[Infowarrior] - Feds offer cybercrime tips to local cops

Tue Jan 16 23:41:18 EST 2007

Feds offer cybercrime tips to local cops

By Declan McCullagh
http://news.com.com/Feds+offer+cybercrime+tips+to+local+cops/2100-1028_3-615
0676.html

Story last modified Tue Jan 16 19:55:04 PST 2007

Police trying to learn how to use the Internet to investigate everything
from cyberstalking to spam and illegal hacking have some new advice, thanks
to the U.S. Department of Justice.

The department's Office of Justice Programs on Tuesday published what
amounts to a manual for tech-challenged gumshoes, covering everything from
how to track suspects through an Internet Relay Chat network to targeting
copyright thieves on peer-to-peer networks.

Local and state law enforcement have bungled some high-tech investigations
recently. The Pennsylvania Supreme Court rejected prosecutors' attempts to
seize newspaper reporters' hard drives, and the 8th Circuit Court of Appeals
ruled that police illegally seized a computer in a methamphetamine
investigation. A federal judge permitted an Internet service provider to sue
police after it was raided because of Usenet posts its employees knew
nothing about.

The new 137-page manual (click for PDF) appears to represent the Justice
Department's attempt to offer at least some basic technical and legal tips
to law enforcement agencies that may not have computer experts on the
payroll.

"Criminals can trade and share information, mask their identity, identify
and gather information on victims, and communicate with co-conspirators,"
the manual says. "Web sites, electronic mail, chat rooms, and file sharing
networks can all yield evidence in an investigation of computer-related
crime."

The manual warns of the perils of assuming that the owner of a
computer--especially Windows PCs, which can be vulnerable to security
breaches--is responsible for what's actually on it.

"Because investigations involving the Internet and computer networks mean
that the sus¬pect's computer communicated with other computers,
investigators should be aware that the suspect may assert that the
incriminating evidence was placed on the media by a Trojan program," it
says. "A proper seizure and forensic examination of a suspect's hard drive
may determine whether evidence exists of the presence and use of Trojan
programs."

Defendants in criminal cases have been known to raise what's become known as
the Trojan defense. In a dawn raid, Arizona police stormed into the house of
a 16-year-old boy named Matthew Bandy and accused him of downloading child
pornography--which carried a maximum penalty of 90 years in prison.

It turned out that, contrary to claims by police and Maricopa County
District Attorney Andrew Thomas, the Bandy's home computer was thoroughly
infected by malware. After being contacted by reporters, the Maricopa County
Attorney's Office offered the boy a plea bargain without jail time.

The Trojan defense was also tried by an eighth-grade math teacher in
Georgia, but with less success. In November, the 11th U.S. Circuit Court of
Appeals upheld the teacher's conviction on federal child pornography
charges.