From the Streets to the Servers, the Newest Crime Wave is Here

May 31, 2016
This article is based on research conducted as a part of the CA POST Command College. It is a futures study of a particular emerging issue of relevance to law enforcement. Its purpose is not to predict the future...

Every day, millions of people go online and surf the web. It has become part of our everyday routine, a routine many cannot recall living without. Whether we are researching information for work, for school, or shopping for a new car, the internet has become the number one resource for accessing information and connecting to others. Users provide their personal information from where they live, where they work, social security number, banking information, and every other conceivable personal piece of information required to access desired resources; however, they are not alone.  As the general population goes about their daily routine of accessing and distributing information, a new breed of criminal is online with them using their information to commit crimes all over the globe.

Imagine spending a day out with the family going to the beach, eating at restaurants and finishing up at the local department store to purchase a few household goods and groceries.  As you get to the cashier and run your debit card, the sale is declined! You try another card declined! You contact your bank and later credit card companies and learn that your bank accounts have been emptied and your credit cards have been maxed out. You have been hacked and are now a victim of online credit card fraud. Later when you run a credit report you learn that there are several accounts opened and maxed out in your name, your social security number is linked to several different names and addresses, and your credit score is now below 600.  You have just joined the list of thousands of people everyday who are victims of identity theft and credit card fraud. How did this happen, your credit cards and social security card never left your hands?  Who do you call, what can they do?

You contact your local law enforcement agency and they advise you there is nothing they can do because the transactions occurred in another country and they don’t have the jurisdiction or the resources to investigate those responsible.  You are advised to contact your banks security, which takes you weeks working with banks and credit companies before you are compensated for your loss.  It takes months to begin repairing the damage to your credit, after which you are left with a feeling of futility and no one is held responsible. If this sounds familiar, you are not alone. Statistics reported by the FBI suggest that there were over 1.5 million cyber attacks or internet based crimes in 2015, which is roughly 170 cyber related crimes or attacks per hour.  According to estimates by MacAfee Security, the annual loss by consumers and businesses globally are in excess of 400 billion dollars. This is more than the GDP of 25 of the top 50 producing nations according to Statista.com.

Investigating Internet Crime Becoming More Difficult

In most instances involving criminal activity, you have a victim, a suspect and a crime scene all with a jurisdictional location under the policing agencies purview.  Officers conduct interviews, identify suspects and process crime scenes for evidence.  With regards to the internet, there is not always a crime scene to speak of and how do you interview a suspect who is a country away and no one saw him or her commit the crime? One of the biggest challenges facing law enforcement officials is how do you find, arrest, and convict criminals that you cannot see?

Throughout history, law enforcement has been challenged with developing new methods to combat criminal activities.  Officials utilized foot patrols to suppress downtown crimes, vehicles to patrol neighborhoods, undercover officers to infiltrate criminal networks which are all effective solutions, but these have all been crimes that could be seen or heard.  With the advent of the Internet, a whole new world has been realized through virtual interaction, from social networking, online gaming, online shopping, and of course criminal behavior.  Billions of dollars are lost each year worldwide through cyber crime, where traditional policing methods having little impact on its rise. With the blazing speed of technological growth, law enforcement is currently ill-equipped to keep up.  Those agencies that have the personnel and resources generally lack the expertise to investigate cyber crimes and rely heavily on the Federal Bureau of Investigations which deals primarily in cyber espionage and terrorism. (Sullivan, Eileen) In 2014 New York Police Department announced a joint cyber terrorism task force with the assistance of the FBI, but that is New York who is fortunate to have vast resources and personnel, not common in the average police department.

