Canterbury Christ Church University

Document Sample
Canterbury Christ Church University Powered By Docstoc
					                       Canterbury Christ Church University

                     Department for Crime & Policing Studies

                       MFIMD3 ICT & Forensic Investigation

Critically assess the nature of the relationship between new technology (particularly
                                    ICT) and crime.

   Pay particular attention to the challenges to traditional approaches to forensic
 investigation that these new forms of crime present. You may illustrate your answer
    by reference to a particular example, for example the use of cryptography by
                 paedophiles, crimes of credit card cloning and so on.

Cryptography is a field of mathematics and computer science concerned with
information security. As the amount of internet users continue to increase, so to does
the level of computer related crimes. As a security measure, cryptography has become
widely available and accessible as a means of providing a level of data protection,
designed to prevent the illegal access of private information.
Unfortunately, as well as providing security and protection from illegalities, it is also
being used to facilitate illegal activities enabling the criminal to maintain and transfer
illegal information, without anyone other than the intended receiver having the ability
to decipher it.
The essay will study the relationship between cryptography and crime. Assessing the
benefits and detriments concerned with the use of cryptography, exploring how it is
used as a tool to both prevent and facilitate computer related crime, focusing on
crimes involving child pornography, the use of encryption by paedophiles and the
problems that encryption presents to both law enforcement and criminal
investigations. The concluding section will consider how and whether there is a need
for cryptography to be controlled.

