Federal Identity Theft Investigations Richard W Downing Assistant

  • Slides: 28
Download presentation
Federal Identity Theft Investigations Richard W. Downing Assistant Deputy Chief Computer Crime and Intellectual

Federal Identity Theft Investigations Richard W. Downing Assistant Deputy Chief Computer Crime and Intellectual Property Section U. S. Department of Justice

CCIPS • Established in 1991 and now almost 40 attorneys • Prosecute– – Computer

CCIPS • Established in 1991 and now almost 40 attorneys • Prosecute– – Computer intrusion and damage cases – Intellectual property cases • Provide technical advice re: search and seizure of electronic evidence • Legislation and Policy development • Train prosecutors and investigators

What we can do for you– • Advise on searching and seizing electronic evidence

What we can do for you– • Advise on searching and seizing electronic evidence • Assist in investigation and prosecution of hacking and IP crimes • Research resources – Search & Seizure Manual (2002) – IP Manual (2006) – Network Crimes Manual (forthcoming) • 24/7 duty line: (202) 514 -1026

Agenda • Investigation of a Major Database Theft • Investigation of a Secondary Market

Agenda • Investigation of a Major Database Theft • Investigation of a Secondary Market for Identity Information • Complications in Online Investigations • Conclusion

Agenda • Investigation of a Major Database Theft • Investigation of a Secondary Market

Agenda • Investigation of a Major Database Theft • Investigation of a Secondary Market for Identity Information • Complications in Online Investigations • Conclusion

United States v. Scott Levine • Victim: Axciom, Little Rock, AK • Crime: Theft

United States v. Scott Levine • Victim: Axciom, Little Rock, AK • Crime: Theft of over a BILLION customer records • Trail led back to Snipermail, and its CEO: Scott Levine • Various other employees pled and cooperated • Convicted after lengthy trial • Sentence: 96 months

Agenda • Investigation of a Major Database Theft • Investigation of a Secondary Market

Agenda • Investigation of a Major Database Theft • Investigation of a Secondary Market for Identity Information • Complications in Online Investigations • Conclusion

Carding Sites

Carding Sites

Centers of Online Crime • Financial Crime – Credit Card Fraud – Bank Fraud

Centers of Online Crime • Financial Crime – Credit Card Fraud – Bank Fraud and Money Laundering – Identity Documents • Computer Crime – Hacking Services (Intrusion, DDOS, etc. ) – Custom Malware (Viruses, Trojans, etc. )

WHAT CAN YOU PURCHASE? • • • Financial account information Credit Cards Passports Driver’s

WHAT CAN YOU PURCHASE? • • • Financial account information Credit Cards Passports Driver’s licenses Birth certificates Social Security cards Credit Reports Insurance cards Diplomas

Counterfeit Licenses and Credit Cards

Counterfeit Licenses and Credit Cards

Shadowcrew. com

Shadowcrew. com

Hierarchical Structure

Hierarchical Structure

Control over Shadowcrew • USSS Newark FO Took Control of Site – Complete Monitoring

Control over Shadowcrew • USSS Newark FO Took Control of Site – Complete Monitoring of Content – Knowledge of Criminal Activity – Offering of Auxiliary Services • Targeting of Highly Placed Members – Administrators – Reviewed Vendors – Other Key Criminals • October 2004: Takedown

Takedown Summary (Nov 2004) • Total Arrests: 28 – 21 Arrests in USA –

Takedown Summary (Nov 2004) • Total Arrests: 28 – 21 Arrests in USA – 7 Foreign Arrests • Total Search Warrants Executed: 27 • More Than 100 Individual Computers Seized

Domestic Arrests (USA)

Domestic Arrests (USA)

Foreign Targets/Arrests

Foreign Targets/Arrests

Agenda • Investigation of a Major Database Theft • Investigation of a Secondary Market

Agenda • Investigation of a Major Database Theft • Investigation of a Secondary Market for Identity Information • Complications in Online Investigations • Conclusion

Simple Example SUBPOENA #1 Hotmail IP Address SUBPOENA #2 Subscriber info and computer location

Simple Example SUBPOENA #1 Hotmail IP Address SUBPOENA #2 Subscriber info and computer location Cable ISP

Blocks in the Road • Record Retention • Open Wi. Fi networks • Foreign

Blocks in the Road • Record Retention • Open Wi. Fi networks • Foreign hosts

IP Address from Hotmail Wi. Fi CLIENTS Hotmail 192. 168. 0. 1 192. 168.

IP Address from Hotmail Wi. Fi CLIENTS Hotmail 192. 168. 0. 1 192. 168. 0. 2 Broadband Modem 192. 168. 0. 1 68. 42. 205. 94 192. 168. 0. 3 Subject’s House

Solution: § Use a Pen Trap order to get IP data § Start at

Solution: § Use a Pen Trap order to get IP data § Start at physical location of the IP address § Follow the Wi. Fi signal to subject’s location

Agenda • Investigation of a Major Database Theft • Investigation of a Secondary Market

Agenda • Investigation of a Major Database Theft • Investigation of a Secondary Market for Identity Information • Complications in Online Investigations • Conclusion

Conclusion • ID Theft is a exploding problem • Federal investigators alone can’t handle

Conclusion • ID Theft is a exploding problem • Federal investigators alone can’t handle the problem • There is a need for more training • President’s ID Theft Task Force Report (forthcoming)

Questions? Richard W. Downing Assistant Deputy Chief 202. 514. 1026 richard. downing@usdoj. gov

Questions? Richard W. Downing Assistant Deputy Chief 202. 514. 1026 richard. downing@usdoj. gov