1. Trends in Cyber Crime: The Dark Side of the Internet
Presentation for the Computer & Internet Law Section for the Oregon State Bar Association
May 26th, 2011
Good afternoon. My name is Sean Hoar, and I am with the U.S. Attorney’s Office in Eugene, Oregon. I am actually moving to the Portland area in the next month, so although for a period of time I’ll continue to manage a Eugene caseload, I hope to have an opportunity to cross paths with you when I transition to our Portland Office. I was asked to speak to day about a cyber crime-related topic, and since the dark side of the internet is what I see on a regular basis when I peer into the files of federal criminal defendants, I thought we all might benefit from learning a bit more about Trends in Cyber Crime: The Dark Side of the Internet.
Sean B. Hoar
Assistant United States Attorney
United States Department of Justice

2. The Internet . . . a new world . . .
In the time it takes for me to make this presentation
Over 37,000 blogs will be posted on the Internet
Over 180,000 images will be uploaded on flickr
Over 1,300,000 “tweets” will be sent on Twitter
Over 8,330,000 people will log on to Facebook
Over 42,000,000 videos will be watched on YouTube
Over 118,000,000 searches will be conducted on Google
Over 10,292,000,000 s will be sent, 82% of which will be spam
&

3. Some perspective . . .
To provide some perspective to the role this relatively new digital environment plays in our lives, I have a short video I want to play for you. It was created by a firm in Australia, which is actually on the front edge of technology. I hope you enjoy it.

4. The Internet . . . Life changing . . .
The Internet has fundamentally changed our way of life
the way we work, play and communicate
A forum for the best of our ideas and the worst of our deeds
Insecure web infrastructure and technology produce dark opportunities
malware, intrusions, spam, financial fraud, intellectual property theft, sale of illegal substances, child exploitation . . .
The way we work – About 12 years ago I had one of the first large identity theft-related cases in the area. The media was fascinated with the case because the criminals, the identity thieves, used a combination of high tech and low tech means to commit the offense. And the high tech means were on the cutting edge of technology for the day – hacking into PCs, inserting sniffer programs to log keystrokes to steal credit card numbers Although years earlier I had tried the first “paperless case” in federal court in Oregon – meaning I wasn’t averse to technology – I was typically nudged by necessity. The identity theft case caused me to realize how quickly the digital environment was developing, and it clearly launched me into it. Now a number of my cases require the creation and used of massive digital databases. I have several cases in which we have digitized over 100 bankers boxes of evidence, and then added substantial amounts of digital evidence to the mix. One of my recent cases involves the digitization of around 120 bankers boxes of evidence, and another 65 or so digital devices, including a couple dozen hard drives and a server from a business – resulting in about 10 terabytes of data. I spend most of my day on my computer, much of it on the Internet. The Internet has clearly changed the way I work.
It has also clearly changed the way we play. When I was growing up, I played the conventional sports, football, basketball and baseball. In the fall you could find us playing catch or a football game late in the evening or on weekends. In the winter we would be outside playing basketball until called in for bedtime. In the spring and summer we would always be playing baseball. Now, the Internet and its virtual environments provides stiff competition to athletics. Whether it be watching cool videos on YouTube or playing the most recent reality war video on Sony PlayStation, the Internet has clearly changed the way we play.
And it has clearly changed the way we communicate. Years ago I used to communicate primarily by phone. Now I may get one or two phone calls a day, but I respond to between 75 and 150 s a day. Regarding our phones, years ago we were teathered by the lan line in our home or office. Now everyone has a cell phone. We can talk to anyone, anytime, anywhere. And the phone is so small and sleek that it is unobtrusive until it orchestral ring beckons us to a conversation. I’ll never forget being an Assistant District Attorney in Lane County right out of law school in the 1988 or 89 when one of the members of the local defense bar brought his new cell phone into the courthouse. It was like a swamp phone, and could barely fit in his briefcase, but he was proud to be on the front edge at the time. Now you could fit 20 cell phones into the one he had in 1988.

