Cyber Crime Lawyer Blog

In a recent news article delivered to me by a friend of mine, Mark Mulroney, the technology used to search a suspect’s computer has taken a giant leap forward. No longer are police and investigators required to track cables, label machines, and photograph the exact location of every device. With this new device from Microsoft, the Computer Online Forensic Evidence Extractor, commonly referred to as COFFEE, law enforcement can literally have your information at their fingertips.

COFFEE is a USB thumb drive that contains 150 commands that can dramatically cut the time it takes to gather digital evidence, and decrypt passwords and analyze a computer's Internet activity, as well as data stored in the computer. What could have taken days, weeks, and months, to crack can now be done in a fraction of the time. What does this mean? Well let’s look at it from a law enforcement point of view.

For law enforcement, it means less time on scene taking down computers, and quicker analysis’ of machines (possibly depending on the purpose of the investigation), to name a few benefits. Therefore, faster turn-around time on pending investigations and prosecutions, and ultimately, it could lead to saving law enforcement a lot of time and money, which we all know they can use with budget cuts all over the country, especially in Florida.

What does this mean for the non-law enforcement individuals? Well, for now until the entire scope of what this device is capable of, not much will change. I am certain that this device will be challenged as to authenticity of the material recovered. I have yet to see how exactly is can re-create a clone or image of a hard drive, which is what is needed to preserve the integrity of a computer’s hard drive. It looks like all this does is a quick search of the drive for whatever the investigation calls for. Some interesting discussions that may follow as a result of this are whether or not inserting a thumb drive into a computer can trigger a virus, or alter any computer data, or trigger a program, which all can compromise data. I am sure Microsoft has explored all those possibilities, but as the world goes, so do technological advances and someone will figure out a way to trip this device up. It is inevitable. Food for thought, what happens if this gets in non-law enforcements hand, then what…?

For the more information on COFFEE, check out:

Microsoft device helps police pluck evidence from cyberscene of crime

Microsoft Calls on Global Public-Private Partnerships to Help in the Fight Against Cybercrime

Microsoft COFEE (Computer Online Forensic Evidence Extractor) for law enforcement

Posted by David S. Seltzer | Permalink | Email This Post

Posted In: Cyber Crime , General

Bookmark:

Is your information safe? People take a lot for granted when it comes to the internet and their financial information. For example, the simplest thing that most people forget to do when using a public computer is making sure they are logged off and thus, the person after you doesn't access your information. Internet security is an issue that it is at the forefront of countries security all over the world. Internet hacking is the crime de jour, and the new target for organized crime. No longer do people walk into banks and rob them like Bonnie & Clyde, they do it from the comfort of their living room. What are you doing to make sure that your information is secure?

Posted by David S. Seltzer | Permalink | Email This Post

Posted In: Cyber Crime , General , Media

Bookmark:

So I was watching a television program and there was an interesting storyline. The program addressed a plethora of child pornography issues, which are clearly becoming an increasing concern for law enforcement as technology quickly advances. Without going into the entire show, the two interesting issues were: Youth Enhancement Software (Image Manipulation) and Steganography .

The program focused on the landmark case of Ashcroft v. Free Speech Coalition, 535 U.S. 234 (2002), possession of virtual child pornography is not illegal, rather free speech. And what has developed as a result of that is a world that law enforcement and the Supreme Court cannot control. Technology that is used for “good,” age progression software; is now being used in reverse – age regression. So essentially, legal aged girls are being photoshopped back into their youth, and the child pornography is legal. According to the Supreme Court, that’s legal. Virtual child pornography or manipulated images are going to make prosecution of child pornography a whole new world. As these images start popping up around the world, prosecutors will no longer be able to stand up there and state that the images are actual real children. Expert testimony is going to drive the cost of prosecution on these cases through the roof, and with cutbacks all over the country in law enforcement, it will be interesting to see what gives, the trial tactics, or the Constitutional right to “free speech…”? If anyone image in the defendant’s control is not “authentic,” the entire prosecution is compromised.

