Equinox Channel 4 UK TV series Logo

Series : Equinox - Channel 4 UK

Show title : Cybercops

First shown : 21st Dec 2000

Catalogue Number : 		Every four years, hundreds of computer hackers gather for a conference in New York, entitled HOPE, Hackers Of Planet Earth. Cyber outlaws range from thieves trying to extort money and paedophiles trying to gain access to children, to idealists championing the free flow of information and challenging the power of the multinationals. In amongst the hackers are law enforcement officers trained to fight cyber crime.

Programme summary

Their anonymity protected behind bizarre pseudonyms like The Cult of the Dead Cow and Sir Dystic, the stars of the hacking world compete and share 'tools' with participants to gain access to or destroy supposedly secure information. One of these tools was Back Orifice, which exposed the lack of security in Microsoft software.

But, say experts on both sides of the legal fence, the most common culprits are insiders with a grudge. The first aim of the hacker is to obtain a legitimate account. Insiders are a step ahead: they already have a legitimate password to gain access to the system. Once inside, they can compromise sensitive information then use it to steal or extort money, or destroy it in order to sabotage the work of the organisation.

Cyber crime has moved law enforcement into new territory as officers try to track down the physical location of an individual who may be sitting in front of a screen half way across the world. One company, Bloomberg Business News, brought in the FBI when it received demands for money from computer hackers. Tracing the villains to Kazakhstan, the FBI managed to lure them to London where the British police could arrest them and begin proceedings to extradite them to the USA.

Not all computer crime requires a high level of expertise. In California, police uncover an operation for printing counterfeit cheques and money, made simple by the accessibility of high tech graphics equipment. One suspect says he has sold 10,000 fake bills in return for drugs. The same force logs on to a chat room and gets into conversation with a man who turns out to be a paedophile. Posing as a 12-year-old boy, the police officer arranges to meet the suspect, who turns out to be on probation for paedophile offences and HIV positive, with no intention of using any protection. He faces a 30-year sentence.

As increasing numbers of people use the internet, the threats to welfare systems, to business and to society will swamp law enforcers, so individual users need to know enough to start to protect themselves.

Transcript


Narrator: They call themselves HOPE, Hackers on Planet Earth, and every four years they meet in conference. They look innocent enough but to the world of e-commerce, they're a deadly threat. They're computer hackers, internet outlaws.

Oxblood ruffin: We explore and you call us criminals. We seek after knowledge and you call us criminals. We exist without skin colour, without nationality, without religious bias and you call us criminals. You build atomic bombs, you wage wars, you murder, cheat and lie to us and try to make us believe it's for our own good, yet we're the criminals. Yes, I'm a criminal, my crime is that of curiosity, my crime is that of judging people by what they say and think, not what they look like. My crime is that of outsmarting you, something that you will never forgive me for.

Chris Rouland: This is a big hacker's conference that we're attending just to find out what else we need to do to tell people, so it should be interesting. I'm not sure how forthcoming the hackers will be with us; we'll probably try to be a little bit discreet. Last time we had a HOPE, all the businesses in New York went on to alert status because they were so concerned about all these hackers being in New York at one time. People were actually really hacking into sites from the HOPE Conference. With the law enforcement presence, I'm sure that the New York hi-tech crime squad and the secret service here has got an elevated status as this conference goes on.

Narrator: In this New York building, more than 50 law enforcement agents have been brought together by the US secret service — to fight cyber crime.

Robert Weaver: New York is the financial capital of the world. We can't afford to let the companies, the victims that have been targeted, go off-line for very long. If they go off-line for too long then they're out of business and it's time sensitive; you can't afford to let Wall Street go down to financial institutions here in New York City, the New York stock exchange, the NASDAQ.

Narrator: But it's not just the cops who are watching. Internet security companies, too, need to know what hackers are up to and they have undercover operatives to find out.

Chris Rouland: When we get there, let's just try and pilot some stuff that you guys will alternatively be responsible for, and I think we'll just kind of wing it from there. Certainly if there's any software being handed out, there may be opportunity for you to pick up CD goodies from somebody. I'm sure we'll be seeing some of our old friends there.

