Executive Summary
The current paper presents a plan for the development of a cybercrime task force for St. Louis County. The plan provides an overview of the most relevant areas of cybercrime threat to assign priorities for the task force, describes its proposed structure, including the required skills of the personnel and a list of necessary partnerships, identifies the essential equipment, and determines legislation for its successful functioning.
Current Threats
According to the latest data, one of the most common types of cybercrime in the county of St. Louis is online scamming. The report from the Internet Claim Complaint Center, an organization responsible for the detection of breaches in cybersecurity, the population of the county is knowledgeable of only a fraction of the possible scams such as the popular Nigerian letter (Nikiforova & Gregory, 2013).
On the other hand, the vast majority of more recent and, therefore, less well-known scams pose a serious threat to the population of the county. A relatively recent illustration of the scenario is the rental scam made public by St. Louis Circuit Attorney, where the listing for the rental of the property was created for a real estate company in an attempt to prey on the trusting individuals. While the reported case was timely detected and traced to Nigeria, such successful outcomes are relatively rare.
The reports of scams performed via popular online platforms such as Craigslist gradually increase in frequency. Currently, the report indicates the total number of victims of cybercrime in the state of Missouri as 4,096, which places the state at the twentieth position in the country (ICCC, 2016). The reported total financial loss is above $15 million in the state, which corresponds to the 18th position (ICCC, 2016). The total number of victims per state is 1,384, which is a notable improvement compared to the data from the previous years but still insufficient for characterizing the scenario as that within the safe boundaries.
The techniques used for scamming include a range of claims that encourage the victims to disclose their financial information and identity through intimidation or persuasion. Importantly, some of the scams rely on more complex schemes that are modeled after genuine employment while are meant to recruit people for unknowing participation in money laundering schemes and handling of stolen funds. Such a scheme is more difficult to detect since the victims can remain unaware of the fact of participating in cybercrime for a relatively long time.
Another apparent threat is digital sabotage. Such activity involves the disruption of the function of certain online resources, such as official websites of organizations. Unlike scamming schemes described in the previous chapter, digital sabotage does not necessarily involve the possibility of financial gain. On many occasions, it revolves around the intention to impair the functionality of the organization by disrupting its online capabilities.
In other instances, the attackers attempt to threaten the organization by the possibility of sabotage to pursue their goals. Such a scenario was observed in St Louis County in 2014 when an activist hacker group notified the authorities of their intention to attack the official website of the county and the county police if the latter attacked the members of a peaceful demonstration. The attack performed on August 14 resulted in the crash of both resources as well as a loss of sensitive data from the surveillance system (LeftOfYou, 2014).
However, it is important to understand that unlike online scams that rely mostly on the level of trust invoked in their victims (and therefore preventable through non-digital means), at least some forms of digital sabotage are expected to increase in occurrence over time. For instance, the distributed denial-of-service (DDoS) attacks are becoming more effective with the development and mainstream adoption of information technology, the trend that is expected to increase in pace in the foreseeable future.
Also, Sfar, Natalizio, Challal, and Chtourou (2017) report that the rise in popularity of the Internet of Things contributed massively to the increase in the DDoS attacks’ affordability, which can already be traced in the increased frequency of large-scale attacks on notable resources, including the official websites of national governments. While in several instances the law enforcement was able to track and arrest the perpetrators, it should be understood that the capabilities of the attackers to remain undetected will increase with as the technology becomes more common.
Finally, it should be pointed out that while digital sabotage does not necessarily involve financial gain, it provides the possibility of extortion, where the criminals issue a warning attack followed by the demand to transfer payment. While no statistical data is available on the proportion of extortion-driven sabotage, the warnings were issued by the cyber-security agencies cautioning against the cooperation with the attackers. Again, the expected growth in accessibility and affordability of the sabotage resources suggests the increased occurrence of such attacks.
Another major cybercrime type is identity theft, where the perpetrators obtain access to information about the individuals’ credentials required to gain access to their bank accounts. This type of cybercrime grows in popularity as more transactions are occurring online using digital currencies. Despite the introduction and gradual adoption of credit cards equipped with chips that breach a major security gap by making card counterfeiting much more complex, the rates of identity theft remain relatively high. The latest report by Javelin strategy and research revealed that a total of $16 billion was stolen from more than 15 million individuals in the U.S. (Javelin, 2017).
This number constitutes a more than two million increase in the number of victims compared to 2015 despite the security measures. The growth can be attributed to the introduction of the new methods of fraud as well as the emergence of new types of malicious software that automates the process of identity theft. It is also worth mentioning that aside from gaining access to bank accounts, the obtained information can be used in a variety of ways including loan fraud, employment-related fraud, and government documents or benefits fraud, which currently constitutes the majority of stolen identity applications (Cassim, 2015).