Another interesting issue addressed in the program was Steganography . Basically, it’s a secret image or text hidden behind another image. This is interesting because it is becoming more prevalent on the web and easily available to anyone who can download the necessary software. It’s not used solely for child pornography, but it’s been its most recent adaptation. To the naked eye, without the appropriate software, looking at a picture of the Statue of Liberty can really be pornography. When you decrypt the code, you will not see any lost pixels or portions of the image. So sending it over the internet can often allow the image to travel undetected through internet photo scanner programs (a discussion for another day).

It makes you wonder about technology today and its effects on the investigation and prosecution of child pornography, what does tomorrow hold? Technology is going to continue to be an uphill battle for all involved in protecting our youth. So again, what has to give to protect our children, whose rights, free speech?

Posted by David S. Seltzer | Permalink | Email This Post

Posted In: Cyber Crime , General , Media

Bookmark:

The law is in place to protect all of us, including police, so what makes them feel that they can (a) toe the line, or (b) break the law? First, before I continue on this topic, let me stress that the case I am referring to is not being prosecuted in South Florida, but it is being prosecuted in the State somewhere.

I was recently retained to work on a matter pertaining to cyber crime. Upon my review of the facts, I was shocked and appalled that the prosecuting agency was acting in this manner - not willing to discuss the case or the lack of the case they have. Instead, what it appears as though they are willing to do is create law, which as the current state of the case law stands would be great for the defense bar!

I am referring to an online solicitation case with chat logs, not closely, but CLEARLY entrap the defendant. The undercover is the aggressor in each chat, brings up all the sexual conversations, even after the defendant continually says he is not interested in that, and even goes so far on one occasion as to initiate the chat session. Do you want more? The undercover, after she continually invited the defendant to come and visit, asked him of course to bring protection, to which the defendant again said, do not want to have any sexual contact/relations. Undercover, then offered to book a hotel room for them! It went on...

Now if this case ever came across my desk when I was a prosecutor, I would have slapped the detective upside the head and then explained to them why I was not filing the case.

If that isn't enough, there are other issues. Did I mention to you that they are missing NUMEROUS portions of the chat logs as they had computer issues and could not save them. What they do have are excerpts that were cut-and-pasted from the chats, but they are INCOMPLETE. Oh, and they only chose to use the logging feature provided to law enforcement at certain times to record the chats, when it suited them. And of course, there is no mention in the chat logs by the undercover of her age, being a minor, there are references but no direct mention. Also, they said it was common practice for their department to wipe the undercover computer's hard drive, thus making it impossible for any recovery by the defense. This case is a mess for the State, yet there is no telling them that.

On the issue of the chat logs, there is a case on point that addresses this situation. In United States v. Jackson, 488 F.Supp.2d 866 (8th Cir.(Neb.) May 08, 2007), the Court held that cut and paste chat logs failed to meet the foundational requirements of authentication, and thus not admissible at trial. The Court stated that the State has the burden of proof to show that the transcripts are authentic and trustworthy. Id., at 871; see also United States v. Black, 767 F.2d 1334, 1342 (9th Cir.1985); Fed.R.Evid. 901(a); United States v. Tank, 200 F.3d 627, 630 (9th Cir.2000); United States v. Webster, 84 F.3d 1056, 1064 (8th Cir.1996).

In Jackson, the State sought to introduce “editorialized” transcripts, as portions of the conversations were not available as they were omitted in the copy and paste process, not saved, or destroyed. Jackson, at 870. When the time came to use the actual chats, the computer had been wiped, there was no logging feature used, and the editorialized versions were all that was available. Id. “The cut-and-paste document offered by the State is not an accurate original or duplicate, because it does not accurately reflect the entire conversations between the defendant and [undercover]. Id. At 872.

A computer forensic expert testified that there were numerous alternatives to the cut-and-paste method that would have been far more accurate, and would not have allowed data to be lost. Furthermore, that had the computer not been erased, the chat logs may have been recoverable. The Court went on to state that the missing data “creates doubt as to the trustworthiness of the document…[as] deletions have clearly been made to this document, and accordingly, the court finds this document is not authentic as a matter of law.” Id. It is clear that the proposed document does not accurately reflect the contents of the original. Id. At 872.

