interested in joining corrections.com authors network, email us for more information.

Archive

Author Archive

Should Probation/Parole Officers Be On Social Media?

November 6th, 2017

There are two schools of thought for those in corrections and/or law enforcement when it comes to social media. The first is to avoid it at all cost. In short, don’t get on it in the first place. This position seemed natural for those that entered the field before social media took off in the early 2000’s. Why get involved in it when they have done fine without it for 20 or more years. Granted some of these folks are a bit behind the learning curve concerning social media and what can be gained from understanding its usage. The upside is many of these individuals are likely retiring and/or near retirement and their lack of tech savvy is being replaced by those who grew up with the Internet. Today’s reality is most of those now entering the profession have had one or more profiles for years before entering the field. Does anyone honestly expect them to give up their accounts? Of course not. This growing group of new officers and those who declined to opt out as suggested, leads us to the second school of thought, specifically it is okay to have social media provided you exercise caution. But what does “caution” mean when it comes to social media? Well, let’s explore it.

For most the primarily line of defense is to lock-down all those privacy settings for their social media. Don’t let anyone who is not a “friend” or connection see anything about you or what you post. Also, don’t let yourself be “tagged” without your permission and make sure your posts likewise can’t be shared without your authorization.  This is a good start, but it must be continually tweaked as social media sites like to make changes to their privacy settings (If you don’t know your profile’s privacy/security setting look to the help menu within your social media profile). Unfortunately, many users, including officers, consider having locked down settings is all they need to exercise caution. Well I can’t impress upon anyone this is not exercising caution, particularly if you are very active online. Let me explain what I am talking about.

I have seen officers who appear to have their setting locked down post things that their bosses would find very troubling, such as details about offender encounters, pictures of home visits, searches, etc. These kinds of posts and the commentary that often comes with them appear on the officer’s timeline. For some it doesn’t stop there. There are numerous officer only groups on various social media sites that restrict access to employed and/or retired officers. Some even go so far as to require a picture of official identification to gain access so that those interacting in the group have some level of confidence that their posts wouldn’t be shared. Here is a sample of posts that are all too frequently posted on these groups: Jokes about the circumstances of an offender’s arrest/revocation, details of office or home visits; negative comments about individual’s actual booking pictures; and posts soliciting comments about how many have angered defense counsels in courts. One officer noted in one post during an office day:

… somethings my mind wanders to a happy place where I am allowed to punch people in the throat.” In a reply the same officer noted they sometimes get angry with victims too.

I get that officers need a place to vent frustrations and these groups provide that space. But one has got to be naive to think that any online group can prevent online posts from seeing the light of day. Here is how it will happen.

Most likely, a fellow group member will alert someone at the person’s employer of a troubling post, either because they work there or because they know someone that does. In fact, if they work at the same location, they likely have an ethical duty to do so, which clearly overrides any group site policy. The next scenario will occur if a group member happens to find themselves in legal trouble (civil and/or criminal) and their social media posts become subject of discovery. No online group policy will prevent legal discovery.

Imagine the officer who posted they wish they were “allowed to punch people in the throat” defending themselves from an excessive force law suit. Heck, any officer might have trouble explaining themselves in such a lawsuit if they are an active member of an online group where such comments are common place. You get the picture.

So we must go beyond just making sure our privacy settings are secure. We must also be cautious of what we post online. How will it play with one’s supervisor or agency head? How will it appear if it comes out in a law suit? We also must be careful of what groups we join online. If the group regularly allows members to engage in discussions that show disdain for offenders, should a correctional “professional” be in that group? I will leave you to resolve that issue yourselves.  Make no mistake, I am no advocating that officers discard social media. I am only advocate using it cautiously and safely, whether is its personal, family or professional safety. On that note I left a cigar lit somewhere. Be safe out there.

Note

For those interested in using social media as part of one’s duties I suggest looking at the American Probation and Parole Association’s Issue Paper, The Use of Social Media in Community Corrections.

