Forwarded from: William Knowles <wkat_private> http://www.nytimes.com/2002/10/24/technology/circuits/24palm.html By JENNIFER LEE October 24, 2002 The Sony Clié was as good a smoking gun as investigators could get in a white-collar crime. When the police in San Jose, Calif., broke up an identity-theft crime ring two weeks ago, they used search warrants to seize and examine the hand-held organizers of the suspects, including that of the man the police said had been the ringleader, Julian Torres, 21. Stored on Mr. Torres's Clié, investigators said, were the names of more than 20 victims along with their Social Security, bank account and credit card numbers and other personal information. Mr. Torres's To-Do list included tasks like picking up materials at the local office supply store to make fake checks, the police said. E-mail messages contained confirmations of transfers from victims' bank accounts. He had even used the Clié's digital camera to take pictures of his partners in crime. It was hard for Mr. Torres to deny the Clié was his, the police said, given that he had entered his parents' phone numbers under "Dad" and "Mom." "This was the tool he used to perpetrate his crimes," said Alan Lee, a detective from the San Jose high-tech-crime unit who helped on the case. "Everything is there." Information on the Clié helped investigators find another two of Mr. Torres's accomplices, he said. Mr. Torres is being held in jail on $1 million bail. As hand-held organizers like the Clié and Palm have soared in popularity, it's not just law-abiding citizens who appreciate their usefulness in managing appointments, contacts and schedules. Criminals, too, are using them to coordinate their activities. And the rise of the organizer as a criminal tool has bred a new category of forensic scientist: the Palm reader. Drug dealers use contact lists to track buyers and suppliers, investigators say, while drug makers, like those who run clandestine methamphetamine laboratories, use memos to keep recipes and ingredient lists. Pimps use the devices to keep track of clients, revenues and expenses. Smugglers and money launderers track their transactions on spreadsheets. Stalkers have been known to store their fantasies and victims' schedules on their Palms. Even spies have used them. Corporate spies have downloaded sensitive documents to their hand-helds and quietly walked off with them. Robert P. Hanssen, the F.B.I. agent who was sentenced to life in prison in May for selling secrets to Moscow, used his Palm III to keep track of his schedule to pass information to his Russian contacts. (He also asked them for an upgrade to a Palm VII because of its wireless capabilities.) Police officials are beginning to seize and analyze personal digital devices in their investigations (a warrant allowing search of a suspect's electronic devices is usually required). What they often find is a trove of detailed, intimate, up-to-date information. That data has been used to prosecute criminals, penetrate their networks and better understand their methods. The data contained in a hand-held says a lot about its owner, whether that person is a corporate tycoon or a petty thief. "It's an alter ego," said Larry Leibrock, who teaches at the University of Texas at Austin and has been a consultant in many forensic cases involving hand-helds. "It represents their aspirations, who their contacts are, where they spend their time, their tasks and objectives, and how they completed those." Even sensitive information is rarely password protected, demonstrating a general naïveté that many people have about the security of their digital devices. Hand-held users often believe - wrongly, investigators say - that what is personal is also private. "People assume that only they can have access," Dr. Leibrock said. As the criminals are discovering, that isn't the case. The simplicity of a hand-held makes information easily retrievable - not only by the owner, but by whoever has physical access to the device. "The natural consequence of the information revolution is that our lives are centered around processes and equipment whose sole purpose is to collect data," said David Aucsmith, a security architect for Microsoft. "These devices are all trying to make your life easier.'' While hand-held forensics has mostly been focused on criminal investigations, the devices are popping up as evidence in civil cases as well - in intellectual property disputes between companies, for example, and divorces. A handful of companies, like Guidance Software, the Paraben Corporation and AtStake, have made a business of helping investigators preserve and analyze data. While organizers are used mostly in white-collar crimes, they have also been helpful in homicide investigations. When the police were investigating the murder of 7-year-old Danielle van Dam near San Diego last February, for example, they copied the contents of four computer hard drives and a Palm Pilot belonging to the man who was convicted in the case, David A. Westerfield. In a recent homicide case in Texas, the assailant turned out to be a person on the contact list in the victim's organizer. "It was a close personal friend who did it for financial gain," said Amber Schroader, who is director of forensics for