5. Overview of presentation
Backdrop - insecure web architecture
Online criminal activity trends
Federal offenses
Prosecution guidelines
Investigations & prosecutions
Significant digital evidence issues
Search & seizure
Discovery and litigation

6. Technological & criminal trends
Technological evolution
Cloud computing
Increased mobilization of computing
Explosion of web applications
Technological pollution
Malware
Intrusions
Phishing
Spam
Criminal behavior
Financial fraud
Intellectual property theft
Child pornography
Economic espionage/trade secret theft

7. Primary trend - creation & dissemination of malware-
Malware (a contraction of "malicious software") refers to software developed for the purpose of doing harm. Malware can generally be classified based on
how it is executed
how it is spread and/or
what it is intended to do
Malware generally takes the form of a virus, a worm, a Trojan horse, a backdoor, crimeware, or spyware

8. Malware growth Web insecurity 225% growth in malicious web sites
95% of user-generated comments to blogs, chat rooms/message boards were spam or malicious
77% of Web sites with malicious code are legitimate sites that have been compromised, i.e. they are sites that you visit . . .
13.7% of searches for trending news/buzz words led to malware
Websense Security Labs (4th Q 2009)

9. Malware dissemination
insecurity
85.8% of all s were spam
81% of s contained a malicious link
tens of thousands of Hotmail, Gmail and Yahoo accounts were hacked and passwords stolen and posted online
phishing lures doubled in the second half of 2009 representing 4% of spam
58% of data-stealing attacks done via the Web
Websense Security Labs (4th Q 2009)

10. Malware sophistication
Cyber criminals continue to go where the money is Crimeware exploits continue unabated . . .

11. Malware’s global platform
Countries where most attempts to infect the web with malware occurred as of May 3, 2010.
The pollution begins at home . . .

12. Malware adaptation Web infrastructure & use
The top 100 most visited Web properties are social networking and search engines.
The next 1,000,000 most visited sites, or the known Web, are primarily current events, regional and genre sites.
The next 100,000,000 sites - the “long tail” of the Internet, or the unknown Web, are junk, personal, and scam sites which are specifically set up for fraud and abuse.

13. Malware directed to $$ New generation of Web content targeted
Driving force behind cyber crime is $$
Social networking sites and search engines have evolved rapidly
Business growth is driving Web 2.0 adoption in the workplace
Consumer habits have shifted to Web 2.0 apps
Because more businesses and consumers are using Web 2.0 sites, these sites are increasingly targeted for malicious purposes
The primary trend is the continued use of Web 2.0 content to exploit weaknesses within the Web infrastructure to attract the greatest number of victims
Hackers creatively leverage user-created content to compromise sites with good reputations

14. Malware perpetrator turf wars
Zeus vs. Spy Eye
Trojan-making toolkits
designed to give criminals easy means of creating their own "botnet" networks of password-stealing programs
provide option of deleting other malicious code, i.e. “Kill Zeus” option on Spy Eye

15. Attackers capitalize on major events
Major events provide fodder for attacks designed to steal personal or business information
Where there are major events there will be major scams
Example: March 2011
Natural catastrophes: Japan earthquake/tsunami
Celebrity events: Elizabeth Taylor’s death
Political events: turmoil in Egypt, Libya, Yemen, Bahrain, Tunisia, Syria, etc.