Where crime now has no defined borders, is it time for local law enforcement to shed their borders? Can the hurdles of jurisdiction be overcome to deal with this multi-billion-dollar criminal industry?  According to Jeff Gardner of Victims Support in London, “Police need a wider capability to tackle online crime.” (Garner, Jeff) With the governments focus on cyber crime at the national level, their needs to be an emphasis by law enforcement to investigate at the local and state level.  Unfortunately, this does not seem to a priority for many organizations. As noted in comments from the director of PERF in an article written by the Washington Post in April 2015, “I am not sure who owns cybercrime at the local level. And that is a problem,” said Chuck Wexler, executive director of the Police Executive Research Forum. (Wexler, Chuck) So if no one is responsible for cyber crime at the local level, which is responsible for the internet?

Evolution of the Internet

The Internet we have today was initially developed in the late 60’s as a governmental project by DARPA. (Defense Advanced Research Projects Agency) The purpose of the project was to be able to communicate within governmental agencies in case of a nuclear disaster that wiped out traditional telecommunications such as telephone and television. This was a time of the Cuban missile crises and many within government feared a nuclear confrontation between the U.S. and Russia was inevitable.   The project was initially called ARPANET (Advanced Research Projects Agency Network). (Bellis, Mary)

The concept of ARPANET was to transfer packets of information from one computer to another via a network, or a group of computers connected together.  It was not until 1991 that the World Wide Web we know today was created.  Using the ARPANET’s network formula a scientist named Vinton Cerf created a transmission control protocol (TCP) that allowed one network of computers to speak to another network of computers.  This network we know now as the Internet or World Wide Web, which essentially is the ability to send and receive information to and from any computer or network that is linked to the web. (DARPA)

No one, not even the founding fathers of the DARPA project could have imagined that their communication network would or could have evolved to what we have today.  What began as a communication resource has evolved into a world within a world where you can shop, order food, date a man or woman, play a game, or watch an event take place across the globe.  It is also a place where criminals lurk looking for an opportunity to victimize unsuspecting users.

Internet Crime Hackers

Crime is not new; history is filled with accounts of criminal behavior dating back to Cain and Abel.  However, computer crime and later internet based crime can be traced back to an incident in 1987. Robert Morris a Cornell University student launched a computer virus into Cornell’s network that damaged more than 6000 computers causing an estimated 98 million dollars in damage. More incidents began to follow across the nation in a continuous, steady stream as tech savvy hackers developed complex algorithms intent on disrupting networks for no more reason than to see if they could. Congress responded by passing its first hacking-related legislation, the Federal Computer Fraud and Abuse Act, in 1986. The act made computer tampering a felony crime punishable by significant jail time and monetary fines. (Marsan, Carolyn)

In the early 1990s, it became evident to law enforcement that computer hackers were not the only people using the Internet as their personal playground for criminal activities. While working on cases of missing and abducted children, FBI agents found one of the first online child pornography rings. It was discovered that pedophiles were using the Internet to share sexually explicit images of children. Further, pedophiles were also using electronic bulletin boards (early precursors to chat rooms) to contact underage individuals in an effort to solicit sexual activity. (Reyns, H) The FBI has come a long way since the 90’s in their online investigations which was never more evident than a recent sting in Nebraska.  In that case, agents were able to infiltrate the Dark Web through a Tor browser that they obtained through a warrant.  Once online they were able to use photos that had a reverse bug which identified the user’s ip address when they looked at the photo.  As a result, several search warrants and subsequent arrest were made, one of which was a cyber security expert working for the NSA. (Pagliery, Jose) These methods of investigations by the FBI are precisely the innovative techniques needed by local law enforcement to make any type of impact in online criminality. Even in the particular FBI case mentioned, after three years only 6 victims were rescued and only 19 arrests were made.  Statements by Justice Officials admitted that these types of cases are lengthy, costly and difficult. 

