Identity Theft

Computer Forensics to the Rescue

by Michael R. Anderson

Introduction

Computer Forensics has changed the landscape in identity theft cases. I was there in the beginning when formal Computer Forensics was born at the Federal Law Enforcement Agency (FLETC). That was in 1989 in Glynco, Georgia. Prior to 1989, there were no formal training programs in computer evidence processing for law enforcement and most law enforcement managers were afraid to admit that they were scared of computer technology. They also had a blind spot for the potential for those "electronic toys" to transition into tools for use by criminals. Of course, nobody back then ever dreamed that personal computers would communicate worldwide over something called the Internet and that they would be the mainstay of the U. S. economy for almost a decade. Who in the 80's would have imagined that photography would move from 35 mm film to high quality digital photography and that exact replicas of bank checks would be created with personal computers. In the minds of most law enforcement managers in the 80's, the potentials of personal computers were limited to just word processing and "typing" was something that only secretaries did.

I got a head start with computers, as a hobbyist, in 1979 and this gave me an edge and a different perspective concerning the potentials for criminal uses of the computer. I was a Special Agent with the Internal Revenue Service, Criminal Investigation Division and it was clear to me that some day paper record keeping would be outdated. However, in the 70's personal computers came in several different flavors and there was no standardization. This meant that files created on an Atari computer, for example, could not be read or used on a Radio Shack TRS 80 computer, etc. That all changed in 1981 with the release of the IBM PC because it didn't take long for the PC to gain acceptance. The IBM PC quickly became the standard and the rest is history from a computing standpoint.

The IBM PC came to the business world in 1981 with a mixed blessing. It brought the much needed standardization and computing power to the marketplace but security was not part of its original design. Even IBM considered the first personal computers as toys and their engineers never envisioned that the design would become the driving force behind worldwide communications and publishing. As a result, when a computer file was "deleted" the contents of the original file remained on the hard disk drive and background processes also left traces of data behind in things called swap files and file slack. By 1989 IRS-CID realized that paper books and records were quickly moving to computer records and IRS management put a priority on advanced computer training for Special Agents. Because I already had computer programming background, they selected me for advanced college training and upon completion of that training at the University of North Texas, they assigned me to create the first formal computer evidence training program for federal law enforcement officers at FLETC.

The first classes were attended by law enforcement officers from other agencies which included the FBI and U. S. Customs. Although the original training course was primarily designed to deal with computer evidence, in the form of word processing documents and electronic spreadsheets, other law enforcement benefits became readily apparent. Because the personal computer design lacked any security, we realized that we could use "ambient data," stored in obscure locations, as a source of leads, intelligence gathering, and evidence in crimes ranging from tax fraud to embezzlement. Some non-IRS law enforcement agents also pointed out that these benefits could accrue to bank fraud and almost any crime where the computer was used as a tool in the commission of a crime. This situation was ideal for law enforcement because ambient data storage areas like the Windows swap file, file slack and previously deleted files, were unknown to the computer users. Little did the "crooks" know that the computer was recording their activities in the background and law enforcement officers were more than willing to use this new found source of computer evidence against them. It didn't take long before we had developed specialized tools to identify and preserve these hidden sources of information and computer forensics was born.

By 1996, when I retired from federal law enforcement, the Internet had become popular and computer hard disk drive sizes had grown in size. Computer security was still not a feature of personal computing and the Internet lacked a security design as well. This combination created the ideal environment for computer forensics to thrive and flourish. It was clear that the demand for computer forensics in the private sector was there so in 1996 I founded New Technologies, Inc.(NTI). NTI quickly became a leading provider of computer forensics training and tools to the private sector, law enforcement agencies and the military. Today NTI supports more than 6,000 computer crime specialists in law enforcement agencies around the world and it also supports essentially all of the U. S. military and intelligence community with computer forensics training and tools. In 2000, NTI was acquired by Armor Holdings, Inc. (AH:NYSE) and information about NTI can be found at http://www.forensics-intl.com. More information about the technical terms mentioned above can be found at http://www.forensics-intl.com/define.html.

Identity Theft in Financial Crime Cases

Computer forensics is widely used to identify stolen identities in financial crime cases. Such crimes may relate to the use of an individuals credit card account without their knowledge. Other crimes may relate to the use of an individuals social security number or bank account number as a false identity in the commission of a financial fraud crime. Criminals can acquire this information easily by searching through discarded trash, social engineering over the telephone or through outright theft of the data. Last year in Oregon, they caught some individuals after they broke into a Division of Motor Vehicles office and stole computer data tied to the drivers license information for thousands of citizens. Fortunately these individuals were caught before they could use the information to commit financial frauds using the identities of registered drivers in Oregon. In another case, NTI was called in to assist a government agency after computer hackers had allegedly accessed identity information about government employees. In another case, medical computer data was compromised concerning the names of AIDS patients.

