AOH :: FBI2.TXT
The Secret Service responds with info on their methods for keeping tabs on BBSes
|
DEPARTMENT OF TREASURY
UNITED STATES SECRET SERVICE
WASHINGTON, DC 20223
APR 30 1990
The Honorable Don Edwards
Chairman
Subcommittee on Civil and Constitutional Rights
Committee on the Judiciary
House of Representatives
Washington, D.C. 20515
Dear Mr. Chairman:
Thank ˙you ˙for ˙your ˙letter of April ˙3, ˙˙1990, ˙˙concerning ˙your
committee's interest in computer fraud. ˙We welcome the ˙opportunity
to ˙discuss ˙this issue with your committee and I hope the ˙following
responses adequately answer your questions.
Question 1:
Please ˙describe ˙the ˙Secret Service's ˙process ˙for ˙investigating
computer related crimes under Title 18, ˙United States Code, ˙Section
1030 and any other related statutes.
Response:
The ˙process ˙by ˙which the ˙Secret ˙Service ˙investigates ˙computer
related ˙crimes is similar to the methods we use to investigate other
types ˙of ˙criminal ˙investigations. ˙˙Most ˙of ˙the ˙˙investigative
techniques are the same; ˙surveillances, record checks, ˙witness and
suspect interviews, etc. the primary difference is we had to develop
resources ˙to ˙assist ˙in ˙the ˙collection ˙and ˙review ˙of ˙computer
11
evidence.
To ˙provide ˙our ˙agents with this expertise, ˙˙the ˙secret ˙service
developed ˙a ˙computer fraud investigation course which, ˙as of ˙this
date, has trained approximately 150 ˙agents in the proper methods for
conducting ˙˙a ˙computer ˙fraud ˙investigation. ˙˙Additionally, ˙˙˙we
established ˙a computer Diagnostics center, ˙staffed with ˙computer
professional, to review evidence on computer systems.
Referrals ˙of ˙computer related criminal investigations occur in much
the ˙same manner as any other case. ˙A ˙victim sustains a ˙loss ˙and
reports the crime, ˙or, a computer related crime is discovered during
the course of another investigat
In ˙the ˙investigations ˙we do select, ˙it is not our ˙intention ˙to
attempt ˙to ˙supplant ˙local or state law enforcement. ˙˙We ˙provide
enforcement ˙in those cases that are interstate or ˙international ˙in
nature ˙and ˙for one reason or another are beyond the ˙capability ˙of
state and local law enforcement agencies.
When ˙computer ˙related crimes are referred by the ˙various ˙affected
industries to the local field offices, ˙the Special Agent in ˙Charge
(SAIC) determines which cases will be investigated based on a variety
of ˙criteria. ˙˙Each SAIC must consider the economic impact of ˙each
case, ˙the prosecutive guidelines of the United States Attorney, ˙and
the ˙investigative resources available in the office ˙to ˙investigate
the ˙case . In response to the other portion of your ˙question, ˙˙the
other ˙primary statute we use to investigate computer related ˙crimes
is ˙Title 18, ˙United States Code, ˙Section 1029 ˙( ˙Access ˙Device
Fraud). ˙This service has primary jurisdiction in those cases which
are ˙initiated ˙outside ˙a bank and do not involve ˙organized ˙crime,
terrorism, ˙˙˙˙˙or ˙˙˙foreign ˙˙˙counterintelligence ˙˙˙˙(traditional
responsibilities of the FBI).
The ˙term ˙"access device" ˙encompasses credit cards, ˙˙debit ˙cards,
automatic ˙teller ˙machines ˙(ATM) ˙cards, ˙˙personal ˙identification
numbers (PIN's) ˙used to activate ATM machines, ˙credit or debit card
account ˙numbers, ˙˙long distance telephone access ˙codes, ˙˙computer
passwords ˙and logon sequences, ˙and among other things the ˙computer
chips in cellular car phones which assign billing.