Top Priority Crime Types
Considering the information above, digital sabotage, online scamming, and identity theft should be considered the top priority of the task force. The primary reason for such choice is the likely increase in the occurrence of each type of crime. For instance, identity theft is expected to increase in likelihood as financial institutions and retail vendors move away from cash as a payment method in favor of online-based solutions.
Besides, the attempts of the service providers to simplify the process of usage of their services will likely increase the proportion of the individuals whose technical proficiency is insufficient for the understanding of the basic concepts of safety. Combined with the overall increase in the number of customers, such a scenario will increase the statistical likelihood of security breaches and, by extension, the number of complaints issued by the victims of cybercrime. Ultimately, the workload of both the security departments of the said organization and the law enforcement in the area is expected to increase.
The occurrences of digital sabotage are expected to grow independently of the geographical location due to the worldwide adoption of the smart devices capable of Internet connectivity, the increased affordability of means of cybercrime, and the growing awareness of the possibility among the potential perpetrators. However, the expected magnitude of the trend introduces the necessity of local response as it is sufficient for the disruption of the local infrastructure. As was noted in the previous section, the county has already been subject to a similar crime, and while the origin of the attack does not necessarily reside within the geographical boundaries of St. Louis, the outcome included the loss of sensitive data and a possible privacy breach that was within the responsibility of the local authorities.
Finally, the practice of online scamming is facilitated by the mechanisms independent of the development of information technology and its adoption on the consumer level. However, the recent developments in the field suggest that the level of literacy necessary for the successful avoidance of the threat is insufficient when compared to the progress made by the criminals. Thus, unless a coordinated effort is initiated that targets the issue directly, the preventability of the issue will decrease significantly.
Cyber Crime Task Force Structure
Several issues need to be taken into account in the process of developing the task force. Specifically, the legal basis for the entity must be considered, the police department should be identified to which the task force may be related, the resources that should be allocated, and the structure of the future organization. The most feasible source of funding for the task force at hand is the St. Louis police department to which the unit will be attached.
The most apparent areas of funding are the establishment of the specialized forensics laboratory, purchase of the equipment, training of the personnel, and operational expenses. The key parties responsible for the project will be the police department, the Attorney General’s Office, and the FBI. The core staff will be formed from the experts transferred from the police department and the FBI and knowledgeable in the respective fields whereas the rest will be trained after the initial assembly.
Organizational Structure
The task force will utilize the functional organizational structure. Specifically, the subsets within the organization will differentiate based on their specialty. Since the unit itself will be a highly specialized part of the St. Louis police department, it will integrate three core divisions. The computer forensics will be responsible for the collection handling, securing, and preservation of the information from digital devices in the process of the investigation.
The data and information analysis division will provide resources for analyzing the acquired data, establish the patterns and trends, develop and maintain the analytical systems, and coordinate efforts with external analytical vendors. The investigation division will handle the analysis results, establish communication and partnerships with involved stakeholders, and manage the investigation process. Each division will be headed by the manager with representational and decision-making powers. The managers of the division will report to the task force director. The centralized nature of the functional organizational structure will provide the possibility of each division to focus on their field of responsibility with a sufficient degree of autonomy.
Personnel and Skills
The personnel for the task force will be recruited based on the primary areas of proficiency necessary for its successful functioning. The said areas include investigation, data analysis, prosecution, and legislative assistance, public education, and training.
The investigation personnel can be hired from the St. Louis police department based on the criteria of proficiency in the traditional investigative skills, knowledge, and experience in the field of cybercrime, and the availability of specialized skills in the domain of information technology. The previous involvement in law enforcement will ensure the necessary degree of familiarity with the legal aspect of the investigation and can later be updated about the specificities of the IT-related field.
They will be expected to demonstrate the moderate to advanced level of understanding of the principles of operation of the popular hardware and software to be able to establish the culpability of evidence located on a digital platform and perform a meaningful interrogation of the subjects involved in cybercrime. Additionally, they need to be able to establish communication and facilitate partnerships with representatives of traditional law enforcement.
The data analysts need to be able to handle the data retrieved in the process of investigation, analyze it for patterns, and synthesize the information that may be helpful for the investigation. The personnel from this division will work in close collaboration both with the investigators and the prosecutors and are thus expected to have strong interpersonal skills as well as basic proficiency in legislation and investigation.
The proficiencies of the prosecution and legislative assistance personnel will largely align with the skills expected of those from traditional law enforcement with an important addition of the knowledge in cybercrime-related laws and regulations.
Finally, the public education and training staff will be required to have broad and advanced knowledge in the areas of information technology and cybercrime, as well as the skills and experience necessary for its effective communication to the public. It is also important for them to have organizational skills to facilitate a successful educational campaign in St. Louis. Also, they need to be able to update the knowledge of the personnel and thus ensure the relevance of the experience of the task force.