16. Attackers capitalize on major events
Malicious websites
content connected in some way to the event
‘Nigerian’ letters via
emotional requests for $$ to help suffering
Spam messages
containing malicious links
Tweets
Containing malicious links

17. Intrusions Network intrusions Critical infrastructure intrusions
Identity theft – multi-billion dollar industry . . .
Critical infrastructure intrusions
Domestic and international terrorism
Sensitive data
Sectors necessary to support society
Distributed denial of service attacks
Political statements; extortion
Web site defacement

18. Intrusions/data mining
Identity theft/surreptitious software
Keyloggers
Exploit security flaws and monitor the path that carries data from the keyboard to other parts of the computer – more invasive than phishing – relying upon infection rather than deception
Tens of millions of machines are infected with keyloggers, putting billions in bank account assets at the fingertips of fraudsters
Monitoring programs often hidden within attachments, files shared via p-2-p networks, or embedded in web pages – exploiting browser features

19. Data breaches - still a problem?
February 15, 2005: 163,000 ChoicePoint records breached when fraudsters presented themselves as legitimate ChoicePoint customers, purchased data profiles on individuals, then used that data to commit identity theft. ChoicePoint settled with FTC for $10 million in civil penalties and $5 million for consumer redress, and $10,000,000 in private class action suit.
Data-Breaches_-_Privacy-Rights-Clearinghouse.pdf

20. Data breaches - still a problem?
June 16, 2005: over 40 million credit card accounts were exposed to potential fraud due to a security breach at CardSystems. Information on 68,000 MasterCard accounts, 100,000 Visa accounts and 30,000 other card brand accounts were confirmed exported by the hackers. The data exported included names, card numbers and card security codes.

21. Data breaches - still a problem?
April 27, 2011: Sony PlayStation Network hacked; 24,600,000 user accounts may have been compromised; 12,000,000 unencrypted credit card accounts may have been compromised.
May 24, 2011: 533,686,527 total records breached from 2,503 data breaches made public since 2005 in the U.S.A. alone.

22. Data breaches increasingly expensive
Data breaches get more expensive
$204 per compromised customer record
$6.75 million per data breach in 2009
Sony says it has already spent over $121 million for April 2011 data breach

23. Phishing continues to evolve . . .
Phishing is a criminal mechanism employing both social engineering and technical subterfuge to steal consumers’ personal identity data and financial account credentials.

24. Phishing via social engineering . . .
Social‐engineering schemes use spoofed e‐mails purporting to be from legitimate businesses and agencies to lead consumers to counterfeit websites designed to trick recipients into divulging financial data such as usernames and passwords.

25. Phishing via technical subterfuge
Technical subterfuge schemes plant crimeware onto PCs to steal credentials
often using systems to intercept consumers online account user names and passwords
to corrupt local navigational infrastructures to misdirect consumers to counterfeit websites (or authentic websites through phisher -controlled proxies used to monitor and intercept consumers’ keystrokes)

26. Password stealing software
The number of crimeware‐spreading sites infecting PCs with password‐stealing crimeware reached an all time high of 31,173 in December of 2008, an 827 percent increase from January of

27. Phishing reports
The number of unique phishing reports submitted to APWG in Q described a steady increase with the number for June eclipsing the previous annual high of 30,577 for 2010 reached in March.

28. The number of unique phishing websites detected by APWG
Unique phishing sites
The number of unique phishing websites detected by APWG
during the second quarter of 2010 continue to be very high.

29. Hijacked brands

30. Phishing targets – where the $$ is . . .
The payment services sector has surpassed the financial services sector as the most targeted industry sector.

31. U.S.A. still the worst . . . The U.S.A. continues to host more
phishing sites that any other country.

32. Rogue anti-malware products . . .
Rogue antivirus products are some of the most efficient – and increasingly preferred ‐ ways to victimize consumers. Unlike banking Trojans, where cybercriminals have to infect a PC, steal data, etc., a rogueware attack simply fools users into paying for worthless software – or forcing them to make a ransom payment. The user is the one willing to pay in order to “disinfect” their PC ‐ or free it from a cybercriminal’s control.

33. Rogue anti-malware
Cybercriminals profit faster by increasing the proportion of users who pay after downloading rogueware. These techniques had a 13% quarterly increase with new cybercriminals using ransomware – which won’t let you use your PC until you buy a ‘license.’