Art Uncategorized , , , , , ,

Supreme Court Strikes Down Social Media Restrictions for Non-Supervised Sex Offenders

June 20th, 2017

In May of this year, I mentioned that the Supreme Court was going to decide whether North Carolina’s criminal statute prohibiting sex offenders would stand constitutional scrutiny. I speculated it would be struck down and I guess I win a cigar because the entire Court voted to nullify North Carolina’s statute for violating the First Amendment (Packingham v. North Carolina)

So what does this mean for probation and post release conditions prohibiting sex offenders from using social media? Well, here is what my crystal ball tells me. First, let me note that Packingham was NOT on any form of community supervision. He had completed his sentence and was prosecuted for a new criminal offense, specifically accessing social media as a convicted sex offender. Let me repeat that… this person was not under any supervision condition prohibiting him from accessing social media.

My layman’s reading of the Supreme Court decision is that it currently does not invalidate supervision conditions prohibiting sex offenders’ from accessing social media. That said, my layman’s mind tells me that the Supreme Court in this decisions has recognized the significance of accessing to social media as it relates to the First Amendment. It has not struck down the supervision conditions but it has clearly indicated that they likely will be subject to judicial review. In short, conditions restricting supervised offenders from accessing social media in the future will likely have to be narrowly drawn and related to the offender. For instance, one’s status as a supervised sex offender will not alone be enough to trigger the restriction. They might actually have to had to been convicted or have a history of abusing social media to commit a crime. Even then, they might not be totally restricted from accessing social media. For instance, they may be granted permission subject to monitoring of their profiles and/or Internet/computer use. This decision will likely make any total Internet restriction for probation/parole cases harder to justify. Look for more conditions that allow Internet use but only with some kind of monitoring.

The interesting thing here is Facebook has a policy that prohibits sex offenders from using their site. This case does not force Facebook to allow sex offenders on their site. It only struck down North Carolina’s statute criminalizing the access of any social media site by sex offenders. Will Facebook change their policy? Why should they? My guess is no. But I have been wrong before. Also, I don’t’ think the case will not have any impact on Facebook’s policy concerning inmates using their site, which it recently mitigated somewhat.

My question is why don’t legislatures just focus on increasing the penalties for sex offenders who use certain high tech tools to victimize others? For instance, adding a mandatory criminal penalty for any person that uses social media to victimize another. That would not restrict anyone from accessing social media. It would just criminalize or increase the penalty for using it as a tool to victimize others.

This case will require officers to justify their conditions. It will not, however be the end to conditions governing how offenders access the Internet while on supervision. I see more monitoring and more use of searches. Additionally, officers may now have to check profiles to see who supervised sex offenders may be “friending” to insure there are no future victims. On that note I left a cigar lit somewhere. Be safe out there!

Art Uncategorized , , , , ,

Cyber-risk: Can Corrections Get it Right?

May 9th, 2017

Computers and corrections (in the community and behind the walls),  is really getting some headlines recently. The thread that appears to running these stories is “risk.” Is there a risk with offenders and computers and if there, is how do we manage it? Let’s start with the case that is currently before the U.S. Supreme Court, Packingham v. North Carolina.

Lester Gerard Packingham Jr., a  convicted North Carolina sex offender, who was no longer under any form of supervision, posted a message “”G-d is Good” on Facebook after a traffic citation was dismissed. Problem is in North Carolina all sex offenders are prohibited from accessing social media.  His conviction has been appealed all the way to the Supreme Court.  A decision is likely this month. The question is can a sex offender, even after he has served all of his sentence, be prohibited for using social media? Does their risk trump the Constitution?

The next story comes from New Jersey. A sex offender on lifetime supervision was completed barred from accessing the Internet by his parole officer. It is unclear if the officer had tried monitoring/filtering and/or periodically computer searches before imposing the complete prohbition.The New Jersey Supreme Court struck down the condition noting that:

access to the internet is a basic need because most job seekers these days need it to find and obtain work.”

Gee, I wonder how the U.S. Supreme Court will rule in imposing Internet restrictions on sex offenders who completed their sentence (I am betting it gets struck down). Now the next two stories represent that even prisons can not stop offenders from accessing the Internet. In the first case, federal sex offenders, in custody, swapped child pornography using smuggled cellphones and data cards. Apparently, they were in a low-security prison, where they were able to work in tandem, to defeat staff’s supervision of them.

