By Arnold E. Bell, Unit Chief, Innocent Images Unit, Cyber Division, FBI, Washington, D.C.
he past two decades brought rapid advancement in technology and placed Internet access in the homes of most families in the United States as well as many homes in other countries, and digital connectedness is a key element in the modern international economy. As a result, physical borders are less relevant to commerce and to crime. Cybercriminals are defrauding victims the world over at a current estimate of U.S. $67 billion dollars annually; that is $7.6 million of fraud per hour. U.S. law enforcement’s Internet Crime Complaint Center receives approximately 22,000 complaints per month.
The fraud schemes that define traditional white-collar crime have migrated in many ways to the Internet. The online pool of potential victims is the new frontier for the criminal methods that pose the greatest threat to financial institutions, critical infrastructures, national security, and intellectual property. In addition to the devastating fiscal losses they cause, cybercriminals give rise to incalculable harm through online sexual exploitation of children. Today, criminals have adopted the Internet as their preferred tool for networking, exchanging best practices, discussing the latest law enforcement techniques and ways to defeat those techniques, and victimizing people everywhere.
To address the growing problem of cybercrime, law enforcement must adopt investigative methods that draw from, and counteract, the ingenuity of the criminal element while at the same time adhering to laws, regulations, and policies. International cyberinvestigations present perhaps the most significant challenges to modern law enforcement because cybercrime respects no physical borders and some countries are only now recognizing the need for laws to address cybercrime. In certain situations law enforcement coordination arises from personal relationships and does not go through official channels.
FBI Cyber Division
The FBI’s Cyber Division was created in 2002 and, in coordination with the FBI’s Office of International Operations (OIO), routinely conducts and coordinates international cybercrime investigations. The United States is fertile ground for overseas cybercriminal groups that carry out all manner of online criminal activity from the ostensible security of their home country. This criminal activity includes phishing schemes, wire frauds, production and distribution of child sexual abuse images, mass distribution of counterfeit copyrighted material, and much more.
It is incumbent upon law enforcement to adapt to the changing criminal environment to remain effective. Criminals are forming cybernetworks and leveraging their resources and skills to unseen levels. Law enforcement agencies worldwide must develop and maintain mechanisms for the effective and efficient dissemination of intelligence to their counterparts worldwide so that information can translate into action. The flow of intelligence must be multidirectional to ensure benefit to all stakeholders.
FBI Legal Attaché Office
Although the need for cooperation at an international level is clear, operational confusion begins at a point where laws differ from country to country. U.S. law enforcement generally has no power of enforcement beyond its borders. The FBI has established the OIO to facilitate federal investigations through a network of legal attaché offices that are strategically placed in various countries around the globe. Although FBI agents generally do not have enforcement powers in the countries where they are assigned regional responsibility, they have a deep understanding of their host nation’s investigative rules, and they cultivate productive relationships with officials in that country who do have enforcement powers. The FBI’s investment in generating and maintaining an international presence has advanced its investigative mission immeasurably and has been a diplomatic success for the United States.
To reiterate, U.S. law enforcement officers, whether they are agents of the FBI or another agency, do not have arrest powers, subpoena powers, or the authority to conduct any investigative activity abroad without the approval of the host government. Often, the legal attaché can secure this approval or can work with the host government to accomplish the desired investigative or operational result.
To avoid any diplomatic trespasses, all FBI investigations must be coordinated through the legal attaché in the country of concern. In addition, direct contact with the citizens of another country for investigative purposes is generally looked upon as an infringement of that country’s sovereignty and is, in most cases, strictly forbidden.
How do investigators obtain the information they need? Evidence may be obtained through the use of letters rogatory. Letters rogatory are requests from judges in the United States to judicial officers in foreign countries for assistance. A letter rogatory generally contains background information, the facts of a case, an articulation of the request, and the promise of reciprocity. Letters are virtually always drafted through a U.S. attorney’s office with approval from the Department of Justice International Affairs Office.