Additionally, ˙˙this ˙Service ˙has ˙primary ˙jurisdiction ˙in ˙˙cases
involving electronic fund transfers by consumer (individuals) ˙˙under
Title 15, ˙U. ˙S. code, ˙section 169n (Electronic Fund Transfer Act).
This could involve any scheme designed to defraud EFT systems used by
the ˙public, ˙˙such as pay by phone systems, ˙home ˙banking, ˙˙direct
deposit, ˙˙automatic payments, ˙and violations ˙concerning ˙automatic
teller ˙machines. ˙˙If ˙the ˙violations can be ˙construed ˙to ˙be ˙a
violation ˙of the banking laws by bank employee, ˙the FBI would have
primary jurisdiction.
There ˙are ˙many ˙other statutes which have been ˙used ˙to ˙prosecute
computer criminals but it is within the purview of the U.S. ˙Attorney
to determine which statute will be used to prosecute an individual.
Question 2:
Has ˙the Secret Service ever monitored any computer bulletin ˙boards
or ˙networks? ˙Please describe the procedures for ˙initiating ˙such
monitoring, ˙˙and ˙list those computer bulletin ˙boards ˙or ˙networks
12
monitored by the Secret Service since January 1988.
Response:
Yes, ˙˙we have occasionally monitored computer bulletin boards. ˙˙The
monitoring occurred after we received complaints concerning ˙criminal
activity ˙on ˙a particular computer bulletin ˙board. ˙˙The ˙computer
bulletin ˙boards were monitored as part of an official ˙investigation
and ˙˙in ˙˙accordance ˙˙with ˙the ˙directives ˙˙of ˙˙the ˙˙Electronic
Communications Privacy Act of 1986 (Title 18 USC 2510)
The ˙procedures ˙used to monitor computer bulletin boards ˙during ˙an
official ˙investigation have involved either the use of an ˙informant
(under ˙the ˙direct supervision of the investigating agent) ˙˙or ˙an
agent ˙operating ˙in an undercover capacity. ˙In either ˙case, ˙˙the
informant ˙or ˙agent ˙had received authorization ˙from ˙the ˙computer
bulletin board's owner/operator to access the system.
We do not keep records of the bulletin boards which we have monitored
but ˙can provide information concerning a particular board if we ˙are
given the name of the board.
Question 3:
Has the Secret Service or someone acting its direction ever opened an
account on a computer bulletin board or network? ˙Please describe the
procedures for opening such an account and list those bulletin boards
or ˙networks ˙on which such accounts have been opened ˙since ˙January
1988.
Response:
Yes, ˙˙the U.S. ˙Secret Service has on many occasions, ˙˙during ˙the
course ˙of ˙a criminal investigation, ˙opened ˙accounts ˙on ˙computer
bulletin boards or networks.
The ˙procedure ˙for ˙opening an account involves ˙asking ˙the ˙system
administrator/operator ˙for ˙permission ˙to ˙access ˙to ˙the ˙system.
Generally, ˙˙the ˙system administrator/operator will ˙grant ˙everyone
immediate ˙access ˙to the computer bulletin board but only for ˙lower
level of the system. ˙The common "pirate" ˙computer bulletin ˙boards
associated ˙with most of computer crimes have many different level in
their ˙systems. ˙The first level is generally available to the public
and ˙does not contain any information relation to criminal ˙activity.
Only ˙after ˙a person has demonstrated unique computer skills, ˙˙been
referred ˙by ˙a ˙known "hacker," ˙or ˙provided ˙stolen ˙long-distance
telephone ˙access ˙codes or stolen credit card ˙account ˙information,
will the system administrator/operator permit a person to access ˙the
higher ˙levels ˙of ˙the ˙bulletin board ˙system ˙which ˙contains ˙the
information on the criminal activity.
As previously reported in our answer for Question 2, ˙we do not ˙keep
records ˙of the computer bulletin boards on which we have established
accounts.