In the next story Ohio inmates built their own computer and used the prison’s Internet access to download hacking programs and carry out identity theft. Apparently, some of the inmates were part of a detail working on disassembled computers for a contractor. Unfortunately, they were not supervised and were able to build their system. They also were able to connect to the prison network and to power, all undetected.  The last two examples are cases where offenders, presumedly under a much higher level of supervision were still able to find a way to get connected. It appears corrections staff underestimated their “risk.”

Corrections appears to have trouble understanding risk when it comes to computers. They either overstate it or understate. I recently got forwarded a request from a corrections professional asking how to teach high risk offenders Internet safety because they were posting inappropriate things online and getting in trouble. I took this to be a request of “can we teach felons to lock up their social media profiles so they stop getting in trouble, particularly with their supervision officers?” Really? Is that what we want, high risk offenders who can’t be monitored online? I think not.

There is a fine line that many in corrections can’t seem to grasp in managing cyber-risk. They either go over board, such as with complete bans, which aren’’t always upheld, or they go the other way and ignore the risk. We need to get this right and soon. I have been absent from this column for too long and maybe, just maybe, I need to resume writing about these issues. On that note, I left a cigar lit somewhere. Be safe out there!

Art Uncategorized , , , , ,

HELP: A Pokémon Is After Me!

August 25th, 2016

I am not sure if any of you have witnessed the recent craze that started in July called Pokémon GO, which has individuals using their Smart Phones to search and capture imaginary creatures in the real world. No I am not making this up.  Some are forecasting a “flood” of more games to come, capitalizing on this concept which is more specifically referred to as augmented reality gaming. As with any new technological development, there can be a dark side, which has already been exploited by those who look to victimize others.

Before delving into this discussion, let me first explain a little further about Pokémon Go. The game is aimed at players age 10 and up and at least initially the developers did not see fit to put perimeters on where the “creatures” could be located. Individuals were finding the creatures in clearly inappropriate places for children playing a game, such as The Holocaust Museum, funeral homes, and adult themed stores.

Not long after game was released, a NY state senator expressed concern that the game could be used by “higher-level sex offenders” to gain access to children.  The senator observed an informal investigation revealed 57 Pokémon creatures were located near 100 addresses of registered sex offenders across New York City.  The senator advocated and apparently obtained earlier  this week a parole condition for MOST sex offenders in NY that reflects:

“I understand that I shall not download, access, or otherwise engage in any internet-enabled gaming activities to include Pokémon Go.”

I find this very interesting. I have long stressed that Internet gaming held the potential for sex offenders to engage in grooming activities and therefore was an appropriate supervision prohibition. After all playing a game does not educate or help someone get employment.  However, I tended to focus on games children victims would most likely be playing. Children are the ones who are the grooming targets of pedophiles. However, the prohibition reflects “any Internet-enabled gaming.” That clearly applies to Pokémon Go. But does it also apply to online Chess and games less likely to be played by children? A more specific example is the American Association of Retired Persons, which has games for the over 50 crowd to play.   Is an elderly, maybe disabled  sex offender under supervision in NY now prohibited from this activity? There is a real potential to widen the net here beyond what is needed.

One thing that kind of dropped by the wayside was a recommendation by this same senator to require these game developers to exclude locations where registered sex offenders reside. The state of NY has a shown a willingness to share sex offender registration information for such purposes. Gee, that would exclude a much larger sex offender population then just those under parole supervision.  I think though from a developers’ standpoint it may make it bit more challenging to have these augmented reality games function in large areas that are off limits due to sex offenders in the community. (Yes, people, not all sex offenders are in prison and they do live in our communities.)

