CSI meets ESI: MSPs Can Make the World A Safer Place

As the digital and physical worlds become more intertwined, so our digital lives can reveal much about potential criminal activity, explains Ian Trump. Increasingly, MSPs and IT service providers will play a greater part in helping law enforcement and bringing criminals to justice.

19:57, HighLand Park, COL: My close followers will know that I’ve been pretty active on social media of late, celebrating my success with the Certified Ethical Hacker (CEH) certification and working towards my CCIA – that’s not a Cisco Certification, that’s a Certified Criminal Intelligence Analyst. Everyone gets the technical skills of hacking, but I’ve always maintained I’m interested in the human face of these attackers, and now I am learning all about them.

Hanging out with the Douglas Country Sheriff’s department with a lot of fit, badge- and gun-totting investigators, officers, and analysts is more than a little intimidating – especially when it comes to Criminal Investigative Analysis, or in layman’s terms Criminal Profiling. What was apparent to me and certainly is on the radar – if not the daily routine of special investigators and detectives – is how much our phones, Internet and online habits inform the real world of potential criminal activity.

A central feature of good criminal profiling is analysis of the crime scene and determining various character traits for the unknown offender. This is accomplished by analyzing the nature of the offense and the manner in which it was committed. I’m pretty certain the crime scene now has a lot of digital elements and in the future will quite possible be almost completely digital. This is what I find fascinating.

Take Cold Case investigators for instance. Even now a plethora of digital devices will tell your story long after you decease or disappear. Facebook pages of lost love ones, comments written in social media, or visits to online memorial pages of the deceased on the anniversary of their death or disappearance could all lead to discoveries about your fate. Will chasing the digital shadows lead to the emergence of a discipline of Forensic Digital Anthropology, to reveal secrets from your digital past?

Internet of Things and Digital Fingerprints

In my presentations I talk a lot about how crime has moved online, and in some ways pre-meditated physical crime has a huge online component that, in my humble opinion, has not been fully explored. When the Internet of Things becomes fully evolved will your fitness tracker solve your own murder? Or could evil hackers kill you wirelessly, or over the Internet? Five years ago these ideas would elicit laughter, now there is an unease. In a few circles like the Secret Service, there is a quiet admission that Medical Device hacking is a “thing."

However, on the more positive side – privacy issues aside – self-inflicted, continuous, ubiquitous surveillance of ourselves through fitness tracker apps, geo location on our phones, car GPS, and “black boxes” (Event Data Recorders) may all be potentially used to identify dangerous situations. Could fitness tracker apps detect a dangerous drop in blood pressure that could be associated with being stabbed? Could they then summon medical assistance, and order blood in your blood type to the nearest hospital? If the event is in your home, work, or someplace in-between, could they request law enforcement and automatically collect cellphone IMIEs around you for potential witnesses? Could they automatically download video from CCTV cameras and record license plates from nearby sources?

With all these interlinked devices and analytic engines moving data and triggering responses, investigations into murders, sexual assaults, and accidents could be set to have a relevant and complex cyber dimension. Complex due to the interlinking and relevant because, like it or not, your cellphone and other devices will leave a digital trail that must match to the physical situation, or everything becomes questionable.

Moving deeper into the digital world, we have a problem: we are different online than in real life. For example, the shy loner could have hundreds of “friends” in an online game system, because we can masquerade as our complete opposite online. This is where things get complicated for law enforcement. Real life may have some cyber similarities, but personalities and online behavior may be the exact opposite of what is expected.

True, the tell tail signs of a person meticulously planning physical mayhem or a sex crime, can just be a web search away, and digital evidence has received some notoriety in recent cases, such as the Casey Anthony prosecution. But here’s the rub: digital forensics have been used to help convict, but have they been used to exonerate? If a suspect Googles “how to kill your partner”, the partner turns up dead and investigators gain that evidence – it contributes to the suspect’s guilt. However, somehow submitting the fact that “how to kill your partner” was not in the search history does not exonerate the suspect. Seems prejudicial and who knows who was actually behind the keyboard.

Evolving MSP and IT Service Provider Roles

Clearly a new dimension of investigation, legal prosecution, and defense is evolving firmly rooted in digital evidence. Where physical crime has gone, digital is sure to follow, and this is where MSPs and IT Service providers will have a role to play as custodians of the digital infrastructure. The reality, is that most managed service providers (MSPs) and IT Service providers will understand the cyber world far better than municipal and state resources, and in some cases even more than federal operatives.

I hope that MSPs and IT service providers don’t have to encounter more than ransomware or financial crimes, but unfortunately many MSPs I’ve talked to are being drawn into investigations to discover digital evidence of more serious crimes. Disturbingly, the most common encounter for IT providers is evidence of child exploitation.

“As of Nov. 19, 2014: At least 12 states – Alaska, Arkansas, California, Illinois, Michigan, Missouri, North Carolina, Oklahoma, Oregon, South Carolina, South Dakota and Texas – have enacted laws requiring computer technicians or information technology workers to report child pornography if they encounter it in the scope of their work.”

This is not a paper which provides legal advice; but as an ISP, IT Provider, or MSP you have a role to play in making the Internet a safer place for everyone and helping law enforcement bring criminals to justice.

Ian Trump is security lead for LOGICnow. Follow him on Twitter at @phat_hobbit.