34. Malicious code evolution
Crimeware (data-stealing malicious code designed to victimize financial institutions’ customers and to co-opt those institutions’ identities); Generic Data Stealing (code designed to send information from the infected machine, control it, and open backdoors on it); Other (the remainder of malicious code commonly encountered in the field such as auto-replicating worms, dialers for telephone charge-back scams, etc.)

35. 50% of all computers are infected . . .

36. Spam out of 10 messages
4.1 billion messages were processed in March 2011 by the Hosted Infrastructure (over 134 million per day) of which 92.6% of all was spam , 84.1% of spam included an embedded URL , and 3.1% of spam s were phishing attacks.

38. Financial fraud Manifests in a variety of forms Identity theft/carding
Auction fraud
Advance fee fraud/419 scams
High Yield “Investment” Programs
Pyramid schemes
Pump-and-dump stock scams
Pay-per-click advertising fraud
Espionage

39. Nigerian scams continue to abound
Traditional “419” Nigerian letter scam
Overpayment scam
Check cashing scam
Re-shipping scam
Tax Refund scam
Lottery scam
Internet romance scam
Inheritance scam
Insurance scam
Business opportunities scam
Investment scam

40. Intellectual property theft
IP theft - a huge international problem
90% of the software, DVDs, and CDs sold in some countries are counterfeit*
The total global trade in counterfeit goods is more than $600 billion a year**
IP theft costs U.S.A. businesses an estimated $250 billion annually, as well as 750,000 U.S.A. jobs.***
*InformationWeek
**World Customs Organization; Interpol.
*** U.S. Department of Commerce

41. Child pornography/child exploitation
The manufacture and distribution of child pornography is one of the fastest growing businesses online, and the content is becoming much worse.
More than 20,000 images of child pornography are posted every week.
Approximately 20% of all Internet pornography involves children.
Child pornography is more than a $3 billion annual industry.
The number of Internet child pornography images has increased over 1500% in the past twenty years.

42. Sale of unlawful substances/information
Unlawful sale/distribution of narcotics & other controlled substances
Unlawful sale/distribution of classified information
Illegal exports – violation of trade embargos

43. Common federal online offenses
Computer fraud/intrusion, 18 U.S.C. § 1030
Computer intrusion resulting in the theft of information, 18 U.S.C. § 1030(a)(2)
Computer intrusion with intent to defraud, 18 U.S.C. § 1030(a)(4)
computer intrusion with intent to damage, 18 U.S.C. § 1030(a)(5)
Wire (Internet) fraud, 18 U.S.C. § 1343
Identity theft, 18 U.S.C. § 1028(a)(7)
Aggravated identity theft, 18 U.S.C. § 1028A(a)(1)
Credit card fraud, 18 U.S.C. § 1029(a)(2)
Threatening communications, 18 U.S.C. § 875(c)
Cyber stalking, 18 U.S.C. § 2261A
Criminal copyright infringement for financial gain, without financial gain, or distribution of work prepared for commercial distribution, 17 U.S.C. § 506 & 18 U.S.C. § 2319
Economic espionage, 18 U.S.C. § 1831
Trade secret theft, 18 U.S.C. § 1832
Child pornography distribution, receipt, or possession,18 U.S.C. § 2252A(a)(2) and (a)(5)

44. Prosecution guidelines for computer fraud (for U. S
Prosecution guidelines for computer fraud (for U.S. Attorney’s Office in Oregon)
Computer fraud/intrusion related cases may be prosecuted where all of the elements of a federal criminal offense are present and there is a loss (or intended loss) of $70,000 or more or other aggravating factors exist. The federal offense requires one of the following required factors:
The offense involved espionage. 18 U.S.C. § 1030(a)(1);
The victim is a financial institution or a federal government agency. 18 U.S.C. § 1030(a)(2) and (3);
The offense affected use of a protected computer. 18 U.S.C. § 1030(a)(3).
The offense was in furtherance of a fraud scheme. 18 U.S.C. § 1030(a)(4).
The offense caused “damage” (see definition at § 1030(e)(8)). 18 U.S.C. § 1030(a)(5);
The offense involved trafficking in passwords or similar information. 18 U.S.C. § 1030(a)(6). (See also 18 U.S.C. § 1029(a)(3) relating to possession of unauthorized access devices);
The offense involved threats or extortion. 18 U.S.C. § 1030(a)(7).