Paraben, in Orem, Utah, and helped with the investigation. The police will often seize a suspect's organizers to establish a link with the victim, check on alibis or determine motivation. In an attempted homicide case that Dr. Leibrock recently worked on, the suspect planned his day around his victim's schedule, which he kept in his Palm. The man, whom Dr. Leibrock described as obsessive compulsive, also kept detailed notes of his fantasies about the woman on the device. "He was going to capture this woman, tie her up and have his way with her," Dr. Leibrock said. People are remarkably truthful on their personal digital devices - even when they are lying elsewhere. Federal investigators from the Department of Health and Human Services will use doctors' own organizer schedules to catch them for falsely billing for Medicaid and Medicare patients they have never seen. (Investigators don't need a warrant for these searches, since doctors agree to make records available as a term of their participation in the programs.) Organizers are rarely encrypted or password-protected - even when criminals take similar precautions in other electronic formats. "If you went to their desktop machine they would have a good 5 to 10 passwords," Ms. Schroader said. "But when it came to their P.D.A. they felt it was so close to them that they didn't need it." In fact, investigators often find passwords for protected desktop or laptop computer files stored on suspects' hand-helds. Even when Palms are encrypted, they are remarkably easy to crack, said Joe Grand, the principal engineer at Grand Idea Studio, a product design firm in Boston, who has analyzed the security flaws in the Palm operating system. Organizers are easy to locate, because they are almost always found with individuals or in their cars. As a result, the devices themselves even help in identifying bodies. In a suicide case in Virginia in March, for example, a decomposing body was found on the Appalachian Trail with a hand-held but no wallet or other identification. When the device was cleaned off and powered up, it revealed the name of the 55-year-old Maryland man who had shot himself. Previously the information now found in one place may have been scattered in various locations - wallets, desks, cars and even dumpsters. "It gets a little disgusting sometimes when you have to dig through their trash for their bank statements," said John Holzer, a special agent with the Commerce Department's Office of Export Enforcement, which is responsible for preventing certain goods from being exported to countries like Libya and Iran. In tracing suspicious American companies, the agents often search for account numbers to subpoena bank information to look for money transfers from foreign banks. But now, Agent Holzer and fellow investigators have begun to find account numbers stored neatly on the hand-helds of suspected export violators. "It saves us from the white spaceman suits and jumping into the big Dumpster," he said. As with computer hard drives, deleting something on a hand-held doesn't make it really gone. "Things people think are deleted are still retrievable," said Larry Gagnon, a detective with the Peel Regional Police in Ontario. "Whereas if you rip up a piece of paper and throw it out, it's gone for good." Investigators say that organizers have also been used to commit crimes. In a case in Texas, a government employee was caught using his Handspring Treo to transfer child pornography. "When we pulled the guy in to do an interview, what does he have on his pocket but the wireless device," said Jamey Tubbs, a federal law enforcement agent who worked on the case. "We seized it right then and there." In another case earlier this year, a Fortune 500 company in the Chicago area discovered that an employee was using his company-issued Palm to steal patent applications bit by bit. "It totally blew their mind," said Thomas Rude, a security consultant from Atlanta who was called in to investigate the case. Hand-held analysis may become even more fruitful over the next few years as the devices become more sophisticated and gain wireless capabilities. A person's movements can often become a critical issue in civil and criminal investigations. Michael Burnette, director of information technology at an Atlanta law firm, Rogers & Hardin, made an interesting discovery when he was asked to do forensic analysis on a BlackBerry, the popular wireless device. Because BlackBerries are always on to receive e-mail, they constantly communicate with the network around them and create an internal ledger of the nodes they have recently talked with. "It's moving around with you and telling a story about you," Mr. Burnette said. "But then again, it has to be intimately intertwined with who you are in order to be as useful as it is." *==============================================================* "Communications without intelligence is noise; Intelligence without communications is irrelevant." Gen Alfred. M. Gray, USMC ================================================================ C4I.org - Computer Security, & Intelligence - http://www.c4i.org *==============================================================* - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Fri Oct 25 2002 - 04:14:22 PDT