On the trail of cybersmugglers

On the trail of cybersmugglers

Customs center hunts criminals on the Internet

BY PREETI VASISHTHA | GCN STAFF

Federal agents helped rout an alleged Internet child pornography ring last month when four suspects in the United States and five in Russia were arrested.

For the Customs Service's CyberSmuggling Center in Fairfax, Va., the investigation, dubbed Operation Blue Orchid, was just another case cleared.


'To go out and buy a computer that just has our needs and our forensic tools is somewhat different from a standard commercial box,' says James Thomas, senior special agent at the Customs Service's CyberSmuggling Center.
Last May, Moscow police requested the assistance of the U.S. Customs attach' to investigate individuals running a Web site, hosted at www.geocities.com, that distributed pornographic videos of children.

The Customs attach' contacted the center, which conducted an undercover purchase of a video, resulting in the arrests and closure of the site.

Battling child pornography on the Net is just one of the center's jobs.

Envisioned in 1997 and dedicated in 2000, the CyberSmuggling Center fights crime via the Internet, including money laundering, drug trafficking, intellectual property theft and illegal arms trading.

'We have not found any new crimes as a result of the Internet,' center director Kevin Delli-Colli said. Criminals 'are just finding new ways to commit old crimes.'

Customs first came across computers being used for child pornography in 1989 by monitoring online bulletin boards. But the advent of the Web intensified the problem.

The CyberSmuggling Center was Customs' answer to keep pace, and child pornography remains the center's main focus.

It has partnered with the National Center for Missing and Exploited Children in Alexandria, Va., which operates a toll-free hotline through which people can pass on information about child porn on the Internet. The tips are made available daily to law enforcement agencies, specifically Customs, the FBI and the Postal Service.

Cyber skill set

The CyberSmuggling Center has an annual budget of $4 million and 37 employees, including agents and criminal investigators, some with training in computer forensics.

'Any time you have an Internet-related crime, you have computers at both ends, and you need people who can examine that for evidential purposes,' Delli-Colli said.

Besides the director, there are three assistant directors who head the Child Exploitation, Computer Forensic and Cybercrimes units.

The Computer Forensic Unit examines computers used in other crimes and trains field agents. It also works with the Bureau of Alcohol, Tobacco and Firearms, IRS and Secret Service to standardize forensic software, methods and training techniques.

Tech cramming

The training, called the Computer Investigative Specialist Program, involves two weeks of studying major PC operating systems and hardware components through a Computer Technology Industry Association certification program. Examiners also take two and a half weeks of advanced computer evidence recovery training, targeting network OSes.

The agents use souped-up PCs they've dubbed forensic media analysis desktops to conduct laboratory-like examinations in the office. The PCs are customized for the center.


'We have not found any new crimes as a result of the Internet,' says Kevin Delli-Colli, director of Customs' CyberSmuggling Center. Criminals 'are just finding new ways to commit old crimes.'
'To go out and buy a computer that just has our needs and our forensic tools is somewhat different from a standard commercial box,' said James Thomas, a Customs senior special agent. 'We want swappability of hard drives and components. We'll take this drive out and put another one in. We use different operating systems.'

To build these systems, Customs hired Skytech Inc. of Alexandria, Va. The 800-MHz Pentium III PCs can support as many as seven hard drives and run Microsoft Windows 98, Windows 2000 or Linux, Skytech president Cat Crosby said.

'They are made in such a way that the agents can hook up any hardware device to the desktop PCs,' she said.

The computers are designed to extract data from any media: hard drives, floppy disks, tapes, magneto-optical disks, CD-ROMs, CD-RWs, DVDs, flash disks, and Zip and Jaz drives. The PCs also are equipped with specialized software for field exams of suspects' computers.

Forensic tools for the preservation, recovery and analysis of digital evidence include SafeBack from New Technologies Inc. of Gresham, Ore.; EnCase from Guidance Software of Pasadena, Calif.; and Norton Utilities from Symantec Corp. of Cupertino, Calif.

Agents will soon be able to access a dedicated server via a virtual private network. The server will host a Web site that lets agents communicate, get technical support and download upgrades to their field software.

Because the Internet is boundless, agents sometimes find themselves working outside of their jurisdictions.

'On the Internet, you don't know where your criminal is,' Delli-Colli said. 'It could be someone across the street or [across] the country.'

Usually, law enforcement agencies assign agents to a case depending on the jurisdiction or area in which the case falls, he said. But often, cooperation from other countries becomes critical.

According to Thomas, laws in the United States have not caught up with technology. 'All laws refer back to documentary evidence,' he said. 'Some of them do not apply to the digital evidence.'

Once assigned to a case, the agents find the computer that was used in the crime and make forensic images of the machine's guts.

'Forensics image is the bit-by-bit transfer of the machine, and then with the image we try and find the information that is relative to the offense,' Thomas said.

The trouble is that some judicial districts have not agreed on whether original evidence or its exact image is the best evidence, he said.

inside gcn

  • A forward-located Control and Reporting Center. Air Force photo.

    Data security at the tactical edge: Rightsizing solutions

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above