45. Prosecution guidelines for computer fraud (for U. S
Prosecution guidelines for computer fraud (for U.S. Attorney’s Office in Oregon)
If the loss is less than $70,000, the following aggravating factors may justify prosecution:
The defendant has a prior criminal record, particularly one involving computers;
The offense involved more than one victim;
The offense involved sophisticated methods or a conspiracy;
The offense involved abuse of a position of trust.
The above aggravating factors need not all be present and there may be other factors which justify prosecution on a case-by-case basis.

46. Prosecution guidelines for financial fraud (for U. S
Prosecution guidelines for financial fraud (for U.S. Attorney’s Office in Oregon)
Financial fraud cases may be prosecuted where all of the elements of a federal criminal offense are present and there is a loss (or intended loss) of $70,000 or more or other aggravating factors exist. The following aggravating factors may justify prosecution when the loss is less than $70,000:
The defendant has a prior criminal record;
The offense involved more than ten victims:
The offense was committed through mass marketing;
The offense involved misrepresentation that the defendant was acting on behalf of a charitable, educational, religious, or political organization or a government agency; or
The subject matter of the case involves a specific federal interest such as fraud against an Indian Tribe, health care fraud, bankruptcy fraud, fraud involving protected computers, or fraud against a federally-insured financial institution.
These aggravating factors need not all be present and there may be other factors which justify prosecution on a case-by-case basis.

47. Prosecution guidelines for copyright infringement (for U. S
Prosecution guidelines for copyright infringement (for U.S. Attorney’s Office in Oregon)
Cases involving the criminal infringement of copyright will be considered on a case-by-case basis. A significant factor in the charging decision should be the volume of counterfeited or pirated material. The role of a potential defendant in the counterfeiting or infringement scheme should also be considered and may be critical in proving criminal intent.
While the potential civil remedy is not a substitute for criminal prosecution in appropriate cases, the availability of civil remedies should receive serious consideration. This will be especially true where there is a reasonable concern about substantive legal issues or where proof of criminal intent may be insufficient.

48. Prosecution guidelines for economic espionage/theft of trade secrets (for U.S. Attorney’s Office in Oregon)
Economic espionage and theft of trade secret cases may be prosecuted where all of the elements of a federal criminal offense are present and there is a loss (or intended loss) of $70,000 or more or other aggravating factors exist.
The following aggravating factors may justify prosecution when the loss is less than $70,000: (1) the defendant has a prior criminal record; (2) the offense involved more than one victim; (3) the offense involved sophisticated methods or a conspiracy; (4) the offense involved abuse of a position of trust.
These aggravating factors need not all be present and there may be other factors which justify prosecution on a case-by-case basis.

49. Prosecution guidelines for child pornography (for U. S
Prosecution guidelines for child pornography (for U.S. Attorney’s Office in Oregon)
Assuming a provable child pornography case exists, cases may be prosecuted where the evidence establishes any of the following conduct by the potential defendant: (1) sexual abuse of a minor; (2) production of child pornography; (3) importation of child pornography; (4) distribution of child pornography for profit; (5) origination of child pornography into cyberspace; (6) intentionally furnishing child pornography to a minor for a sexual purpose; (7) prior criminal conviction involving child pornography or sex offense.
Absent these factors, prosecution will nonetheless be considered where the evidence indicates that a defendant has (1) engaged in the distribution of a substantial quantity of child pornography without profit or received or possessed a substantial quantity of child pornography, exclusive of any materials obtained through a government sting operation; or (2) where a person in a position of trust with a minor (school teacher, foster parent, day care provider) receives or possesses child pornography.
Absent any of the above factors, prosecution will be declined and matters involving small quantities of child pornography will be referred to state authorities.