Narrator: And so, defenders of e-commerce set out to do battle with the internet outlaws of planet Earth. Today's big event is the capture-the-flag competition, when hackers try to outhack each other; it's the ultimate test of their skill.

Man: Any questions on that? Anybody have a honey pot? It's another opportunity for insertion.

Narrator: But for John and Alan of Internet Security Systems it is also a unique opportunity to monitor the latest advances in hacking.

Man: …common documents people would want… and if you try to copy this on one of these high-end colour photocopiers, it'll shut the machine down and put it into a mode, this is error area code such and such, so you cannot get the thing to work unless you call the manufacturer and they dispatch a technician who can then reboot it by sending some bytes to it or something; but in the process all these calls that are logged with that error code immediately are reported to secret service.

Man: And again, whenever you see the guys with the white things come out of the ears, you know you're in deep shit for…

Man: Forget about Big Brother, CIA, NSA. Yes, it's true, they gather every scrap of knowledge that's out there but they never look at it and if they do look at it, they don't know what the hell it is. The people for you to worry about are private industry, private companies, who have a financial interest in looking up your behind, in knowing everything about you. The CIA, unless you're a terrorist … unless you're a good hacker, a really good hacker, and then they only want to identify you to hire you.

Narrator: In the short history of hacking, one group above all has achieved legendary status.

Deth Vegetable: The Cult of the Dead Cow was formed in 1984. It started in the little town of Lubig, Texas, which is a big cattle town in the middle of nowhere, founded by two people, Swamp Rat and Frankin Guy. Originally they were a text file group, releasing stories and articles and things like that — this is before the days of the internet when hackers and computer people used to talk to each other on BBS systems — BBS stands for Bulletin Board System — it would be like one computer calling another computer and they'd post messages, things like that and that's how CDC started. And then with the development of the net, CDC migrated over on to that, and since then we've gotten a lot more into both the technical side of hacking and the social activism side.

Narrator: But while the Cult of the Dead Cow are the established superstars, Chris is more concerned about the stars of tomorrow.

Chris Rouland: We'll scope out the floor and see if there's going to be any kind of hacking contest. I think the stuff that's critical for the rest of the conference is going to be keeping an eye on anybody who appears to be a superstar in that hacking room. The CDC extravaganza I think we have to attend, I'm sure if they know, they're going to want us to participate too. I know they don't like me personally too much.

Deth Vegetable: The most popular operating system in the world is Microsoft Windows. The problem with these, especially with 95 and 98, is that they have no computer security whatsoever. This has been well known within the computer industry for a long time and people have complained to Microsoft, but Microsoft has never done anything about fixing it. Because of this, we went around and looked at all the various holes that people have exposed in Microsoft Windows and we bundled all these holes up together and built a tool to try to take advantage of that. The original tool was called Back Orifice.

Nancy Yule: Back Orifice is a little Trojan horse that goes into your computer and it hides in a file. Now you go looking for it, it becomes anamorphic, and what I mean by that is that when it looks for it in that file, it'll jump over and run over to that file, and then it'll run over to another file, so it's very difficult to find. Then what it does, just so you know, is I've got all the information on your hard drive, so you think that you've been secure and you've been safe and you've been writing secret little messages and you've been on sites that you shouldn't have been on. Guess what? I know exactly where you've been and where you're going, because as soon as you power up your computer and as soon as you start typing in your password, I got it.

Deth Vegetable: The way the Back Orifice works is that it allows someone, say a hacker over the internet, to run a programme on your computer and then, once that programme has been run, the hacker has more control over your computer than you would have sitting at your computer. So they could access all your files, they could watch what you're doing when you're typing, they could delete files, they could turn on and off your computer, if you have a camera attached to your computer they could take pictures with it, if you have a microphone attached to your computer they could turn it on and record what was going on in the room with your computer — things like that. It's pretty scary what Microsoft Windows allows remote users to do and we are trying to let people know that this is a problem.

