Criminals are a notoriously crafty and unscrupulous lot, taking any advantage where it may lie. The Internet, in part due to its perceived anonymity, has been a breeding ground for the underhanded techniques used by cyber criminals to separate a fool from his money, spread hate literature and exploit children. But today the balance is shifting as more and more police agencies are taking the threats seriously and beefing up the cyber crime response teams. Call them geeks with guns.
Because of the way the Internet is structured, under normal circumstances no one knows where anyone is. A dot-com can be in Pretoria or Peoria and a site visitor is none the wiser. A Web site disseminating hate literature or child pornography could be in Saratoga or Saratov. Without the means of locating the site server, there is no way to apprehend criminals. It is far beyond a needle in a haystack, more like a specific grain of sand in the Sahara. Thus, it is important for police to be able to find out where a site is located in order to start the legal ball rolling against criminal activity. Once you have found the server, it is generally much easier to find the person breaking the law.
“We need to know the actual physical location of the server,” said detective Dave Johnston.
“We’ll get a warrant if it is occurring in Edmonton, if not then we will deal with another agency in that particular jurisdiction,” said his partner Ron Scholes of the Edmonton Police Services technological crimes unit in Edmonton.
The key to success is software which allows police to trace back the geographical location of a threatening e-mail message, dishonest e-commerce Web site or a site disseminating illegal information such as hate literature or child pornography.
“Basically it combines the Internet tools of ping, trace route and who is into an integrated package with a graphical interface,” said Julie Lancaster director of marketing for tracer software manufacturer Visualware Inc., in Centreville, Va.
“Usually things like ping are run from a command prompt and [it is] hard to discern the information since it is a bunch of numbers,” she said. “So Visualroute packages that information into a presentation that is easy to read.”
The company has created a process to identify the geographical location of many routers and Web servers worldwide
“It will tell you the city, state and country of where the routers are located and plot that information on a world map,” she explained. So if police are apprised of a threatening e-mail or child porn site they can trace it back to the ISP that served up the information.
For detectives Johnston and Scholes, there have been some real success stories. About a year ago a young man was on an electronic bulletin board site in the U.S. threatening to blow up his school. Without tracer software there would have been no chance of apprehending the individual before he acted.
The two tracked the origins of the threat to a city north of Edmonton and turned it over to the RCMP for final investigation.
“They found real explosives, hand guns (and) ammunition,” Johnston said. “They don’t know if the fella would have carried through with it, but certainly he had the means and apparently, when they interviewed him, the will to do so.”
But tracing back to an ISP is still not enough to find an individual, though the haystack has been substantially reduced in size.
“We teach a course at the Canadian Police College on how to investigate Internet crime and track people down, and one of the first things we tell them is to make friends with your local Internet service providers,” Johnston said.
Getting to know the men and women who work at local ISPs can put investigations on a more personal level. “They are on the good side, just trying to make an honest living and they will (generally) help police work out things,” Johnston said.
But the two detectives admit it is not always this easy when dealing with police in other jurisdictions.
“Jurisdiction of course is a big issue – it is difficult to get anyone to act on a $200 cheque that was written to some criminal in some southern state,” Scholes said.
“It can be a very frustrating experience, (it is) not always the highest priority, (and) getting their cooperation at times can be difficult,” he added.
“If we are dealing with child pornography I think we get pretty good action, (but) when we are dealing with perceived lesser offences we do run into some problems,” he admitted.
Scholes cited a case dealing with a minor hacking event that originated in the U.K. and affected a software company in Edmonton. He said they are experiencing some frustration there getting the British to act on their behalf.
The chicken and the egg
Regardless of the technology, the most talented of cyber criminals are tougher to catch as they do more and more to hide their tracks. Most tracer software has its limits and the skilled hacker can sometimes avoid detection.
“If somebody has gone to extremes to hide their IP and does the spoofing thing, then Visualroute will not always be accurate in that regards,” Lancaster said. “It is limited some what for people who take extensive measures to cover their tracks.”
This is an ongoing battle that sees the upper hand change regularly as tracer technology improves and is then undermined by better technology to hide your true whereabouts.
“I honestly don’t know who is winning that battle but it is akin to the battle of armour versus the missile makers,” said detective constable Wolfgang Lott, an officer with the fraud squad in the computer crime support section of the Toronto Police.
Another problem is using public access points for criminal intent.
“[Tracer software] is pretty good, (but) anybody can use a public library or an Internet caf