FBI asks computer shops to help fight cybercrime

[InfoSec News <isn () c4i org>]

http://the.honoluluadvertiser.com/article/2004/Feb/05/ln/ln01a.html

By Peter Boylan
Advertiser Staff Writer
February 5, 2004 

Agents with the Federal Bureau of Investigation's Cyber Crime Squad 
have been approaching O'ahu computer-repair specialists, network 
consultants and software developers and asking them to report any 
overtly criminal activity they find in customers' computers.

Owners of computer repair shops reported that FBI agents have come 
calling for at least a year.

Some business owners and network security consultants favor the 
approach, which enlists old-school police beat work to combat 
high-tech crime.

Others — like the executive director of the American Civil Liberties 
Union in Hawai'i and some local computer users — are wary of the 
tactic, saying it comes dangerously close to violating a person's 
privacy rights.

Special Agent Arnold Laanui said the FBI is taking a proactive 
approach to fighting computer crimes, which are ranked third on the 
agency's list of priorities, behind protecting the country against a 
terrorist attack and deflecting espionage.

"The computer arena is so broad and such a part of everyday life," 
Laanui said. "A good chunk of crimes out there have some sort of 
computer-based nexus to them."

The FBI primarily is looking for purveyors of child pornography, 
software used in the piracy of movies and music, and threats to 
national security.

Laanui said that computers are the "preferred way of trying to cover 
up sophisticated crime" and the FBI is reacting to that.

Each member of the computer crime squad is given a list of local 
businesses, Laanui said, with the idea of establishing a working 
relationship with all of them.

"We're going from gumshoes to gigabytes," he said. "We're not about 
sitting behind a desk and fighting computer crimes from behind 
computers."

Agents "are getting out in the public and seeing what's going on, and 
that is the only way it (computer crimes) can be fought."

'Fishing expeditions' feared

Vanessa Chong, executive director of the ACLU in Hawai'i, said she has 
no problem with the tactic of asking computer technicians for help if 
it is employed within the realm of a specific investigation that is 
intended to capture a specific criminal or criminals.

"I have no problem with a narrowly tailored, specific search, but this 
has the markings of a fishing expedition," Chong said.

Chong said the action "needlessly violates the privacy rights of 
honest consumers to find the guilty few."

Computer repair shop owners agree that instances of child pornography 
always warrant a call to the authorities. But they point out that most 
of the repair work they do, including crashed hard drives and miswired 
motherboards, takes place on the system level.

"The work that we do doesn't really require us to rummage through 
files or documents," said James Kerr, president and CEO of Super Geeks 
repair shop on King Street. "Because we're so busy and focused on 
getting the work done, there is no free time to scour through files."

Kerr said all of his "geeks" sign nondisclosure agreements stating 
that they cannot talk, even amongst themselves, about material that 
they come across while repairing a client's computer. He said they are 
encouraged to approach a supervisor if they do come across something 
that concerns them.

"Our job is to fix computers, not enforce the law. We're here to fix 
things, not police things," Kerr said. "People's private lives are 
their private business. If they have child pornography, we're 
contacting the police. But if they're sharing music files on Kazaa, 
that's not our business."

Kerr said the FBI approached him a year ago with concerns about one of 
his clients.

Ryan Joffs, a network security consultant with Fujitsu, one of the 
nation's largest computer corporations, also said he was approached by 
an FBI agent. Joffs' encounter took place in a restaurant, and he said 
they talked for 2 hours about computer crimes.

"If I ran into something suspicious on a customer's computer I would 
report it, or I would tell them to report it," Joffs said. "It 
(contacting computer professionals) makes sense. If you pay attention, 
you may see something you wouldn't think of reporting. It is one of 
the best means to find illegal things or things they (the FBI) need to 
look out for."

Laanui said the FBI is not out to violate privacy laws or rummage 
through people's files.

"Because we are a police agency, people view us as diametrically 
opposed to the ACLU and civil rights," he said. "We are not looking to 
conduct searches. We want the public to be wary and informed in the 
area of emerging tech crimes. If they see something, or they suspect 
something is afoot, they are free to contact the FBI."

He said agents also attend community events, like PTA meetings, to 
educate the public about network security.

Highly skilled unit

Without revealing specifics, Laanui said the computer crime squad is a 
sizeable group of highly trained agents who are up to date on the 
latest viruses, of which there are more than 70,000.

The agents are highly skilled in a multitude of high-tech disciplines, 
like how to hack into a system covertly. They often go undercover 
online, attempting to lure child predators. Laanui said some agents 
are skilled in the precise practice of extracting information from 
Palm Pilots.

In addition to their daily duties, the agents spend time in the 
classroom to stay on technology's ever-evolving edge.

"We're trying to build a rapport with companies, a lot of computer 
guys don't necessarily know we exist," Laanui said. "Virtually anyone 
in the high-tech arena is up for a visit with the FBI."

Although Laanui declined to disclose specific numbers of arrests and 
prosecutions involving cooperation by computer-repair technicians, the 
squad has made some high-profile collars unrelated to the repair 
technicians.

Jesus Norberto Evans-Martinez, 34, was arrested March 21, 2003, after 
the FBI received a complaint from an e-mail service in Copenhagen, 
Denmark. The complaint alleged that an e-group provided by Internet 
server Yahoo! was being used to transmit and share child pornography, 
according to U.S. Attorney Ed Kubo.

The FBI was given several e-mails that had been sent to and from an 
account, which was traced to Evans-Martinez, Kubo said. Some of the 
e-mails contained child pornography, and others discussed ways to use 
alcohol or drugs to have sex with minors.

On the day of his arrest, FBI agents searched Evans-Martinez's 
Schofield Barracks home and found computers and other items that 
contained child pornography, including images of him having sex with a 
girl.

Evans-Martinez faces up to 20 years in prison after pleading guilty to 
sexual abuse of a minor, advertising child pornography and witness 
tampering. He will be sentenced Nov. 1 by U.S. District Judge David 
Ezra.

In April 2003, the Hawai'i-based FBI cybercrime squad arrested Jason 
Starr, 23, of Pennsylvania, on charges of hacking into 'Ohana Net. The 
hacking cost the business $8,352.

Joshua Conley, 29, co-owner of Greenlight Design Studios, a Honolulu 
based Web design and marketing company, said he understands that the 
FBI is just trying to do their job and that it is only a matter of 
time before the government gets more involved in the regulation of the 
computer industry.

"Its a touchy subject," Conley said. "To a point, some of it is 
necessary, as long as you don't break someone's rights."

Eric Seitz, a Honolulu criminal defense and civil-rights attorney said 
that if someone takes a computer into a repair shop, they surrender 
their right to privacy.

"I'm not really sure there is a problem," Seitz said. "You are 
inviting someone to search your private information system, and if 
that person finds evidence of illegal activity, that person can report 
it."

Reach Peter Boylan at 535-8110 or pboylan () honoluluadvertiser com



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.