I mean, what is the acceptable distance from a sex offender and Pokémon creature, 100 feet, or like school restrictions, a 1,000 to 2,000 feet from the sex offender’s residence? Additionally sex offenders are allowed to move, which requires them to update their registration. This would require the gaming company to periodically update their “exclusion zones.” At a minimum this might require a monthly reconciliation but more likely a weekly update to make sure the zones are properly excluded. Also, people we are just taking about keeping the residences of sex offenders off the gaming zones. What about where they work or go to school? This information is also part of the registration. Should the gaming grid also exclude these locations to make sure kids are safe? Maybe from a developer’s standpoint, they hold no responsibility to make sure the players are safe. That is up to the Government, right?

The Government only has control over those who are currently under supervision. Many sex offenders aren’t on supervision. Additionally, there are obviously those who have absconded and are wanted. No parent should throw caution to the wind because there are parole conditions that prohibit supervised sex offenders from using these games.  Allowing their children to run free, unsupervised, and possibly alone, while playing Pokémon Go or any other augmented reality game is asking for trouble.

By the way, to date the biggest offender group to exploit Pokémon Go, appears not to be in the sex offender population. At a minimum there have been reports in California, Georgia, Florida, Indiana, Oklahoma, Nevada, Maryland, and Texas where adults playing this game have been robbed at gun point. (I found maybe two examples of sex offenders missing using this particular gaming application) Basically, victims find themselves distracted by the game, in areas they probably should not be in, during times when they should be there. It doesn’t help that they are holding expensive electronic devices in the open.  Should we start barring parolees who committed robbery from playing these games too? Maybe they should not be in the close vacancy of a Pokémon creature.

It seems we need to do a better job of balancing these parole restrictions to the risk and tailored to the needs of the case.  Additionally, it probably is appropriate to require software/gaming companies to develop products that minimize the potential for harm to users.  For starters they should focus on game grids in the real world that are as free from risk areas as possible and where law enforcement regularly patrols. They should also have built in controls that prohibit any users from adding creatures or game tokens to locations that have not been approved.  They might also consider requiring users that are given such powers to be properly vetted. Finally, we as consumers, either as individuals or parents need to start thinking about how we are ultimately responsible for our own safety  and that of our loved ones and quit relying solely on the private sector and Government to make us safe.  On that note, I left a cigar lit somewhere (Hopefully some stray Pokémon hasn’t taken off with it.). Be safe out there!

Art Uncategorized , , , , ,

Felony Arrest Not Key to Hacking Success

April 14th, 2015

Well, it has been quite a while since I put some random thoughts down in this forum. My apologizes to corrections.com and those of you who might have found my “pebbles of wisdom” of interest over the years.  (Yes, I know it is pearls, but that would be a bit vain of me wouldn’t it?)  Recent events have caused me to draw some parallels for those hacker wantabees out there and those who must deal with them when they are caught.

About a month ago the Fortune article 6 Notorious Hackers and Their Second Careers caught my eye.  I have been aware for years that two of the noted hackers in this article, notably Kevin Mitnick and Kevin Poulsen, had turned their life in a law abiding direction. For those who work in corrections this is a confirmation that individuals can and do turn away from a life of crime. Not that they need my praise, but well done to both of them.

The second event that occurred was the recent arrest of Pasco County, Florida teen for allegedly hacking into his school’s computer network to engage in an prank. This event was followed by an opinion piece by Robby Soave, staff editor at Reason.com. He notes in part:

Treating every small infraction of school rules as a crime requiring police involvement is a waste of time and public resources. And it’s bad for the kids. (Juvenile Name)  might not be able to return to school; will he learn anything from this experience? Will he become a more mature teen? Or will his life become immeasurably worse because officials went to DEFCON 1 over almost nothing?”

I agree with Soave that this youth doesn’t need to go to juvenile prison. However, I don’t agree that his conduct should just be ignored.  I also don’t believe the media is doing any service to this juvenile or other “wantabees” by glorifying his conduct.  This got me thinking about the old mindset that if one could hack one could become famous and get hired by some big tech company.   What are the odds that this juvenile who is being elevated to somewhat “star” status by the media might turn out to be another famous (infamous) hacker? Let’s take for a moment our two reformed hackers as examples.

