ITBusiness.ca

Digital detective tracks perps online

Det. Peter Jupp, of the Ottawa police department’s high-tech crime unit, has seen it all when it comes to computer-related crimes — short of victims being beaten to death with hard drives. Jupp spoke with TIG recently about his work and how technology is being used to fight crime.

TIG:

How did you get involved in the area of high-tech crime?

Jupp:

Law enforcement has always been a keen interest of mine. When, at the age of 29 I finally got the chance to join my local police force, I jumped at the opportunity. For the next several years I did what every rookie constable does — worked shifts and drove around in a patrol car responding to calls. I never lost the interest in technology, though, and couldn’t help offering continual suggestions to management about how we could improve efficiency and productivity by means of technology. Someone must have been listening because before I knew it I was assigned to several project teams which were tasked specifically with the implementation of various forms of technology, from laptops in patrol cars to wireless networks and records-management systems.

After several years of that, our high-tech crime unit had just been formed and was beginning to make a name for itself.

TIG: What unique qualifications do you need for this kind of work?

Jupp:

The only unique qualification you need is a strong interest in computers and technology, and the will to continue learning. It’s a passion for most of us that goes far beyond a regular 9-5 workday. A tactical or SWAT officer has a very physical job and their interests usually coincide. After work there’s a good chance you’ll find them in the gym or the basketball court. A high-tech crime officer can usually be found online. It’s where we live. And if we’re not online it’s because our computer is in little pieces and we’re tinkering around with our hardware. We are not programmers — although we eventually learn a little about it — and we are not engineers. If we need those kinds of skills we know where to find them. Our chief skill is probably the ability to bridge the gap between the cyber-guru and the layman. We have to write reports and warrants for court purposes. It is necessary for us to describe the nature of a computer-related incident so that it can be understood by people with no computer skills. We have to take reports from people who have been victimized by computer crime but have no idea how to articulate exactly what happened to them. We have to obtain detailed assistance and statements from network engineers that describe incredibly complicated things like distributed denial-of-service attacks. We have to understand what they are talking about if we have any hope of a successful prosecution.

TIG: What types of online crimes are there?

Jupp:

Just open the Criminal Code and pick any crime at random, then call it a computer crime — because we have seen the whole range. Our section has been involved in homicides, extortions, frauds, partner assaults, child abuse, you name it. It is possible to add an online component to just about every crime in the book. We’ll stop short of taking the lead on a murder file where the victim was beaten to death with a hard-drive … but you can bet that we’ll be called upon to assist with a forensic analysis of the murder weapon.

Basically, the computer is at the root of things, a tool to automate chores like data processing or communication. Computers make it possible for a pedophile to hunt victims without leaving the safety of his living room. Computers make it possible for fraudsters to reach a million people at once to deliver their sales pitch. Computers facilitate breaking copyright laws, threatening an ex-spouse or obtaining sensitive corporate information from an ex-employer. But these crimes have always been perpetrated, we’re only seeing them perpetrated in a slightly different — possibly more efficient — way.

TIG: How do you conduct an online investigation?

Jupp:

There is a lot of intelligence-gathering that is possible to do without leaving my office. The key is narrowing down search results and knowing how to efficiently obtain online information without getting bogged down by the sheer enormity of it. It’s also sometimes difficult to sort out fact from fiction. Sourcing and verifying information is very important. You still usually need to talk to someone for that, but the Internet is a great place to start.

Other than this, the same old basic rules of investigation apply, such as proper evidence handling and rigid adherence to the constraints of an increasingly complex legal system. Following a digital trail isn’t much different than following a paper trail, except it’s usually easier because most of the information you are seeking is at your fingertips. The key is not to be overwhelmed by the technology or the volume of evidence often available.

TIG: What is involved in tracking down, for example, a child pornographer?

