Cyber investigation has a big challenge because the tools that make communication more anonymous make it easier for illegal acts to spread. Some examples of this kind of behaviour are the trade of guns, drugs or prescriptions, the laundering of money, child pornography, and the targeting of cyberattacks.
Customs and intercepting the mail
Users of the online black market Silk Road can stay anonymous online thanks to Bitcoin and TOR encryption. The next chance for law enforcement to catch a crime is when illegal goods enter and move through the postal system. Even though checking mail in person is more likely to lead to the discovery of a crime than online monitoring, this strategy is not good for a number of reasons.
Since the amount of international trade is growing quickly, a lot more things are going through the international mail than ever before. In Australia, for example, about 45 million letters were sent and received internationally in 2010–2011, which was a 56% increase from the year before. Most of this increase was due to people making legal purchases on the internet. Even inspecting a small portion of this huge amount of mail puts a big strain on the resources of Customs. It’s like trying to find a needle in a haystack that keeps getting bigger and bigger.
In order to find the proverbial “needle in the haystack,” customs agencies are increasingly forced to focus their limited resources on mail items that raise a lot of suspicions.
Collecting evidence and deciding how to spend money
Cryptomarkets are an important and steadily growing way for illegal drugs to get to people. Because of the following, it is very hard for law enforcement to do their jobs:
- Goods that are found in the mail are not always enough to go to court.
- Surveillance is a resource-intensive way to gather more evidence.
- Most of the time, possession charges are lower for small amounts.
- Successful prosecutions typically end with consumers so there is no capacity to follow up the chain of supply.
Ways to do things
It’s not easy to look into a crime scene in the cyber investigation. To learn how to deal with hard cases and, most importantly, to get those cases solved, it takes years of study. This applies not only to real-world crime scenes but also to those in the digital world.
What is a cybercrime investigation?
Before we get to the “investigation” part, let’s go back to the basics: A digital crime, also called a cybercrime, is a crime that is done with a computer, phone, or another digital device that is connected to a network.
These electronic devices can be used to do one of two things: commit a cybercrime (that is, launch a cyber attack) or pretend to be a victim and get attacked by someone else.
So, a cybercrime investigation is a process of looking into, analysing, and getting important digital forensic data from the networks involved in the attack, which could be the Internet or a local network, in order to find out who did the digital crime and what they really wanted to do.
Cybercrime investigators need to know a lot about computer science, including software, file systems, operating systems, networks, and hardware for cyber investigation. They must be knowledgeable enough to determine how the interactions between these components occur, to get a full picture of what happened, why it happened, when it happened, who performed the cybercrime itself, and how victims can protect themselves in the future against these types of cyber threats.
Who conducts cybercrime investigations?
Criminal justice agencies
Criminal justice agencies are the operations behind cybercrime prevention campaigns and the investigation, monitoring and prosecution of digital criminals. Depending on your country of residence, a criminal justice agency will handle all cases related to cybercrime. For example, in the U.S. and depending on the case, cybercrime can be investigated by the FBI, U.S. Secret Service, Internet Crime Complaint Center, U.S. Postal Inspection Service or the Federal Trade Commission. In other countries such as Spain, the national police and the civil guard take care of the entire process, no matter what type of cybercrime is being investigated.
National security agencies
This also changes from one country to another, but in general, this type of agency usually investigates cybercrime directly related to the agency. For example, an intelligence agency should be in charge of investigating cybercrimes that have some connection to their organisation, such as against its networks, employees or data; or have been performed by intelligence actors. In the U.S., another good example is the military, which runs its own cybercrime investigations by using trained internal staff instead of relying on federal agencies.
Private security firms
In the fight against cybercrime, private security agencies are also important, especially during the investigation process. Even though governments and national agencies run their own networks, servers, and applications, they are only a small part of the huge infrastructure and code that is kept running by private companies, projects, organisations, and individuals around the world. With this in mind, it’s not surprising that private cybersecurity experts, research companies, and “blue teams” play a key role in preventing, monitoring, mitigating, and investigating any type of cybercrime against networks, systems, or data running on 3rd party private data centres, networks, servers, or simple home-based computers. Private agencies look into all kinds of cybercrime, including, but not limited to, hacking, cracking, spreading viruses and malware, DDoS attacks, online fraud, identity theft, and social engineering.