Two additional cases that also address the admissibility of chat logs and transcripts are United States v. Tank, 200 F.3d 627 (9th Cir.2000) and United States v. Simpson, 152 F.3d 1241, 1249-50 (10th Cir.1998). However, these cases are distinguishable as the actual computer files were offered as evidence, not cut-and-paste versions.

The Court in Jackson, went on to exclude the chat logs in lieu of allowing the officer to refresh his recollection as to the missing portions, as doing so would have allowed the government to indirectly present the chat logs to the jury, and create an unfair situation for the defendant. Jackson, at 872; see also Hall v. American Bakeries Co., 873 F.2d 1133, 1136 (8th Cir.1989).

So is it worth it to hold your ground and start creating law that probably won't conform what's right, or should the prosecutor here realized that you can't win them all?

Posted by David S. Seltzer | Permalink | Email This Post

Posted In: Cyber Crime , General

Bookmark:

Take it from someone who has been there, this article rings true - Technology Complicates Prosecution. Prosecution has become a cost benefit analysis, more so than one might realize. Cost - budgets are getting slashed, to the point where the courts, the state, and all other agencies involved are looking at ways to cut costs. Benefit – the defendants. Defendants are not getting charged with the maximum counts they may be exposed to, since the State cannot afford to prove the charges. Experts cost money, and the State has none. Trials for child pornography based on the Supreme Court’s ruling regarding manipulated images and computer generated images, have turned a child pornography case into a battle of experts. Whose expert is more believable? Whose is more qualified? To the naked eye, a computer generated image is indistinguishable.

Check out this article by Dr. Hany Farid. He is one of the foremost experts in computer generated graphics. Creating and Detecing Doctored and Virtual Images.

As a defendant in a case involving computer images, you’re given the slight advantage if you can get the jury to believe the images are not real. However, when a jury sees a child pornographic image, it is hard for them to believe that someone actually used a computer to generate the image. There are a lot of factors that people often overlook when looking at an image. The person or individual in the image is not generally the best way to tell whether the image is real or fake. Experts will look at lights and shadows, human interaction with other humans, or objects. Other things to look at are the creases in pillows, sheets, indentations on couches, beds, clothing, the list goes on. Creating the perfect computer generated image will take an inordinate amount of time. But here is the kicker. If, and I stress if, a defendant can prove that one image on their computer is computer generated, as it relates to child pornography, a jury will probably have a really hard time believing a State expert that the rest are real and not computer generated. Battle of the experts…

Continue reading "Miami is no different in Prosecuting Child Pornography" »

Posted by David S. Seltzer | Permalink | Email This Post

Posted In: Cyber Crime

Bookmark:

Let’s give credit where credit is due, Miami boasts some of the best computer forensic experts I have ever seen. What do you think happens when you delete something on your computer? Well before I learned about computers, I like you, thought it was erased and gone forever. But for some people, sadly that is not the case. When you delete a file or an image, and then take the next step to clear the recycling bin, the files are still on your computer. Sometimes for years to come…

There is software out there that you can use to wipe your computer clean in hopes to erase files, but there have been situations where machines have been wiped 5 plus times and files can still be recovered. So what is on your machine that is so secretive…? Once you learn how a file structure works on a computer you might better understand how the files are recovered. But generally, any forensic examiner worth their salt will find what they are looking for or at least remnants of a file. The stars have to align for all properties of a file to be completely erased, or you have to have some proven wiping software.

For more information on files structures and deleted files check out:

Slack Space
Window Washing Slack Space
Cyber Scrub, What you erased is not really gone

Posted by David S. Seltzer | Permalink | Email This Post

Posted In: Cyber Crime , General

Bookmark:

FBI discusses the realities of cyber crime and how the "world" can deal with it. Interesting video segment. The agent is very candid about the cost analysis of doing business and that in order for an agency to get involved, it must make financial sense in that there must be a victim that has essentially suffered large damages. Is that fair? Is that the answer that best deals with the cyber crime problem in this world?

