Computer-Based Crime: Identification and Investigation
The emergence of cybercrime due to the development of computer technologies has become a significant issue in recent years. Cybercrime is a type of unlawful behavior that is committed through the use of digital devices and computer networks (Johansen, 2020). Instances of cybercrime involve depriving people of sensitive information for personal gain or distributing malicious software that damages computer systems. As such, one type of criminal cyber activity is the use of electronic devices as a means of obtaining access to illegal or banned information (Johansen, 2020). A perfect example of this behavior is when hackers use Internet networks to store and disperse outlawed data; this information often includes child pornography, terroristic messages, and harassment materials.
Another distinct type of cybercrime involves the theft of digital information belonging to other individuals or entities. As a result of a cyber attack, numerous people or institutions might lose unique data which identifies them, provides income, or possesses a specific inherent value (Johansen, 2020). For example, hackers may obtain such information by bypassing a corporation’s cyber security measures, stealing valuable documents, and distributing them over the Internet. In this regard, cybercrime can be extremely harmful to society, depriving them of personal information, and finances, and incurring physical and psychological damages.
Cybercrime is often divided into six distinct categories for better investigation and prevention outcomes. One distinguished type is the use of malware to gain access to unique data stored on the device (Johansen, 2020). By distributing malicious software or attacking unprotected spots in the computer operating systems, cybercriminals can infiltrate the device and threaten the user, asking them to pay a specific sum for restoring data safety. A recent event involved Colonial Pipeline, the largest fuel pipeline organization in the US (Turton & Mehrotra, 2021). During the attack, hackers acquired illegitimate access to the Colonial Pipeline network; later on, the criminals sent the corporation a ransom note and required payment (Turton & Mehrotra, 2021). A similar cybercrime category is hacking, which also seeks to compromise digital software. hacking includes malicious attempts aimed at computer systems weaknesses performed to gain access to such devices or networks (Johansen, 2020). A prominent example is the case of BitMart, a crypto exchange service that recently lost approximately $150 million to unknown criminals (Sigalos, 2021). It is speculated that system insecurity was used to acquire illegitimate access to withdraw assets from the BitMart accounts.
Social engineering is another form of cyberattack that utilize computer systems to gain leverage over individuals. Social engineering attempts include actions aimed at gaining an individual’s trust, which allows the hackers to manipulate the users for their benefit (Johansen, 2020). In 2019, the Toyota corporation was targeted by hackers, who sent a compromised email to some of the Toyota employees, asking them to transfer funds to a third-party bank account (Lindsey, 2019). As the individual posed as Toyota’s business partner, they were able to acquire the company members’ trust, which resulted in the loss of $37 million (Lindsey, 2019). From this perspective, social engineering may be especially dangerous due to the utilization of human vulnerabilities as a means of conducting crime.
Compromising business entities is also possible through web attacks, and digital crime activities focused on extracting data from websites. Hackers typically exploit vulnerabilities present in web pages to steal user information or company documents that might be used for personal benefit (Johansen, 2020). A massive website attack was performed in 2016, during which the website owned by Brian Krebs, a well-known cyber security expert, lost its functionality for several hours (BBC News, 2016). The attempt utilized the source’s vulnerability and extracted a significant amount of information, also leading to a large number of technological issues for Krebs (BBC News, 2016a). Web attack methods can be used as a basis for performing a Distributed denial of service (DDoS) disruption, during which the website becomes inaccessible due to the increased amount of traffic (Johansen, 2020). The BBC experienced a DDoS attack in 2016 when the New World Hacking group bombarded the corporation’s web page with a tremendous traffic flow to demonstrate its cybercrime capabilities (BBC News, 2016b). As a result, numerous BBC viewers and employees were unable to access the website for multiple hours.
Credential compromise is another type of cybercrime that is deeply connected to other online crime categories. This attack uses the data acquired through social engineering, malware, or hacking, and allows the hacker to enter personal accounts (Johansen, 2020). Recently, a cybercriminal stole 500000 login credentials from the Fortinet VPN company, allegedly utilizing hacking as the primary method for acquiring the data (Hope, 2021). As the leaked credentials were still valid, the personal accounts of multiple Fortinet VPN customers were compromised and could be accessed by other individuals.