Both Mitnick and Pouslen were jailed/convicted in around 1995/1996. During those years the U.S. Department of Justice charged between 43-45 defendants for computer fraud. So a rough estimate is that 4% to 5% of the “hacker” class of 1995/1996, made it “big.”

Let’s put that in comparison to sports, particularly at this time of seniors getting ready to graduate and go to college. Stats compiled by the NCAA reflect that 6.9% percent of the high schools who played baseball in high school went on to play in college.  For high school football players the percentage is 6.5%.  So the odds of playing college sports are better than making it big as a hacker. But wait, who cares about college … what about professionals?  The percentage of baseball and football college players who are were drafted professionally is 8.6% ( MLB) and 1.6%  ( NFL) respectively.  Obviously, this means less high school graduates make it to the big leagues.

Now I know many of you are like wow. You have a better chance of making it big as a hacker compared to playing professionally sports, provided of course you have “talent.” But not so fast Mister Matrix! The percentage I used for the hacker class is only federal convictions. There were countless convictions occurring at the state level, even in 1995/1995, which significantly reduce those “success”stats.

One also should point out that both Mitnick and Pouslen had to serve long periods of incarceration and later time on supervision. Mitnick in particular had computer restrictions that would make daily life today almost impossible.  Finally, it took both Mitnick and Pouslen a significant amount of time and energy to get where they are today.  Was prison and felon status a better first option than going to college and obtaining employment?  I would say no but they may answer otherwise. In the end, we have to treat cybercrime as any other crime. It is not a resume builder for the vast majority of individuals.  On that note, take care as I left a cigar lit somewhere.

Art Uncategorized , , , ,

Back to Tor, Silk Road and Bitcoins

March 4th, 2014

It was a few months back when I first introduced the terms, Tor, Silk Road, and Bitcoins on this forum. Those of you who read my piece recall that drugs were being sold on an underground website located on the Tor network called Silk Road. The currency for this underground website was bitcoins, a digital cyptocurrency.  I know. It sounds like the start of a bad science fiction movie but it is all true. Quite a bit has happened since that piece was written which warrants revisiting.

 At approximately the same time I introduced the above,  law enforcement appeared to be on a Tor offensive, with Silk Road’s allegedly leader, Ross Ulbricht, aka, Dread Pirate Roberts (DPR) and several of his alleged co-conspirators arrested and the offending site shut down.  Additionally, arrests related to illegal guns sales were also made on another Tor site, called BlackMarket Reloaded, which by the way also sells drugs.  But the online drug dealers were not through and launched Silk Road 2.0.  Much to their surprise they found that law enforcement was up to the task and two moderators of Silk Road 2.0, who apparently were also involved in the original site, were arrested. It came out last month that Silk Road 2.0, unlike its predecessor, apparently had its assets stolen by hackers as opposed to being seized by law enforcement.  

The assets stolen, specifically bitcoins, have also had their ups and downs. When I first mentioned them they were going for about $135 a piece.  Early last month they were going for about $800 a piece, only to drop these past few weeks to about $500 a piece. The reasons for this wide price fluctuation are varied but include: the seizure of Silk Road bitcoins, China imposing restrictions on their use, and more recently  the public exposure of a bitcoin flaw, transaction malleability. Okay, your head is now officially spinning. Transaction malleability, is that like a trans warp, anti-matter drive used on a starship? Trust me it is not and I promise I will stop using “geek” terms.

Here is something that is not so geek for you to wrap your mind around.   An Australian online study involving 9,470 drug using respondents, in three countries (United States, United Kingdom, and Australia) was completed at the end of 2012. Silk Road goods were part of the survey questions. To put this in perspective, Silk Road was only about a year old in 2012. The results of this study were published in the journal,  Addiction.   According to a news report on this study:

  • 18% of American drug users had used Silk Road “products.” 
  • Over  three-quarters of the respondents indicated they used Silk Road because it had better-quality of drugs.
  • Depending upon the country, between 53 and 60 percent bought MDMA, while 35 and 51 percent bought marijuana.

