IWS - The Information Warfare Site
News Watch Make a donation to IWS - The Information Warfare Site Use it for navigation in case java scripts are disabled

Statement

of

RONALD R. STEVENS
Director, Computer Crime Unit

New York State Police

On

Cybercrime in New York State

Before the House Committee on the Judiciary

Subcommittee on Crime

May 24, 2001




INTRODUCTION

Chairman Smith, Congressman Scott and members of the Subcommittee, my name is Ron Stevens, and I am here representing the State of New York as the Director of the Computer Crime Unit for the New York State Police. I thank you for this opportunity to testify with regard to the current state of Cybercrime in New York State, and what needs to be done in the future to address this growing problem.

The highest priority of Governor George Pataki is the protection and well-being of the citizens of New York State. The New York State Police, along with more than 500 local police departments across the state, are committed to fulfilling this mission. As one of the ten largest law enforcement agencies in the nation, the New York State Police employ approximately 5000 people in more than 200 locations statewide -- including 1000 investigative specialists in the Bureau of Criminal Investigation. The New York State Police is a full service police agency, which also operates one of the nation's leading Crime Laboratory Systems providing criminal justice agencies across New York with state-of-the-art forensic analytical and investigative capabilities and expert testimony.

The New York State Police fully understands and agrees that to successfully combat Cybercrime, law enforcement cannot "do it alone." The ramifications of a "connected" society, and the rapid proliferation of computers and the Internet, require that law enforcement work in a collaborative and coordinated manner. That is why the New York State Police has been diligently building relationships with organizations at the State, Local, and Federal levels. We have close working relationships with local police departments and District Attorneys' offices. We participate in regional and statewide task forces, including the New York Electronic Crimes Task Force, and take part in cooperative efforts with the New York State Division of Criminal Justice Services, Office for Technology, and Office of the Attorney General. The New York State Police is involved in training and research efforts with the State University of New York and other colleges and universities, as well as the National Law Enforcement and Corrections Technology Center. We participate in a number of national initiatives including the Scientific Working Group on Digital Evidence (SWGDE), the National Cybercrime Training Partnership (NCTP), and the FBI InfraGard program. We work cooperatively with the National Institute of Standards and Technology (NIST), the National Center for Forensic Sciences (NCFS), the National Infrastructure Protection Center (NIPC), and the American Society of Crime Laboratory Directors (ASCLD).

As one of the first law enforcement agencies to respond to the threats posed by the techno-criminal, the New York State Police launched the Computer Crime Unit in 1992. The Unit was created to provide investigative and forensic capability in investigations involving the use of computers and technology to facilitate crime. The primary function of the Computer Crime Unit is to bridge the communication gaps that exist between investigating police officers, prosecutors, and computer experts by providing the technical expertise and assistance needed.

WHAT WE ARE DOING TODAY

Many of the crimes that law enforcement confronts everyday are beginning to appear in the digital world. Criminals have adapted to the information age very quickly. More and more traditional crimes such as those involving narcotics trafficking, gambling, auto theft, homicide and assault, stalking, child pornography, fraud, and identity theft are facilitated by the use of technology. As criminals continue to utilize these evolving technologies, it is imperative that all levels of law enforcement are able to adequately respond to this elusive threat.

The Computer Crime Unit currently has five primary areas of responsibility - including forensic analysis, computer network and information systems security breaches, Internet crimes against children, fraud and identity theft, and training and research - challenges faced equally by law enforcement agencies statewide.

Forensic Analysis

Forensic examination of digital evidence can be crucial in the investigation of crimes facilitated by the use of technology. A growing number of investigations involve crime where critical evidence is stored on digital media such as computer hard drives. Whether the case is criminal, civil or administrative, processing digital evidence requires technically skilled personnel with specialized training and equipment. As the volume and complexity of casework grows, it will become increasingly important for additional resources to be allocated in a more efficient and effective manner.

Since 1997, the Computer Crime Unit has received more than 600 "containers" of evidence for forensic analysis. A container of evidence could consist of hundreds of removable media, a laptop computer, or a network server containing multiple disk drives. At present, there are 150 containers onsite awaiting processing. Requests for analyses are received daily, with urgent and time-sensitive cases receiving top priority. Accordingly, evidence in important investigations is analyzed and completed in a short period of time. However, low priority cases tend to have slower processing times due to the sheer volume of cases and available resources. It would take approximately 18 months to clear just the pending cases at current staffing levels, if no additional cases were received.