Historically, cryptography was concerned solely with encryption, a method of
converting information from its normal, form into an incomprehensible format,
rendering it unreadable without secret knowledge. It is now widely used as a
protective data tool, offering techniques for authentication, signatures, interactive
proofs, secure computation and steganography.
The use of Cryptography can be traced back to over four thousand years ago, where
ancient Egyptian, Hebrew and Assyrian civilisations developed cryptographic
systems, to conceal written information, shown within papyruses and stone
inscriptions (Menezes, et al., 1996). The use of codes and ciphering systems were
utilized during both the First and the Second World War, by both sides for tactical
communications (Pell, 1999).
Cryptography systems became increasingly used in the 1960’s, due to a huge increase
in the use of computers and communication systems; leading to a high demand for
security services and the protection of digital information.
This demand led to the development of the Data Encryption Standard, widely known
as DES, which forms the worldwide standard for securing electronic commerce for
many financial institutions. In 1976 Diffie and Hellman introduced the revolutionary
concept of public-key cryptography and an ingenious method for key exchange.
Based upon their ideas, in 1978 Rivest, Shamir, and Adleman discovered the first
practical public-key encryption and signature scheme, allowing people to have private
access to their encrypted data. The scheme is now known as RSA (Menezes, et al.,
1996). The search for new public-key schemes, improvements to existing
cryptographic mechanisms, and proofs of security continues, as electronic commerce
and new areas of technology become an important part of modern life (Freeh, 1997).
Vast improvements in information and communications technology have greatly
increased the amount of information-related services; according to the Office of
National Statistics (2006) twenty nine million adults has access to the internet in
2005, eighty six percent had access to the internet in their homes and fifty two percent
of the connections were high speed broadband connections. These increases have led
to general rise in the amounts of hi tech, computer based crime; posing significant
security risks for computer users. To overcome the increasing risks, data protection, in
the form of encryption software is becoming increasingly available to anyone who
uses a computer. Many can be downloaded at no cost, straight from the internet;
providing either a strong or a weak level of data protection, stored in the form of files
on hard drives, removable media and packets, sent over computer networks (Pallas,
The increased use of cryptography, in particular data encryption has had positive
benefits in many different areas of society. Its use within online banking and
consumer websites, enable secure money transactions. It provides greater intellectual
property protection, in both public and private sectors and its increasing use within
internet protection and security, has significantly reduced the amount of internet
crimes that are being recorded (Castrell, 1999).
This is not the case however for internet pedophile cases and offences involving the
indecent images of children. According to Grabosky & Smith (1998 p. 119) there has
been a ‘rapid growth in the use of telecommunications systems for the transmission of
objectionable or offensive material,’ in particular the exchanging of indecent images
of children. ‘In 1995 the Greater Manchester Unit seized a total of 12 indecent
images; by 1999 the figure was 41,000 - all but three, in digital form’ (McAuliffe,
2001 p.1).
The main reason for this increase is the internet; its fast and secure means of
communication provides new methods and options that can be exploited by
paedophiles; chat rooms, instant messaging, web based and client server mail
accounts, websites and message boards can all be used as a tool to facilitate in crime.
They often use the internet to create online criminal networks, where they can meet
other paedophiles and exchange indecent images, fantasies and as a way of gaining
access to victims. The networks are often hierarchical in structure and very secretive,
access is usually given by invitation only. According to the National Criminal
Intelligence Service (2005) the individuals are often very intelligent and highly skilled
in the area of computing, using their skills to conceal their activities from the police is
one of their main priorities. These skills often include using high level encryption
software, encrypting files which contain illegal text and images of children that if
found could be used as incriminating evidence. By using strong encryption
techniques, they are creating a very high level of security, enabling the data to be
stored and exchanged, without being intercepted and discovered by police and law
enforcement investigators (Grabosky & Smith, 1998).
Investigating paedophile offences, like most computer based crimes, require a
specialist level of expert knowledge. Recognising this, the police have set up a
number of specialist units, for example the Computer Crime Unit, to specifically deal
with this area of crime. The unit’s main aim is to learn more about this continuingly
developing crime area, and to develop new techniques and methods to designed,
specifically to combat hi-tech crimes (NCIS, 2005).
The investigations often involve a raid, where evidence is seized and documented
ready to be examined and analysed. To retain a high level of integrity of the evidence,
standard forensic principles and procedures apply. The evidence, whatever form it
may be in, must not be tampered with, outlined in the four basic principles of ACPO,
which must be followed in order for the evidence to be admissible in court. After the
evidence has been collected, it is then closely examined and analysed (Asncroft,
2001). This process is often greatly impeded by the increasing use of counter
intelligence methods used by paedophiles and the use of cryptographic encryption
software. Encryption makes it either ‘extremely difficult or impossible for
investigators to analyse evidence, which they may have already collected,
documented and preserved’ (Casey, 2004 p.5). Without the appropriate analysis and
the physical evidence of the indecent images, there may not be enough evidence to
prove that the individual committed the offence.
The controversial case of Scarfo showed that encryption does not always impede an
investigation; sometimes the techniques used by investigators are enough to decipher
encrypted files. Nicodemo Scarfo was suspected of illegal gambling and loan
sharking; investigators on the case, managed to obtain permission to use recovery
methods, which involved the use of a key logger system. The system recorded
