RONALD R. STEVENS
Director, Computer Crime Unit
New York State Police
Cybercrime in New York State
Before the House Committee on the Judiciary
Subcommittee on Crime
May 24, 2001
Chairman Smith, Congressman Scott and members of the Subcommittee,
my name is Ron Stevens, and I am here representing the State of
New York as the Director of the Computer Crime Unit for the New
York State Police. I thank you for this opportunity to testify
with regard to the current state of Cybercrime in New York State,
and what needs to be done in the future to address this growing
The highest priority of Governor George Pataki is the protection
and well-being of the citizens of New York State. The New York
State Police, along with more than 500 local police departments
across the state, are committed to fulfilling this mission. As
one of the ten largest law enforcement agencies in the nation,
the New York State Police employ approximately 5000 people in
more than 200 locations statewide -- including 1000 investigative
specialists in the Bureau of Criminal Investigation. The New York
State Police is a full service police agency, which also operates
one of the nation's leading Crime Laboratory Systems providing
criminal justice agencies across New York with state-of-the-art
forensic analytical and investigative capabilities and expert
The New York State Police fully understands and agrees that
to successfully combat Cybercrime, law enforcement cannot "do
it alone." The ramifications of a "connected" society, and the
rapid proliferation of computers and the Internet, require that
law enforcement work in a collaborative and coordinated manner.
That is why the New York State Police has been diligently building
relationships with organizations at the State, Local, and Federal
levels. We have close working relationships with local police
departments and District Attorneys' offices. We participate in
regional and statewide task forces, including the New York Electronic
Crimes Task Force, and take part in cooperative efforts with the
New York State Division of Criminal Justice Services, Office for
Technology, and Office of the Attorney General. The New York State
Police is involved in training and research efforts with the State
University of New York and other colleges and universities, as
well as the National Law Enforcement and Corrections Technology
Center. We participate in a number of national initiatives including
the Scientific Working Group on Digital Evidence (SWGDE), the
National Cybercrime Training Partnership (NCTP), and the FBI InfraGard
program. We work cooperatively with the National Institute of
Standards and Technology (NIST), the National Center for Forensic
Sciences (NCFS), the National Infrastructure Protection Center
(NIPC), and the American Society of Crime Laboratory Directors
As one of the first law enforcement agencies to respond to the
threats posed by the techno-criminal, the New York State Police
launched the Computer Crime Unit in 1992. The Unit was created
to provide investigative and forensic capability in investigations
involving the use of computers and technology to facilitate crime.
The primary function of the Computer Crime Unit is to bridge the
communication gaps that exist between investigating police officers,
prosecutors, and computer experts by providing the technical expertise
and assistance needed.
WHAT WE ARE DOING TODAY
Many of the crimes that law enforcement confronts everyday are
beginning to appear in the digital world. Criminals have adapted
to the information age very quickly. More and more traditional
crimes such as those involving narcotics trafficking, gambling,
auto theft, homicide and assault, stalking, child pornography,
fraud, and identity theft are facilitated by the use of technology.
As criminals continue to utilize these evolving technologies,
it is imperative that all levels of law enforcement are able to
adequately respond to this elusive threat.
The Computer Crime Unit currently has five primary areas of
responsibility - including forensic analysis, computer network
and information systems security breaches, Internet crimes against
children, fraud and identity theft, and training and research
- challenges faced equally by law enforcement agencies statewide.
Forensic examination of digital evidence can be crucial in the
investigation of crimes facilitated by the use of technology.
A growing number of investigations involve crime where critical
evidence is stored on digital media such as computer hard drives.
Whether the case is criminal, civil or administrative, processing
digital evidence requires technically skilled personnel with specialized
training and equipment. As the volume and complexity of casework
grows, it will become increasingly important for additional resources
to be allocated in a more efficient and effective manner.
Since 1997, the Computer Crime Unit has received more than 600
"containers" of evidence for forensic analysis. A container of
evidence could consist of hundreds of removable media, a laptop
computer, or a network server containing multiple disk drives.
At present, there are 150 containers onsite awaiting processing.
Requests for analyses are received daily, with urgent and time-sensitive
cases receiving top priority. Accordingly, evidence in important
investigations is analyzed and completed in a short period of
time. However, low priority cases tend to have slower processing
times due to the sheer volume of cases and available resources.
