Every 3.5 seconds, a new threat is unleashed by cyber criminals into the online world of the internet. Cyber criminals can range from middle schoolers who vandalize websites to international terrorists who target a country’s defense infrastructure. A cybercrime is a crime that requires a computer system to complete the crime (e-mail scams) or a crime where the computer system is the target of the crime (hacking into a corporation’s database). An attraction for cyber criminals is the smaller chance of getting caught or punished compared to traditional crimes such as burglary or murder. An estimate of only one in seven cyber crimes are reported to authorities. In 2007, the Internet Crime Complaint Center reported 206,884 online cyber crime complaints for an estimated loss of $67 billion for United States corporations.
Novel cyber criminals may not know this, but believe it or not, the delete key on your keyboard is a phantom, an apparition. That computer image, email, or even cell phone text message you just “deleted” is not really gone. Rather than going into the trash, never to be seen again, the deleted email or text goes to an unallocated space on the hard drive which is available for retrieval in the future. Some criminals, such as those who engage in child pornography, are unaware that the information they attempted to delete is secretly tucked away deep inside their hard drives. Short of physically destroying a hard drive, it is rather difficult to wipe an entire computer clean.
While the internet may mask identities, there are tactics law enforcement utilizes to track down cyber criminals and the corresponding evidence to build a case. The only real difference between a traditional crime and a cybercrime are the tools used to complete the crime. In traditional means, a thief would simply pick-pocket you to steal your wallet; a cyber thief would sit at home and send an unsuspecting victim an e-mail scam (known as phishing) to steal your identity or credit card numbers. Furthermore, drug dealers may use encrypted emails to place orders for narcotics to their suppliers in neighboring countries. Gangsters can track their “jobs” through computer software applications and inventory their stolen property and list their victims. Cyber criminals may use secure software to remain anonymous and attempt to hide their IP address; and once identified by law enforcement, the maze to track down the cyber criminal has merely begun. Proxy servers allow cyber criminals to route their communications through several different locations or even countries. Because of this, it can be quite an exhausting challenge to track down cyber criminals.
IP addresses are vital because they allow computers to find each other anywhere in the world on the internet. When you send an e-mail to “Andrew Carrabis,” your computer is merely sending the e-mail to the IP address connected with my computer. Your computer isn’t buddies with mine, nor does it know me, all it knows is the IP address and that’s all that matters. And while cyber criminals will attempt to mask their IP address and cover their tracks, novel cyber criminals tend to unintentionally reveal their true IP address for the digital crime scene to uncover. Once you know the real IP address associated with the crime, courts may issue subpoenas that can verify an IP address with an Internet Service Provider and user – bringing the anonymous world of the internet to your doorstep.
In reality, however, police tend to focus on traditional violent crimes instead of cyber crimes, and rightly so. Law enforcement has higher priorities than computer hackers, and its resources are limited. Accordingly, this leaves the question of who will prosecute cyber criminals, and unless there is a large-scale attack on the federal government’s infrastructure, the answer seems to be private individuals. Unfortunately, this formula leaves “ordinary Joe” having to front his own bill to prosecute cyber criminals, while large corporations sweep hacking incidents under the rug so shareholders and clients are shielded from the facts that their information may have been compromised.
In the event a criminal case is pursued, electronic discovery (e-discovery) can make or break a case. Electronic data such as e-mails, text messages, website history, databases, and file fragments can have a profound evidentiary impact when charging a criminal with intent and proving the essential elements of federal statutes. Many federal courts now implement evidentiary rules dealing with e-discovery. The destruction of electronic material after the accused, and counsel, have been put on notice can subject both to economic and legal sanctions. In the ground breaking case of Zubulake v. UBS Warburg, the federal judge, after finding out electronic discovery requests were not complied with, allowed the jury the presumption that certain materials were eradicated from the computer to help the defendant avoid culpability. While evidentiary subpoenas may be the prosecutor’s tool, the accused has the Fifth Amendment in his deck of cards.
The Fifth Amendment of the United States Constitution provides, in pertinent part,
“no person shall be … compelled in any criminal case to be a witness against himself.” And since most cyber crimes involve electronic communications, a subpoena duces tecum may be especially incriminating to a cyber criminal. In the case of a cyber trial, this writ may request the cyber criminal to bring in his hard drive. However, the accused may assert the Fifth Amendment if the act of production of the tangible items has incriminating aspects if the act “testifies to the existence, possession, or authenticity of the things produced.”
So what is the answer to prevent and prosecute cyber criminals? It starts with you. Computer users need to be aware of cyber criminals’ tactics, especially as more and more baby boomers go online. Vigilance is needed at the forefront to avoid phishing scams and questionable websites. The police and Federal Bureau of Investigation should make cyber threats more of a priority. Banks and large corporations need to prosecute cyber hackers even in light of the embarrassment – no crime should go unpunished.
Technology constantly evolves and enforcers must keep up with changes. System defense modules and infrastructures need to stay one step ahead to detect hackers. Install hardware and software that will recognize hacker attacks and data spying. Use firewalls and virus detection systems. Implement backups so that digital evidence may be preserved. Allowing the collection of these key evidentiary components from the digital crime scene will facilitate charging and convicting a cyber criminal.
*Andrew B. Carrabis received his Juris Doctorate Degree, with Honors, from the University of Florida Levin College of Law. At the University of Florida Levin College of Law, Andrew served as the Editor-in-Chief of the Journal of Technology Law & Policy, Executive Research Editor of the Florida Journal of International Law, Senior Executive Articles Editor of the Entertainment Law Review, and Research Assistant for the Center for the Study of Race and Race Relations. Andrew is also a certified county court mediator and Guardian ad Litem for the State of Florida. I dedicate this article to my father, Vincent James Carrabis; thanking him for his guidance and support.
**Picture Source: http://trendsupdates.com/the-cost-of-cybercrime/