&
The Calgary Herald
Saturday, March 27, 1999

Tech cops on the trail of savvy criminals

Police keep busy hunting down computer hackers

by Matthew McClearn

[photo]
Photo by Shannon Oatway

High-tech cops Gus Gallucci, of Calgary Police Service, and Jack Busst, of the RCMP, use computers to track hackers.
 
Felons in dark, distant basements in foreign countries can steal your deepest secrets, threaten to kill you, defraud you of your money, and deface your company's website -- all with a few deft strokes at a keyboard.

Who ya gonna call?

Fifteen years ago, technological crimes weren't an issue. Today, modern technology is begetting new offences the law hasn't even dreamed of and a new breed of police officer is working full time investigating them.

"With every advance in technology, somebody is out there trying to exploit it", says Corporal Jack Busst, the RCMP's technological crimes investigator in Calgary. "I'm getting complaints about things I hadn't heard of a year ago -- they weren't possible a year ago."

Busst is one of Calgary's three plainclothes tech cops who spend much of their time sniffing for digital scents left by today's tech-savvy criminals. Also on their trails are Detectives Gus Gallucci and Norm Thomson at the Calgary Police Service.

In January, the Calgary Public Library became an unlikely victim of technological crime. A hacker calling himself "The Leprechaun" infiltrated the library's website and replaced it with a message urging visitors to "stop oppression in Northern Ireland.

"I would like to say that I regret defacing this web page, though it was needed to get the word out to more people that Eire's people cannot and will not survive much longer if it is used as a piece of meat for English pigs to get fat off", read The Leprechaun's digital graffiti.

As hackers go, The Leprechaun was polite. Using menacing pseudonyms like Power Though Resistance, Toxyn and Circle of Deception, they often deface web sites with mocking satire, profanities and pornography.

Thanks to the site's relatively high traffic (one million hits in 1998) and the library's security procedures, the propaganda was posted for less than 10 minutes. The site was closed to the public for several hours while employees restored its original content.

"I felt it was unfortunate that he targeted the library for this statement, but I guess these things are becoming more frequent", says Gilbert Bede, manager of information technology at the library.

Just as robbers can buy bolt cutters and crowbars at the local hardware store, hackers needn't look far to find tools. Password sniffers and crackers, worms, war-dialers and anonymizing programs are readily available on the Internet -- often for free.

They also get a steady flow of tips, tricks and techniques from chat rooms, news groups and websites. The Leprechaun exploited a well-known security hole in Microsoft Frontpage '98 software to post his message.

Hackers use security holes in other sites to log into a series of sites, making it more difficult to track their activities. Bede believes The Leprechaun bounced off several sites, including the University of Michigan.

But The Leprechaun may not enjoy the luck of the Irish this time. It's a game of hide and seek that he may lose.

"Our firewall recorded the site where the person came from, the time they actually changed the homepage, the times that they looked at their handiwork, and we have a full record of that", Bede says.

"They've left electronic fingerprints all over the place, and it's just a matter of contacting the different systems administrators and having them check their firewall logs and track it down to the originating ISP source."

Using that information as a starting point, Gallucci is on the case. Using many of the same tools hackers use to commit crimes, and some from his own bag of tricks, it's Gallucci's task to assess the incident, determine whether a crime has taken place and collect evidence if deemed necessary.

As it's currently under investigation, he can't talk about it. But this incident is only one example of the myriad of different crimes that tech cops investigate.

Other examples include threatening e-mails, illegal trafficking of passwords, destruction of data, overloading an Internet server by bombarding it with data, and industrial espionage.

Tech cops are also often called in to collect evidence from computers for investigations of other crimes. In Busst's office, other officers have three PCs dedicated to investigating the infamous Bre-X Minerals Indonesian gold-mining fraud case.

Since its inception in January 1997, the Calgary police's technological crimes unit has yet to encounter a hacker it couldn't track down, and Busst also enjoys a high success rate.

"If an attack sets off alarms, chances are we'll find out about it", Gallucci says. Those odds should have The Leprechaun running to the nearest Blarney Stone.

But Gallucci adds, "If you're dealing with a sophisticated hacker, chances are we're not going to find out about it. They're able to get the information they want and exit without leaving a trace, so whoever was intruded on doesn't even know about it."

Further, to avoid embarrassment and the risk of attracting further attacks, many individual and corporate victims do not report technological crimes. Busst says, "I think the estimate is that police agencies see perhaps 10 per cent of the total amount of (tech) crime that is committed."

Tech crime investigations are not without unique challenges. One is working within the confines of technology law, criticized globally as being inadequate and behind the times.

"Our laws are evolving", Gallucci says. "I wish they were evolving a lot quicker, but they're not. They most certainly require to catch up with today's technology."

For example, Canada's Criminal Code treats information much as it does a physical commodity. Theft of information is not considered an offence.

"If no damage is done, then the only thing we would be able to go with is unauthorized use of a computer", Busst explains.

Perpetrators of technological crimes are often on technology's leading edge. Investigators are constantly upgrading their own skills to keep pace.

"The techniques change quite rapidly as the technology improves, and so we need to keep on top of it", Gallucci says. "You're learning on a continual basis."

Gallucci and Busst are both approaching 25 years of service, an age at which many officers move to the more lucrative private sector. But both say they have no immediate plans to look for greener pastures.

"I find it really challenging", Gallucci says. "I'll continue to do this until it's not fun anymore."

If criminals continue to hang up their monkeywrenches for mice and cable modems, police agencies will need to hire more tech cops in coming years. Gallucci and Busst may not be getting any younger, but the role they play is increasingly important.

"It's definitely getting busier in here", Gallucci says, noting an extra investigator would be useful.

Adds Busst, "With the workload that comes in, it's difficult to give all cases the attention they deserve . . . There's a recognition that tech crime poses quite an economic threat and that we need to put more resources into it. But in a time of financial restraint, it's difficult to find those resources."

One thing is clear -- both men can take comfort that their jobs won't become irrelevant anytime soon.

"As the white collar criminal becomes more technically advanced, this will be the mechanism they use to conduct their criminal activities", says Gallucci. "It's the crime of the future."

High-Tech Crimes and Misdemeanours

There is no typical working day in the life of a technological crimes investigator, who pursues a wide spectrum of criminal activities. As new technology begets new crimes, that spectrum is getting wider. Some examples:

- Web site defacement: The online equivalent of grafitti and vandalism, defacing World Wide Web sites is gaining popularity among hackers. They're targeting the sites of companies and other organizations, replacing them with their own content -- often including insults, profane language and pornography.

- E-mail threats: Typing a few threatening paragraphs and clicking on the Send button is no less a crime than its phone and snail-mail counterparts. Predictably, as more people sign up for e-mail accounts, this activity is on the rise, and it's keeping the Calgary Police Service busy. Tracing threatening e-mails can be a challenge because senders often go to some effort to mask or "spoof" their identities.

- Password trafficking: If you are in the business of distributing or selling other people's passwords, tech cops may be on your tail.

- Data destruction: Under the Criminal Code, if you remotely hack into a company's server and steal proprietary information, there's no crime. But if you damage or destroy that information, you've broken the law. It's an example of how the law is having a hard time keeping up with evolving technology.


Copyright © 1999 by The Calgary Herald. All Rights Reserved. Reprinted with permission.