Chris Rouland: In 1999, the Cult of the Dead Cow updated the Back Orifice programme with a version for Windows MT, called Back Orifice 2000, and they added some additional functionalities, such as the ability to spy on a computer. If you have a microphone or Quickcam adapter plugged into your computer, a hacker with Back Orifice can actually turn on the microphone and listen to what's going on in the room or turn on the camera and see what's going in the room, as well as other things like intercept passwords for bank log-ins or basically take full control over your computer. With these new tools being released by the Cult, we saw them as a serious threat and they were adopted as the most popular back door by computer hackers, infecting thousands of machines globally, perhaps even tens of thousands machines, it's very difficult to identify. We developed software countermeasures for both these tools within about 24 hours after their release and pushed those out to our customers so they could protect themselves against this new threat.

Narrator: But if it's one thing stopping hackers getting into your computer, it's another trying to control a computer virus. This man is a computer virologist and his company has developed an immune system that can kill most viruses in seconds.

Motoaki Yamamura: Each day our customer sends us a floppy disk, which contains potential viruses and we would scan this floppy disk with our latest version of Norton AntiVirus. Day-to-day we can get anywhere from 10 to 30 new viruses. In May of 2000 we got 25,000 submissions. These are the files they have sent us with potential viruses on.

Man (Cult of the Dead Cow): How are we going to save them?

Man: We must make a sexually transmitted computer virus.

Man: Start programming, start programming! Transmit! Transmit!

Man: It seems to be working. We appear to have done it.

Woman: Thank God.

Man: Go, CDC, go.

Nancy Yule: If you think your computers are safe, ha, ha, ha, ha, no way, absolutely not! When I go on the internet, first of all I've never ordered anything on line and I never will. Never's a long time, but I never will. I don't care if there's 52 firewalls at the other end, I'm not doing it, because it's very easy to get your number over the internet. I can do it like that, and any other information I want to get about you. If I want to find out where you live now, I can get that information very easily. If I want to get where you lived before, I can get that too. If I want to get your home number I can get that. If I wanted to get your shoe size I would venture to say I could get that over the internet.

Chris Rouland: There are actually more ways to break into computers than there are computer viruses. Hackers are uncovering new ways to break in every day and are using them to break into systems, deface web pages, steal money from bank accounts and shut down e-commerce systems with denial service attacks that allow no one to do business on the internet.

Michael Brausam: Dare dot com, which is an anti-drug website, got hacked into by a suspect who called himself Coolio. I found a website in Arizona, I obtained a search warrant for that site, went through all those logs and e-mails to that site and I was able to track down the suspect in the state of New Hampshire on the other side of the United States. This is one of the other images that he left on the website, which is a picture of Donald Duck shooting drugs. He left this picture of this rat, high on marijuana. He had also hacked into a couple of Air Force websites and had been in their websites and the Air Force was also looking for him. On this particular site he had made death threats against the president, which also caused this case to become a national case. He's looking at numerous years in prison for the numerous hackings he's done on websites.

Motoaki Yamamura: Viruses copy themselves from program to program. This means that the virus portion of the program copies itself to another program. That's why they're called viruses, but often you hear about viruses actually doing something very bad. These viruses just don't replicate but they often have what we call a payload, they actually do something. This can range from displaying some visual message, sometimes pictures, sometimes text or sometimes it does things like format your hard drive, do something very disruptive. One, at a certain time of the day, displayed an ambulance. Another very popular one is called Happy 99. This is one of the most prevalent worms or viruses that are out there today. A lot of people thought this was very pretty and sent it out to other people, but little did they realise that they didn't even have to send it to other people, the worm sends itself to other people. This is how it spreads so rapidly. So there are viruses or worms that display a lot of things but there's often a virus or a worm that doesn't display anything — for example, Melissa virus or, lately, we have the Love Bug worm. These things didn't display anything, they were just simple attachments in e-mail and when you double click on them, they didn't do much. But in the background it would automatically send itself out to other people, so you didn't see any visual effects.

Narrator: So e-commerce has had some tough formative years. Assailed on one side by viruses, which caused millions of pounds' worth of damage, and on the other by internet delinquents who vandalised their way through cyberspace. The future, too, looks grim.