The fledgling discipline of computer forensics is at a point where the lack of accepted standards and procedural uniformity has prompted independent responses from a myriad of law enforcement agencies at the State, Local, and Federal levels. If this haphazard approach continues, defense challenges could call into question the credibility of computer forensic analysis due to the

lack of standardization. The science of computer forensics must evolve to meet the same standards of evidence that have been established for other forensic disciplines such as fingerprinting, ballistics, drugs, and DNA.

We need to ensure that standardized operating procedures in the field of computer forensics are established and incorporated into the training of forensic examiners across the nation. Population, geography, type and level of crime, as well as existing resources need to be evaluated prior to developing future computer forensic laboratories. In addition to the New York State Police Computer Crime Unit, law enforcement in Western New York and the New York City Metropolitan area are developing centralized forensic capabilities. The activities of all laboratories should be closely coordinated to ensure the development of generally accepted standards. At the same time, individual laboratories must be linked to the investigative mission of their respective region.

Computer Network and Information Systems Security Breaches

The reliance on computer interconnectivity has increased the risks associated with the Internet and computer network use. Malicious and unlawful cyber attacks in both the private and public sectors are becoming increasingly prevalent and of greater concern to mainstream society.

One of law enforcement's newest challenges is responding to attacks on public and private sector computer networks and information systems. Those at greatest risk are the networks and systems linked to state and national critical infrastructures, including information, communication, finance, energy, and transportation.

As society begins to accept law enforcement's role in our connected world, it is increasingly likely that law enforcement will become the "first responder" to cyber-based attacks. This will require the use of specialized technical and investigative personnel with a sound understanding of computer technology and advanced forensic analysis. Coordinated public sector resources must work with private sector interests and must be available in multiple jurisdictions in order to effectively protect our vital infrastructures.

In the State of New York, we have embarked on a multi-agency initiative focused on addressing cyber-based vulnerabilities. The New York State Police and the Office for Technology have worked in concert to develop a plan to address the increased risk of network and systems intrusion. The plan calls for the development of end-to-end detection and response capability thus enabling the State to identify and analyze attacks on government-owned computer networks and initiate appropriate technical and law enforcement measures when required. The plan also calls for the State to make every possible effort to ensure that an individual's liberties and privacy rights are protected.

Internet Crimes Against Children

The threat to our children from predators who hide their identity behind the veil of technology is greater than ever. Law enforcement in every state must act swiftly and decisively to protect innocent and vulnerable potential victims.

As a result of a preexisting multi-agency initiative, New York State was one of the first to receive a federal grant from the Office of Juvenile Justice and Delinquency Prevention (OJJDP), which created the NYS Internet Crimes Against Children (ICAC) Task Force (FY1999 - $284,760; FY2000 - $256,250; FY2001 - $256,250). This dedicated multi-agency initiative - comprised of the New York State Police, Attorney General's Office, and Division of Criminal Justice Services - investigates computer-enabled crimes that exploit children. In addition, the task force works to promote standardized investigative techniques, trains law enforcement personnel, and enhances public awareness. By cooperating with 30 similar task force operations nationwide and local agencies that have received ICAC satellite grants, the NYS ICAC Task Force has been able to successfully investigate, arrest, prosecute, and incarcerate predators who target children.

Ever increasing caseloads - currently more than 1,000 active ICAC investigations in New York State alone - require more cooperation and centralized coordination. Mechanisms for coordinating and sharing information about undercover operations within each state must be improved to ensure officer safety and the efficient use of law enforcement resources.

A recent federal evaluation of the ICAC program made several recommendations. One critical recommendation addresses capacity building for both forensic analysis and training in response to the growing number of reported cases. The forensic needs and investigative skills required in ICAC investigations are the same for other crimes involving the use of technology, and must be addressed in coordination with efforts in other program areas. Another recommendation proposes that a major ICAC grant be directed to each state. Quickly identifying, arresting, and prosecuting these predators will protect potential future victims. As the volume of cases grows, we need to ensure that there is a centrally coordinated point of contact in each state to advance multi-jurisdictional investigations.



Fraud and Identity Theft Investigation

Fraud investigations involving a "petty crime" are often indicative of more serious and far-reaching illegal activity. The ease and speed of the Internet can be used to facilitate fraud, enabling criminals to commit crimes with relative impunity. Scams of this type can be quickly replicated and disseminated worldwide.

