interested in joining corrections.com authors network, email us for more information.
search corrections.com archives
I have not forgotten the blog. I am about two and half chapters away from finishing a cybercrime book specifically for probation and parole officers. I have a deadline and will be pick this blog back up in earnest very shortly. I have some ideas for some topics but before I put them out there, lets hear what you have in mind. For now back to work…and a cigar!
Recently, we have saw a “hacker group,”, loosely known as Anonymous wage a denial of service attack (DDoS) against various companies that withdrew services to WikiLeaks. This was done in a supposed noble defense of WikiLeaks. Now it appears the same group has taken credit for attacks against Sony. Why attack Sony? Because Anonymous believes individuals should be able to modify PlaySation3 consoles and Sony’s says they no they shouldn’t be and are fighting the copyright infringement with legal action. It is sort of like I disagree with you and we end up in court and you then throw a rock through my window (funny…. I didn’t mean to bring Microsoft into the mix…LOL). Well apparently, more then a rock got thrown through Sony’s “window.” It now appears that 2.2 million credits cards with CVV were stolen as well. Anonymous is now only claiming they broke the window, not that they stole anything. Who exactly are “hackers”?
Initially the term came to refer to individuals who pushed technology to its limits. Hacking was making technology (hardware/software) do more, more efficiently, etc. However, somewhere along the mix it began to be used as a term to describe individuals exploiting technology for illegal purposes. Latter the term crackers came to refer to hackers who did bad things, such as breaking into systems, causing damage, stealing data, etc. We also had the “color” system if you will, in part no doubt due to the old adage in Western movies, good and bad guys wear different colored hats. Yep you guessed it you have White Hat hackers (good guys) and Black Hat Hackers (bad guys). Of course, you also then have the Grey Hat Hackers (good or bad, depending upon what they are doing). As an old John Wayne fan I never really paid much attention to what hat he was wearing but that is beside the point.
In my opinion, hackers have come to enjoy a unique position in our society. For instance, there is no such thing as a “white hat” embezzler, drug dealer, or bank robber. The closest think I can think of is maybe Robin Hood, where he was a criminal but his ends justified his means (steal from the rich and give to the poor). I suppose there was some romanticizing about train/bank robberies, Jessie James or even Bonnie and Clyde. But in the end we still consider them criminals when all is said and done. We just don’t have other offender groups being described by their head apparel. I also am amazed being a hacker is viewed by some as the best pathway to becoming an IT security expert. It is sort of like someone being a burglar or robber as a path to a career as security professional. I guess these folks think honest hard work and education just doesn’t look as good as I was a criminal on a resume.
So what does this have to do with corrections? Well, many of these folks do get caught. They go before a judge and someone has to look at what was done and make a call. Answering it was illegal is easy. What do you do with them? Some would argue they are Robin Hoods, making information free for the world. Some believe they are just really smart and the corporations are the real corrupt ones. (See The Conscience of a Hacker)
Here is the problem I have. My Robin Hood didn’t burn Sherwood Forrest to help the poor. He also did not use the poor as pawns in his fight with the rich. Take a look at the Sony case. They have a right to protect their intellectually property. They were pursing the matter in court, following the law. A group of offenders breaks into Sony, allegedly to embarrass them. However, someone during the break-in, (more then likely the same folks that broke in) stole 2.2 million credits cards with CVV. There are reports that those card number are being sold. Sony looks bad for the security breach. But was it really necessary to harm Sony’s customers in the fight to make right? So, are hackers misguided “Robin Hoods”, out to defend us against the big bad corporations out there? Or are they what we normally call, common criminals?
On the other hand some of these “criminals” are what we call in the business, “success” stories. “rtm”who released the first Internet worm, later went on to get a doctorate and is a respected expert in the field. The “Condor” is an author and runs a successful information security consulting firm (not withstanding my comment about criminals becoming future security experts). The “Dark Dante” is a senior editor for a major publication as well as an accomplished author.
The bottomline to this discussion, is corrections must do what we always do. Condemn the acts but not the individuals. Hackers, whatever the reasons, are offenders, not modern Robin Hoods. They can be rehabilitated. They are however not modern day technological heroes. Making them sound like a quarter pounder with cheese does not change the fact they have no meat between the buns. Take care and be safe. Time for a cigar!
Well, I haven’t forgotten. I am finishing up teaching a cybercrime course and of course there is the book. I have some ideas in the hopper which should be about to pop. I am thinking about a hacker piece and of course there are some new updates on sex offenders and computers (joy right?). Anyway, hope to have something ready by weeks end. Thansk for your patience!
