Digital Crime: Test 2

Pen/trap statute

This just covers 'records' of digital communication, not the content of the communication.

Pen/trap device

A tool used in digital crime investigations to record who a suspect communicates with (like phone numbers or IP addresses) without capturing the actual content of the messages.

Application of old law to digital evidence

This old law applies to digital evidence by allowing investigators to collect online communication data, like IP addresses and email headers, instead of just phone numbers.

Digital evidence coverage

For digital evidence, the law has been applied to cover records of digital communications like email addresses, IP addresses, and account information.

Court order for digital records

Allows law enforcement to apply for a court order to get digital records of communication if info is 'relevant to an ongoing criminal investigation' (determined by a judge).

Duration of records collection

You can get up to 60 days of records, then apply for another 60-day extension.

1968 federal wiretap statute

This one involves not just records of communication, but real-time electronic surveillance of the communication of criminal suspects.

Wiretap evidence court use

Wiretap evidence cannot be used in court unless one of the following exceptions applies.

Court order exception

Get approval from DOJ and the US District Court of Appeals. Good for 30 days.

Consent exception

One-party vs two-party consent states; Ohio is a party consent state, so one person involved in communication can consent to surveillance.

Provider exception

Administrators of computer networks are allowed to monitor communications on their networks (not police) and can provide evidence to police.

Trespasser exception

A victim of a computer attack can authorize police to intercept communications.

Extension telephone exception

Covers routine recording of communications through criminal justice facilities like jails/prisons, police departments.

Inadvertently obtained evidence

Evidence obtained by providers and forwarded to police under the silver platter doctrine.

Publicly accessible communications

Unencrypted info broadcast over public networks is not protected (social media).

1986 Electronic Communications Privacy Act

This one regulates how the government can obtain stored account info from internet service providers (ISPs).

Privacy protection categories

Info to be obtained must be specified under one of the three categories: 1. Basic subscriber info (name, address, bills), 2. Subscriber logs (e.g., email destinations), 3. Content of communication.

Internet traffic analysis

The process involves internet traffic analysis by the FBI, CIA, and NSA.

US Patriot Act

The US Patriot Act expanded police power in cases that are 'terroristic offenses.'

FISA court

Approvals often go through the FISA court (the federal intelligence surveillance court).

US of Secrets issue

The tension between national security and individual privacy, the government's collection of vast amounts of digital communications through surveillance programs.

Post-9/11 surveillance context

Post-9/11, the U.S. government expanded surveillance to prevent terrorism; agencies like the NSA collected data from phones, emails, and internet activity.

Thin thread

An NSA program designed to collect and analyze intelligence while protecting Americans' privacy by encrypting personal information.

Trailblazer program

Refers to Trailblazer, which aimed to track communications without the privacy protections of ThinThread; it became expensive, controversial, and less efficient.

Edward Snowden

A former NSA contractor who leaked classified documents in 2013, revealing the extent of government surveillance programs on both Americans and foreign citizens.

DOJ (US Department of Justice)

Headed by the attorney general or the chief law enforcement officer of the United States; the agency is really a bunch of lawyers who are mostly federal prosecutors who work for the U.S. Attorney's office.

CCIPS

Computer crime and intellectual property section; attorneys who specialize in computer crime cases including fraud, theft, and intellectual property crimes.

FBI (Federal Bureau of Investigation)

Investigates any federal crime not designated to another agency, including civil rights crimes, organized crime, and financial crimes.

Cyber Division

A specialized unit of the FBI focused on cyber crimes such as hacking, online sexual predation, and internet fraud involving organized crime groups.

RCFL

Regional Computer Forensics Labs that assist in investigations involving computer crimes.

NW3C

National White Collar Crime Center; a portal for reporting internet fraud and a database that tracks computer crime complaints.

InfraGuard

Facilitates the exchange of information between the government and private businesses on threats to critical infrastructure.

NSA (National Security Agency)

Code breakers in WWII; all work is highly classified, primarily involving computer scientists and software engineers.

FTC (Federal Trade Commission)

Lawyers focused on protecting consumers from business fraud and abuse, with identity theft being a significant concern.

US Postal Service

Mail delivery service established in 1830; US postal inspectors conduct joint investigations with other agencies on crimes involving mail.

DOE (Department of Energy)

Administration of domestic energy production, working with private energy corporations that largely own the infrastructure in the US.

Specialized Units

Created in response to changes in federal response to cybercrime and terror post 9/11 attacks to enhance collaboration and effectiveness.

Collaborative Units

Units that help federal agencies work with other agencies to address cybercrime and terrorism.

Jurisdiction Issues

Problems related to the authority of federal versus state/local agencies in handling cybercrime and terrorism.

Cyber War

Exploiting weaknesses in the cyber systems of other nations, often involving the NSA.

Identity Theft

A significant form of consumer fraud that the FTC focuses on protecting against.

Federal Crimes Involving Mail

Any crime involving mail, such as identity theft, drugs, child pornography, bogus checks, mail theft, and check washing, is considered a federal crime.

CIRC

Cyber incident response capability

DHS

Department of Homeland Security, a post 9/11 agency that coordinates federal agencies.

NCSD

National Cyber Security Division, responsible for risk assessment and resource allocation to protect critical infrastructures.

National Cyber Alert System

Allows local agencies to report threats to federal authorities.

Cyber Cop Portal

Web-based information sharing system used by local police departments in computer crime investigations.

National Vulnerability Database

A clearinghouse/library of software and hardware vulnerabilities.

ICE

Immigration and Customs Enforcement, involved in human trafficking and sex tourism.

C3 Cyber Crimes Center

Focuses on fighting against criminal sexual exploitation of children (CSEC).

Secret Service

Protects the president and addresses counterfeiting and computerized reproduction of financial instruments.

Policing in the US

Local policing involves 15,000 agencies, most of which are small with fewer than 25 officers.

Hacker

An individual with a profound interest in computers who uses this knowledge to access computer systems with or without proper authorization.

Phone Phreaks

Forerunners to modern hackers who broke into landline phone systems in the 70s and 80s.

Software Crackers

Individuals who overcome copyright protections of digital media, including music and games.

Programmers of Malware

Creators of viruses, worms, and DOS attacks.

Script Kiddies

Young, unsophisticated hackers who use pre-designed malware.

Social Engineers

Fraudsters who deceive people into giving away credentials or access to systems.

Hacktivists

Hackers who use their skills to convey a political message.

Dumpster Diving

The practice of searching through garbage for passwords and technical manuals to hack systems.

White Hat

Ethical hackers who engage in software testing and network security.

Gray Hat

Ethical hackers who sometimes violate laws for recreational or profit purposes.

Black Hat

Malicious hackers who operate for profit and are often part of organized criminal groups.