Who gets to pick and choose what case gets investigated and what doesn't? Why should one victim be more important that another? The government preaches that their goal is to combat cyber crime, but they admit to letting people off the hook simply because they didn't victimize enough people for enough money.

Cyber crime is here to stay, that is clear. The question is what if anything can the government do to stop it? I submit to you, only time will tell…

Continue reading "Localized Cyber Crime in Miami and the Global Effect from an FBI Perspective" »

Posted by David S. Seltzer | Permalink | Email This Post

Posted In: Cyber Crime

Bookmark:

Ever hear of the book "... for Dummies?" Here is Hackers for Dummies. Hackers for hire. You pissed off at someone and want to exploit them, well there are "Cyber Crime Tool Kits" out there for sale, with tech support. The police are on to them, but the question is how do the police stay ahead of the game? It's the same old problem, too much technology out there and not enough money to try to stop the crime. Check out the story, it addresses a lot of very interesting issues that create problems for not only the general public, but law enforcement.

Posted by David S. Seltzer | Permalink | Email This Post

Posted In: Cyber Crime

Bookmark:

So you again thought you were safe. What people have to realize is that the cost of doing business has gone up in today's world, mainly due to stories like this one. Companies spend millions of dollars a year to protect their infrastructure as well as their clients valuable personal information, only to discover that everything they thought they were doing right has been hacked. As technology advances and we as a society get away from the traditional telephone system, cyber space has become the new switchboard. Not only is it cheaper to make a call on the internet, but you often times have more control over various telephone features that most people don't realize exist. I have been a Voice Over IP user for years and what has essentially occured is that I am always connected to my numbers, be it online, through my blackberry, or a simple text message. I guess there is such a thing as being too accessible.

This nationwide FBI investigation has lead to the arrest of multiple suspects in conjunction with a voice over IP scam (VoIP). What the subjects would do is hack VoIP companies and steal online telephone minutes and resell them. Check out the video and see how these hackers bragg about the capabilities of the companies to secure themselves.

Continue reading "Voice Over IP Hacker Arrested in Miami, a new Cyber Crime" »

Posted by David S. Seltzer | Permalink | Email This Post

Posted In: Cyber Crime , General , Media

Bookmark:

So what do you do with all the junk mail you receive about your personal information? Do you believe everything that you see in an email? If so watch this video and educate yourself as to what really goes on in cyberspace. More of my comments to follow.

Posted by David S. Seltzer | Permalink | Email This Post

Posted In: Cyber Crime , General , Media

Bookmark:

I know this is probably old Florida news by now, but it just makes you wonder about all the money the government invests into protecting our children and then something like this happens. Agencies are getting more money to fight crimes of this nature, but are they really making any headway? I have the utmost respect for law enforcement – having been a former prosecutor – but where are all the funds going? I know in Miami for example, some of the finest officers in the country, they are undermanned and overworked.

A few months back it was a prosecutor who killed himself after being exposed in an undercover child exploitation sting. Are we creating monsters as a society by continually exposing individuals (voluntarily) to child pornography and solicitation cases? Should there be continual review processes in place to ensure that the people we pay to protect our children are in fact doing so and not “falling off the wagon?”

I have no doubt that our law enforcement personnel are doing their job and it’s only a few bad eggs spoiling the bunch, but there needs to be some oversight to make sure that we weed out the bad apples and make sure we monitor those exposed to these crimes. This DCF arrest doesn’t spell the end to government workers involved in child exploitation scandals, the question is how is the government going to guard against it?

DCF Worker Accused of Using Children to Make Porn

Posted by David S. Seltzer | Permalink | Email This Post

Posted In: Cyber Crime , General , Media

Bookmark:

In today’s day and age you would be hard pressed to find someone who doesn’t know how to use a computer. Computers are everywhere and control everything. So is it surprising to hear that according to the US Department of Defense, the volume of cyber crime grew by 54% in the last year. If you think about it, the target area, or the playground as some individuals might call it, as grown virtually in cyber space. Paper is a thing of the past and everything has gone high tech. Banks, credit cards, you name it and it involves a computer.