Federal Agencies
The first federal agency necessary crucial for the effective functioning of the task force is the Defense Cyber Crimes Center, a subsidiary of the Department of Defense. Next, the Internet Crime Complaint Center can be approached to obtain important information.
Finally, the Cyber Crimes Center of the Immigration and Customs Enforcement must be contacted. All of the identified agencies can provide an advantage in terms of investigation means or the areas of authorization unavailable to the task force. It is also important to partner with the US Attorney’s Office to participate in a coordinated effort against cybercrime alongside other agencies and gain access to training programs aimed at increasing the expertise among the task force’s staff. Finally, partnering with the Federal Trade Commission would be beneficial for the facilitation of educational and awareness campaigns for local consumers targeting emerging cyber threats and viable preventive measures.
Cyber Crime Task Force Equipment
Considering the pace of development of the cybercrime domain, it is necessary to ensure the availability of the modern equipment and the accompanying technology, as well as establish the mechanisms that would ensure its timely update. The most important aspect of the equipment is the up-to-date computer hardware to conduct investigations. The configuration of the computer terminals must be designed by a specialist in the field.
The terminals will harbor the latest software solutions, including generic platforms as well as specialized applications for the management of forensic data. Next, means of gathering, storage, and encryption of the information must be obtained and properly configured. The specific solutions would include network signal detectors, communication equipment and software, and data storage hardware (Koenig, n.d.). Network security must be handled with the utmost care, necessitating the introduction of security suites such as firewalls, anti-malware, and antivirus software.
Aside from the equipment issued to investigators, a cybercrime lab must be established within the task force. The lab will contain evidence room for both physical and digital items, at least one air-gapped terminal for secure storage of important information, data recovery tools, data validation software, and a forensic analysis platform. The listed equipment will provide essential investigation capabilities to the team, including the possibility to detect and analyze footprints left by the perpetrators. Also, the security measures are intended to minimize the risks of data leakage and disruption of the investigation process whereas the latest hardware will ensure the necessary level of performance.
Legislation
Due to the diversity of areas and types of cybercrime, the local legislation needs to be modified to cover the acts not specified by the federal laws. Specifically, the theft of money and personal information is already subject to criminal responsibility in the county (United States Department of Justice, n.d.).
Therefore, the area requiring the passing of new provisions is digital sabotage. The provisions need to specify the criteria for the unlawful access to a computer, tampering with data, appropriating the hardware for malicious purposes, and using generally accepted activities in aid of a crime (Moafa, 2014). The said laws should be passed by the Missouri legislature and incorporated into the existing Missouri Revised Statutes. In this way, it would be possible to increase the capacity of the proposed task force to investigate cybercrime and prosecute the perpetrators.
Conclusion
Cybercrime is a relatively new and rapidly developing phenomenon. Considering the latter characteristic, it becomes clear that an equally modern and responsive task force needs to be created to achieve the operational capacity sufficient for dealing with the crime. The recent trends indicate a possible increase in several areas, which were taken into account in the process of task force development.
However, it should be pointed out that numerous other areas, which were de-emphasized in the current plan, should not be overlooked. Specifically, the illegal trade, money laundering, and human trafficking are routinely facilitated with the help of information technology and can be effectively addressed using the resources and skills of the task force in question. Besides, it is worth pointing out that public awareness and knowledge in the area constitutes a major variable in the occurrence and severity of at least some types of cybercrime. While it was not sufficiently covered in the current plan due to the focus on investigating capacity, it must be considered one of the main preventive measures in terms of public safety of the county.
References
Cassim, F. (2015). Protecting personal information in the era of identity theft: Just how safe is our personal information from identity thieves? Potchefstroom Electronic Law Journal, 18(2), 68-110.
ICCC. (2016). 2016 Internet crime report. Web.
Javelin. (2017). Identity fraud hits record high with 15.4 million U.S. victims in 2016, up 16 percent according to new Javelin Strategy & Research Study.
Koenig, D. (n.d.). Investigation of cybercrime and technology-related crime.
LeftOfYou. (2014). Breaking and updated: Anonymous cyberattacks St. Louis county police website.
Moafa, F. A. (2014). Classifications of cybercrimes-based legislations: A comparative research between the UK and KSA. International Journal of Advanced Computer Research, 4(2), 699-704.
Nikiforova, B., & Gregory, D. W. (2013). Globalization of trust and internet confidence emails. Journal of Financial Crime, 20(4), 393-405.
Sfar, A. R., Natalizio, E., Challal, Y., & Chtourou, Z. (2017). A roadmap for security challenges in Internet of Things. Digital Communications and Networks, 1-31.
United States Department of Justice. (n.d.). Cybercrime.