Victims of these techno-crimes are now able to report fraudulent activity on a secure web site administered by the Internet Fraud Complaint Center (IFCC) -- a joint initiative between the FBI and the National White Collar Crime Center. Complaints are then forwarded to all law enforcement agencies that have jurisdiction. The early success of this IFCC program illustrates the willingness of the public to report fraudulent activity to the proper authorities. Already more than 1,000 complaints have been referred to the New York State Police, and it is projected that this number will grow exponentially as IFCC continues to promote its program and increase its capacity to receive complaints.

The New York State Police has already created a database to record and analyze these IFCC complaints. Additional resources are needed to develop a systematic and coordinated response plan to disseminate complaints to the appropriate law enforcement agencies.

Cyber criminals are now preying upon individuals as well as businesses. The Internet is a venue that can be used to obtain extensive personal and financial information that, if in the wrong hands, can be used to perpetrate crime.

Recently, there was a case in New York City where an unscrupulous individual used the personal information of more than 200 of the wealthiest people in America to fraudulently obtain credit or services in the victim's name. This high-profile case is just one example of the identity theft complaints that law enforcement receives on a daily basis. In the year 2000, the Federal Trade Commission reported more than 2500 victims of identity theft in New York State.

Training and Research

The demand for highly trained and skilled personnel to investigate computer-enabled crimes is tremendous. This problem is compounded by the rapid advances in technology, which make continual training a necessity. In addition, there is a shortage of qualified instructors available to deliver law enforcement training in this area.

The Computer Crime Unit has provided instruction to thousands of law enforcement personnel throughout the State. At the same time, other law enforcement agencies are engaged in similar training programs. Consequently, duplicative training programs are emerging without coordination. These training efforts must be streamlined in a cooperative manner with delivery channels that result in high-quality instruction and training.

The United States Department of Justice currently funds the National Cybercrime Training Partnership - a consortium of experts from government, academia, and the private sector. New coursework is being developed based on the knowledge, skills, and abilities required today in the field of computer crime. One goal of the partnership is to identify existing, government-owned training and make it available at the local level in each state. Through "train the trainer" and distance learning programs, and in cooperation with academia, these modules must be incorporated into law enforcement training and academic degree programs.



WHAT MAKES THIS AREA SO CHALLENGING?

The broad reach of the Internet, which connects millions of people worldwide, presents a number of unique challenges to law enforcement in the fight against Cybercrime. Technologically sophisticated criminals can exploit the Internet's speed and distributed nature to commit crime and wreak havoc without regard to geographic and jurisdictional boundaries. A single perpetrator is able to anonymously take advantage of millions of vulnerable computer neophytes with relative ease. Law enforcement's dilemma is further complicated by the rate at which technological innovations evolve.

The nature of Cybercrime necessitates that law enforcement overcome institutional resistance to information sharing. Improving existing relationships and forging new partnerships, inside and outside of law enforcement, will improve every police agency's ability to exchange information in an expeditious manner. In so doing, law enforcement will be in a better position to investigate crime.

Attracting qualified candidates in the field of Cybercrime and computer forensics is difficult given the higher salaries offered by the private sector for similar skills. This amplifies the challenge for law enforcement agencies that seek to blend the stability and deployment flexibility of sworn personnel, with the technical expertise of civilian analysts. In addition, this rapidly expanding and evolving field requires personnel to receive training on a continuous basis in order to keep pace with the cybercriminal.

It is neither efficient nor practical for New York State to expect over 500 local police departments to investigate computer crimes and conduct forensic analyses. Most of these small local police departments, many with staffing levels of less than 10, lack sufficient resources needed to provide a comprehensive response.

Accordingly, the New York State Police with its statewide reach, investigative knowledge and expertise in the field of computer crime, make it the logical choice to play a central role in the development and operation of a coordinated Cybercrime initiative in New York State.

WHAT DO WE NEED TO DO IN THE FUTURE?

Fighting Cybercrime requires a coordinated approach, which unites local resources with those at the state and national level. Government must work cooperatively to ensure that statewide initiatives to fight Cybercrime are not duplicative. New York State, and others, must fit into a coordinated national plan, which ensures that staffing, equipment, and training resources are maximized, and provides a mechanism to share vital information. The federal government should work cooperatively with states to develop statewide initiatives in an effort to advance a systematic approach.