Sir Dystic: Windows machines do a couple of odd things. When you send them a packet that basically says, 'I'm done using a name,' it says, 'Oh shit! Somebody was using my name, I'd better stop using it. What happens is, with a very small UDP packet, you can completely disable the net files, networking, on any remote machine. I notified Microsoft about that about four weeks ago, this Tuesday. When I first notified them they said, 'Oh yeah, yeah, actually, we were just about to come out with a patch for that, but we're going to delay it now that you've told us something we already know about, oh and we can't credit you because we already knew about that and…'

Chris Rouland: Frequently, when a hacker identifies a new way to break into a computer system, they actually publish that tool, make it available to others, under the pretences of doing that to encourage people to improve their security. However, this enables individuals who don't have that skill set to identify that really technical way through programming and knowing machine code, to break into their computer. It allows anybody with an internet connection to go and start hacking machines.

Sir Dystic: So when Windows machines start up, they send out a packet which says, 'Hey, I'd like to use this name. Is that okay with everybody?' So one of the other things my program does is say, 'No.' So, the effect is if you have this program running on a network and you can receive the broadcast UDP packets that Windows machines transmit and you can respond to those packets, the Windows machines on that network will always think that there is already a machine with their name on the network and never be able to join the network.

Chris Rouland: Another tool was announced by the Cult — a scanning tool that is used to identify large numbers of computers that are open to attack on the internet. They announced that tool, however did not release a copy of it. It's referred to as a war dialler for the internet — it is a tool that allows you to probe lots of systems over the computer network, targeting the ones that are vulnerable to attack and allowing you to break in. It's not so much of a vulnerability as it is a weapon of war or a tool for the internet to allow you to attack mass amounts of computers.

Grandmaster Ratte: Today we're trying to push hackerism into a new frontier, a new definition. We're trying to change the definition of hacker into one that means Renaissance person.

Oxblood Ruffin: A lot of people don't even have internet connections, a lot of people in North Korea and Cuba, China, all over the place, who have some access but they can't see the entire internet, so we've decided that they should be able to see that. We're putting together a crack group of hackers outside of the CDC; I recruited them personally just last week. I got a piece of raw meat, threw it into Times Square and I hired the first five guys who bit into it. One of them you know, Bronkbuster, another guy you might have heard of called the Mixter, a German hacker, there are three other guys but I can't quite mention their names right now because they have very important jobs and they don't want their names mentioned with this project just for now.

Chris Rouland: The critical element in evaluating a hacker conference is really for us to identify the components and the areas of the hacking conference we need to attend. We look at them both from a technical arena, where we identify different technologies that will be discussed by the hackers that require our attention, and additionally we have to look at it from a social perspective, in that we have to identify where the hackers will be grouping together and going out for drinks or for dinner and try and attend those venues, so that we can get to know who the players are in the computer underground.

Narrator: Beer and banter aside, this is a war with very high stakes. If the e-commerce gets it wrong, the consequences could be catastrophic.

PART TWO

Narrator: A denial of service attack is the big corporate nightmare, when hackers so flood a system with requests that it crashes.

Mark: We get an alert on the ERS, STF, intersect 01 sensor — generally somebody looking for a weakness in a server. But unless we know where it's coming from — if we get multiple sweeps from the same source, then that's enough to warrant perhaps blocking that IP or some other action. Doug will decide what's appropriate. A potential hacker followed up with a couple of tools, a tried flood attack, which is generally a synchronised attack from many servers as well as a couple of other tools, standard packaged tools for finding vulnerabilities, is a denial of service attack. Here they come again, it looks like they are trying to do a denial of service attack. Hi, this is Mark from Operations, yeah, we have three more identical alerts to the last three, same house name, okay, bye. So, the attack is going to continue and as the emergency response service team member, Doug will contact the customer and advise upon the appropriate action.

Doug Brown: I would go to the firewall which you have sitting in front of this web server and deny all packets that are coming inbound from these two addresses. When an attack comes in it can involve two, three, four, any number of computer systems on downline. Hackers will often go through many different computer systems trying to mask their actual origin.

Chris Rouland: We monitor sites on the computer, underground websites the hackers use to trade their secrets or exploits. We also monitor the internet chat rooms where all the deal-making in the computer underground, between computer hackers takes place. This is a really anonymous area that allows hackers to take on their own identity and protect themselves from tracing while able to freely converse and trade in the currency of the computer underground. That currency consists of things like exploits — almost weapons, like a new gun to break into a computer system. It also consists of trading systems that have been broken into. So for instance maybe one hacker wants to break into a system or website that he's not able to, he's able to trade some other hacker a different website or maybe a bank that he compromised in exchange for the website that he wants access to.