everything Scarfo typed on his computer and from this information they were able to
capture the pass phrase to Scarfo’s private PGP key, which they used to decrypt his
data. Despite raising privacy concerns, the case led to Scarfo being charged and
convicted in June 2000 (Casey, 2004).
Gaining the permission to use key logger systems is not a common occurrence and the
increase in the use of ‘strong’ cryptography, containing levels of 128 bit or more,
mean that without the correct key, the encryption is completely unbreakable. Levels
below 128 bit are referred to as weak encryption, unlike strong levels, with a
significant time and effort these encryptions can be broken (Pallas, 2005).
The complications that can be experienced from the use of strong cryptography, to
both the investigators and the criminal trial process, are highlighted in the
Wonderland case. In 1998 an International police operation, code named ‘Cathedral’
conducted a raid upon the world’s largest ever international child pornography
network; known as the ‘Wonderland Club.’
The raid involved the ‘seizure of nearly a million illegal child images and 1800
sexually abusive child videos’ (McAuliffe, 2001 p.2). ‘All of the children featured in
the images were under 16, with one victim being just three months old’ (BBC, 2001
The secret network of paedophiles was infiltrated by the National Crime Squad,
unveiling a sophisticated world of encryption; where pornographic images of children
were highly protected and could only be accessed through a number of private
servers. To ensure the security of the club, a ‘Traders Security Handbook’ was
available to all members on the network, showing them how to configure their
computers, using Bestcrypt coding to encrypt their files.
The use of encryption meant that out of the entire international network, only one
hundred and seven paedophiles were caught and arrested. Action was taken in a
quarter of the forty six countries where the club existed and only on a fraction of the
club’s members were caught, due to the investigators being unable to obtain the
encryption keys and crack the encryption codes used to hide the suspected illegal
images of child pornography contained in a number of hard drives. Some of the
computers were even sent to other countries to run extensive code breaking
programmes, which lasted for up to thirty days but the strong encryption could not be
decrypted. The results of the case showed that out of the total one hundred and seven
men arrested, only fifty were convicted, twenty two are awaiting trial, twenty seven
are not known and eight of the charged men committed suicide. Sentences ranged
from twelve to thirty months, none of the men received the full three year sentence
(McAuliffe, 2001).
In contrast to the Wonderland case, three years later, in 2001 witnessed the more
successful case, named ‘Operation Appal.’ Operation Appal involved the seizure and
examination of a number of suspected paedophile’s computers; leading to the
successful arrest of thirty three people.
The investigation was led by Greater Manchester Police's Obscene Publications Unit,
who used ‘enhanced and improved techniques, with specific software written by
computer firm SurfControl, to help officers locate individuals accessing obscene
images’ (BBC, 2001 p.1). Following the Operation, the head of the Obscene
Publications Unit, Inspector Terry Jones revealed that ‘encryption was not something
that impeded their investigations’ and that ‘encryption is not and never has been a
major issue - it is not as commonplace as one would suspect....If an individual is an
abuser, the evidence of him abusing a child will have been circulated on the Internet,
and the images can be traced back to him’ (McAuliffe, 2001 p.2).
When discussing the relationship between the use of cryptography and criminal
activity, it is important to consider that its use as a privacy tool, can be distinguished
as both essential or non essential. As an essential privacy tool cryptography protects
the vulnerable against illegal and unwarranted attacks, whereas a non essential
privacy tool can indiscriminately provide benefits to anyone who uses it.
In this sense, the use of strong cryptography has both positive and negative aspects; it
provides protection from anyone attempting to illegally access an individual’s private
data, even if they hold the encrypted data in their possession.
The negative aspects are, as previous cases have shown, that strong encryption allows
illegal information to be maintained or transferred, to others without anyone other
than the intended having the ability to decipher it.
Encryption also inhibits criminal investigations, as the activities and the offence itself
can be hidden from the police and other agencies that are attempting to investigate
them (Pallas, 2005). Due to the fact that cryptography is used as a tool for both the
criminal and the innocent among society, it is difficult to identify who is using it to
facilitate crime and who is not; highlighting the need for the use of cryptography and
encryption methods to be controlled.
One way of doing this, is through the use of the Escrowed encryption system; which
involves the government holding a key to every individual’s encrypted data, allowing
them access to the stored information, if required. This would enable the government
to decode and analyse the data belonging to suspected criminals, including
paedophiles which could significantly aid investigations.
The system has advantages, but many view it as a potential invasion of privacy and
breech of freedom of speech. Many also see the system as a huge risk; if the database
was hacked in to, all of the containing data could be violated, leading to sensitive
information being disclosed (Freeh, 1997).
Another control method has been undertaken in the United Kingdom, involving the
passing of the Regulation of Investigatory Powers Act, 2000. The act allows members
of society to use strong encryption as they wish, but only on the basis that they
disclose the key, should the police demand it.
The act does avoid the security problems involved in the Escrowed system; however
it does not protect the individual from potential dishonesty and corruptive behaviour
from the government (Pallas, 2005).
As technology and the computer systems used in society continue to develop, the
encryption methods, which are now viewed as ‘strong,’ will become weak and much
more technologically advanced encryption levels will be available to everyone,
including those who choose to pursue in criminal activities.
The increase in the levels of encryption will mean that investigators will no longer
have the resources and technical means to examine and analyse the evidence involved
in hi tech crimes. Before new techniques and methods can be developed, a system to
control the use of cryptography must be put in place in order to distinguish the
criminal cryptographic user from the innocent.