I know this study may be considered skewed because it was an online study, meaning non-online drug users would not be included. But think about it for a moment. After only a year being on the cyber-space corner, 18% of U.S. online drug users had experienced Silk Road products. I am no business major but 18% from nothing in a year seems pretty impressive to me.

So what does this all mean to those of us in corrections? I think it reiterates what I noted in 2011, namely that drug use and sales are going online.  We now have large scale sites dealing drugs and a significant number of users consuming drugs obtained online. Users are noting they are buying online based upon quality. What trends can we expect?  Stopping drug usage in your own community is one thing. When the entire world becomes an illicit supply chain the task  becomes much more difficult to control. We are likley to see more users getting their supply, at least in part, from online sources.  I also think if  Tor becomes much more user friendly on cell phones we will likely see more underground drug purchases made through cell phones. It can be currently run on an Android phones but it ain’t pretty. Android phones by the way can be used to hold a bitcoin wallet,  the currency of choice in this underground market place. Instead of looking at an offender with a wad of bills, we may need to start looking at cell phones with bitcoin wallets. On that thought, I left a cigar lit somewhere. Be safe out there in the real world and in cyberspace.

Art Uncategorized , , , , , , , ,

Investigating Internet Crimes: A Crimcast Interview

February 8th, 2014
On February 7, 2014, Crimcast interviewed me about Internet crime and my new book, Investigating Internet Crime: An Introduction to Solving Crimes in Cyberspace, co-written with Todd G. Shipley.  Click here to access the interview.  (And by the way thanks to Crimcast for the interview!)

Art Uncategorized , ,

Survey of Cyber-risk Management Practices in Community Corrections

November 27th, 2013

I have been writing for this blog since November 29, 2010. My first article on Corrections.com, Supervising the cyber-offender: Are you ready? actually appeared three years earlier on November 26, 2007. So by any measure I have contributed my little pearls of wisdom on this website for some time. Recently I wondered how things have changed since I started writing these articles.  In my 2007 piece I concluded by noting:

It is clear that technology has benefited society in so many ways. It is equally clear that offenders have found ways to use technology to the detriment of society. Probation, parole, and pretrial officers, like law enforcement previously, are learning that we must not let offenders go unchecked in this new arena of criminal behavior. Community supervision agency managers and administrators must be willing to support their staff in developing and learning these skills to be effective change agents in the future. Otherwise, offenders will continue to increase their technological edge, creating an unacceptable risk to our communities.

To kind of get an idea of where agencies are at I decided to do a survey. In September of this year I solicited input from a LinkedIn Group (Community Corrections Cyber-Supervision Group) by asking for their responses to ten questions related to cyber-offender management. I figured this would be a good group to target, since I started it in July 18, 2009 …  “for community corrections officers (pretrial services, probation, and parole) and others who are involved with supervising individuals in the community and in cyberspace.”  The vast majority of members work as line officers or as supervisors/managers in probation or parole agencies. However, there are also a few individuals who are consultants or work as vendors.   At the time I solicited the group’s input we had 378 members. Thirty-five percent were in entry level positions; 32% in management, and 13% in senior level positions. The remaining 12% fell in the following three other categories, director, owner, etc.  A high percentage of the group, eight percent, were located in either the New York or Boston areas.  The online survey was only sent to group members and was only open from September 4, 2013 to October 31, 2013. I got 37 responses, or  approximately 10% of the group.

Twenty-seven percent of the responses came from individuals located in California. Followed by 11% in Ohio or Texas; 8% in Nebraska; 5% in Illinois or Utah; and 2% in Idaho, Michigan, Minnesota, New Jersey, New Mexico, Oregon, Pennsylvania, Tennessee, or Virginia.  Approximately 46% of the individuals worked for state agencies, with 35% working for local or county agencies. Fourteen percent worked in the U.S. federal system. One response was received for an individual working at an agency in Canada.  The vast majority of individuals responding, 73%, had experience in probation. Thirty-seven percent had experience in parole and 13.5% with pretrial services cases.  Approximately 11% of the respondents were chiefs or administrators.