Another mechanism for diplomatic investigative communication is the mutual legal assistance treaty (MLAT). The United States has entered into a number of MLATs, which define the margins of cooperation within a particular context. MLATs have been negotiated between the United States and many other countries and are particular to those countries. Therefore the level of cooperation each MLAT sanctions will vary from one country to the next. These treaties generally shorten the letters-rogatory process by providing a formal procedure for making and receiving requests. For an agent or officer seeking subpoena information, search warrant execution, or court order compliance, the foreign assistance must be sought through a letter rogatory or an MLAT request.
There are many other considerations surrounding the diplomatic hazards involved in international investigations, such as extradition, subpoena service, informant management and operation, and prisoner transfer. But this article focuses on cybercrime.
International Cybercrime Task Force
In cyberspace, most major investigations have suspects in other countries. Although MLATs and letters rogatory are required to obtain documents that could be used in U.S. courts, the time required to use these instruments renders them obsolete in cybercrime investigations. Fortunately, the sharing of intelligence is not limited to official processes.
The FBI uses a familiar investigative mechanism known as the task force to address the need for the speedy transfer of information while, at the same time, strengthening cooperation in the investigation of online child exploitation. Although the task force model is nothing new to the FBI, the concept of an international task force has presented some unique considerations. With the exception of the participating FBI personnel, all of the Innocent Images International Task Force members come from other countries. Each participant serves for up to six months at an FBI building with FBI agents and task force members from other countries. This arrangement allows officers from the participating countries to have access to information and share it much more quickly than using the mechanisms articulated earlier in this article. In the world of cybercrime investigations, even more than most other investigations, time is a critical factor.
In all cases of online child exploitation there is potentially a victim child on the other end of the investigation. Law enforcement must quickly do whatever it can to intervene and stop the abuse. The lack of standard data retention rules for Internet service providers (ISPs) in the United States makes time an accomplice of the perpetrator in cybercrime investigations. As a result, it is often difficult, if not impossible, to obtain the necessary information from ISPs to support a warrant or indictment and properly advance an investigation. Time constraints are magnified when the initial information originates in another country and then must be passed to the agency that can act on it.
The task force model allows for the timely dissemination and receipt of needed information. Because the officers share space with the FBI, all of the investigations are joint investigations and allow for information to be passed directly between any two officers and, by extension, their two countries. The FBI legal attaché with the responsibility for any particular country is kept apprised through internal communications. This process ensures that the legal attaché is aware of any action that takes place in the attaché’s territory as a result of task force investigations.
The success of the task force mechanism in the area of online child exploitation was evident in a recent case principally investigated by the FBI and the Queensland Police Service in Australia. In December 2005, a Queensland officer who had completed the basic covert online investigation course at FBI offices in Maryland was, within a week of his return to Australia, in communication with an American subject who was distributing images of prepubescent children engaged in sexual activity as well as images of minors engaged in sadistic or masochistic conduct. The information was passed from Australia to the United States, and in a matter of weeks police identified, located, and arrested a suspect named Walter J. Kemic, who was later sentenced to 17-1/2 years in federal prison for distributing images of child sexual abuse.
Another example that drives home the point that the rapid exchange of intelligence is necessary to fighting crime in the modern world occurred in late November 2003. An officer from Denmark found on the Internet disturbing images of a young child being sexually abused. Because these pictures were not what investigators call known images, authorities believed the victim was being subjected to ongoing abuse. These images were transmitted through a secure Interpol system to officers in Toronto, Canada, who, believing the victim to be in the United States, communicated their findings to FBI agents in Maryland. Working with the Toronto Provincial Police, the FBI followed the clues to North Carolina.
Police arrested Brian Todd Schellenberger about two weeks after the initiation of an investigation that spanned two continents and three countries. Police found and rescued five Schellenberger victims.
It cannot be said with enough emphasis that the future of effective law enforcement is the rapid exchange of intelligence. As the Internet becomes ever more prevalent in society, investigators will need to understand cybercrime techniques and ways criminals use computers in the United States and abroad. ■