As part of an effort to develop a comprehensive and coordinated statewide initiative, the New York State Police and the Office for Technology took the first step toward meeting this goal by developing a multi-agency plan to protect the State's interconnected information systems.

This framework provides the mechanism by which the Office for Technology can secure the State's information systems, conduct network analysis, share information, and provide technical emergency response. Once a criminal act is identified, the New York State Police would mobilize the requisite investigative and forensic resources.

Specifically, the New York State Police would deploy highly trained investigative resources regionally around the State to investigate information system threats and crimes involving technology. These regional investigative units would be supported by a centralized operation with a wide range of services. A computer forensics laboratory would process large quantities of digital evidence in an expeditious manner, while meeting the most complex analytical challenges.

Another unit would conduct Cybercrime training initiatives, program development, and legal research and analysis. This unit would be responsible for training members of the State Police, and would work with other agencies to develop statewide training standards. In addition, an onsite legal expert would examine and research the complex challenges which accompany Cybercrime investigations, and at the same time, work closely with prosecutors during criminal investigations, proposing legislation and regulation as necessary.

The proposal also calls for highly trained State Police liaison personnel to be located at the Office for Technology to coordinate and initiate the necessary law enforcement response to a network intrusion or cyber attack.

Overall, this collaborative, multi-agency information systems protection proposal provides the foundation to build a statewide, coordinated Cybercrime initiative in New York State.

Building a framework of this type requires that the unique strengths and capabilities of various regions be considered. These include:

Western New York:

- academic and research institutions in Buffalo and Rochester,

- a number of experienced Cybercrime investigators and prosecutors,

- geographic proximity to our Canadian partners in Ontario, and

- a newly developed Regional Computer Forensic Laboratory, established by the United States Attorney's Office in the Western District of New York.

Upstate New York:

- the center of New York State government,

- major academic and research institutions, including the University at Albany and Rensselaer Polytechnic Institute,

- the hub of the NYeNet, a statewide fiber optic network which supports the New York State E-Government Initiative,

- the New York State Police Forensic Investigation Center, along with the headquarters of our major investigative operations into the areas of narcotics, auto theft, and organized crime which operate in close cooperation with governments in New England, New York City, and Quebec, Canada, and

- major research centers at Syracuse University, Cornell University, and the Air Force Research Laboratory in Rome, New York which are vital resources in the development of information assurance and computer security technologies,

New York Metropolitan Area:

- the hub of international commerce,

- home of the United Nations,

- major research universities,

- the multi-agency New York Electronic Crimes Task Force, and

- the New York City Police Department, the nation's largest law enforcement agency

WHAT CAN THE FEDERAL GOVERNMENT DO TO HELP?

The national and international ramifications of Cybercrime suggest that the federal government develop funding guidelines promoting the adoption of a coordinated, statewide approach to address the growing threat of Cybercrime.

Computer Crimes Enforcement Act of 2000

We support the Computer Crimes Enforcement Act of 2000 (P.L.106-572), which was signed into law on December 28, 2000, and urge Congress to fund this legislation and consider additional funding targeted to those states that develop a statewide coordinated Cybercrime initiative.

Paul Coverdell National Forensic Sciences Improvement Act of 2000

We support the Paul Coverdell National Forensic Sciences Improvement Act of 2000 (P.L.106-561), which was signed into law on December 21, 2000, and urge Congress to appropriate funds specifically for computer forensic laboratories, with funding again aimed at states that develop coordinated Cybercrime initiatives.

Office of Juvenile Justice and Delinquency Prevention (OJJDP)

Funding for Internet Crimes Against Children

We support continued funding for the Internet Crimes Against Children program, through the Office of Juvenile Justice and Delinquency Prevention (OJJDP), and urge Congress to direct major grant awards to each state. In addition, funding for forensic capacity should be coordinated with other funding efforts in forensics, and funding for training should be coordinated with the efforts of the National Cybercrime Training Partnership and other training efforts.

National Cybercrime Training Partnership (NCTP)

We support continued funding for the National Cybercrime Training Partnership program to develop curricula and educate instructors. We urge Congress to establish a dedicated Scholarship Fund that would enable critical personnel from state and local government to participate in existing coursework identified by the partnership.



CLOSING REMARKS

Mr. Chairman, I would like to thank the committee for allowing me to share with it the facts regarding Cybercrime in New York State. I look forward to continuing to work with you and the Members of your Subcommittee. At this time I would be pleased to address any inquiries you might have.