To investigate the crime, it is possible to rely on title 18 of the United States Code section 1028(a)(7). This legislation is a part of the Identity Theft and Deception Deterrence Act of 1998, which focuses on identity theft and outlines eight types of conduct that are connected to the act of stealing identification information (Office of Legal Education for United States Attorneys, 2010). In addition, it is possible to use section 1028A of the Identity Theft Penalty Enactment Act of 2004, which pertains to aggravated identity theft committed using computer devices (Office of Legal Education for United States Attorneys, 2010). Considering that the perpetrator in the discussed case utilized personal information to identify as another individual and the information was accessed digitally, both of these federal laws apply to the situation.
To obtain the relevant warrants it is necessary to apply for a warrant through a federal court. If probable cause is found, the federal judge will issue a search warrant, a type of warrant that allows the person to investigate a physical or digital location for crime evidence (Blanco, 2017). In the presented case, the judge might issue an email account search warrant; if compromising data is found, an arrest warrant might be requested.
A digital forensic investigator might be required to locate and examine digital information obtained during the search. Given that vehicle registration records were hacked in three different states, it is possible that a variety of devices and methods were used by the perpetrator, necessitating the creation of a digital forensic investigation team. Members of this group are required to identify the devices and networks used for identity theft, as well as to analyze the digital data to establish the identity of the criminal and the vulnerabilities exploited (Goodison et al., 2015). In addition, to access the location of the crime, detectives working on the case be needed to collect additional data about the suspect and the environment.
To perform an appropriate investigation of the forensic data, such devices as a laptop and a hard drive will be especially useful. A laptop can be easily connected to the devices used for conducting digital identity theft, allowing the investigator to perform a manual analysis of available data (Goodison et al., 2015). In addition, as the majority of the evidence might require automatic analysis at a forensic laboratory, a hard drive will be needed to transfer the original data (Goodison et al., 2015). Depending on the amount of information, it might be transferred onsite or at the laboratory.
The investigation of an electronic crime scene is highly distinct from the examination of the physical site. As such, after the scene is secured, it is imperative to identify the electronic devices used for storing and distributing information, namely computer systems and storage, handheld, and peripheral devices (Angelopoulou et al., 2016). Furthermore, it is crucial to establish whether computer networks were used for disseminating the data. After that, the scene can be documented, and the evidence collection procedure may begin (Angelopoulou et al., 2016). Relevant knowledge often includes online purchases, banking software, internet activity records, money transfer receipts, and the victims’ login credentials (Angelopoulou et al., 2016). Selected data must be retrieved safely, ensuring that the information is not corrupted in the process. Finally, digital evidence storage systems must be packaged and transported, minimizing the possibility of physical damage.
Extracting incriminating information can be highly complicated, meaning that a systematic procedure should be implemented. The Digital Evidence Extraction Scheme can be especially helpful in this endeavor. First of all, the investigator should attempt to manually extract the data utilizing standard device inputs; keyboards and touchscreens are typically used during this phase (Goodison et al., 2015). After that, external computer equipment can be implemented to perform logical extraction, which allows the examiner to control the computer system (Goodison et al., 2015). Following this step, physical extraction techniques might be beneficial for locating deleted evidence (Goodison et al., 2015). Finally, to access hidden files, the forensic investigator might use chip-off and micro-read methods, retrieving the information directly from the memory chip.
References
Angelopoulou, O., Vidalis, S., & Jones, A. (2016). Extracting intelligence from digital forensic artifacts. 15th ECCWS: European Conference on Information Warfare and Security.
BBC News. (2016a). Massive web attack hits security blogger. Web.
BBC News. (2016b). “Anti-IS group” claims BBC website attack. Web.
Blanco, K. (2017). An important court opinion holds lawful warrants can be used to obtain evidence from U.S. internet service providers when those providers store evidence outside the U.S. Web.
Goodison, S. E., Davis, R. C., & Jackson, B. A. (2015). Digital evidence and the U.S. criminal justice system: Identifying technology and other needs to more effectively acquire and utilize digital evidence. Rand Corporation Report.
Hope, A. (2021). Threat actor leaks login credentials of about 500,000 Fortinet VPN accounts. CPO Magazine. Web.
Johansen, G. (2020). Digital forensics and incident response: Incident response techniques and procedures to respond to modern cyber threats (2nd ed.). Packt Publishing Ltd.
Lindsey, N. (2019). Toyota subsidiary loses $37 million due to BEC scam. CPO Magazine. Web.
Sigalos, M. (2021). Hackers take $196 million from crypto exchange Bitmart, security firm says. CNBC. Web.
Turton, W., & Mehrotra, K. (2021). Hackers breached Colonial Pipeline using compromised password. Bloomberg. Web.