Threats, Cybercrime

Future crimes: Will malware target court reporting storage?

October 8, 2010

Could a new threat vector become one of data destruction for hire? Professor Susan Brenner raises the very real question in a recent blog post describing a 2010 trial which, because of destruction of the court reporter's data via malware, resulted in the vacating of the conviction and resulted in a new trial:

So . . . no record, no appeal.

I'm absolutely positive this was inadvertent . . . but it raises an interesting logical possibility: using malware to sabotage a court record and thereby gain a new trial.

I really doubt that'll ever happen, but it's a thought.

Opinion: Case tampering has happened and will happen more frequently

My background includes a limited time/exposure to the world of defense investigation. Knowing the lengths that bad guys are willing to go to, the motive definitely exists for hiring a cybercriminal to sabotage electronic evidence through dotgov infiltration.

After all, the traditional witness intimidation, jury tampering and other methods require a more heavy-handed approach which leaves the bad guy open to exposure in the future via informants.

With cybercrime, this risk becomes negated. The cost also becomes commoditized: Imagine the competitive cybercrime world offering to tamper with convictions for less than $1,000 and you start to get the picture.

Investigative experience: Witness protection is an oxymoron

As the defense team has a right provided under the Sixth Amendment of the Constitution to have access to witnesses, unethical investigators had the potential to become incentivized to leak that location data directly to their clients. In short, the system has holes. It depended on the ethics of the contracted defense investigators, which means that because of human nature being what it is, invariably witness protection programs (WPP) have ongoing security concerns.

These concerns only become real when a witness for the state or witness for the United States in WPP is found.

The irony is that as an investigator, it wasn't hard for professionals to find these witnesses, and our defense litigation teams depended on the resulting witness interviews in order to effectively provide an accused person proper protection under the Sixth Amendment.

As an ethical investigator, it also wasn't hard to not tell the alleged bad guys anything about the witness. This was helped by who I worked for.

As a strictly personal comment, I'm proud of my New Mexico investigative mentor Dennis Hicks for his explanation and instruction years ago in what to reveal and not reveal to clients. That and having a SERE background short of waterboarding my alleged clients weren't getting much out of me.

Having critical, case-changing knowledge such as witness location meant that kinetic risks of defense investigation were increased for the investigator. What might seem incredulous to some is that our clients, although innocent until proven guilty, may very well decide that we knew something he or she must know at all costs. Knowing this, we who were working on their behalf always sat with a clear field of fire and our backs to the wall at every single client meeting, most often at their homes or at nearby restaurants. While I don't know how California law might look at this, in New Mexico we were armed and, in the ethic General James Mattis made famous, we were “polite, professional, but always had a plan to kill everyone we met.“ Suffice to say, the risk of being interrogated and killed by my own client over a witnesses location should explain my migration back into technology.

This article from a recent Sacramento Valley HTCF post about the recent SOeC Cybersecurity Award-winning CATCH Team may shed light into this matter:

Most recently, the San Diego task force was called to help solve a Riverside County case that had court officials puzzled. Employees had noticed that bail amounts had been reduced to zero in some cases and future court dates had been deleted.

Investigators logged on to the computer system and began watching it around the clock, said the task force leader Michael Groch.

"The investigators could see the suspect activity while it was taking place," Groch said. "Eventually, it turned out to involve a man with considerable computer skills."

According to investigators, Brandon Wilson and William Grace cracked into the county's court computer system 72 times, altering Wilson's records and those of four other people to make it appear that their cases had been closed.

Charges included possession of illegal drugs and weapons, failure to appear in court, driving under the influence and manufacturing and importing weapons. Officials say Wilson changed the records to show that the charges had been dismissed.

Wilson also changed drug and gun charges for one woman, and traffic charges for a man, investigators said. Wilson also was charged with altering the records of an accused embezzler and another man charged with driving under the influence.

Facing 216 felony counts each since their arrest in June, Wilson and Grace have pleaded not guilty and await trial in Riverside County.

I'm going to ask the CATCH Team to weigh in on this – stay posted. Additionally, this quote should add weight to the law enforcement challenges that even top cybercops face within their own departments.

Morgester said one problem in past computer crime cases has been a history of light sentences. In addition, many prosecutors are reluctant to pursue them because they are often complex and pose difficult jurisdictional problems. A criminal can touch victims thousands of miles away.

"An old adage in law enforcement is, 'If it doesn't bleed, it isn't a crime,' " Morgester said.

prestitial ad