Designing IA for AI - Information Architecture Conference 2024
Cyber crime Introduction
1. 1
Scene of the Cybercrime:Scene of the Cybercrime:
Assisting Law EnforcementAssisting Law Enforcement
In Tracking Down andIn Tracking Down and
Prosecuting CybercriminalsProsecuting Cybercriminals
2. 2
Please allow mePlease allow me
to introduce myselfto introduce myself ……
• Debra Littlejohn Shinder, MCSEDebra Littlejohn Shinder, MCSE
– Former police sergeant/police academy
and college criminal justice instructor
– Technical trainer
• Networking, operating systems, IT security
– Author
• Cisco Press, Syngress Media, Que, New
Riders
• TechRepublic, CNET,
Cramsession/Brainbuzz
– Consultant
• Businesses and government agencies
3. 3
What I’m going to talkWhat I’m going to talk
about todayabout today
• What is cybercrime and is it reallyWhat is cybercrime and is it really
a problem?a problem?
• Who are the cybercriminals?Who are the cybercriminals?
• Why should you want to help lawWhy should you want to help law
enforcement officers catch them?enforcement officers catch them?
• The Great Governmental DivideThe Great Governmental Divide
• How techies can build a bridgeHow techies can build a bridge
• Building the cybercrime caseBuilding the cybercrime case
4. 4
Civil vs. Criminal LawCivil vs. Criminal Law
• Two separate systems of lawTwo separate systems of law
• What are the differences?What are the differences?
• Double jeopardy doesn’t applyDouble jeopardy doesn’t apply
• Constitutional protections – when doConstitutional protections – when do
they apply?they apply?
Breach of contract is not a crime –
except when it is.
5. 5
Defining cybercrimeDefining cybercrime
Cybercrime is any illegal act committedCybercrime is any illegal act committed
using a computer network (especiallyusing a computer network (especially
the Internet).the Internet).
Cybercrime is a subset of computerCybercrime is a subset of computer
crime.crime.
What do we mean by “illegal?”
Bodies of law:
Criminal, civil and administrative
6. 6
Who are theWho are the
cybercriminals?cybercriminals?
• It’s not just about hackersIt’s not just about hackers
• Using the ‘Net as a tool of the crimeUsing the ‘Net as a tool of the crime
– White collar crime
– Computer con artists
– Hackers, crackers and network attackers
• Incidental cybercriminalsIncidental cybercriminals
• Accidental cybercriminalsAccidental cybercriminals
• Situational cybercriminalsSituational cybercriminals
7. 7
Who are theWho are the
cybervictims?cybervictims?
• CompaniesCompanies
– Security? What’s that?
– Bottom liners
• IndividualsIndividuals
– Naive/Newbies
– Desparados
– Pseudovictims
– In the wrong place at the wrong time
• SocietySociety
8. 8
Who are theWho are the
cyberinvestigators?cyberinvestigators?
• IT professionalsIT professionals
• Corporate security personnelCorporate security personnel
• Private investigatorsPrivate investigators
• Law enforcementLaw enforcement
Ultimate destination
This is where the
authority lies
How can all
Work together?
When and why
the police should be
Called in
9. 9
What’s in it for me?What’s in it for me?
• Why should IT personnel cooperateWhy should IT personnel cooperate
with police in catchingwith police in catching
cybercriminals?cybercriminals?
• What are the advantages?What are the advantages?
• What are the disadvantages?What are the disadvantages?
What are the legalities?
What happens if you don’t cooperate?
10. 10
The GreatThe Great
(Governmental) Divide(Governmental) Divide
• Law enforcement cultureLaw enforcement culture
– Highly regulated
– Paramilitary (emphasis on “para”)
– “By the book”
The “Police Power” myth
Weight of law
agency policy
political factors
Public relations
11. 11
Police SecretsPolice Secrets
• Most officers are not as confident asMost officers are not as confident as
they appearthey appear
– Command presence required
– The bluff is in
• Most cops feel pretty powerlessMost cops feel pretty powerless
– Cops don’t like feeling powerless
• Most cops don’t understandMost cops don’t understand
technologytechnology
– Cops don’t like not understanding
12. 12
This leads to…This leads to…
• A touch of paranoiaA touch of paranoia
• ““Us vs. Them” attitudeUs vs. Them” attitude
– Cops against the world
• The truth about the thin blue lineThe truth about the thin blue line
• The blue wall of silenceThe blue wall of silence
Best kept secret:
Cops are human beings
13. 13
Why cops and techiesWhy cops and techies
don’t mixdon’t mix
• Lifestyle differencesLifestyle differences
• Elitist mentality – on both sidesElitist mentality – on both sides
• Adversarial relationshipAdversarial relationship
– Many techies support or at least admire
talented hackers
– It’s human nature to protect “your own”
– Many cops don’t appreciate the
difference between white and black hat
– Bad laws
14. 14
What cops and techiesWhat cops and techies
have in commonhave in common
• Long, odd hoursLong, odd hours
• Caffeine addictionCaffeine addiction
• Dedication to/love of jobDedication to/love of job
• Want things to “make sense”Want things to “make sense”
• Problem solvers by natureProblem solvers by nature
What can tech people do
to solve the problem
of how to work with law enforcement?