Question 4:
Has ˙the ˙Secret Service or someone acting under its ˙direction ˙ever
created a computer bulletin board or network that was offered to ˙the
public? Please describe any such bulletin board or networks.
13
Response:
No, ˙˙the U. ˙S. ˙Secret Service has not created a computer ˙bulletin
board nor a network which was offered to members of the public. ˙We
have ˙created ˙an ˙undercover bulletin board which was offered ˙to ˙a
select ˙number ˙of individuals who had demonstrated ˙an ˙interest ˙in
conducting ˙criminal activities. ˙This was done with the guidance ˙of
the ˙U.S. ˙Attorney's office and was consistent with the ˙Electronic
Communications Privacy Act.
Question 5:
Has ˙the ˙Secret Service ever collected, ˙˙reviewed ˙or ˙"downloaded"
transmissions ˙or ˙information from any computer network or ˙bulletin
board? ˙˙What procedures does the Secret Service have for ˙obtaining
information from computer bulletin boards or networks? ˙Please ˙list
the occasions where information has been obtained since January 1988,
including the identity of the bulletin boards or networks, ˙the type
of information obtained, and how that information was obtained (was
it downloaded, for example).
Response:
Yes, ˙during the course of several investigations, ˙the U. S. ˙Secret
Service has "down loaded" ˙information from computer bulletin boards.
A ˙review ˙of ˙information gained in this manner ˙(in ˙an ˙undercover
capacity ˙after ˙being ˙granted access to the system by ˙it's ˙system
administrator)
that ˙bulletin board is being used to traffic in unauthorized ˙access
codes ˙or ˙to ˙gather other information of ˙a ˙criminal ˙intelligence
nature. At all times, our methods are in keeping with the procedures
as outlined in the Electronic Communications Privacy Act (ECPA).
If ˙a ˙commercial ˙network was suspected ˙of ˙containing ˙information
concerning ˙a ˙criminal activity, ˙we would obtain the ˙proper ˙court
order to obtain this information in keeping with the ECPA.
The U. S. ˙Secret Service does not maintain a record of the bulletin
boards we have accessed.
Question 6:
Does the Secret Service employ, ˙or is it considering employing, ˙any
system ˙or program that could automatically review the contents of ˙a
computer file, scan the file for key items, phrases or data elements,
and flag them or recommend further investigative action? If so, what
is ˙the status of any such system. ˙Please describe this system ˙and
research being conducted to develop it.
Response:
The ˙˙Secret ˙Service ˙has ˙pioneered ˙the ˙concept ˙of ˙a ˙Computer
Diagnostic ˙Center (CDC) ˙to facilitate the review and evaluation of
electronically stored information. To streamline the tedious task of
reviewing thousands of files per investigation, we have gathered both
hardware ˙and ˙software ˙tools ˙to assist our ˙search ˙of ˙files ˙for
specific ˙information ˙or ˙characteristics. ˙˙Almost ˙all ˙of ˙these
products ˙are commercially developed products and are ˙available ˙to
the ˙public. ˙˙It ˙is conceivable that ˙an ˙artificial ˙intelligence
process ˙may ˙someday be developed and have application to ˙this ˙law
14
enforcement ˙function ˙but we are unaware if such a system ˙is ˙being
developed.
The ˙process of evaluating the information and making recommendations
for ˙further ˙investigative action is currently a manual one ˙at ˙our
CDC. ˙˙We ˙process thousands of computer disks annually as ˙well ˙as
review ˙evidence contained in other types of storage devices ˙(tapes,
hard drives, ˙etc.). We are constantly seeking ways to enhance our
investigative ˙mission. ˙The development of high tech resources ˙like
the ˙CDC saved investigative manhours and assist in the detection of
criminal activity.
Again, ˙˙thank ˙you for your interest. ˙Should you have any ˙further
questions, we will be happy to address them.
Sincerely,
/s/
John R. Simpson, Director
The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986- AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.