Congratulations to the High Technology Crime Investigation Assocation (HTCIA) on 25 years of excellence. Started in 1986 by a band of committed law enforcement and private sector professionals it has grown to the largest non-profit professional organization of it kind in the world. Their membership continues to be made up of individuals concerned about in prevention, investigation and prosecution of crimes involving advanced technologies. I might add that probation and parole officers in the last few years have joined its ranks as well.
HTCIA 2o11 International Training Conference & Expo is being held at the Renaissance Esmeralda Resort & Spa Indian Wells, California near Palm Springs. Look for speakers/workshops on the following topics:
For more details check http://www.htciaconference.org/. For details about HTCIA and how to become a member visit their website at HTCIA.org.
@NYCMayorsOffice
Someone, apparently an offender, posted this to a Legal Question Board
http://www.avvo.com/legal-answers/can-parole-completely-bar-my-access-to-computers—402575.html
Can parole completely bar my access to computers, cellphones, and internet-accessible electronic devices? Viewed 21 times. Posted 1 day ago in Criminal Defense – Brooklyn, NY
I am a sex offender convicted of a crime involving the internet and a minor victim. On release, the DOP imposed a condition preventing possession or use of any computer, cellphone, or internet-accessible electronic device. This would seem appropriate, but I am not allowed to use them for legit reasons, i.e., searching for employment, work, or attending college/vocational programs. Also, the Electronic Security and Targeting of Online Predators Act specifically says in section 1, “Legislative purpose and findings”, “Therefore, any measure that restricts an offender’s use of the internet must be tailored to specifically target the types of offenses committed on the internet while not making it impossible for such offenders to successfully reintegrate back into society.” Can I fight this?
There is no mention that someone is posing this question on their behalf. So, if they are posting…online…obviously with a computer…they have already violated their conditions. DOP might be Department of Probation, City of NY.
If so, DOP, you may have a live on on your hands! Good hunting!
An article appeared early this month that Charles Manson, the infamous murderer, was found with mobile phone in his cell, which he used to make calls to and send text messages to people in California, New Jersey, Florida and British Columbia (Choney, 2010 and Dolan, 2010). The same article noted another murder had been maintaining a Facebook® profile via a concealed BlackBerry® (Choney, 2010 and Friedman, 2010)
Mobile phones were never meant for use by prisoners (They were called “cell” phones because of the cellular technology, not because they were designed for use by individuals in cells). The mobile phone problem in prisons is growing at an alarming rate. More and more of these devices are being found inside our prisons. Unfortunately, the devices are not being used just to connect with love ones and to avoid exorbitant collect calls. They are being used in extortion schemes; tax evasion plots; drug deals; credit card fraud; prison riots, and escapes (Justicefellowship.org). In South Carolina a mobile phone was used to order a hit against a prison guard (Kinnard, 2010).
The federal response has been to pass a law that makes it a crime to smuggle a mobile phone into a federal facility (Frieden, 2010) Impressive uh? States without such laws, like California need to follow suit. Such laws make sense but do they stop the smuggling of anything into prison? We still have inmates smuggling drugs in. It is too bad we can’t do something to make the item smuggled, in this case a mobile device, worthless.
Wait, there is something. There is actually technology that could be used jam the devices communication. Unfortunately, an antiquated law specifically, The Communications Act of 1934, as amended and Federal Communications Commission (FCC) rules prohibit the use of such devices, even in a correctional setting. At the time this law was passed and no doubt when FCC rules, were adopted no one thought there would be devices so small they could be smuggled into a prison setting and be used undetected. In 2005, the FCC reiterated its position on these devices (FCC, 2005)
Construction materials may hold an option that block signals but do not jam them, and therefore fly under the legal restrictions. However, that is going to costly and not a perfect solution. There is federal bill, Safe Prisons Communications Act of 2009, introduced on January 15, 2009, that would provide the legal mechanics for state prisons to start using these jamming devices (National Conference of State Legislatures, 2009). Many state corrections departments support this. Prisoner advocacy groups like the Justice Fellowship support it. However, it being held up. The cause? Washington gridlock, maybe. However, it is just as likely that greed is to blame. You see there is money to be made off the prisoners if you can come up with a system where inmates have to pay to use controlled “cell” phones.
So if is truly money that is the hold up, how much is the cost of a prison guards life anyway? What about if Manson had convinced a new bunch of crazies to go do his evil bidding via “cell” phone and killed innocent citizens? What are their lives worth? Lets take the phones out of the cells and get this law passed. Until then at least I have designed to adopt the British term for such devices, mobile phones. The idea of “cell” phones just doesn’t set well will me.
