Cyber Unit Pivotal in Solving Crime Online and Off In the first of a four-part series on online security risks, Liane Hansen visits a cyber forensics unit where investigators comb through evidence online to bring criminals to justice.
NPR logo

Cyber Unit Pivotal in Solving Crime Online and Off

  • Download
  • <iframe src="https://www.npr.org/player/embed/17850966/17880687" width="100%" height="290" frameborder="0" scrolling="no" title="NPR embedded audio player">
  • Transcript
Cyber Unit Pivotal in Solving Crime Online and Off

Cyber Unit Pivotal in Solving Crime Online and Off

  • Download
  • <iframe src="https://www.npr.org/player/embed/17850966/17880687" width="100%" height="290" frameborder="0" scrolling="no" title="NPR embedded audio player">
  • Transcript

LIANE HANSEN, host:

From NPR News, this is WEEKEND EDITION. I'm Liane Hansen.

I'm sitting in the NPR parking garage, lobby level. It's appropriate that we're here because we're beginning a series on cyber crime. A little like "Dragnet" or "NCIS" or "CSI." And we're about to go to a cyber forensic lab in Richmond, Virginia. The sun is not up yet.

(Soundbite of song "Who Are You?")

THE WHO (Band): (Singing) Who are you? Who, who, who, who?

HANSEN: Cyber criminals. The internet is full of them - pornographers, gang members, good fellows, intelligence agents, scam artists, you name it. They're based in Eastern Europe, Russia, Canada and here in the United States. In fact, they have no boundaries. Cyber security expert Jim Lewis says they even have their own social networks.

Mr. JIM LEWIS (Senior Fellow, Center for Strategic and International Studies): You have to know somebody to get in. You have to be kind of cleared. But there's networks, communities, virtual communities of cyber criminals who cooperate. They exchange ideas. They sell each other credit card numbers. They have contests to see who can be the first to hack a system.

Some of the communities even have rating systems, like eBay, so you can say this cyber criminal who's offering you this hacking tool has sold 10 times in the past and he's have - all his customers are satisfied. It's very professional. It's very specialized. This is a very different world than the world we were in even five years ago.

HANSEN: Jim Lewis works with the Center for Strategic and International Studies. In the 1990s, he was a cyber security expert at both the State and Commerce departments. Lewis says, although cyber crime has been around for awhile, people are just beginning to recognize it as a real problem, mainly because of the rising economic costs to businesses. But regular folks also face increased risks.

Mr. LEWIS: Hundreds of millions of people are connected to the Internet. And the Internet is this global network. It spans borders. It's mainly anonymous. It's an ideal breeding ground for crime. And there's a lot of value on the Internet, valuable information, monetary information, bank information. It's become very attractive to criminals. So you may not see cyber crime until you get that noticed that your personal information has been lost or until you see that your bank account has been emptied out.

HANSEN: This month, we're going to report on cyber crimes and how law enforcement, both federal and local, deals with them.

Our series begins in the parking lot of a two-story brick office building in Midlothian, Virginia just off Route 60.

(Soundbite of car running)

HANSEN: It's the headquarters of the Virginia State Police. Inside this building is a group of cyber forensic investigators. Here, they examine the digital fingerprints of such high-profile cases, as the Virginia Tech shooter.

(Soundbite of footsteps)

HANSEN: Do you have special handshake or anything?

(Soundbite of laughter)

HANSEN: Corinne Geller, with the Virginia State Police, guided our tour of the well-protected cyber forensics lab.

Ms. CORINNE GELLER (Spokeswoman, Virginia State Police): The reason it has to be kept secured is because evidence it's actually stored in here and they have to mark everybody who has access to a room for a kind of a chain of command.

(Soundbite of knocking)

HANSEN: We're not going to contaminate the evidence, are we?

Ms. GELLER: No, we won't. No, it's in another locked room.

Unidentified Man: Hi.

Ms. GELLER: Good morning.

Unidentified Man: Good morning.

HANSEN: Hi.

Ms. GELLER: As you see me walk in, these are all the examiners' offices. This is where the forensics takes place. So if anyone was to walk in, they would have evidence up on their screens.

HANSEN: First Sergeant Robert Keeton is in charge of this lab.

First Sergeant ROBERT KEETON (Director, Virginia Digital Forensics Laboratory): About 50 percent of the work that we do here is directly involved with child predators and child pornographers. The other 50 percent is a mixture of homicides, embezzlement cases, quite a few of those money-laundering cases, even dogfighting. We worked a little bit on the Michael Vick case, of course the Virginia Tech case with Cho. As you saw in the news, it had a large clip of his statement that he made, and of course that was found digitally. That was all recorded digitally and found digitally. And we discovered all that here at our lab.