50. Computer fraud/intrusions
May 19, 2011

51. Computer fraud/intrusions/data mining
April 21, 2011

52. Computer fraud/intrusions/data mining
March 26, 2010

53. Computer fraud/intrusions/data mining
December 23, 2009

54. Phishing/spam
March 25, 2011

55. Phishing/spam
February 8, 2010

56. Spam/stock fraud
November 23, 2009

57. Economic espionage
February 8, 2010

58. Intellectual property theft
January 22, 2010

59. Intellectual property theft
May 6, 2010

60. Intellectual property theft
February 5, 2010

61. Nigerian scams
February 17, 2010

62. Copyright infringement/auction fraud identity theft United States v
Copyright infringement/auction fraud identity theft United States v. Mondello
Overview
South Eugene High School graduate
Computer genius
University of Oregon student
Between December 2005 and October 2007
initiated thousands of separate online auctions
used more than 40 fictitious usernames and online payment accounts to sell copies of counterfeit software
generated more than $400,000 in personal profit

63. Copyright infringement/auction fraud identity theft United States v
Copyright infringement/auction fraud identity theft United States v. Mondello
Scheme
Mondello acquired victims’ names, bank account numbers and passwords by using a computer keystroke logger.
The keystroke logger installed itself on victims’ computers and recorded victim’s name and bank account information as information was being typed.
The program then electronically sent the information back to Mondello which he then used to establish fictitious usernames and online payment accounts.

64. Copyright infringement/auction fraud identity theft United States v
Copyright infringement/auction fraud identity theft United States v. Mondello
Outcome
Pled guilty to criminal copyright infringement, aggravated identity theft and mail fraud
Consented to the forfeiture of more than $225,000 in cash proceeds, and also forfeited computer-related equipment used to commit the crime.
Sentenced to serve 48 months in prison
Ordered to serve three years of supervised release and perform 450 hours of community service during that time
Made anti-piracy video for RIAA

65. Internet fraud United States v. Daniel Wheatley et al
Overview
Profits4investingtoo.com was a High Yield Investment Program (HYIP) operated by Daniel Wheatley with the assistance of Sunshine Simmons and Edwin Garcia.
claimed to be a long term high yield private loan program, “intended for people willing to achieve their financial freedom but unable to do so because they’re not financial experts.”
claimed to be “backed up by investing in various funds and activities.”
claimed that “profits from these investments are used to enhance our program and increase its stability for the long term.”

66. Internet fraud United States v. Daniel Wheatley et al
The scheme (“investment plans”)
Profits4investingtoo.com offered several “investment” programs
38% daily
PLAN AMOUNT DAILY PROFIT (%)
Plan 1 $1 - $
Plan 2 $101- $2,
Plan 3 $2,501 – and more 38.00
4 day deposit - 156% after 4 days
Plan 4 $5 - $
Plan 5 $101 - $1,
Plan 6 $1,001 - $4,

67. Internet fraud United States v. Daniel Wheatley et al
The scheme (“investment plans”)
10 day deposit - 425% after 10 days
PLAN AMOUNT DAILY PROFIT (%)
Plan 7 $10 - $
Plan 8 $501 - $2,
Plan 9 $2,501 - $4,
15 day deposit - 650% after 15 days
Plan 10 $250 - $2,
Referral program
Earn up to 9.00% of referral deposits

68. Internet fraud United States v. Daniel Wheatley et al
The scheme (payment processing)
“Investors” were directed to use Stormpay or E-gold, money processors similar to PayPal, and to fund accounts with cash, credit cards, or checking accounts.
They then directed their “investment,” via Stormpay, to Garcia’s Stormpay account.
Wheatley recruited Garcia to process money through Garcia’s Stormpay account because Wheatley’s account had been shut down due to his involvement in a previous HYIP scheme.