Narrator: Las Vegas, and another hackers' conference. This one is the biggest and it's called Death Com.

Sir Dystic: It's going to get worse. Without proper protection and without updating your DAT files as you should, every week, or every day, if possible, you're just asking for trouble. Imagine looking at a very, very large fan and having a big pile of stuff on top of that fan and it's going to hit it real soon. We've made it far too easy for viruses to be created. Anybody can create viruses that are very destructive.

Motoaki Yamamura: I think the most dangerous thing a virus or a worm can do in the future is that it can probably steal things from you and send this to people you don't want it to be seen by. For example, you can be writing an important document, very confidential information, and maybe you can be infected by a macro virus, which would automatically steal this document and the content of it and not just send it to people you know but maybe even post it to things like news groups or some website where it's accessible by somebody. So I think in the future we're not just gonna see destructive viruses, I think we're gonna see viruses and worms actually export data out of your machine.

Narrator: Back at Death Com, meanwhile, the hackers abandon their computers for some old-fashioned American fun.

Man: What's the first thing a lot of kids do with a computer in a video arcade when they're 12? Shoot 'em up games, right? And then you get a computer. And what's the first thing? It's space invaders, it's asteroids or, you know, whatever — a first-person shooting game. So now it's just an extension of: 'Gee, I'd like to pick a gun up now and, wow, it's fun to shoot one of these.'

Man: I'm a systems analyst and I use it to check information systems for security. I do that as well, and of course, I do other things that I usually don't talk about.

Interviewer: So what are they?

Man: Oh, no, no!

Narrator: Target practice is one thing, but everyone is waiting for the announcement from the real big guns, the Cult of the Dead Cow. Everyone who is anyone in the great cyberwar is here – college nerds and corporate agents, cybercops and cybercrims.

Man: Ladies and gentlemen, we released Back Orifice two years ago and then last year there was lots of flak, and you know, that's not what CDC's about. We're not a software company. We've been round since 1984…

Narrator: Alan from Internet Security Systems is here; so is Motoaki from Symantec, waiting, watching.

Man: … we happen to have released a couple of tools but, you know, they were a means to an end, the end being political domination, of course, but they're not an end unto themselves. It seems like people seem to be expecting us to release more, and…

Alan: The big event was the CDC conference, which was pretty much of a disappointment. They didn't give out any software like they did last year, it was mostly theatrics, the same type of thing we saw with the Hub 2K.

Chris Rouland: There's not much of a risk to us. I really think they're more interested in bashing Microsoft than they are in computer security. One thing I've noticed, the crew has been hacking a lot of websites, they also rooted out the Death Com pretty quickly. Yeah, those guys, I think they're replacing CDC on the radar.

Doug Brown: We have analysts who attend hacker conferences such as Death Com. The ones that always get the most press, that you always see in the newspapers and on the news are the hackers, the kids or the young people who are attacking a computer network or a computer system from the outside — yes, those do exist, but that's not where the greatest threat comes from. The greatest threat is from the insider, if you will. If you stop and think about it, the person that's inside — employees, people that actually belong on that network — already have some of the keys to that kingdom. They have a legitimate account and a legitimate password that they can use to get on that system with, and that's always the first goal of any hacker, is to get a legitimate account.

Once they have a legitimate account then they see what they can do to expand the privileges and capabilities of that account to get to other places within the network or other places within that system. The motives run the gamut. They can be anything from revenge to curiosity, money. When I conduct an investigation into intrusion into a company's network and it begins to look like it has in fact come from the inside, as an investigator, one of the first questions that I usually ask is, 'Who's recently been fired from the company and when they were fired what kind of access did they have and was it a case where they left quietly or did they leave kicking and screaming?' Quite often, what we see on cases where the hacker turns out to be an insider, the motive is actually a case of revenge — they're trying to exact some kind of revenge for their being fired unfairly, as they feel.

Chris Rouland: Most organisations have a very hard-to-penetrate exterior to their computer networks, so that from the internet or for dialling in with modems, it's very hard to break in to those organisations. But once an insider works at those organisations it's very easy to compromise those computer systems and traverse them. So once they're in the soft chewy centre, an insider is able to compromise almost anything they want to.

