Computer-Related Crimes - Field Notebook Divider PDF
Document Details
Uploaded by SelectiveEuphoria
null
2015
Charlie Beck
Tags
Summary
This document is an administrative order from the Office of the Chief of Police, detailing computer-related crimes and procedures. It defines various computer crimes, including unauthorized access and phishing, and provides guidance on investigations. The document also covers crimes handled by specific units.
Full Transcript
OFFICE OF THE CHIEF OF POLICE ADMINISTRATIVE ORDER NO. 4 SUBJECT: February 19, 2015 COMPUTER-RELATED CRIMES - FIELD NOTEBOOK DIVIDER, FORM 18.52.00 - ACTIVATED PURPOSE: Important information and evidence are often missed during the preliminary investigation of a computerrelated crime. The Compu...
OFFICE OF THE CHIEF OF POLICE ADMINISTRATIVE ORDER NO. 4 SUBJECT: February 19, 2015 COMPUTER-RELATED CRIMES - FIELD NOTEBOOK DIVIDER, FORM 18.52.00 - ACTIVATED PURPOSE: Important information and evidence are often missed during the preliminary investigation of a computerrelated crime. The Computer-Related Crimes - Field Notebook Divider, Form 18.52.00, has been created to assist officers in identifying computer-related crimes and terminology. PROCEDURE: COMPUTER-RELATED CRIMES - FIELD NOTEBOOK DIVIDER, FORM 18.52.00 - ACTIVATED. The Computer-Related Crimes - Field Notebook Divider, Form 18.52.00, has been activated and will be used to assist officers in accurately identifying and documenting computer-related crimes. FORM AVAILABILITY: A copy of the Computer-Related Crimes Field Notebook Divider, Form 18.52.00, is attached for immediate use and duplication, and is available in LAPD E-Forms on the Department's Local Area Network (LAN). AUDIT RESPONSIBILITY: The Commanding Officer, Internal Audits and Inspections Division, will review this directive and determine whether an audit or inspection will be conducted in accordance with Department Manual Section 0/080.30. CHARLIE BECK Chief of Police Attachment DISTRIBUTION "D" COMPUTER-RELATED CRIMES - FIELD NOTEBOOK DIVIDER This Notebook Divider will assist officers in identifying computer-related crimes and provide a list of terminologies (terms) frequently used with those crimes. For purposes of the Notebook Divider, computer-related crimes apply equally to mobile hand held devices (e.g., mobile phone, tablet). The Computer Crimes Unit(CCU), Commercial Crimes Division (CCD), primary investigative responsibility is the investigation of unauthorized computer accesses. These crimes are addressed under California Penal Code section 502(c). The CCU will also handle Grand/Petty Theft investigations that involve "phishing," or where the data on the computer is the target ofthe crime. I. CRIMES HANDLED BY THE COMPUTER CRIMES UNIT. § 502 Unauthorized Computer Access. This is commonly referred to as "hacking." Examples of Unauthorized Computer Access(UCA)are: • • • The computer is controlled by an outside source, without permission or knowledge of the owner. Data has been removed or altered from the computer without the owner's knowledge or permission. Password(s)to the computer and/or webpages/email have been changed, and/or the owner has been locked out or otherwise prevented from accessing his/her own accounts. A UCA crime may involve additional crimes such as extortion and/or a "denial of service attack". Ask all pertinent questions for an extortion investigation in addition to the UCA. § 487 Grand Theft and § 484 Petty Theft(Via Phishing). The suspect will "spoof" an email (victim, witness, business client), tricking the victim into buying/selling/shipping goods, money or services. There may be multiple victims involved. II. CRIMES HANDLED BY THE AREA. § 422 Criminal Threats(Felony). Follow the criteria for Criminal Threats. The mere fact that the "threat" was posted on the internet does not change the criteria for Criminal Threats. The threat could be in the form of an email or posting on a social networking site such as Facebook or Twitter. § 646.9 Cyber Stalking (Felony). (a) Any person who willfully, maliciously, and repeatedly follows or willfully and maliciously harasses another person and who makes a credible threat with the intent to place that person in reasonable fear for his or her safety, or the safety of his or her immediate family;(g)Including that performed through the use of an electronic communication device, or a threat implied by a pattern of conduct or a combination of 18.52.00(2/15) verbal, written, or electronically communicated statements and conduct, made with the intent to place the person that is the target of the threat in reasonable fear for his or her safety or the safety of his or her family. § 528.5 False Personation (Misdemeanor). Any person who knowingly and without consent, credibly impersonates another actual person through or on an internet web site or by other electronic means for purposes of harming, intimidating, threatening, or defrauding another person is guilty of a public offense punishable pursuant to subdivision (d). The mere posting of publicly accessible information is not, in itself, a crime. § 487 Grand Theft and § 484 Petty Theft. Generally, the crime is investigated by the Area if the theft is committed on an auction site such as eBay or Craigslist. Wire transfers(MoneyGram or Western Union)or Green Dot Money Paks are used to facilitate a fraud. Exception: When a file encrypting "ransomware" such as CryptoLocker is installed on a victim's computer. The Computer Crimes Unit will handle. § 