References
Choney, Suzanne, (2010) “Charles Manson had Cell Phone under Prison Mattress” Retrieved December 21, 2010, from http://technolog.msnbc.msn.com/_news/2010/12/03/5574585-charles-manson-had-cell-phone-under-prison-mattress
Dolan, Jack, (2010) “Charles Manson had a cellphone? California prisons fight inmate cellphone proliferation” Retrieved December 21, 2010 from http://www.latimes.com/news/local/la-me-prison-cellphones-20101203,0,2436484,full.story
Federal Communications Commission (June 27, 2005) “Sale or Use of Transmitters Designed to Prevent, Jam or Interfere with Cell Phone Communications is Prohibited in the United States” retrieved from http://www.fcc.gov/eb/Public_Notices/DA-05-1776A1.html
Frieden, Terry, (2010) “President Obama Signs into Law Ban on Cell Phones in Federal Prisons” Retrieved December 21, 2010, from http://articles.cnn.com/2010-08-10/us/obama.prison.phone.ban_1_cell-phones-phones-and-wireless-devices-prison-gangs?_s=PM:US
Friedman, Emily, (2010) “Convicted Murderer Justin Walker Used a Blackberry to Talk to Friends on Facebook While in Prison” Retrieved December 21, 2010 from http://abcnews.go.com/US/convicted-murderer-updates-facebook-page-prison-cell/story?id=12286265
Justice Fellowship (2010) “The Case for Cell Phone Jamming in Prisons”, Retrieved on December 21, 2010 from http://www.justicefellowship.org/key-issues/issues-in-criminal-justice-reform/inmate-telephones/pf-commentary-inmate-telephones/12696-the-case-for-cell-phone-jamming-in-prisons
Kinnard, Mag, “Attack on SC Prison Guard Renews Phone-Jam Debate”, Retrieved on December 21, 2010, from http://www.usatoday.com/tech/wireless/2010-09-13-prison-cellphone-jam_N.htm
National Conference of State Legislatures (2009) H.R. 560, Safe Prisons Communications Act of 2009, Retrieved December 21, 2010, from http://www.ncsl.org/default.aspx?tabid=16176
William Sturgeon’s article “Cyber Attack” hits on the need for corrections to make sure they are up on their collective games when it comes to IT security. He brings up a excellent points. One area that I would add is corrections facilities also have to think beyond their four walls. Let me explain a bit.
Many prisons are located in rural areas. They may have alternative sources of power, water, etc. but for how long? If the power grid that provides resources to them is hit by a cyberattack what will happen to them? They may have the best security measures in place…but if xyz facility that supplies power, water, etc. to their facility is taken out by a cyberattack… what then?
This is one of the changes we all face…not just corrections… in dealing with cyber-attacks. A good link that provides some more on this topic is http://www.youtube.com/paulcdwyer.
Corrections agencies, particularly their IT should become part of groups such as Infragard (infragard.net) so they can network on a continuing basis with others (public and private) concerned about protecting the infrastructure.
An attack against a correctional facility, particularly if it caused a mass escape or riot, would be one additional method for a terrorist to blend a cyber attack on other targets…or a real world attack…. to make an an overall impact much more serious.
Imagine an cyber attack against a city, that cuts off power or other needed services, a cyber-incident at a nearby correctional facility, and a real world terrorist incident occurring in the vicinity, with another cyber attack against communications, all occurring within minutes of one another. How thin would that stretch government resources…how great the impact? As Sturgeon notes we (corrections) need make sure we do not ignore the wake up call on this issue.
I just read an article quoting a prosecutor about how difficult it is to enforce a ban on social networking site (SNS) use by sex offenders on probation. (http://www.live5news.com/Global/story.asp?S=13606071). The rationale is the same that we seen before. Those “crafty” sex offenders use computers in the privacy of their homes. They often use different screen names and they don’t put their pictures on the account. What is a poor law enforcement or corrections official suppose to do to catch them?
Funny, this same argument can be made for probationers’ drug use. You know it is really hard to stop offenders from using drugs. They do it in the privacy of their homes. Hardly ever do they do it in front of law enforcement or their officers. We drug test them but still they do it.
PLEASE, give me break. Why is a sex offender on probation given free access to the Internet without monitoring by their supervision officer? Monitoring or even periodic searches would prevent them and/or catch them with a social networking presence. Even if they don’t access the account with a monitored computer, they can be caught. I know. I have done it. Even offenders without monitoring leave traces of their presence. For instance, many sex offenders are using their REAL NAME, with accurate biographical information. Others are recycling old names. I have seen sex offenders get text messages or long distance calls on their cell phone, which when traced back, reveal they had a social networking profile. Law enforcement all over the country have caught sex offenders at local libraries accessing SNS (so much for argument they only do it in the privacy of their own homes).