Man: Seventy, maybe as high as 80% of our cases are internal compromises of the system.

Robert Weaver: A programmer who developed and designed the program, the software programs for on-line training, became very possessive of his product, which, by the way, belongs to the company that you work for. If you develop it and design it on their payroll, then it's not yours, it's not your intellectual property, it belongs to the company.

The salary negotiation turned into an extortion, which caused the programmer, a suspect now, to start denial-of-service attacks. Over a several-day period, he was effective in causing the server to go off-line. That denial-of-service attack turned into a more deliberate and nasty, very nasty full-blown hack.

While we were there, the live hack came in. We did an on-line tracing of the internet protocol address, which took us back to a university, not just a university, but a machine specifically at that university. It was electronic warfare in the trenches. He was trying to hack and shut down and we were trying to track and trace and so using track and traces on the telecommunications side of the house, we got appropriate court orders from the United States Attorney's Office. This was a real live manhunt. He was trying not to be caught and we were trying to catch him, and he was trying to be anonymous and we were trying to find out who he was. What happened was, we were able to positively identify him, the suspect, at the keyboard, during the time of the hack. That time frame that I just gave you took us four hours.

Narrator: In fact, business is increasingly vulnerable to computer attack, so this summer, when Bloomberg Business News was held to ransom by hackers, the company decided to make a stand.

Michael Bloomberg: We saw an attempt being made, coming from Kazakhstan. They actually sent us an e-mail demanding money. We immediately called the Federal Bureau of Investigation here in New York and commenced what turned out to be a three- or four-month sting operation to lure these people to a jurisdiction where we could get them arrested.

Barry Mawn: When Michael Bloomberg came to the FBI, we took the extortionist's e-mail threat and the computer squad traced that back to Kazakhstan. We decided to have Michael Bloomberg meet these individuals in London. The meeting was arranged for Michael Bloomberg, the individuals that were attempting to extort him, and a couple of Metropolitan Police officers who posed in an undercover capacity. We decided that this might give a false sense of security to the individuals making the extortion threat, that they might be more willing to go to a neutral or third country as opposed to coming to the United States to collect the monies, and then a third reason was that we were aware that this would be an extraditable offence from Great Britain.

Undercover Officer: We have got to be satisfied that a crime has been committed here in the United Kingdom. This clearly is a prerequisite of any request that we receive from any countries overseas. The FBI in New York were quite content that a crime, or an alleged crime, had been committed within their jurisdiction. As part of the demand for money, bank accounts had been set up in New York, London, in Europe and in the former Soviet Union to receive the funds that had been demanded. The suspects turned up at the central London location, at a hotel, and participated in a meeting that involved representatives of Bloomberg and undercover officers. As a result of that meeting, there was clear evidence to indicate that the suspects in fact were involved in this e-mail extortion. Sufficient evidence was gained from the interviews and the conversations that took place at the hotel that enabled Scotland Yard to arrest both suspects on behalf of the United States.

Michael Bloomberg: Most companies, when they get attacked, invariably pay a small amount of what you can call ransom or extortion because they don't want to run any risks and they don't want to tell their customers that they are vulnerable. The truth of the matter is, everybody is vulnerable all the time. You have to be terribly vigilant and I think that companies that pay extortion are making a terrible mistake. The reason they keep doing it is that so many people cave in and pay them a small amount of money — it's never a big amount, a big amount you couldn't hide but a small amount you can and this is why they ask for a couple of hundred thousand dollars in our case rather than a couple of million dollars — but if you start playing that game you're going down a slippery slope, it's bad for your company and it's bad for society.

Chris Rouland: The analysts predict by 2001 there'll be 20 million individuals on the internet capable of launching a cyber attack out of the hundreds of millions of internet users. With these large numbers of people capable of launching attacks and with this new complex software and technologies required to offer the depth of services, we begin to expect these complex machines on the internet will have problems, they will have bugs and part of that 20 million users will find problems with them and exploit them.