Jupp:

By the nature of what a child pornographer is doing, they need to be connected to other computers. They are either obtaining or distributing illegal digital images by means of their computer systems. Tracking them down is a matter of understanding the means by which they are doing this, and then following the digital trail. This is not a simple matter in many cases. However, we are getting better at it. It’s really important to realize that technology is always changing, and so the pornographers and pedophiles will be changing their methods as well. Just a few years ago we were dealing with usenet groups as a major distribution point for child pornography. Now we’ve got e-mail groups, Web sites in foreign countries and, most recently, peer-to-peer networks specifically designed to facilitate file-swapping. These networks are now one of the main sources of online (child sexual abuse images) and we had to learn how to deal with them. As it turns out, it’s not as complicated as we feared. However, we’re already trying to look over the horizon to the next threat.

TIG: How do you confirm what is a real crime and what is just a hoax?

Jupp:

This is simply a matter of investigation and good information sources. We are passed a lot of information and requested to determine its authenticity, everything from fear-mongering group distribution e-mails to “”snuff”” .mpg video files. I will usually obtain at least several different online sources to verify or discount information before making any conclusions. This kind of thing usually isn’t very difficult — by the time something crosses my desk someone else in the world has seen it too and written about it in their Web journal or submitted it to any number of Web sites dedicated to the debunking of things like urban legends.

TIG: What is a forensic workstation and how do you use it?

Jupp:

A forensic workstation is a computer designed for the analysis of digital information. Given that the size of modern storage media is increasing exponentially, we compare finding a particular e-mail on an 80 GB hard drive to finding the proverbial needle in a haystack. It is not possible to review 100 per cent of the contents of most computers.

We must rely increasingly on the automation of various search methods. For example, we can retrieve deleted HTML files by means of programming scripts which locate the specific header information associated with these kinds of files. By running this kind of search on the image of a suspect’s hard drive, we can quickly obtain evidence which would take months to obtain manually. Suffice it to say that time is money, and a faster processor and more RAM facilitates the retrieval of critical evidence in an important case. A forensic workstation should be a high-end late-model computer which is capable of connectivity to various types of digital media.

We have traditionally built our own, as we feel it is important to know exactly what’s happening inside our analysis station. We also suffer the typical budgetary constraints of any public agency and have realized we can get a lot more bang for the buck by assembling our own components. It’s also something we enjoy.

TIG: How many charges have been laid as a result of the work in your department?

Jupp:

It’s far too complicated a statistic for a simple answer. Last week I assisted in a major case in which nine charges were laid against one individual. We are laying the groundwork today to identify, arrest and charge several paedophiles with numerous offences apiece. During a recent online blitz we were able to identify and charge three different paedophiles in three months who were all on the Internet for the purpose of hunting for child victims. They found us instead. We don’t come into work thinking “”today I’ve got to lay a charge.”” Sometimes the most successful prosecutions are the result of months of hard effort in which little or no results are obtained until the very end. No matter what the method, to save a child from suffering unspeakable horror and violence at the hands of a predator is worth a lifetime of effort.

TIG: Has Ottawa’s high-tech crime legislation aided your job, and if so, how?

Jupp:

There have been numerous changes and additions to current legislation in the recent past. Some of them have been well-intentioned but ultimately not as fruitful as we had hoped. Others are very promising but have not been explored to their full extent as of yet. We are satisfied with efforts ongoing and hopefully picking up steam which will help us do our jobs better. If there is one message I would like to send to the legislators it’s to plead for a change to the age of consent. Are you aware that the age of consent for sexual relations is only 14 years of age in Canada? We take complaints from concerned parents who have just found out their 15-year-old daughter has a new 35-year-old boyfriend who wants to engage in “”cybersex”” nightly. We can’t help these people – we can only tell them the law sees their child as an adult. They are justifiably horrified. I think you could ask any parent whether their 14-year-old is mature enough to consent to a sexual relationship and the answer would be a resounding “”no!””. How we can still have this legal definition on the books in our day and age is beyond me, but it has to be changed. This would help our jobs more than any legislative changes currently on the table.

Exit mobile version