The most prevalent supervision practice to manage offender cyber-risk was home and/or employment visits, with 70% identifying it use. This was followed by 68% using computer searches or Internet investigations (such as checking social media).  Sixty-two percent used location monitoring devices. Fifty-seven percent of the individuals indicated they used computer monitoring.   Thirty percent of the respondents used polygraph examinations.

Many of the individuals reported using more than one supervision technique. Fifty-four percent of those who used home/employment visits also used computer searches or Internet investigations. Thirty-eight percent of those using home/employment visits also did computer monitoring.  Of those who did computer searches, 64% also did computer monitoring or Internet investigations.  Twenty-seven percent of the respondents did home/employment visits, computer searches, computer monitoring, and Internet investigations.  Eleven percent of the respondents did everything, ie. home/employment visits, third party contacts, computer searches and monitoring; Internet investigations, polygraph examinations, and location monitoring. Fourteen percent of the respondents report their agency has monitoring software installed by law enforcement. Another 11% used a private contractor to install monitoring software on offenders’ computers.  Approximately 32% reported that law enforcement personnel from outside their agency conduct computer searches on their behalf.  No respondents reported their agency used a private contractor to conduct computer searches for them. Respondents noted their agencies used computer monitoring and/or searches to manage risk in the following types of cases:

  • Sex Offenders, 78%
  • Internet Harassment/Stalking, 35%
  • Internet/Identify Fraud, 27%
  • Check Fraud, 22%
  • Hacking Offenses, 16%
  • Counterfeiting, 16%
  • Approximately, 19% reported not using either computer monitoring or searches to manage cyber-risk in any cases.

Respondents collectively identified the following resources lacking in the management of offender’s computer use:

  • Training, 65%
  • Time/Other Resources, 62%
  • Staff, 46%
  • Equipment and/or Monitoring or Search Software, 41%
  • Policy/Procedures, 32%
  • Judicial Support, 27%
  • Administrative/Management Support, 22%
  • Legislative Support, 22%

Okay, what does all this mean? Well, clearly agencies are using various techniques to manage cyber-risk, with home or employments visits of all things, topping the list. Home visits are great for detecting if an unauthorized computer is in the home or work site. However, such visits alone are useless in determining what someone might have done on a computer. At least 54% of the agencies doing visits agreed with me because they also use computer searches. I would hope it would be higher. I was bit surprised to see that only 57% of the respondents report their agency used monitoring software and only 30% used polygraph examinations. I was disappointed more agencies were not using both computer monitoring and searches. They must not have read the American Probation and Parole issue paper or seen the webinar on that topic.  I was not surprised to see how many individuals were reporting their agencies lack such things as training, time, staff, equipment and software. More is needed if officers are expected to effectively manage cyber-risks.  I wonder what these results would have been had I done this survey when I started writing these articles. With 65% noting they needed more training, I can’t imagine it being much worse.  Between 22% to 27% observe they lack administrative, legislative, or judicial support in managing offender computer use. I know law enforcement is being relied on by some agencies to install monitoring software and to search computers. But, will they be able to help to the extent needed? Remember my 2007 comment noted above. We clearly are still not doing enough and I fear we are creating an unacceptable risk to our communities. It is meaningless if courts and parole authorities impose conditions that can’t be enforced by supervision officers, with or without the aid of law enforcement.  Hopefully, if I do this survey again in a year or two the results be will better. Until then I left a cigar lit somewhere. Be safe out there and enjoy the holidays.

Art Uncategorized

Investigating Internet Crimes….. We are going to Print!

October 28th, 2013

Todd Shipley’s and my book is finalized and in the hands of our publisher, Syngress. Release date is November 22, 2013.

Art Uncategorized

A Tor Primer for Probation and Parole Officers

October 11th, 2013

Probation and parole officers know about drug users and what to look for right? We test for drugs, we look for unexplained cash, and obviously for drugs. Well, recently, it was announced that the FBI had arrested the alleged leader of Silk Road,  a website on Tor, involved in the illicit drug trade. I am not talking about the sale of “fake pot” (“Spice,” “K2,” “Blaze,” and “Red X Dawn”) which I mentioned way back in 2011.  I am talking about an open market for real marijuana, heroin, cocaine, literally any drug you can name it.