The Internet today has become as necessary to most of society as the automobile and the mobile phone. Due to its infinite uses and our dependence, it has also become a breeding ground of criminal entities lurking in the shadows and darkest corners of the web to pounce on unsuspecting victims.  According to an International Police Chiefs summit held in September of 2013 sponsored by PERF (Police Executive Research Forum), executives in that conference noted the police are ill-equipped to handle Internet crime.  In one instance in 2013, thefts from ATM machines over a 10-hour period resulted in losses of $45 million by hacking into several banks in Oman’s pre-paid visas and raising the withdrawal limits and balance amounts. The six subjects were arrested in Florida with suitcases of cash while boarding a plane; this was more than the total losses from all “traditional” bank robberies in the United States over the course of a year.  At the local level, police chiefs are noticing that gangs are switching from illegal drug sales to cyber-scams to generate money, because cybercrime is easier and safer for the criminals with less punitive action. (Wexler, C) although TM’s and banks are easy targets, it’s the internet where the real criminals lurk.

The Darknet-The Underbelly of Internet Criminal Enterprise

Within the Internet, is what some call a subnet and often referred to as the “Darknet”.  The Darknet hides in the underbelly of the internet and is not reached by common search engines such as: Google, Bing, WebCrawler or others.  It is here where criminal entities flourish, from illegal child pornography, weapons sales, drug sales, credit card information providers and any and every other conceivable criminal activity.  It’s a place where terrorist groups communicate and exchange information outside the reach of government watch dogs. Access to the Darknet is complicated and one must be given the exact URL which is ever changing to access, so even if someone were to stumble upon it, they could lose the access within a day or week. (Chacos)

With the Darknet, disgruntled individuals around the world intent on causing havoc to network infrastructures, cyber terrorist groups such as those that hacked Sony Pictures and the random criminal looking for his next victim have found new turf. The question is, are traditional policing methods and agents able to respond effectively?  Some will argue that local law enforcement and governments agents alone are ill equipped to respond to the cybercrime we are now experiencing.

Terrorism world-wide is a daily occurrence and is on the rise. Once confined to battle fields and third world countries, we now see it in our most prominent industrialized nations in the form of cyber terrorism. Cyber terrorism allows terrorists to focus their attacks through virtual warfare from anywhere in the world, at a low cost, with a high level of anonymity, and with no time or space restrictions. Take, for example, a 2013 incident in which a group of Iranian hackers, possibly backed by the Iranian government, were able to remotely gain control of the tiny Bowman Avenue Dam in Rye Brook, N.Y. Nothing much happened and even if the breach had resulted in a total failure of the dam, its systemic impact would have been minimal. But imagine if those same hackers had instead somehow seized control of the Arthur R. Bowman Dam in Oregon, which at a height of 245 feet provides irrigation and flood protection for thousands of people. (Brown, Michael)

Through the hacking of state databases to the release of information and crippling of technological giants, cyber crimes are here to stay.  With limited knowledge and resources, traditional law enforcement methods are inept to investigate and prosecute would be criminals. At the local level law enforcement need to look to what is being done at the federal level and mirror their successes. In 2002 the FBI (Federal Bureau of Investigation) created a Cyber Terrorism Division in the wake of the terrorist attacks on September 11. They have since partnered with other governments around the world such as the UK, Germany, Australia and others to combat cyber terrorism with recent successes against Russian and Estonian hackers responsible for 14 million in seized assets from Rove Digital and the recent collapse of a multimillion dollar on-line theft ring in Africa called Dark ode which was responsible for over 100 million in stolen goods from the U.S. obtained online (FBI)

As more agencies are looking into regionalization through collaboration of resources such as: Special Reaction Teams, Narcotics Enforcement, and even joint communications centers to combat costs and maximize resources. It might be time to look at a local multijurisdictional response to cyber crimes. Similar results and strategies must be explored by local jurisdictions to investigate and prosecute local cyber criminals. If state and local law enforcement fail to recognize the impact that cyber related crimes will have on our society now and into the future, the damage resulting in loss of income and financial stability will be immeasurable.  Imagine an attack that might allow adversaries to gain control of parts of the U.S. power grid, casting Americans into darkness, shutting down communications networks, stopping financial transactions and making transportation all but impossible. This is hardly something out of science fiction: Last year, 80,000 Ukrainians temporarily lost power when hackers remotely hijacked the controls of a pair of power companies. (Brown, M)

What has become evident is the more we embrace cyber-technology, the more potential it has to be used against us. Our technical dependence is narrowing the gap between the physical world and the virtual world that surrounds us.

