restricted access 7. Transnational Investigation of Cybercrime
In lieu of an abstract, here is a brief excerpt of the content:

>chapter:7 transnational investigation of cybercrime As earlier chapters noted, cybercrime creates many new challenges for law enforcement. Those chapters dealt with challenges that arise under U.S.lawandthestructureofU.S.lawenforcement;theythereforefocused primarily on cases in which the commission of the cybercrime occurred within the United States. This chapter examines a separate set of challenges : those that arise when the commission of a cybercrime involves perpetrators in one country and a victim in another country. Cybercriminals can easily target victims in other countries. That complicates law enforcement’s task because police agencies are territorially based; every law enforcement agency is located in, and derives its authority from, a particular nation-state.1 A law enforcement agency from one country—forexample,theUnitedStates’FederalBureauofInvestigation or France’s National Police—therefore has no legal authority to conduct an investigation in another country’s territory. This makes it difficult (or even impossible) for national police to investigate transnational cybercrimesandapprehendcybercriminalswhoarelocatedinanothercountry . Consider the Bullitt County cyber bank heist. The victim—the county government—was in Shepherdsville, Kentucky. The means the default responsibility for investigating the crime would fall to local law 172 | cybercrime and the law enforcement, probably the Bullitt County Sheriff’s Office. The Bullitt County Sheriff’s Office is no doubt perfectly qualified to investigate bank thefts when they occur in the real, physical world; such investigations focus on finding witnesses who can describe the robber or the vehicle the robber used to flee the scene of the crime, locating fingerprints and other trace evidence, and examining surveillance cameras for images of the thief.Theinvestigation mayalso focusonfindinginformantswhomaybe able to identity the thief and on other, traditional investigative methods. None of those methods were viable options in the Bullitt County cyber bank theft. The investigation of that crime focused primarily on digital evidence: trained computer investigators would analyze the processes the perpetrators used to access the county’s account and initiate the wire transfertodetermine(1)themethodologyusedtocarryoutthecrimeand (2) the location from which the perpetrators operated. The investigators should be able to gather most of the evidence they need to determine the methodology used in the crime by analyzing digital evidence left in the bank’s computers and the county treasurer’s computer. They might also be able to determine the country from which the perpetrators operated. Assume, for the purposes of analysis, that the Sheriff’s Officeinvestigators wereableto determine,withafairlevelofconfidence, that the perpetrators used an Internet service provider (ISP) in Kiev, Ukraine. That creates two logical possibilities: one is that the perpetrators were (and presumably still are) in Kiev; the other is that they used the Kiev ISP as their direct route into the Bullitt County bank but were physically located elsewhere. To determine which scenario is correct, investigators need to be able to get information from the Kiev ISP. Local law enforcement officers in the United States use search warrants or subpoenas to obtain information about subscribers from U.S.-based ISPs. The Sheriff’s Officeinvestigators in this scenariocoulduseasearchwarrantor asubpoenaissuedbyaBullittCountyjudgetoobtainsubscriberinformation from a U.S.-based ISP, but neither has any legal effect in Ukraine (or any other country). A Bullitt County warrant or subpoena would, at best, be enforceable in the state of Kentucky; it would not be enforceable in any other U.S. state because each U.S. state is itself a distinct sovereign entity. In an effort to overcome this difficulty, the local investigators might (as they apparently did) contact the FBI and ask for assistance; the FBI could (assuming the evidence establishes probable cause) obtain a search war- Transnational Investigation of Cybercrime | 173 rant from a federal magistrate or a subpoena from a federal grand jury, either or both of which would demand that the Kiev ISP provide subscriber information that would let investigators identify the person or persons who used the ISP’s account to target the Bullitt County bank. The problem , of course, is that federal warrants and subpoenas are also only enforceable in the territory of the sovereign that issues them, that is, in the United States. In either instance, then, the Kiev ISP could (and no doubt would) simply ignore the warrant or subpoena. These scenarios are simplified versions of how such an investigation would proceed, but they illustrate the procedural problems U.S. law enforcement faces in investigating transnational cybercrimes. The next two sections examine two cases in which U.S. officers used very different strategiestopursuecybercriminalswhooperatedfromoutsidetheUnited States. Case 1: Invita The Invita case began when the FBI was called in to investigate a series of intrusions from...


pdf

Subject Headings

  • Computer crimes -- United States.
  • Computer networks -- Law and legislation -- United States -- Criminal provisions.
  • Computer viruses -- United States.
  • Computer hackers -- United States.
  • Criminal jurisdiction -- United States.
  • You have access to this content
  • Free sample
  • Open Access
  • Restricted Access