15. 15
Building team spiritBuilding team spirit
• Ability to “think like the criminal”Ability to “think like the criminal”
– Important element of good crime detection
– Difficult for LE when they don’t know the
technology
• IT’s roleIT’s role
– You know the hacker mindset
– You know what can and can’t be done with
the technology
– You know where to look for the clues
Police know – or should know –
law, rules of evidence, case building,
court testimony
16. 16
Bridging the GapBridging the Gap
• ““Talk the talk”Talk the talk”
– Technotalk vs police jargon
• Learn the conceptsLearn the concepts
– Legal
– Investigative procedure
• Understand the “protocols”Understand the “protocols”
– “Unwritten rules”
17. 17
Building the CaseBuilding the Case
• Detection techniquesDetection techniques
• Collecting and preserving digitalCollecting and preserving digital
evidenceevidence
• Factors that complicate prosecutionFactors that complicate prosecution
• Overcoming the obstaclesOvercoming the obstacles
19. 19
Collecting and PreservingCollecting and Preserving
Digital EvidenceDigital Evidence
• File recoveryFile recovery
• Preservation of evidencePreservation of evidence
• Intercepting transmitted dataIntercepting transmitted data
• Documenting evidence recoveryDocumenting evidence recovery
• Legal issuesLegal issues
– Search and seizure laws
– Privacy rights
– Virtual “stings” (honeypots/honeynets)
Is it entrapment?
20. 20
Factors that complicateFactors that complicate
prosecution of cybercrimeprosecution of cybercrime
• Difficulty in defining the crimeDifficulty in defining the crime
• Jurisdictional issuesJurisdictional issues
• Chain of custody issuesChain of custody issues
• Overcoming obstaclesOvercoming obstacles
Lack of understanding of technology
(by courts/juries)
Lack of understanding of law
(by IT industry)
21. 21
Difficulty inDifficulty in
defining the crimedefining the crime
• CJ theoryCJ theory
– mala in se
– mala prohibita
• Elements of the offenseElements of the offense
• Defenses and exceptionsDefenses and exceptions
• Burden of proofBurden of proof
• Level of proofLevel of proof
Civil vs. criminal law
Statutory, Case and Common Law
22. 22
Jurisdictional issuesJurisdictional issues
• Defining jurisdictionDefining jurisdiction
• Jurisdiction of law enforcementJurisdiction of law enforcement
agenciesagencies
• Jurisdiction of courtsJurisdiction of courts
• Types of jurisdictional authorityTypes of jurisdictional authority
• Level of jurisdictionLevel of jurisdiction
23. 23
Chain of CustodyChain of Custody
• What is the chain of custody?What is the chain of custody?
• Why does it matter?Why does it matter?
• How is it documented?How is it documented?
• Where do IT people fit in?Where do IT people fit in?
24. 24
Overcoming theOvercoming the
obstaclesobstacles
• Well defined roles andWell defined roles and
responsibilitiesresponsibilities
• The prosecution “team”The prosecution “team”
– Law enforcement officers
– Prosecutors
– Judges
– Witnesses
What can CEOs and IT managers do?
25. 25
Testifying in aTestifying in a
cybercrimes casecybercrimes case
• Expert vs evidentiary witnessExpert vs evidentiary witness
• Qualification as an expertQualification as an expert
• Testifying as an evidentiary witnessTestifying as an evidentiary witness
• Cross examination tacticsCross examination tactics
Three types of evidence:
Physical evidence
Intangible evidence
Direct evidence
26. 26
Summing it upSumming it up
• Cybercrime is a major problem – andCybercrime is a major problem – and
growinggrowing
• Cybercrime is about much more thanCybercrime is about much more than
hackershackers
• There is a natural adversarialThere is a natural adversarial
relationship between IT and policerelationship between IT and police
• Successful prosecution of cybercrimeSuccessful prosecution of cybercrime
must be a team effortmust be a team effort
• IT personnel must learn investigationIT personnel must learn investigation
and police must learn technologyand police must learn technology
27. 27
The book:The book:
Defining and Categorizing CybercrimeDefining and Categorizing Cybercrime
A Brief History of the Rise of CybercrimeA Brief History of the Rise of Cybercrime
Understanding the People on the Scene of theUnderstanding the People on the Scene of the
CybercrimeCybercrime
Understanding Computer and NetworkingUnderstanding Computer and Networking
BasicsBasics
Understanding Network Intrusions and AttacksUnderstanding Network Intrusions and Attacks
Understanding Cybercrime PreventionUnderstanding Cybercrime Prevention
Implementing System SecurityImplementing System Security
Implementing Cybercrime Detection TechniquesImplementing Cybercrime Detection Techniques
Collecting and Preserving Digital EvidenceCollecting and Preserving Digital Evidence
Understanding Laws Pertaining to ComputerUnderstanding Laws Pertaining to Computer
CrimesCrimes
Building and Prosecuting the Cybercrime CaseBuilding and Prosecuting the Cybercrime Case
Training the Cybercrime Fighters of the FutureTraining the Cybercrime Fighters of the Future
Scene of the Cybercrime
by Debra Littlejohn Shinder