653(m)No Threatening Email Act. Every person who, with intent to annoy, telephones or makes contact by means of an electronic communication device with another and addresses to or about the other person any obscene language or addresses to the other person any threat to inflict injury to the person or property of the person addressed or any member of his or her family, is guilty of a misdemeanor. § 653.2 Harassing Electronic Communication (Misdemeanor). (The Penal Code title is Use of Electronic Communication to Instill Fear or to Harass) For brevity, the report may be titled "Har Elec Comm." "Every person who, with intent to place another person in reasonable fear for his/her safety, or the safety of the other person's immediate family, by means of an electronic communication device, without consent of the other person, for the purpose of imminently causing that other person unwanted physical contact, injury, or harassment, by a third party, electronically distributes, publishes, emails, hyperlinks, or makes available for downloading personal identifying information, including, but not limited to; a digital image of another person, or an electronic message of a harassing nature about another person, which would likely incite or produce that unlawful action" This section may be used for threats that do not meet the criteria of Criminal Threats, but the victim fears for their safety. Cyberbullying. The State of California does not have a "cyberbullying" law. Interview the victim and determine if the circumstances meet the criteria of any existing criminal code section(s). If not, you may refer the victim to take civil action. Jurisdiction. A computer-related crime may be perpetrated from a suspect's actions outside of the City of Los Angeles. However, if the victim lives or works in the City of Los Angeles, and the crime occurred to the victim while they were at their home or business in Los Angeles, it is a Los Angeles Police Department occurrence. If the suspect lives in the City of Los Angeles, but the crime is committed against a victim outside ofthe City limits, the victim is to be referred to their local law enforcement agency(LEA). As always, the LAPD may take courtesy reports for those victims and forward the report to the appropriate LEA. Internet Crime Complaint Center(IC3) Website IC3.GOV. This is a clearinghouse for cybercrimes operated by the Federal Bureau of Investigation (FBI)and the National White Collar Crime Center(NW3C). IC3 compiles statistics and provides updated information on current online scams or hoaxes. They take online complaints and make referrals to LEAs if there appears to be a criminal allegation. Law enforcement may refer people to IC3 who observed a scam or hoax on the internet but are not a victim of that hoax or scam. For example: Jim receives an email requesting money from Julie, who is out of the country and lost her purse. Jim realized it was a hoax and not Julie sending the email. Jim did not send any money and did not suffer a financial loss. This would be referred to IC3. If Jim had sent money,an Investigative Report(IR) would be taken. Reporting/Desk Officer Responsibilities. Do not immediately refer victims to the CCU or to 1C3.gov. Determine if a crime has been committed and take an IR, if applicable. Do not take the victim's computer(s) and/or cell phone(s) and book them as evidence. The investigating officer will determine what evidence is needed and will advise the victim. Detective Responsibilities. Upon being assigned a computer-related crime, detectives must determine if any Internet Protocol(IP) addresses were captured during the commission of the crime. A preservation letter should be sent immediately to the carrier of the IP address to capture any subscriber information, data usage, etc., before the information expires or is deleted. Many carriers maintain subscriber information for as little as 28 days due to the high volume of business. Exemplars may be located on the CCD Divisional page on the Department Local Area Network(LAN)System. The preservation letter is only valid for 90 days, so the detective must follow up with a search warrant within that time period. If an Area detective is assigned a UCA report, the detective must immediately contact CCU and forward the report. Ill. FREQUENTLY USED TERMS. Auction Fraud: Items are offered for sale on an online auction site that either does not exist, or one item is sold to multiple buyers. The most popular sites are Craigslist and eBay. This type ofscam is no different than a suspect placing a car for sale in the Auto Trader or in the classified ads of the local newspaper. 18.52.00(2/15) Denial of Service(DOS)Attack: A website is taken over by a program installed on the computer, either in person or by a disguised link sent to the victim and then opened, and/or by remote access. Desktop Computer(Tower): A stationary computer that has separate components such as a keyboard, mouse, monitor and speakers. They may be large or small. Hacking: The unauthorized access to another's computer. This can be as simple as just figuring out someone's password, or as complex as writing a program to get past another computer's security. Internet Protocol(IP) Address: A code made up of number(s)that identify a particular computer (or any electronic device) on the internet. Every computer requires an IP address to connect to the internet. Internet Protocol addresses consist of four sets of numbers from 0 to 255, separated by three