Mini theatre ecrime beating the cybercriminals at their own game In this feature l ecrime investigation l Regulation of Investigatory Powers l online scams CONFERENCE 2017 In all, more than 40 mini theatres were staged during the four-day event, attracting healthy audience numbers and inspiring debate Beating the cybercriminals From metrology to doorstep crime, there was a mini theatre for everyone at this years Conference. Here, louise Parfitt takes an in-depth look at investigating cybercriminals, presented by the 36 Group Some of these [rogue traders] are a lot more effective and customer-minded than many of the big companies out there RECoMMENDatIoNS Kevin Barry offered some key tips and advice for avoiding common pitfalls when carrying out these sorts of investigations. tIpS tR apS If you seize and forensically examine seized computers, you are likely to find evidential treasure troves Credits Louise Parfitt is a writer for TS Today. Technology cuts both ways in the fight against crime. So said Kevin Barry, barrister at 36 Group. It facilitates offending, but it can also assist investigators enormously in their task, he said. Just as technology has given scammers a relatively low-risk and low-cost way to contact a huge number of consumers from the comfortof their own homes, the accessibility offered by technology can give trading standards officers the advantage of conducting remoteinvestigations and compiling evidence that can be used to present the case in court. Barry said, digital evidence can be devastatingly powerful. There are sophisticated malicious software tools (malware tools) now on the market, and there are seasoned e-criminals who can help newcomers build and launch scams. Some of these guys are a lot moreeffective and customer-minded than many of the big companies out there, Barry said, and gave an example from a recent case where he prosecuted an offender who built and sold bespoke malware packages on the dark web. He was even offering his customers online helpdeskfacilities! Another one of the challenges facing officers is the anonymity online scams offer perpetrators, but e-criminals, however sophisticated, will leave a trail of digital footprints. Although it can be frustrating to deal with disinterested and unhelpful responses from online trading companies when making enquiries, Barry urged officers to make your applications because when you get that material it can be dynamite. Officers are often concerned that they dont have the technical skills needed to investigate e-crime, but Barry emphasised that ensuring successful prosecution is all about conducting a good investigation. I think its helpful to draw a parallel with what youd be doing in a similar investigation offline. The fact that youre doing it online doesnt mean that its any different, he said. It has to be said, however, that there can be no substitute for getting your hands on computer hardware. If you seize and forensically examine seized computers, you are likely to find evidential treasure troves. There is a question over when open-source research becomes surveillance. Open source generally means a thing is available to members of the public online, but an investigation begins to head in the direction of surveillance when monitoring becomes regular, when data is being systematically recorded, retained, and stored and particularly when an investigator interacts with the target. Key points to check are whether private information is likely to be obtained if you are looking into social networking sites, the answer to this is likely to be yes and whether there is systematic accessing, recording and retention of data. If you are meeting the surveillance criteria, then it is likely section 28 of Regulation of Investigatory Powers (RIPA) 2000 will apply, and you will need directed surveillance authority (DSA) from a magistrates court. If an officer sets up a fake detailed profile and uses it to engage in two-way communication with a target, then they are likely to require a covert human intelligence source (CHIS) authorisation under section 29 of RIPA. The criteria for granting CHIS is similar to DSA. When we talk about RIPA, immediately theres a feeling of were getting heavy now this is serious, Barry said. It is serious, but you ought not to be shy or scared of it. Its easier than ever to do. He mentioned one officer, who was initially reluctant to engage with RIPA. However, hes now crossed the bridge and regularly makes these applications, so much so that the arrangement at the local magistrates court is such that he can apply for them over the phone. Barry reminded the audience that whether its research or surveillance, first principles still apply. You have to bear in mind that at a later stage you will have to establish the provenance of your material, and youll have to go through the usual steps of recording and obtaining the material in line with continuity, he said. But, when investigations in e-crimes are done well, the resulting evidential package can be devastatingly powerful. To share this page, in the toolbar click on You might also like Playtime to property July 2016 Images: Sam Atkins RECoMMENDatIoNS Kevin Barry offered some key tips and advice for avoiding common pitfalls when carrying out these sorts of investigations. tIpS Draw up a clear digital investigation plan for monitoring your surveillance, and stick to it or adapt it. It need not be very complicated, but its invaluable for all sorts of reasons. Detail it R ECoMMENDatIoNS Kevin Barry offered some key tips and advice for avoiding common pitfalls when carrying out these sorts of investigations. tIpS to your boss, and they can make Regulation of investigatory Powers applications on that basis. At a later stage if theres a challenge to whether the actions were proportionate youve got a document outlining your framework and basis for the action you took Be conscious of your own digital footprints. More sophisticated online criminals now have software in place to alert them to any attention that appears to be from law enforcement. The best practice is to use unattributed computers at work. You can set up a standalone unit very cost-effectively for the purposes of your investigation Keep robust and thorough records. This ensures all surveillance and research is noted so that, when you are working, you should be able to record every step of it. Its basic stuff, but it doesnt always come naturally, because when youre doing personal searches online, before you know it, youve clicked through maybe six or seven times on a site without thinking about it, to get where you want to be Use appropriate software to capture, process, and analyse material. Dont record just images but also underlying code and metadata. Theres often much more there than is apparent to the naked eye Seek advice from the National Trading Standards e-crime team, because they can help with tips on what the appropriate software is to use to minimise the trail you leave behind, and how best to capture, record, and store data tR apS tR apS Failure to keep clear records of your online investigative activities can lead to holes opening up in the evidence and issues with continuity. Recording too much is better than recording too little. There are software packages out there that can help you if you are worried about disclosure duties Theres the chance that all your hard work will come to nothing if you havent sought the necessary authority; then you open up the possibility for the offender to challenge the admissibility of the evidence youve gained about them Its easy to feel overwhelmed by the quantity of data but, if you have a straightforward data management plan in place at the beginning of the investigation and frankly you only need to develop such a plan once, and then adapt it to each particular investigation that should help you with your analysis and sifting of material Get the defence involved at an early stage and request that they notify you of any actions or keywords, and so on, that they consider should be added. If there is an issue later on, then you can point to your openhanded approach at the outset