It would take approximately 18 months to clear just the pending
cases at current staffing levels, if no additional cases were
The fledgling discipline of computer forensics is at a point
where the lack of accepted standards and procedural uniformity
has prompted independent responses from a myriad of law enforcement
agencies at the State, Local, and Federal levels. If this haphazard
approach continues, defense challenges could call into question
the credibility of computer forensic analysis due to the
lack of standardization. The science of computer forensics must
evolve to meet the same standards of evidence that have been established
for other forensic disciplines such as fingerprinting, ballistics,
drugs, and DNA.
We need to ensure that standardized operating procedures in
the field of computer forensics are established and incorporated
into the training of forensic examiners across the nation. Population,
geography, type and level of crime, as well as existing resources
need to be evaluated prior to developing future computer forensic
laboratories. In addition to the New York State Police Computer
Crime Unit, law enforcement in Western New York and the New York
City Metropolitan area are developing centralized forensic capabilities.
The activities of all laboratories should be closely coordinated
to ensure the development of generally accepted standards. At
the same time, individual laboratories must be linked to the investigative
mission of their respective region.
Computer Network and Information Systems Security Breaches
The reliance on computer interconnectivity has increased the
risks associated with the Internet and computer network use. Malicious
and unlawful cyber attacks in both the private and public sectors
are becoming increasingly prevalent and of greater concern to
One of law enforcement's newest challenges is responding to
attacks on public and private sector computer networks and information
systems. Those at greatest risk are the networks and systems linked
to state and national critical infrastructures, including information,
communication, finance, energy, and transportation.
As society begins to accept law enforcement's role in our connected
world, it is increasingly likely that law enforcement will become
the "first responder" to cyber-based attacks. This will require
the use of specialized technical and investigative personnel with
a sound understanding of computer technology and advanced forensic
analysis. Coordinated public sector resources must work with private
sector interests and must be available in multiple jurisdictions
in order to effectively protect our vital infrastructures.
In the State of New York, we have embarked on a multi-agency
initiative focused on addressing cyber-based vulnerabilities.
The New York State Police and the Office for Technology have worked
in concert to develop a plan to address the increased risk of
network and systems intrusion. The plan calls for the development
of end-to-end detection and response capability thus enabling
the State to identify and analyze attacks on government-owned
computer networks and initiate appropriate technical and law enforcement
measures when required. The plan also calls for the State to make
every possible effort to ensure that an individual's liberties
and privacy rights are protected.
Internet Crimes Against Children
The threat to our children from predators who hide their identity
behind the veil of technology is greater than ever. Law enforcement
in every state must act swiftly and decisively to protect innocent
and vulnerable potential victims.
As a result of a preexisting multi-agency initiative, New York
State was one of the first to receive a federal grant from the
Office of Juvenile Justice and Delinquency Prevention (OJJDP),
which created the NYS Internet Crimes Against Children (ICAC)
Task Force (FY1999 - $284,760; FY2000 - $256,250; FY2001 - $256,250).
This dedicated multi-agency initiative - comprised of the New
York State Police, Attorney General's Office, and Division of
Criminal Justice Services - investigates computer-enabled crimes
that exploit children. In addition, the task force works to promote
standardized investigative techniques, trains law enforcement
personnel, and enhances public awareness. By cooperating with
30 similar task force operations nationwide and local agencies
that have received ICAC satellite grants, the NYS ICAC Task Force
has been able to successfully investigate, arrest, prosecute,
and incarcerate predators who target children.
Ever increasing caseloads - currently more than 1,000 active
ICAC investigations in New York State alone - require more cooperation
and centralized coordination. Mechanisms for coordinating and
sharing information about undercover operations within each state
must be improved to ensure officer safety and the efficient use
of law enforcement resources.
A recent federal evaluation of the ICAC program made several
recommendations. One critical recommendation addresses capacity
building for both forensic analysis and training in response to
the growing number of reported cases. The forensic needs and investigative
skills required in ICAC investigations are the same for other
crimes involving the use of technology, and must be addressed
in coordination with efforts in other program areas. Another recommendation
proposes that a major ICAC grant be directed to each state. Quickly
identifying, arresting, and prosecuting these predators will protect
potential future victims. As the volume of cases grows, we need
to ensure that there is a centrally coordinated point of contact
in each state to advance multi-jurisdictional investigations.
Fraud and Identity Theft Investigation
Fraud investigations involving a "petty crime" are often indicative
of more serious and far-reaching illegal activity. The ease and
speed of the Internet can be used to facilitate fraud, enabling
criminals to commit crimes with relative impunity. Scams of this
type can be quickly replicated and disseminated worldwide.