Michael Bloomberg: We've made a devil's bargain I think. We like the convenience and efficiency of technology and the price for that is going to be less privacy. The price of that is going to be more people knowing about us and more dependence on these networks and when something goes, we're going to be more and more unable to function without all of this technology; but we all like the convenience of credit cards even though it leaves a paper trail of what we've bought and where we bought it and we all like the convenience of being able to go through a toll booth without slowing down but then there's a record of where we went in our car and who was in the car. We all like the convenience of transferring monies around the world at the touch of a button over the internet but when you do that you have to understand that there is a risk that somebody will break in and take some of your monies and you might not get it back.

PART THREE

High-Tech Crimes Task Force @ Sacramento Valley, California

Policeman: Do you have a computer at home or anything like that boy?

Man: No, I don't.

Policeman: Your Mum or anybody, no? Okay. Are you positive now, your prints are going to come back on any of that stuff?

Policewoman: This stack of paper is predominantly used with all counterfeiters and the program that's used is called Versa Check. It's a program that you load into your computer and you can process your own cheques. All you need is somebody's cheque or a business cheque and once you have the payroll information or a financial institution or bank account number and routing number that's at the bottom of the cheque, you can pretty much transfer that anywhere. But this is actually the program that's used in order to manufacture the cheque. This shows the variations of the types of cheques that you can order and you can order these cheques from this company.

Narrator: But not all computer crime requires a degree in computer skills. User-friendly software and high computer graphics have made counterfeiting easy. Even the on-board police computer is vulnerable to interference.

Nancy Yule: We have an RD Lax system, which is supposed to be secure; or the FBI said it would be secure for at least 10 years. That's not the case. I don't think it lasted for 10 minutes, and all you need, basically, is a scanner that's been modified, hooked up to the laptop and then you need the software and this smart cable hooked up to my computer and now I can intercept all the mobile data terminal messages that I want. The scary part about this is that I know exactly where you are at what time, so let's say I sign on the terminal, I see Detective Yule, shield number 2466 and my password. I get all that information based on that computer. Some people say, 'Ah, what's the big deal, if they read what's coming over to the MDT's?' Let's say, hypothetically, that I'm shot and I'm being rushed to the hospital. As we all know, all that pertinent data is put on that terminal and it's being transmitted as I'm being transported to the hospital. The only unfortunate part about that is that I have one of these decoders; now I can read that information. And let's say that person doesn't like me and they see that I have A-negative blood — well, all they have to do is manipulate the information and put in B-positive — so when I get to the hospital I'm going to be fed with B-positive blood. Not a good thing.

Narrator: Back in Sacramento, the forensic team is despatched to a suspect's house.

Policewoman: A lot of people that don't want us to find whatever it is they're doing, their files or whatever, they will put in a program in shut down so that it doesn't go in normal shut down, it goes out and erases those files, and then a lot of times not only erases it but copies over it so it can't be retrieved — so that's why you don't get normal shut down. Another precaution we take is we'll make sure that the telephone jack is unplugged from the back of the CPU because with computers a person can be anywhere and come in remotely to the wires and erase what we're doing.

Policeman: You have sold 10,000 of the counterfeit bills and your take is what?

Man: Nothing, I get a free pill to eat.

Policeman: You just get the Ecstasy?

Man: Yeah.

Policeman: How does he make the bills?

Man: On his computer.

Policeman: Well, how much does he bring over to you at one time?

Man: The most he's ever brought over was 10,000.

Policeman: And all twenties?

Man: All twenties.

Policeman: Okay, but understand this, okay, Joe, is that we're able to, not myself, she's able to go under there and bring up things that you have previously deleted. You think that that's clean — it's not.

Narrator: This isn't just the bluff designed to encourage a confession — police can recover damning evidence on a computer, even if the files have been deleted. Once the computer is seized the hard drive is removed and a perfect copy made.

Man: What we're going to do is take a bitstream image of the original media and duplicate it to one of our own forensics hard drives. Once this process is done the copy that we make will be identical to the original, we'll be able to put the original back in evidence. It'll be secured and it'll remain in its original condition from the point at which it was seized. If the individual had an idea that law enforcement was coming to seize the computer, this is where you're going to find the bulk of the information that you were looking for to begin with — under the deleted or overwritten. Deleted would give you a specific icon, which would be the circle with the line through it; if it had been deleted and overwritten we get the circle and it's also got what appears to be a waste can under it. The overwritten files, for the most part, are going to be unrecoverable; we may be able to get a portion of it back. However, the files that are simply deleted are generally not only recoverable but we can usually view them as well. The first two have not only been deleted but they have also been overwritten, the third one has been deleted but not overwritten yet, and in some cases we may even be able to recover some of the deleted files directly through this software.

