Digital Evidence – Diminishing or Shifting?

Kevin Lo – Froese Forensic Partners Ltd

Analysis of email communications and Internet (browsing) history plays a dominant part in many forensic investigations involving digital evidence. However, there is also a trend where less evidence could be located from these traditional sources (i.e. email or internet activities). There is no indication that people are committing fewer crimes or wrong-doing on computers – so what could be the explanation of the declining volume of evidence from these traditional sources?

There is a definite shift where savvy computer users are aware that their employer could easily monitor their activities on both email and Internet. Many are using alternative methods to communicate without being “caught”. For example, we are observing an increase in personal or malicious communications that used to largely occur through traditional channels such as email moving to social media platforms such as Facebook and Twitter. Given this shift, both the legal and IT industry need to adapt quickly to ensure that evidence is not overlooked due to ignorance or oblivion.

Rather than catching up to this trend, perhaps it might be helpful to make predictions on how fraud and crime can be conducted through the use of “new” technology.

Recently some “think-tank” type organizations and researchers are starting to look into ways on how emerging technologies can be used to facilitate fraud or commit crimes.

Fraud in Biotechnology:

For the past few decades, we have seen big advancements made in biotechnology. Medical device such as the insulin pump is widely used. An insulin pump is essentially a device attached to a diabetic patient that administers insulin automatically based on some predetermined parameters. Such a device is an alternative to the traditional way of multiple daily injections of insulin by syringe, thus providing better quality of life and freedom to the patients.

Given the advancement of the Internet and wireless technology, a lot of these medical devices are now monitored by medical professionals remotely. The advantage is obvious: patients are no longer required to make regular visits to a hospital to be checked by doctors. Rather, doctors can monitor these devices via the Internet. For example, an insulin pump could be sending out its readings through cellular data (the same network used by our regular smart phones) to the patient’s doctor who can make adjustments to the dosage of insulin upon examining the readings from the device remotely. Such a convenience!

But what if the readings and data of the insulin pump are “hijacked” by hackers over the Internet, which could be as easy as someone trying to steal our online banking information that we use today? Aside for the obvious concern for privacy over patient medical records, what if the hacker could also gain access to the system and make adjustment to the insulin pumps or pacemaker? Could assassination be performed via the Internet? Could a ransom be demanded with a threat to kill someone through the malicious control of these medical devices?

Fraud in Geo-location Technology:

Global Positioning System, better known as GPS, is no longer considered a breakthrough technology. This system can be seen in use in our everyday lives. From our smartphone to our car, we rely on this technology to better our daily lives. Aside from personal use, our commerce and industries also rely heavily on GPS to ensure goods are delivered efficiently and accurately. Emergency vehicles rely on it to respond to emergencies. Industries rely on it for asset management (for example, ability to track an armoured truck for delivery of money). As illustrated, application of GPS is quite expansive.

However, some of the design limitations of GPS are often overlooked. For example, GPS signal is inherently weak – that is why automotive GPS will often lose signal connection in an underground parking garage or going through a tunnel). Therefore, it is plausible that GPS signal could be “hacked” or tampered with. People with malicious intent could command and steer a delivery truck to off-load its cargo at a false location by tampering with the GPS signal. It is also plausible for an armoured truck to be hijacked by robbers with a hacked signal being sent to the monitoring station, deceptively appearing as though the armoured truck is still en route to the bank, for example. So while the robbery is taking place, the monitoring station would be none the wiser.

Fraud using Social Media:

“Flash mob” has been a social phenomenon in recent years, where a group of people assembles suddenly in a public place and performs a conspicuous act for a short time, then disperse. A flash mob would often be organized and coordinated by social media such as Facebook or Twitter.

While most acts of a flash mob are jovial in nature it can easily be turned into a something malicious. In the summer of 2011, a flash mob organized by social media and texting robbed a variety store in Ottawa. The group consisted of approximately 40 individuals who robbed over $800 worth of goods within minutes. The group dispersed so quickly that neither the store clerk nor law enforcement could react in time.

What would happen if a flash mob is organized by a people with nefarious intent? Setting a goal of stealing valuable items from a “big box” electronic retail store, the criminals could create a cover by sending out an invitation to a flash mob event at the targeted electronic retail store via Facebook. Innocent participants with innocent intent rush to the electronic store and perform the stunt. While the flash mob is taking place, the criminals walk off with valuable items in the midst of the confusion. In such a case, are the flash mob participants are the unknowing accomplices?

The technologies mentioned above are not science fiction, rather they are existing and current technologies that could easily be exploited by fraudsters and criminals. The devices needed to carry out these types of attacks are easily accessible and obtainable on the Internet. For example, last year an IBM researcher was able to hack the wireless interface used to control an insulin pump and a GPS Jammer can be purchased on the Internet for as little as $30 (which can then be used to block GPS-based road tolls that are levied by an on-board receiver).

When dealing with litigation or investigations, it is no longer sufficient to focus only on traditional technologies, such as email or Internet browsing history. One must also be cognizant about up and coming technologies and address them actively.