Victims of these techno-crimes are now able to report fraudulent
activity on a secure web site administered by the Internet Fraud
Complaint Center (IFCC) -- a joint initiative between the FBI
and the National White Collar Crime Center. Complaints are then
forwarded to all law enforcement agencies that have jurisdiction.
The early success of this IFCC program illustrates the willingness
of the public to report fraudulent activity to the proper authorities.
Already more than 1,000 complaints have been referred to the New
York State Police, and it is projected that this number will grow
exponentially as IFCC continues to promote its program and increase
its capacity to receive complaints.
The New York State Police has already created a database to
record and analyze these IFCC complaints. Additional resources
are needed to develop a systematic and coordinated response plan
to disseminate complaints to the appropriate law enforcement agencies.
Cyber criminals are now preying upon individuals as well as
businesses. The Internet is a venue that can be used to obtain
extensive personal and financial information that, if in the wrong
hands, can be used to perpetrate crime.
Recently, there was a case in New York City where an unscrupulous
individual used the personal information of more than 200 of the
wealthiest people in America to fraudulently obtain credit or
services in the victim's name. This high-profile case is just
one example of the identity theft complaints that law enforcement
receives on a daily basis. In the year 2000, the Federal Trade
Commission reported more than 2500 victims of identity theft in
New York State.
Training and Research
The demand for highly trained and skilled personnel to investigate
computer-enabled crimes is tremendous. This problem is compounded
by the rapid advances in technology, which make continual training
a necessity. In addition, there is a shortage of qualified instructors
available to deliver law enforcement training in this area.
The Computer Crime Unit has provided instruction to thousands
of law enforcement personnel throughout the State. At the same
time, other law enforcement agencies are engaged in similar training
programs. Consequently, duplicative training programs are emerging
without coordination. These training efforts must be streamlined
in a cooperative manner with delivery channels that result in
high-quality instruction and training.
The United States Department of Justice currently funds the
National Cybercrime Training Partnership - a consortium of experts
from government, academia, and the private sector. New coursework
is being developed based on the knowledge, skills, and abilities
required today in the field of computer crime. One goal of the
partnership is to identify existing, government-owned training
and make it available at the local level in each state. Through
"train the trainer" and distance learning programs, and in cooperation
with academia, these modules must be incorporated into law enforcement
training and academic degree programs.
WHAT MAKES THIS AREA SO CHALLENGING?
The broad reach of the Internet, which connects millions of
people worldwide, presents a number of unique challenges to law
enforcement in the fight against Cybercrime. Technologically sophisticated
criminals can exploit the Internet's speed and distributed nature
to commit crime and wreak havoc without regard to geographic and
jurisdictional boundaries. A single perpetrator is able to anonymously
take advantage of millions of vulnerable computer neophytes with
relative ease. Law enforcement's dilemma is further complicated
by the rate at which technological innovations evolve.
The nature of Cybercrime necessitates that law enforcement overcome
institutional resistance to information sharing. Improving existing
relationships and forging new partnerships, inside and outside
of law enforcement, will improve every police agency's ability
to exchange information in an expeditious manner. In so doing,
law enforcement will be in a better position to investigate crime.
Attracting qualified candidates in the field of Cybercrime and
computer forensics is difficult given the higher salaries offered
by the private sector for similar skills. This amplifies the challenge
for law enforcement agencies that seek to blend the stability
and deployment flexibility of sworn personnel, with the technical
expertise of civilian analysts. In addition, this rapidly expanding
and evolving field requires personnel to receive training on a
continuous basis in order to keep pace with the cybercriminal.
It is neither efficient nor practical for New York State to
expect over 500 local police departments to investigate computer
crimes and conduct forensic analyses. Most of these small local
police departments, many with staffing levels of less than 10,
lack sufficient resources needed to provide a comprehensive response.
Accordingly, the New York State Police with its statewide reach,
investigative knowledge and expertise in the field of computer
crime, make it the logical choice to play a central role in the
development and operation of a coordinated Cybercrime initiative
in New York State.
WHAT DO WE NEED TO DO IN THE FUTURE?
Fighting Cybercrime requires a coordinated approach, which unites
local resources with those at the state and national level. Government
must work cooperatively to ensure that statewide initiatives to
fight Cybercrime are not duplicative. New York State, and others,
must fit into a coordinated national plan, which ensures that
staffing, equipment, and training resources are maximized, and
provides a mechanism to share vital information. The federal government
should work cooperatively with states to develop statewide initiatives
in an effort to advance a systematic approach.