Narrator: These are the forensic experts of the cyberworld. They sift through the mind-boggling masses of data in search of the crucial clues, which will pin the crime on the suspect. The biggest single commodity on the net is pornography but here, too, the criminals leave a computer trail.

Man: We received information that a website was hosting child pornography. We then accessed the website via an undercover account and determined who the individual was that was hosting the website. We're in the process right now of finding the individual it's registered to and we're still on the beginning processes of the investigation but it looks like we have enough to go on so far where we could follow up on enough leads and there was definitely child pornography that was on the website.

Narrator: As the business community must deal with the threat posed by internet criminals, so society in general must confront the child pornographers and sexual predators who hide behind the anonymity of the world wide web. In Sacramento an officer logs on to an internet chat room. It's the cyber equivalent of cops on the beat.

Shari: I have the name of Shari. I have nothing as far as the age or anything else on my profile so usually when I go into a room like this they will immediately hit up on me and ask me about how old I am and this and that; and as we're in here we're just going to hang out, we're not even going to say anything and see how long it takes before windows start popping up with people wanting to chat privately with us. There's one right here and this person says, 'Hello,' and I'll just answer back, 'Hi.' And here's two more — and so here in a minute or 10 or 15 seconds we got, one, two, three, we got four people that have hit on this person, and here's another one that just popped up, so he's asked me to tell him what I look like when I'm naked, so we'll make something up for that. So, when I told him that I didn't have very big boobies and I'm not hairy, he smiled and says he likes the sound of that. And here's a guy that's sending me a program right now; he wants me to hook this program up so I can watch him with his camera. He's got a camera at his house and he's sending me this. What he's trying to do is he's trying to send me a program that'll allow me to video conference with him, it's a fairly common program for video conference and I've used it quite often. We're connected directly to this internet protocol address so we could run a trace on that and find out where this guy is, roughly the city and then work backwards from there to find out who he is. So here's another guy who says, you may be into an extreme kinky and perverted family sex session, he says he's male, 33, so, I told him I'm not supposed to be here I'm only 13 and he did a double smiley face when I tell him that so he's obviously interested in that too.

Narrator: One in five youths between the ages of 10 and 17 received a sexual approach over the internet.

Woman: Jason and I and a few other members of the task force posed as a 12-year-old boy on America On Line and went to a chat room. We had a conversation with this one gentleman for approximately four months, talking probably four or five times a week and he flew in from San Francisco to meet with us. We couldn't suggest any kind of meeting with this person, we couldn't bring up any sexual talk or any innuendoes, everything had to come from him, so we just talked to him in a normal manner and just waited for him to…

Man: We were very careful on that issue.

Woman: We were very careful

Man: So careful that the defence attorney's not even going to plead entrapment. Man: How about the fantasy defence?

Man: That's his whole defence, that he never once believed that this really was a 12-year old boy, that…

Woman: Even if there was, he was never going to meet with the boy. That's what he's going to try to use.

Man: He's got to try something, what's he looking at? Thirty years? He's looking at 30 years.

Man: Well, do we have enough previous position in conversation?

Man: Absolutely, absolutely.

Woman: Oh yes, no doubt.

Man: That was always on the abeyance.

Man: He was on probation for being a paedophile, he was HIV positive and did not, at the time of his arrest, have any intention of any protection.

Woman: That's correct… it definitely is.

Man: The attorney almost wanted to get him with manslaughter charges, attempted manslaughter because of that.

Man: The internet is probably the greatest blessing for criminals that I can ever imagine. You can completely hide your tracks using different websites and programmes on the internet where nobody will ever know where you were, where you're from and where you went. You can become a ghost - easily.


The content here is all we currently have about this Equinox show. More details are added as often as we get them.


If you have any more details, corrections or information for this Equinox programme, please drop us a line at equinox@virtek.com



This site developed by Virtek © 2006