What are Tor and Silk Road,  what are their “urls” and how can I get there? Well, you can’t get there from here. Additionally, you also need to understand something about bitcoins, the digital currency used to buy and sell drugs and other contraband on the underground. Let me give you some information and some hints to help bring you up to speed. First, let talk about Tor, which stands for The Onion Router Network.   Tor was developed with funding from the U.S. Navy and allows users to surf the Internet anonymously. The user must download some free software to access Tor. If a used properly, Tor makes it very difficult to identify who a user is or what they are doing online. So difficult in fact, that the National Security Agency (NSA) considers it … “[s]till the King of high secure, low latency Internet anonymity” and that “[t]here are no contenders for the throne in waiting”. Well Tor also has an area, called “hidden services”, where users can set up websites. These websites can only be found while one is using Tor and have dominion ending in .onion.  So folks can set up hidden websites on a network where user’s activities can’t be traced. One final comment, Tor is not itself illegal to use or have. Yep, that is a perfect place to set up an illegal drug market.

Okay, now where do bitcoins come in? Well bitcoins are currently not regulated. They are in many ways untraceable and can be converted back and forth from regular currency. Additionally, bitcoins are maintained in an electronic wallet, which can be stored on a cell phone (there are apps for that after all). Finally, bitcoins have real value, trading in the area of $135 to $137 for one bitcoin. Are you following this? A hidden website for illegal markets, on a network where your activities can’t be traced, where you can buy things with an unregulated currency that is difficult to trace and very portable. It is a perfect environment for 21st criminal behavior!

In my previous drug-cyberspace related article, I provided some suggestions for probation and parole officers. Let me add a few to consider in light of the possibility of supervised offenders using Tor to get drugs, either for personal use or for sale:

  • Be aware of offenders with packing boxes/envelopes either an excessive amount for shipping or discarded packing containers.  Pay attention to where the packages are being set or received from. Out of country or out of state addresses might be a read flag, unless your offender is on E-Bay selling beanie babies. Consider having discarded packages tested for traces of drugs, such as with a canine drug detector.
  • Bitcoins are not illegal and can be used for legitimate purposes. Currently, monthly supervision reports ask for income, expenses, bank balances, etc. in dollars. So you are going to have to periodically make a separate inquiry about bitcoins. Start with tech savy and youthful offenders. Also ask those with anti-government views. Does your offender have any and how much? What are they doing with them and where are they getting them? These are valid supervision questions, particularly in light of their value and the potential to easily use them for illegal purposes.
  • Check their devices for electronic wallets that are used to handle bitcoin transactions. They can be stored on any computer, including smart phones. Be aware they can also be stored online.
  • If your are looking only at the browser history during your computer searches, be aware that Tor browsing history is not going to show up in the normal history. The Tor website can be accessed from a normal browser, that is how you get the software. Visiting the Tor website will show up in browser history, provided they haven’t cleaned their history.  However, accessing the Tor network is a different matter. Tor comes with bundled with a specific browser, currently Firefox, which connects to the network. This Tor configured browser could be anywhere on a device. There is even a portable application for using Tor from USB device. If you can do text searches, consider Tor (exact),  onion, and Vidalia (Tor creates a folder called Vidalia) . If you suspect your offender is using Tor for illegal purposes, also seek guidance from your local law enforcement computer unit. A computer forensic unit can help you find what they might be doing on Tor, provided you have a device for them to examine.
I don’t want to give you the idea that being aware of Tor, its hidden services, and bitcoins, is only a good idea for those who supervise drug cases. Weapons, explosives, false ids, hacking tools, etc, are also being bought and sold on this network and the hidden websites. Additionally, sex offenders are trading and distributing child porn via hidden Tor locations.  If you are supervising offenders in the 21st Century you are going to have to get up to speed with how the Internet and computers can be used inappropriately by criminals. Okay, that is my lecture for the day. Where did I put my cigar at? Be safe out there.

Art Uncategorized