HANSEN: So you work on the Virginia Tech shooting and that was Seung-Hui Cho?

First Sgt. KEETON: Yes. The Virginia Tech case was a little more predominant, of course, national news, but many cases are regional or local. There was a Catholic priest here in the Richmond area who was embezzling moneys from two churches that he pastored. We were able to find where he was sending money overseas and doing some other things that would not have been known otherwise without the computer data.

HANSEN: The actual laboratory looks like a large, long supply closet - a coffee machine sits at one end, the insides of personal computers and laptops wrapped in white evidence tape dock the counter that runs against one wall. Electronic equipment lines the other. The width of the room only fits two adults, shoulder to shoulder. Here, six examiners work full time - often with the FBI - on cases that require digital forensic examination, and the load is heavy - about a hundred cases a year. Last month, officials announced plans for a much-needed new facility with room for at least a dozen more examiners as well as space for classrooms and training.

Virginia is not alone in its need for more resources. Across the country, experts say, there are far more cases than investigators.

(Soundbite of compressed air)

HANSEN: At one work space on the counter of the cyber lab in Richmond, forensics examiner Richard Seweryniak uses compressed air to remove dust and debris from inside the computers.

So I guess you always wanted to be a clean forensic expert since you don't have to deal with some of the things that medical forensic experts have to do?

Mr. RICHARD SEWERYNIAK (Forensic Examiner, Virginia State Police): That's correct. We do have latex gloves up here on the shelf. We do have an eyewash station. We do have all different types of things. But typically, the hard drives and computers will not have biological evidence on those that we have to worry about such as fingerprints or blood or other bodily fluids.

HANSEN: Seweryniak's cases range from homicides to fraud to child pornography.

Mr. SEWERYNIAK: One of the cases over here deals with a laptop, and there's also a desktop. And that is the case involving a suspected taping of minors, videotaping of minors. I have - the evidence room that's where - after I acquired the data in a forensically sound environment, and we document every little thing that we do to it and we use evidence tape to help secure the evidence, make sure that no one else has messed with the evidence.

HANSEN: What's a forensically sound environment?

Mr. SEWERYNIAK: Forensically sound environment preserves the evidence. One of the key things is that we have to ensure that there are no modifications to the media. Just by simply booting a computer, you are literally changing hundreds of files in a Microsoft-operating environment. So one of things that I like to describe is when you ship something in a container, you receive that item in a container and everyone can see what's inside that container. But we take a look at all those little packing peanuts. And by examining each of those, all those little ones and zeros, we can tell what was shipped in that container before, so we were able to retrieve deleted files. And in some cases, like the Rodney Rodis caseā€¦

HANSEN: What is that, the Rodney Rodis case?

Mr. SEWERYNIAK: That was a Filipino priest that was suspected of embezzlement. After receiving our report from this lab, he changes plea from not guilty to guilty. And I personally worked that case in which I was able to retrieve up to five years of deleted documents and over three years of deleted e-mails.

HANSEN: The field of cyber forensics has a very steep learning curve. Seweryniak has to keep up with a constantly changing technology. He points to dozens of books piled on the shelves above the counter, books on old computers, as well as the latest in software and operating systems.

Seweryniak's case on child pornography is a reminder that the problem is not just local, it's global. Pornographers can access photos of young children from anywhere. And pornography laws in other countries differ from those in the United States, which makes this cyber crime harder to prosecute.

Again, Jim Lewis of the Center for Strategic and International Studies.

Mr. LEWIS: Focusing on one country isn't really that useful. Location is irrelevant when it comes to cyber crime or cyber security. There are so many avenues for criminals or spies to take. This is a different kind of security problem, and we want to get out of thinking in geographic terms.

HANSEN: Security expert Jim Lewis.

To hear him talk about the threat of botnet or robot network when a hacker takes over your computer, go to our Web site npr.org.

Next Sunday, our cyber crime series continues with the discussion of cyber law. Do laws exist to protect citizens against cyber crimes, who enforces those laws, and who governs the Internet? We'll post those questions next week.

Copyright © 2008 NPR. All rights reserved. Visit our website terms of use and permissions pages at www.npr.org for further information.

NPR transcripts are created on a rush deadline by Verb8tm, Inc., an NPR contractor, and produced using a proprietary transcription process developed with NPR. This text may not be in its final form and may be updated or revised in the future. Accuracy and availability may vary. The authoritative record of NPR’s programming is the audio record.