[ISN] Feds offer cybercrime tips to local cops

From: InfoSec News (alerts@private)
Date: Wed Jan 17 2007 - 22:05:22 PST


By Declan McCullagh
Staff Writer, CNET News.com
January 16, 2007

Police trying to learn how to use the Internet to investigate everything 
from cyberstalking to spam and illegal hacking have some new advice, 
thanks to the U.S. Department of Justice.

The department's Office of Justice Programs on Tuesday published what 
amounts to a manual for tech-challenged gumshoes, covering everything 
from how to track suspects through an Internet Relay Chat network to 
targeting copyright thieves on peer-to-peer networks.

Local and state law enforcement have bungled some high-tech 
investigations recently. The Pennsylvania Supreme Court rejected 
prosecutors' attempts to seize newspaper reporters' hard drives, and the 
8th Circuit Court of Appeals ruled that police illegally seized a 
computer in a methamphetamine investigation. A federal judge permitted 
an Internet service provider to sue police after it was raided because 
of Usenet posts its employees knew nothing about.

The new 137-page manual (click for PDF [1]) appears to represent the 
Justice Department's attempt to offer at least some basic technical and 
legal tips to law enforcement agencies that may not have computer 
experts on the payroll.

"Criminals can trade and share information, mask their identity, 
identify and gather information on victims, and communicate with 
co-conspirators," the manual says. "Web sites, electronic mail, chat 
rooms, and file sharing networks can all yield evidence in an 
investigation of computer-related crime."

The manual warns of the perils of assuming that the owner of a 
computer--especially Windows PCs, which can be vulnerable to security 
breaches--is responsible for what's actually on it.

"Because investigations involving the Internet and computer networks 
mean that the suspect's computer communicated with other computers, 
investigators should be aware that the suspect may assert that the 
incriminating evidence was placed on the media by a Trojan program," it 
says. "A proper seizure and forensic examination of a suspect's hard 
drive may determine whether evidence exists of the presence and use of 
Trojan programs."

Defendants in criminal cases have been known to raise what's become 
known as the Trojan defense. In a dawn raid, Arizona police stormed into 
the house of a 16-year-old boy named Matthew Bandy and accused him of 
downloading child pornography--which carried a maximum penalty of 90 
years in prison.

It turned out that, contrary to claims by police and Maricopa County 
District Attorney Andrew Thomas, Bandy's home computer was thoroughly 
infected by malware. After being contacted by reporters, the Maricopa 
County Attorney's Office offered the boy a plea bargain without jail 

The Trojan defense was also tried by an eighth-grade math teacher in 
Georgia, but with less success. In November, the 11th U.S. Circuit Court 
of Appeals upheld the teacher's conviction on federal child pornography 

[1] http://www.ncjrs.gov/pdffiles1/nij/210798.pdf

Subscribe to InfoSec News

This archive was generated by hypermail 2.1.3 : Wed Jan 17 2007 - 22:10:14 PST