Regionalization and Public/Private Partnerships-Two Viable Solutions

Proteus, a government think tank released a report where Dr. Deborah Osborne stated: “There are not enough trained, skilled, and knowledgeable law enforcers who can tackle the problems based on current technology from identity theft, white collar crimes, and cybercrime.” Emerging technologies are likely to bring further challenges, which justice and security agencies will be ill equipped to face. The exponential rate at which technology is changing is directly affecting policing today, while law enforcement is discovering new tools to be deployed; the Internet is proving a lucrative playground to target victims by criminal entities. The need for policing the internet is becoming ever more pressing as millions of people are being victimized and billions of dollars are lost.

Through a regionalized and collaborative effort, local law enforcement can pool resources together with assistance from private tech security firms such as Symantec, Norton or NetIQ as well as tech giants such as Google, Apple, Dell and others to assist in the investigation of local cyber crimes. Investing in a collaborative response will help local law enforcement agencies address the threat of cyber crimes in their communities, build partnerships with surrounding agencies, public entities and most importantly deliver the law enforcement services the public has grown accustomed to.

One of the biggest roadblocks in this effort is convincing some tech companies that the problems facing law enforcement is not just their problem, but a global problem.  This has never been more apparent than the current ongoing battle between the FBI and Apple technology over gaining access to the terrorist in San Bernardino’s phone.  Law enforcement officials believe there is pertinent data within the phone that can lead investigators to possibly identify others involved.  Apple Executives contend that accessing the phone opens a form of Pandora’s box into government intrusion of an individual’s personal privacy and by hacking their own operating system goes against everything they as a company strive for, which is protecting their consumer. (Dredge, Stuart)

Law enforcement, legislators, and public partners need to realize the importance of staying up with technological advances, getting ahead of cyber criminals and creating partnerships to prevent, investigate and prosecute cyber terrorism.  Only through mutual cooperation in both the public and private industries will law enforcement be prepared for the dangers ahead. Some solutions to these issues include:

1) Globally recognized legislation on cyber crimes and cyber criminals should be enacted to effectively prosecute criminal acts;

2) Stiffer penalties should be imposed on acts of cyber related crimes;

3) dedicate funds for the development of expertise in technological crimes;

4) Small agencies should partner with large agencies and private corporations in the creation of research and development departments to get ahead of cyber criminals through new innovative technologies;

5) The possible creation of a world recognized body that has the unilateral authority to investigate and prosecute criminals unbound by jurisdictional and territorial constraints; and,

6) Increased security and policing of Internet domains, social media outlets and on-line gathering points to identify would be terrorists.

If the recent incident in San Bernardino has taught us anything, it is that terrorism is not just someone else’s problem, local law enforcement can’t look to others to solve the problems in their own backyards.  Law enforcement must change and adapt to the ever changing world around us.

Conclusion

It is now more imperative than ever before for law enforcement agencies and officials to recognize the impact cyber crimes and terrorism will have on our communities in the future. Future crimes will move from the streets to the Internet, from the neighborhoods to the server rooms. Billions of dollars will be stolen in the push of the button and not the pull of the trigger. Our local communities are threatened by a new breed of criminal and we must be prepared to combat them.

Law enforcement must change from their traditional methods of investigating the crook down the street to the crook across the globe.  Traditionally law enforcement is two steps behind in the advancement in technology we must now work to be five steps ahead.

Sponsored Recommendations

Voice your opinion!

To join the conversation, and become an exclusive member of Officer, create an account today!