Balich and his partner, Detective Ernie Blanchard, don't even bother to try figuring out who was at the keyboard. That's someone else's job. For them, just digging up and poring over the data from criminal enterprises is a full-time effort. "Imagine walking into someone's business cold and having to figure out how their entire business works by looking only at their computer," sighs Blanchard.
To make things harder, crooks hide information in the damnedest places. Some of them disguise the data by burying it in hundreds of lines of mind-numbing programming code. Others stick it in hidden areas of their hard drives. Still others interweave incriminating information with information from legitimate operations. Even for pros like Blanchard and Balich, ferreting out the dirty data from a single operation can take weeks. And it's getting worse. Three years ago, when Balich joined the unit, the average hard drive he saw had about 120 MB of disk space. Today, it's not uncommon for him to see a 3 GB hard drive. A disk that size that's full of suspect data could take about 3,000 man-hours to analyze--about an hour of analysis per megabyte of data. In an attempt to cut the time spent on each case, Blanchard and Balich continually refine their search methods and criteria.
Despite these challenges, there are some advantages for law enforcement in the trend to high-tech crime--if the criminal operation is a small one. If a Mafia middleman gets busted in Newark and the cops seize his computer, the data will likely reveal bits and pieces of the business that don't add up to a clear picture of what's going on. But in an operation as small as, say, Brandon Kessler's, the cops may find all they need on a single seized PC.
The owners of a massage and prostitution parlor recently found this out the hard way when police raided their shop in West Hollywood, Fla., and seized a 486 PC. The investigators knew they'd need to have the evidence corroborated by testimony from a few customers to make the charges stick, but the proprietors had been careful to avoid listing customers' names anywhere in their records. However, mixed in with the usual spreadsheet software and financial records, police discovered a credit-card verification program. Instead of the normal swipe machine most businesses use with credit cards, the massage parlor/brothel had a program in which they entered every customer's credit-card number and expiration date. When they needed confirmation, they ran the program and, via modem, the software would contact the credit-card companies to verify the information. A phone call to the companies provided names to go with the numbers, and investigators didn't have to get far down the list before they got a handful of terrified customers who agreed to tell all--on the promise that their wives wouldn't be notified.
In addition to getting evidence when a computer is seized, law enforcement gets something else: new equipment. It's a good thing, because police-department budgets seem to be trailing those of criminals when it comes to computers. Detective Bambrick says he works almost entirely on seized and forfeited computers, except for a few machines donated by IBM; the Nassau County Police Department has only just begun to budget funds for computer-crime-squad technology. Bambrick notes that the number of crimes committed with the aid of a computer has tripled in the past year alone, yet he's only recently been assigned new people.
The gap could grow wider. While local law-enforcement agencies try to keep up with the new-age criminal by taking courses in Microsoft Word and Lotus 1-2-3 and learning to check suspects' desk blotters for scribbled passwords, the criminals are jumping to the next level of sophistication. Dennis Hilliard, director of the Rhode Island State Crime Laboratory, who teaches a class in computer evidence at the University of Rhode Island, agrees that some criminals could be safeguarding their data via magnetic doorways that erase information as soon as the computer is carried over the threshold. Others are turning to encryption software, which converts data on a hard drive or in an E-mail note into a scrambled form that has to be "decrypted" with a software "key"--known only to the criminal--to be intelligible. One simple encryption program known as PGP is widely available over the Internet for free. Michael Hall, an independent consultant who works with police departments, has been running into encrypted evidence, and it scares him. "If you intercept an E-mail message and it's encrypted," says Hall, "you're done."
One of the biggest headaches looming on the law-enforcement horizon is the advent of personal communication systems. PCMs are ultra-sophisticated versions of cell phones that transmit data digitally--and so can't be tapped. MCI, Sprint, and other companies that make the devices loudly tout them as more secure than cell phones. "Everyone from Colombian cartels to two-bit school-yard drug dealers know you can't monitor these things," grumbles one DEA agent. The devices are already popular with dealers in the Northeast from Boston to Baltimore, even though most of the public isn't even aware of the new phones' existence.
But in the end, it may not be state-of-the-art technology that positions criminals to wreak the most havoc. The standard stuff can still do the trick. Take the car-theft ring L.A.S.D. Detective Jeff Enfield encountered recently. Having stolen more than 100 luxury vehicles, mostly Toyota Land Cruisers, the thieves used a simple desktop-publishing program and a couple of laser printers to print out counterfeit registrations, complete with bogus vehicle identification numbers, for each vehicle. Then they had the vehicles, along with the fake paperwork, driven down to Guatemala, where they sold them to unsuspecting wealthy citizens who never questioned the authenticity of the documents.
Other car-theft rings, says Enfield, produce reasonably convincing documents with the same software he himself uses to write up his reports--WordPerfect. Still other crooks go down to their local computer store to buy a program typically used by health clubs and other legitimate businesses to produce membership cards that contain data on a magnetic strip. The program can be employed to recode the strips on the backs of stolen credit cards and to clone cell phones.
Where do the bad guys learn the technical information they need to set up these programs? What little it takes can often be found on the Internet or through more-traditional criminal grapevines, including prison. One of the best sources for techniques, though, has been the courtroom, where criminals, cops, and expert witnesses alike often spill the beans in full, clear detail while testifying. In fact, sources within law enforcement admit to being urged by federal agencies to keep the technical talk in the courtroom to a minimum. While acknowledging the wisdom of that advice, ex-DEA agent O'Leary is also a little disheartened by it. "Technology talk has always been the best way to wake up bored jurors," he explains.
Sarah Schafer is a reporter at Inc. Technology.