The other argument is it takes a court order to get access to the account for prosecution. And? What is the point there? The only one I can see is for those “crafty” sex offenders who are using bogus information. How important is it for law enforcement or corrections to detect the ones lying and hiding in social networking locations? These are the ones you really want to go after and get locked up.
Think of it as you have two sex offenders at a playground. Both are not suppose to be there. One, is not wearing a disguise and sitting on a park bench, in the plain open. The other is hiding in the bushes, with a disguise on. Both need to go, but which one is a serious threat to kids? Are officers not suppose to look causes it is hard?
By the way, a court order is really just the start of the process. Once the court order is obtained law enforcement is not really done. The information provided will provide names and addresses, all of which could be made up (or real). Law enforcement wants the Internet Service Providers Address (ISP), which they can use to trace back to the sex offender’s location and computer. So do you really think the only thing law enforcement is going to find on a crafty sex offender’s computer is their Facebook® friends? I would guess you might find child pornography or information of future or actual VICTIMS.
Additionally, sex offenders in many jurisdictions have a requirement to disclose all Internet Identifiers. Not disclosing this information is failure to maintain sex offender registration, a felony. So there is more than just a social networking prohibition violation in many of these cases, depending upon the jurisdiction and what is found on the computer. And of course you have the supervision violation issues. How important is it to remove a non-compliant sex offender from the community? You know the one caught in the playground, with a disguise, hiding in the bushes.
Finally, social networking sites will terminate a sex offenders’ profile post haste. Facebook® is very clear on their user agreement that sex offender’s are not allowed access and they will terminate the account. More SNS need to follow their lead on this point, particularly those which allow minors access. Even MySpace®, which was purported in the article to be dragging there feet, has removed thousands of sex offenders from their site. Gee, how were they and Facebook® able to find all those sex offenders on their sites and remove them if it ws so difficult?
I gave a comparison earlier about how hard it is to stop drug use. Well consider this for a moment. Drugs only stay in an individual’s system so long. So if they use once, depending upon when you test them, you might not catch them. It will be out of their system. The more they use, coupled with frequent testing, the better the chance of catching them. The same holds for Internet use. They might get on once and get missed. However, the more they do it the better the chances of catching them. Oh and computer use, particularly posted online, (unlike drug use) can be detected for a very long time. It might be there months, even years, after it was done. Same holds for data found on a computer. (It can also be very fragile but that is another story).
It is really about managing the risk and using all the tools at one’s disposal. This is also resource and training issue. Officers need resources and training. In also may be that corrections and law enforcement need to educate prosecutors, the public, press, and politicians about the differences between difficult and impossible. Difficult maybe..but not impossible.
First things first. I want to thank Corrections.com for giving me a chance to inform and enlighten on their site. They have been a leader in providing valuable information on corrections via the Internet for sometime. I will make every effort to continue their tradition of excellence in providing quality information on cybercrime for the correctional professional.
Now what are my “creds” as it were for tackling this subject? I have been working in law enforcement/corrections at the state and federal levels for over 25 years now. I literally have had work experiences at every level of the criminal justice process, from law enforcement investigations through post conviction supervision activities.
My interest in cybercrime dates back at least to 1990. I had just read Organizing for Computer Crime Investigation and Prosecution by Catherine H. Conly (1989), U.S. Department of Justice, and found it a compelling topic for law enforcement. I even approached my employer at the time about the need to develop computer investigation skills. From that time forward I took every opportunity that presented itself to learn more about computers and high tech investigations.
Years later, when I again found myself working in corrections, I was shocked to find that few had realized the significance of this topic on probation, parole, etc. I renewed my cybercrime interest with a keen focus on information related to corrections. To this day it is a continuing journey, which I hope to share with you through this blog.
For the past 10 years I have been specifically charged with investigations/supervision of cyber-offenders. This includes sex offenders, fraudsters, cyberstalkers, to name a few. I have installed monitoring software on offenders/defendants computers and have also searched computers. I have also completed investigations involving collecting information from the Internet on offender’s activities.
Do I have a degree in computer science? No, my degrees are in criminal justice (BS) and corrections (MA). What about special training? Well I have training from all the big players, (SEARCH, National White Collar Crime Center, the Federal Law Enforcement Training Center, the FBI, and the High Technology Crime Investigation Association).
You will soon find you don’t have to be able to read binary code (that the 0’s and 1’s code that computers interpret) to understand what is being discussed. Also, you don’t need to be C or Perl programing expert to grasp the skills/techniques that are being used by correctional professionals to address cyber-risk. I hope to challenge the reader to think about this topic and act on the knowledge it brings to prepare for the future.
To paraphrase a well known television show… “Let us boldly go where no one has gone before.” Gee, what else would you expect from someone interested in this topic?….LOL (Laughing Out Loud).