Why Cyber Investigations Are The New Focus For Law Enforcement
In 2016, GCN conducted a cybersecurity survey across local governments in the United States. More troubling than the rate of cyberattacks it found being committed was the fact that many local jurisdictions were unaware that they were being targeted, or did not keep track of cyberattacks at all.
Cybercrime is a growing hurdle for law enforcement. More crimes at every level involve some element of cyber activity. This is significantly changing the way law enforcement approaches criminal investigations, as well as their own security and processes. How is law enforcement currently approaching cybercrime, and what does the future of that approach look like?Cyber Activity in Crime Is The New Normal
Cases passing through law enforcement agencies are increasingly associated with cybercrime. This has a number of major impacts on law enforcement, from how evidence is collected and stored, to the choice of tools and expertise used in digital forensics.
There are a number of ways that cyber activity plays a role in modern crimes and evidence:
- Communications. The dark web is designed for anonymity. This makes it useful for coordinating crimes in the real world, especially at a distance. For example, gangs functioning in different cities might use the darknet to share photo or video evidence of a murder requested by their superiors.
- Digital evidence. Darknet communications and video serves as valuable evidence. Victims or perpetrators could also be actively posting on social media. Even if content isn’t directly related to a crime, geotagged posts can point to their whereabouts and add further evidence to a case.
- Conventionally non-digital crimes. The darknet is full of marketplace listings for stolen identities and financial information, theft, child pornography, drug trafficking, and sex trafficking.
- Radicalization and mass shootings. Darknet forums are linked to radicalizing extremist views. Perpetrators active on forums like 8chan are known to post manifestos prior to mass shootings. Manifestos often include references to past shootings, hate speech, and even descriptions of the plan or weapons used.
- Cyberattacks. From individual citizen targets, to police agencies, to the federal government, law enforcement is seeing more criminal cases related to breached data, identity theft, doxxing, and more.
Police Are Active Targets
Because the dark web allows for user anonymity, it’s no surprise that law enforcement is targeted by cybercriminals. What do police-targeted cyber attacks look like?
- Doxxing attacks. Cybercriminals target police officers by finding and breaching personal information. For example, police involved in the Ferguson (2014) shootings were doxxed. Police involved in enforcing unfavorable laws or in shutting down protests linked to hate groups on the dark web are frequent targets of doxxing as a means of “hacktivism.”
- Denial of Service (DoS) attacks and system hacking. Cybercriminals can bring down systems essential to law enforcement. For example, Baltimore’s 911 and 311 dispatch systems were taken down for 17 hours in 2018, forcing operators to dispatch manually. Law enforcement system hacks can also mean that sensitive data, such as personal information or classified digital evidence can be stolen.
- Phishing and social engineering. Law enforcement workers are often targeted in phishing attacks. These are typically delivered as genuine-looking emails that either convince victims to offer sensitive information, or redirect victims to a fraudulent website that requests information. A 2018 audit by the state of Michigan found that a third of state employees tested opened the fake phishing email.
Handling Cybercrime Is a Growing Challenge
These threats drastically affect the way law enforcement approaches risk management and investigation. An increase in available digital evidence combined with rise in police-targeted data breaches means that strategies for keeping that evidence secure and internally accessible need constant improvements.
The way police approach investigations also requires a shift. Crimes detected in the real world need to be investigated for links to crimes in the digital world. For example, police making a drug bust might be unaware of associated communications or listings on the darknet. This disconnect further fuels illegal activity on the dark web.
Many non-federal law enforcement agencies don’t have the resources or staffing to complete timely and effective cyber investigations, which often rely on local government IT departments for support. This means law enforcement has less control over investigation processes and that law enforcement strategies and intel do not overlap. The Fairfax County Police Department, which has a Cyber and Forensics Bureau, found that it takes about USD $95,000 over 1.5 years to train and equip a new digital forensic examiner.
Training and Security Tools
To tackle these challenges proactively, law enforcement requires increased personnel training and investment in investigative and security tools.
It’s not necessary for all police to become IT experts to address new challenges caused by digital crime. Because the dark web is involved in more and more cases, however, law enforcement needs to invest in educating their personnel on how cybercriminals operate, what the dark web is, and how it works.
Social engineering tactics and phishing are extremely common law enforcement threats, as it’s usually easier to dupe people than it is to hack software. Agencies can avoid these threats more effectively by educating personnel on attack detection and exercising caution when responding to digital communications.
Personnel should also be trained on a number of security best practices. Administrative system access should be granted only when necessary. Data should be encrypted and backed up to prevent losses in the event of a breach. Best practices for passwords, two-factor authentication, and mobile devices (avoiding connection to unsecured wifi networks, for example) should also become part of basic training and standard processes.
Security tools and software help law enforcement protect their agencies, and approach computer forensics more effectively.
- Leverage internal security by investing time and resources into software patches, anti-virus/anti-malware software, and penetration testing, whether internally or by a third-party security service.
- Verify the security of any third-party vendors or cloud services that support law enforcement systems.
- Invest in threat intelligence tools. Darknet discovery tools such as Beacon index deep web and darknet data using keywords and filters, with no need for a Tor browser. This helps alleviate the time, expense, and learning curve involved in dark web investigations. It can also alert law enforcement to threats before they happen, or expedite incident response. For example, if law enforcement discovers a suspect document, such as a manifesto, on a darknet forum, they can take security measures in the event that the post leads to a shooting.
Cybercrime investigations are complex and time-consuming, despite their increase in demand. Police, especially non-federal agencies, don’t necessarily have the resources or expertise to handle threats and investigations quickly and effectively. The future of law enforcement is to invest in up-to-date security best practices and digital crime training, as well as tools that give police easier threat intelligence access without becoming IT experts.
Book a demo today and see how Beacon can streamline your cyber investigations process.