But the real question is, are the big companies the only ones that have to be concerned? The answer is clear. With a 54% increase in cyber crime, it is a problem that everyone has to take notice of. Small and medium sized enterprises should be more aware, to the individual working online with personal information.

As a defense attorney who specializes in cyber crimes, I get calls all the time from people who have had their personal websites hacked, to their identities stolen. Of course there are remedies and manners of redress that are available, but we as individuals have to be prepared. We have to take the necessary steps to protect ourselves from cyber crime. The governments can only do so much. The local police and government agencies are overworked, under financed, and under manned to deal with the increase in cyber crime. And the crimes that they do focus on are the high priority, high profile crimes, as they should. However, then who is left to look after the little guy?

You. So be mindful of where you enter your personal information. Protect your computers with the appropriate software, and trust no one. Your information is sacred and if you lose it, it will spell trouble for you.

Posted by David S. Seltzer | Permalink | Email This Post

Posted In: Cyber Crime , General , Media

Bookmark:

Online cyber crime is a tricky thing to crack, not only for Miami government agencies, but nationwide. Often time’s government agencies run into barriers when attempting to locate a subject. One might think that the barrier is technology not being able to track the subject’s location, but in reality the barrier is simply jurisdiction. For what I would classify as the “everyday” crime (crimes involving few victims, no minors, etc), jurisdiction can hamper an investigation. When local agencies track IP address’ and other identifying information to a subject, if the information leads them outside the United States, that is where the investigation will slow down, almost to a stand-still, if not die.

Once you involve multiple countries and jurisdictions, each country has different legal requirements and sometimes the delay due to the bureaucracy can spell the end to an investigation. Speaking from experience, when you go International, depending on the crime, it may become a cost-benefit analysis as to the time and expense involved. Of course, agencies will always notify the local jurisdiction, but don’t count on anything by way of results.

With Internet crime on the rise, people are receiving solicitations from overseas for all types of things that will ultimately lead to an individual’s identity being stolen. Identity theft rings are trying to lure in victims from the other side of the world, knowing that local agencies are helpless in their pursuits. Technology has changed the way the world operates, not only for businesses, but for criminals. As much as technology may help the police and government agencies that investigate them, it may also hamper them.

Posted by David S. Seltzer | Permalink | Email This Post

Posted In: Cyber Crime

Bookmark:

Under Florida law and most States, a search by a private person does not implicate the Fourth Amendment unless he acts as an instrument or agent of the government. United States v. Steiger, 318 F.3d 1039 (11th Cir. 2003)(citing United States v. Ford, 765 F.2d 1088, 1090 (11th Cir.1985)). For a private person to be considered an agent of the government, we look to two critical factors: (1) whether the government knew of and acquiesced in the intrusive conduct, and (2) whether the private actor's purpose was to assist law enforcement efforts rather than to further his own ends. See United States v. Simpson, 904 F.2d 607, 610 (11th Cir.1990).

In United States v. Scarfo, 180 F.Supp.2d 572 (D.N.J. 2001), and United States v. Ropp, 347 F.Supp.2d 831 (C.D. CA 2004), the Courts held that a keystroke logger, did not fall under the purview of a violation of the Wiretap Act as there no transmission .

A hacker who accesses another’s computer and discovers evidence of a crime, is not in violation of the Fourth Amendment, or the Wiretap Act. Steiger, at 1045. In Steiger, the defendant’s computer was compromised by a Trojan horse program, which allowed an anonymous hacker to access Steiger’s computer via the Internet. Id. at 1044. The Court found there was no interception of electronic material in contemporaneous with acquisition as the anonymous user was simply viewing what was already on Steiger’s computer.