dots. For example "66.72.98.236" or "216.239.115.148". Internet Service Provider(ISP)or Service Provider: The company that provides access to the internet (e.g., Verizon, AT&T,Time Warner). Laptop: Also known as a notebook or tablet, a laptop is a portable computer containing the screen, keyboard and mouse all in one device. Phishing: Requesting confidential information over the internet under false pretenses in order to fraudulently obtain credit card numbers, passwords, or other personal data. For example: a suspect posing as a legitimate business and/or person may ask for funds to be wired, or ask the victim to click on a link and enter confidential information such as bank account/credit card numbers, passwords, social security numbers, etc., feigning that the card or account will be cancelled without receipt ofthe information. Search Engine: A program that allows the user to search for information on the internet (e.g., Google, Bing, Yahoo). Secure/Non-Secure Internet Access: Secure access requires a password to connect a device to the internet access point. Non-secure access is not password protected and could leave the internet connection vulnerable to hackers. Social Network: A website that allows users to be part of a virtual community. Facebook, Twitter, Google and Instagram are currently the most popular. Spooling: Fraudulent emails in which the sender's email address and other parts of the email header are altered to appear as though the email originated from a different source. Uniform Resource Locator(URL): The address of a specific website or file on the internet. Web Browser: Often just called a "browser," this is a program used to access the internet. Some common browsers are Internet Explorer, Firefox, Safari, and Chrome. * • When was the last time the victim was able to access the email accounts(s); When did the victim regain access to the email account(s); Did the victim report the intrusion to their email provider (e.g., Yahoo, Gmail); Did the victim receive any notification from their ISP (e.g., password changes); Did the victim download their recent IP activity; Who is the ISP (e.g., Time Warner Cable, AT&T); If the suspect sent an email to the victim's account, does the victim have a copy of the email and the full header to the email; If the suspect sent an email from the victim's account, does the victim know the recipient(s) of the email; and, Did the recipient(s) save the suspect's email? Wireless Carrier: Companies that operate the wireless networks and oversee use of those networks (e.g., Verizon, Metro PCS, AT&T). • Wireless Connections: An Internet connection without a cable or wire. The two most common are Wi-Fi and Bluetooth. • • • Worldwide Web: Or, the "web," is a globally connected network. • IV. CHECKLIST FOR INVESTIGATIVE REPORTS. • Reporting Officer: Document the applicable information in the narrative of your report. If Social Media Accounts are Involved. For All Computer-Related Crimes. Write a brief summary of the crime and include the following information, if known: • • • • • • • • • • Victim's ISP; Victim's IP address; Suspect's IP address; What type of connection (cable/wireless); and, Is the internet connection secure (yes/no)? Suspect(s): • • • • • • Is the suspect known (include possible suspect information); What is the relationship between the suspect(s) and victim(s); List possible suspect(s) with all known identifiers in the narrative; Why does the victim suspect this particular individual or individuals; If the suspect is known, did the suspect ever have access to the victim's device; and, If the suspect is known, did the suspect ever have access to the victim's password(s)? Prior Court History Between Suspect and Victim. Answer all questions for each court case: • • • • • • Type (civil court, family court, criminal court); Case number; Jurisdiction (city/county); Dates/times of court appearances; Case disposition (or if pending); and, Does the victim have copies of court transcripts? • • Auction Fraud/Grand or Petty Theft Via a Purchase on the Internet. • • • • • • * • • • • If Email is Involved. • 18.52.00(2/15) How many devices are affected ; Type of devices affected (e.g., desk top, laptop, tablet, notepad, cellular phone). If other, name device type; How many users on each device; Are the affected devices at home, work, or both; Is the device password protected; and, What data was deleted, copied, or altered? Business Related — Unauthorized Computer Access (Hack). V. ADDITIONAL QUESTIONS FOR COMPUTERRELATED CRIMES. What is the email address targeted (list all); What site was the ad posted on; Is the ad still on the site; Does the victim have a copy/screen shot of the ad; How did the victim pay for the item(s); and, Was the site contacted regarding the fraud? Non-business Related — Unauthorized Computer Access (Hack). • • • • • * What social media accounts were targeted; What is the victim's account log on ID; When did the victim last access the social media account; When was the victim unable to access his/her social media account; Did the victim report the unauthorized access to the social media site (e.g., Facebook); and, Did the victim download their IP activity? What data was deleted, copied or altered; Was a server involved; Does the victim have any server logs; Did the victim hire a forensic examiner; Does the victim have a copy ofthe examiner's report; and, If the company has an "Information Technology (IT)" person, what is that person's contact information?