Once they have obtained the identity information, criminals can use computers to their advantage to create false identification or to initiate a fraudulent financial transaction. Digital photography and computer photo editing aid the criminals in creating false photo identification and passports. Other computer tools and software make it an easy task to create counterfeit bank checks. The good news is that computer forensics methods and tools can be used by law enforcement to identify and document the computer related evidence. NTI has created patented technology to aid law enforcement in the identification of names of individuals stored on computers. This technology was also used by the UN Inspectors in IRAQ and by the US military in the IRAQ war. NTI has created other tools to quickly identify graphic images stored on a computer as files or in ambient data and other tools which identify bank account numbers and social security numbers stored on computers. Some of these tools are provided free of charge to assist law enforcement agencies in identity theft investigations.

Identity theft has become a significant business risk for businesses and government agencies alike. As a result, more attention is now placed on the use of shredders in businesses and the home sale of paper shredders has increased dramatically in the last five years. Credit card companies have made identity theft a priority in their product planning and with their investigators. However, in spite of these efforts, identity theft is on the rise and there seems to be no end in sight.

Pornography Related Identity Theft

It is unfortunate but the combination of the personal computer and the Internet has created a worldwide conduit for the exchange and sale of pornographic images. It is also unfortunate that many law enforcement computer crime resources are dedicated to the illegal distribution of images of child pornography across the Internet. In the United States it is a felony crime to be in the possession of five or more of these computer generated images. The power of digital photography, computer photo editing and the reach of the Internet have all benefited pedophiles and this has become a serious problem. Most people are aware of these terrible crimes but they don't think of pornography and identity theft in the same context. What most people don't know is that some law enforcement cases involve the covert taking of nude pictures of adults in public and private restrooms and in other private places. In one case that NTI was involved with, a covert camera had been placed above a mens urinal in a public place and the pictures were shared and distributed over the Internet. In another case a covert camera was placed under the seat in a public outhouse at a festival. These perverted acts are almost unbelievable but when the images are shared with others and posted on the Internet it becomes a form of identity theft.

Internet Related Identity Theft

Because of the insecurities associated with the Internet, it has become relatively easy for hackers and sophisticated computer users to assume the identity of another individual over the Internet. E-Mail accounts can easily be "spoofed" and communications can be made to look like they came from a specific individual when they did not. NTI has been asked to investigate several cases involving corporate identity theft. In one case we received a call from an irrate corporate CEO of a publicly traded corporation. In that case, someone was making fictitious posts to a financial chat room claiming to be a corporate "insider." It was thought that the individual behind the fictitious messages was tied to a fraudulent stock fraud in which they would benefit by affecting the market price of the stock. In another case, the issue involved "planted" images of child pornography on a corporate computer network to make it appear that a corporate executive was a pedophile. That case was ultimately investigated by the FBI.

Cyber stalking has also become a problem associated with fictitious identities. NTI was involved in a case where an individual assumed the identity of a past employee that had been discharged by a business. That identity was used, over the Internet, to terrorize a female Human Resources Manager who had fired the individual. After several weeks of investigation we discovered that the communications were fabricated by a peer worker within the corporation.

NTI has created patented technology to help law enforcement agencies in Internet related investigations. One process automatically identifies all Internet E-Mail addresses stored on a given computer. Another process automatically identifies all Internet web browsing activity on a given computer. This technology is also used by U. S. intelligence agencies to help identify Internet related links between terrorists and other individuals of interest to the government.

The Future Concerning Identity Theft

Currently, law enforcement agencies rely upon computer forensics to help even the playing field with the criminals who chose to use computers to commit crimes. Nevertheless, that may change if Microsoft follows through with their plans to make personal computers more secure in the near future. I recently received a briefing by Microsoft concerning their plans for the future and things don't look good from a computer forensics standpoint. It is important for you to understand that computer forensics exists because of the inherent insecurity of the personal computer. There are good reasons to make personal computers more secure but the tradeoff will likely benefit criminals who use computers to commit crimes and terrorists who rely upon computers and the Internet for their communications. My hope is that time is on the side of law enforcement.