What is a high tech crime?

September 21, 2011
Cliff Stoll, Definition, High Technology Crime, HTCIA

I just returned from the International High Technology Crime Investigation Association (HTCIA) Conference and Expo in Indian Wells, CA.  The conference was kicked off by our Key Note Speaker, Dr. Cliff Stoll, Astronomer and Author of the, “Cuckoo’s Egg.”  Cliff was his normal inspiring self and was able to bring into focus many of the issues facing those charged with investigating high tech crimes.  The fact that many of those issues were also present twenty five years ago, demonstrates that we still have much to learn.  Cliff has been a longtime supporter of the HTCIA and understands the challenges faced by investigators who have to investigate crimes involving new technologies.

While at the conference and in the months preceding the conference, our Marketing Representative Christa Miller and others asked for a definition of High Tech Crime.  Their reason for asking was to help focus marketing efforts for the conference and the organization.  After being involved in High Tech Crime investigations for more than twenty years, I hadn’t really considered the actual definition in many years.  After researching my library and the internet, I found the old definition used in 1997 to help justify the creation of California’s High Tech Crime Task Forces.  Here is that definition:

Definition. High-tech crime, as defined in this paper, means both crime against high-tech targets (for example, theft of computer components or high-tech intellectual property) and crime using high-tech means (for example, computer hacking to facilitate telecommunications theft). High-tech crime often involves violence, and high-tech criminals are often also involved in low-tech crimes, such as drug trafficking.

- California High-Tech Task Force Committee, Combating High-Tech Crime in California: The Task Force Approach, June 1997 by Ohlhausen Research, Inc.

This is the definition used by the five California Task Forces and much of the HTCIA to determine whether a particular crime fit into the category of “High Tech Crime.”

In July 2011, the HTCIA’s Strategic Planning Committee realized that the High Tech Crime definition still covered much of what their members did on a daily basis, but didn’t cover everything.  In 1997, digital forensics was called evidence recovery.  “Denial of Service” attacks were starting to become common and identity theft didn’t exist as a separate crime.  The world had changed, since 1997 and the HTCIA is changing to remain current.

Defining what a High Tech Crime is today is easy – defining what it will be in the future is something else.  In the late 1990’s, remarked and overclocked Intel processors were a major problem along with the theft of high tech components and counterfeiting of software.  Though they still occur today, technological improvements in manufacturing, distribution and awareness have reduced the problem for these areas.  Other areas continue to challenge law enforcement and industry investigators.

What will be considered a High Tech Crime be in the future?  In a recent editorial in Science News (SN: 9/10/11), the editor, Tom Siegfried, discusses the potential misuse of new technologies, “…, science’s advances in technological skill always bring with them the potential for misuse…”  When I read this editorial, it reminded me of conversations I had with Cliff Stoll and many others about how to stay current on new technologies.  The challenges for the HTCIA, law enforcement and industry investigators are being prepared for the abuses of new technologies and understanding enough about the new technologies to properly investigate the new type of crime.

Though some may disagree, a High Tech Crime investigator has to be a generalist.  That’s not to say that the investigator can’t have a specialty or an advanced degree in a particular science, but ongoing studies in multiple disciplines is a requirement.  These studies include reading Science and Engineering journals, research, further education and training conferences, especially in areas where the investigator has little knowledge.  By the statements above, you may wonder if I am saying that an investigator has to also be a researcher.  The answer is, “Yes.”  A successful investigator is almost always a researcher and a successful researcher is also an investigator.

The challenge for a High Tech Crime Investigator is how to stay current with new technologies which could be abused by a high tech criminal while trying to contend with employment, family and other social issues.  Though this may seem a huge task, it is a necessary one.  One way of addressing this challenge is the formation of investigative teams within a corporation or law enforcement agency.  The teams can be formal or ad hoc in nature, but would hopefully combine individual expertise in a particular area with other experts from different fields.  Coordinating a group such as this can also be a challenge, but I’ll leave that for another post.

In closing, I want to present HTCIA’s updated definition of a High Tech Crime.  It will most likely be rephrased or updated, but the important part is that the definition is a moving window which changes as new technologies are developed and allows for new opportunities for members of the HTCIA.

“High Technology Crime is any contemporary crime committed through the use of technology or against a technology.”

Types of investigators involved in High Technology crime Investigation may include the fields of:

  • Bio Technology
  • Pharmaceuticals
  • Law enforcement
  • Military, Cyber Warfare and Defense
  • Scientists, Engineers and Researchers
  • Incident response, Data Breach and Disaster Recovery
  • Intrusion detection and response or IT Security
  • Digital forensics or Forensic data recovery and eDiscovery
  • Intellectual property theft (Trade Secrets, Patents, Trade Marks and Copyrights)
  • Identity Theft
  • Industrial Control Systems
  • Transportation
  • Food Production and Distribution
  • Spam Prevention
  • Fraud
  • Drug or Human Trafficking
  • Bio, Chemical or Cyber Terrorism or Other Terrorist Threat or Event
  • Harassment or Stalking
  • Cell Phone or Mobile Device investigations
  • Malware investigations (Viruses, Trojans, etc.)
  • Nano-technology

Tom Quilty