Continue reading "Florida Law, Does a Keystroke Logger Violate the 4th Amendment" »

Posted by David S. Seltzer | Permalink | Email This Post

Posted In: Cyber Crime

Bookmark:

Under Florida law, and State laws across the country, an individual (student) has no expectation of privacy in a University computer. US v. Butler, 151 F.Supp.2d.82 (D.ME 2001)(a defendant has no expectation of privacy in session logs and hard drives belonging to a University); US v. Bunnell, 2002 WL 981457 (D.Me. 2002)(defendant never downloaded the images, simply viewed and deleted, but has no expectation of privacy; thus, no standing to challenge evidence found on University computers).

Posted by David S. Seltzer | Permalink | Email This Post

Posted In: Cyber Crime

Bookmark:

The Wiretap Act applies to private conduct as well as to governmental agents. The Wiretap Act does not provide for suppression as a remedy to a violation pertaining to electronic communications, rather allows for civil sanctions. Wiretap Act, 18 U.S.C. §§ 2511(1), (4), (5), 2520. Suppression under the Wiretap Act is only with respect to unlawful interceptions of oral or wire communications. Wiretap Act, 18 U.S.C. §2515, 2518(10)(a). The Electronic Communications Privacy Act mirrors the Wiretap Act and Stored Communication Act (SCA), in that it does not provide for suppression of electronic communications either. E.C.P.A. § 101(e).

Additionally, the SCA creates criminal and civil penalties, but no exclusionary remedy, for unauthorized access to wire or electronic communication while it is in electronic storage in such system.” 18 U.S.C. § 2701 (emphasis added); see also 18 U.S.C. §§ 2707, 2708.

Posted by David S. Seltzer | Permalink | Email This Post

Posted In: Cyber Crime

Bookmark:

The language of the child pornography (hereinafter “CP”) statute is clear when interpreted in its plain meaning as it pertains to possession. To be in possession of CP one must “know” (intend) that the images (CP) would be saved on the computer. Commonwealth v. Diodoro, WL 3095476 (Pa.Super.). Mere viewing of CP, absent a showing of knowledge that the images are on the computer, does not constitute possession under the statute. United States v. Perez, 247 F. Supp.2d 459, 484 n. 12 (S.D.N.Y. 2003). The defendant must do some act in furtherance of viewing the images of CP to indicate knowledge that the image is on the computer’s hard drive.

In Diodoro, the defendant viewed child pornography on the Internet, and admitted as such. However, the State presented no evidence that the defendant intentionally downloaded or saved the images, nor that he was aware they were being automatically saved to an Internet cache file. Thus, the Court held, without knowledge, the defendant could not be convicted of knowing possession of child pornography.

The Ninth Circuit upheld a conviction in United States v. Romm, 455 F.3d 990 (9th Cir.2006), finding that the defendant’s admission that he knew the images were automatically saved to a cache drive and consciously erased them was sufficient to uphold a conviction for possession of CP under the statute, as some act in furtherance of viewing the images. The Court went on to say that “because the defendant knew the images were saved [albeit temporarily]…[the defendant] had the ability to copy, print, or email the images to others. Id. at 1000-01. Thus, the key difference in a case where the defendant has no knowledge that the files are being temporarily saved, as in Diodoro, is the knowledge, the act in furtherance to remove the images that the defendant knew where temporarily saved.

Additionally, in United States v. Tucker, 305 F.3d 1193 (10th Cir.2002), the Court upheld the defendant’s conviction for possession of CP, where the defendant intentionally sought out and viewed CP, later went into his cache file (temporary files), and intentionally deleted the files after each online session where he viewed CP. The Court found those actions to be knowing and voluntary possession; thus some act in furtherance of viewing the images.

Furthermore, in United States v. Bass, 411 F.3d 1198 (10th Cir. 2005), the Court held that the defendant’s knowledge of child pornography being saved to his temporary internet files, was reasonably established by the defendant’s actions whereby he attempted to erase the images using two (2) software programs; thus, sufficient for possession charges.
     Thus, the case law seems to be counterintuitive in the sense that they say there was knowing possession because the images were intentionally deleted.