69. Internet fraud United States v. Daniel Wheatley et al
The scheme (payment processing)
Garcia directed Stormpay to wire investor money to his checking account. He then wired a portion of the money to Wheatley’s bank account.
Between December 13, 2005, and March 8, 2006, 27,330 transactions were conducted through Garcia’s Stormpay account.
These transactions included moneys invested, money paid to some investors with other investor money, and charge-backs resulting from customer complaints.

70. Internet fraud United States v. Daniel Wheatley et al
The scheme (payment processing)
Money from new “investors” was used to pay old investor obligations, consistent with a “Ponzi” scheme.
If investors were paid, it was not always on time nor for the amount promised.
To delay investor complaints, Profit4investingtoo.com made a variety of representations, including that they were experiencing “denial of service” attacks, having other technical difficulties with the site, or were suffering personal medical emergencies.

71. Internet fraud United States v. Daniel Wheatley et al
The scheme (payment processing)
In one 30 day period of time, $664, was wired into Garcia’s Stormpay account, $435,675 of which was wired to Wheatley’s bank account.
None of the money was invested.
it was spent on personal and real property, including a home in Springfield, Oregon, a 2005 Mercedes Benz C230, a 2004 Hummer, electronics, furniture and jewelry.
When Profits4investingtoo.com finally shut down, all unpaid investors lost their money.

72. Internet fraud United States v. Daniel Wheatley et al
The outcome
Wheatley pled guilty to Internet fraud and money laundering. Garcia pled guilty to Internet fraud. Simmons pled guilty to a tax violation.
Wheatley was sentenced to 46 months, Garcia to 33 months, and Simmons to probation.
All were ordered to pay restitution of $124,446.74, jointly and severally, to the 174 people who claimed to be victims . . .
All seized proceeds of the fraud were forfeited, including a home in Springfield, Oregon, a 2005 Mercedes Benz C230, a 2004 Hummer, jewelry and furniture.

73. Digital evidence issues
Right to privacy in stored communications
Theofel v. Farey-Jones, 359 F.3d 1066 (9th Cir. 2004)
United States v. Warshak, 631 F.3d 266 (6th Cir. 2010)
Third party privacy interest in stored content
United States v. Comprehensive Drug Testing, Inc., 621 F.3d 1162 (9th Cir. 2010)
Digital database creation and use
Investigation; discovery; litigation

74. Impediments to enforcement of cyber crime
Technically complex subject matter
Lack of technically trained investigators, prosecutors, judges and jurors
Technical forensic process required to acquire and preserve evidence
Time sensitive
Evidence may be fleeting
Special legal process may be required to acquire and preserve evidence

75. Impediments to enforcement of cyber crime
Limited resources
Data intensive
Competes with other priorities
Transnational
Separate sovereigns
Lack of treaties or dual criminality provisions
Slow, cumbersome MLAT process
Language barriers

76. Solutions to enforcement of cyber crime
Increased human and monetary resources
Increased technical training
Adequate technology
Increased language training
Increased international cooperation
Fundamental dual criminality standards between all countries
Expansion of informal networks for immediate assistance

77. Solutions to enforcement of cyber crime
Increased international cooperation (continued)
Uniform financial standards for certain types of transactions/sites
Uniform financial standards for suspicious monetary transaction alerts
Uniform agreements to share seized assets, which constitute proceeds of fraud, with assisting agencies/governments

78. Any questions??

79. Trends in Cyber Crime: The Dark Side of the Internet
Presentation for the Computer & Internet Law Section for the Oregon State Bar Association
May 26th, 2011
Sean B. Hoar
Assistant United States Attorney
United States Department of Justice