As part of an effort to develop a comprehensive and coordinated
statewide initiative, the New York State Police and the Office
for Technology took the first step toward meeting this goal by
developing a multi-agency plan to protect the State's interconnected
This framework provides the mechanism by which the Office for
Technology can secure the State's information systems, conduct
network analysis, share information, and provide technical emergency
response. Once a criminal act is identified, the New York State
Police would mobilize the requisite investigative and forensic
Specifically, the New York State Police would deploy highly
trained investigative resources regionally around the State to
investigate information system threats and crimes involving technology.
These regional investigative units would be supported by a centralized
operation with a wide range of services. A computer forensics
laboratory would process large quantities of digital evidence
in an expeditious manner, while meeting the most complex analytical
Another unit would conduct Cybercrime training initiatives,
program development, and legal research and analysis. This unit
would be responsible for training members of the State Police,
and would work with other agencies to develop statewide training
standards. In addition, an onsite legal expert would examine and
research the complex challenges which accompany Cybercrime investigations,
and at the same time, work closely with prosecutors during criminal
investigations, proposing legislation and regulation as necessary.
The proposal also calls for highly trained State Police liaison
personnel to be located at the Office for Technology to coordinate
and initiate the necessary law enforcement response to a network
intrusion or cyber attack.
Overall, this collaborative, multi-agency information systems
protection proposal provides the foundation to build a statewide,
coordinated Cybercrime initiative in New York State.
Building a framework of this type requires that the unique strengths
and capabilities of various regions be considered. These include:
Western New York:
- academic and research institutions in Buffalo and Rochester,
- a number of experienced Cybercrime investigators and prosecutors,
- geographic proximity to our Canadian partners in Ontario, and
- a newly developed Regional Computer Forensic Laboratory, established
by the United States Attorney's Office in the Western District
of New York.
Upstate New York:
- the center of New York State government,
- major academic and research institutions, including the University
at Albany and Rensselaer Polytechnic Institute,
- the hub of the NYeNet, a statewide fiber optic network which
supports the New York State E-Government Initiative,
- the New York State Police Forensic Investigation Center, along
with the headquarters of our major investigative operations into
the areas of narcotics, auto theft, and organized crime which
operate in close cooperation with governments in New England,
New York City, and Quebec, Canada, and
- major research centers at Syracuse University, Cornell University,
and the Air Force Research Laboratory in Rome, New York which
are vital resources in the development of information assurance
and computer security technologies,
New York Metropolitan Area:
- the hub of international commerce,
- home of the United Nations,
- major research universities,
- the multi-agency New York Electronic Crimes Task Force, and
- the New York City Police Department, the nation's largest law
WHAT CAN THE FEDERAL GOVERNMENT DO TO HELP?
The national and international ramifications of Cybercrime suggest
that the federal government develop funding guidelines promoting
the adoption of a coordinated, statewide approach to address the
growing threat of Cybercrime.
Computer Crimes Enforcement Act of 2000
We support the Computer Crimes Enforcement Act of 2000 (P.L.106-572),
which was signed into law on December 28, 2000, and urge Congress
to fund this legislation and consider additional funding targeted
to those states that develop a statewide coordinated Cybercrime
Paul Coverdell National Forensic Sciences Improvement
Act of 2000
We support the Paul Coverdell National Forensic Sciences Improvement
Act of 2000 (P.L.106-561), which was signed into law on December
21, 2000, and urge Congress to appropriate funds specifically
for computer forensic laboratories, with funding again aimed at
states that develop coordinated Cybercrime initiatives.
Office of Juvenile Justice and Delinquency Prevention
Funding for Internet Crimes Against Children
We support continued funding for the Internet Crimes Against
Children program, through the Office of Juvenile Justice and Delinquency
Prevention (OJJDP), and urge Congress to direct major grant awards
to each state. In addition, funding for forensic capacity should
be coordinated with other funding efforts in forensics, and funding
for training should be coordinated with the efforts of the National
Cybercrime Training Partnership and other training efforts.
National Cybercrime Training Partnership (NCTP)
We support continued funding for the National Cybercrime Training
Partnership program to develop curricula and educate instructors.
We urge Congress to establish a dedicated Scholarship Fund that
would enable critical personnel from state and local government
to participate in existing coursework identified by the partnership.
Mr. Chairman, I would like to thank the committee for allowing
me to share with it the facts regarding Cybercrime in New York
State. I look forward to continuing to work with you and the Members
of your Subcommittee. At this time I would be pleased to address
any inquiries you might have.