdiction of law enforcement agencies
• Jurisdiction of courts
• Types of jurisdictional authority
• Level of jurisdiction

23
Chain of Custody

• What is the chain of custody?
• Why does it matter?
• How is it documented?
• Where do IT people fit in?

24
Overcoming the obstacles

• Well defined roles and responsibilities
• The prosecution team
• Law enforcement officers
• Prosecutors
• Judges
• Witnesses

What can CEOs and IT managers do?
25
Testifying in acybercrimes case

• Expert vs evidentiary witness
• Qualification as an expert
• Testifying as an evidentiary witness
• Cross examination tactics

Three types of evidencePhysical
evidence Intangible evidence Direct evidence
26
Summing it up

• Cybercrime is a major problem and growing
• Cybercrime is about much more than hackers
• There is a natural adversarial relationship
  between IT and police
• Successful prosecution of cybercrime must be a
  team effort
• IT personnel must learn investigation and police
  must learn technology

27
The book
Scene of the Cybercrime by Debra Littlejohn
Shinder
Defining and Categorizing Cybercrime A Brief
History of the Rise of Cybercrime Understanding
the People on the Scene of the
Cybercrime Understanding Computer and Networking
Basics Understanding Network Intrusions and
Attacks Understanding Cybercrime
Prevention Implementing System Security Implementi
ng Cybercrime Detection Techniques Collecting and
Preserving Digital Evidence Understanding Laws
Pertaining to Computer Crimes Building and
Prosecuting the Cybercrime Case Training the
Cybercrime Fighters of the Future