This chapter introduces the reader to considerations when working covertly or undercover on the Internet. These considerations include the basic outlines for the policy, management concerns, and ethical issues. Special areas of attention, such as entrapment, identity take over, and appropriating versus assuming online identifies, Terms of Service agreements, are also discussed. Additionally, the major steps are covered to consider when developing an online undercover personas for use in investigations. The unique challenges faced with developing an undercover social media profile are also analyzed. Additionally, the importance of preventive steps and countermeasures is also noted. Finally, suggestions for avoiding problems or concerns that may arise during an online undercover operation are presented.
Undercover; policy; persona; ethics; entrapment; Internet Crimes Against Children (ICAC) Task Forces; identity take over; assuming versus appropriating online identity; Terms of Service; Bitcoins; virtual currency; digital currency; countermeasures
Some of the bravest and the best men of all the world, certainly in law enforcement, have made their contributions while they were undercover.
Thomas Foran, Former United States Attorney
Covert operations on the Internet and online undercover work are becoming an increasingly important task for the Internet investigator. Being undercover on the Internet is significantly different than doing the same activity in the real world. Think about it for a moment. Is there any way in the “real world” a 40-year-old male cop could successful impersonate a 13-year-old female to catch a sex offender? Only with the advent of the Internet are such investigations possible. Although the contact may not be in person, the skills are very similar. This chapter will help to outline the process to establish a properly configured undercover persona and use that identity during your Internet investigations.
Working covertly on the Internet is not a function of simply making a Hotmail account and sitting in a chatroom. Unfortunately online undercover investigative training, even for law enforcement, is not always provided. Tetzlaff-Bemiller (2011) noted that law enforcement personnel training for targeting sexual predators is not consistent across all units or agencies. To maximize effectiveness and to insure cases are not lost due to the use of improper techniques, there needs to be consistency in the content and frequency of undercover Internet investigation training.
Additionally, investigators and their employers have to develop effective policy, skills, and operation planning techniques to conduct covert and online undercover operations. So what is the purpose of working covertly on the Internet? Covert operations, like all investigative activities, are either proactive or reactive. They include:
• General intelligence gathering, including establishing information sources, identifying locations and web presence of questionable activities, and mapping online and social relationships/networks.
• Seeking out and identifying illegal behavior and establishing a crime has occurred.
• Establishing motives for crimes.
• Identifying relationships between targets, victims, and other subjects.
• Establishing whether the illegal activity constitutes a criminal enterprise and identifying the structure of that enterprise, including its leadership and assets.
• Providing location information of the targets, relationships, and victims.
The traditional purpose of undercover activities is to gain the trust of an individual while acting as someone else to learn something useful to your investigation. Working undercover on the Internet has the same purpose. Only the location has changed. The Internet has numerous areas that can provide the undercover investigator with opportunities to find additional information related to their investigation. We have previously discussed these locations, each of which has its own protocols with unique methods of identifying, collecting, and presenting usable information. Common among all of these is the development and planning process prior to going online. Additionally, Internet investigators going undercover have to prepare their identity as any other undercover operative. Besides the investigative planning steps noted in Chapter 4, Internet undercover operations also include:
1. Clearly identifying the purpose: This is singly the most important part of the process. Is the purpose to establish the elements of a crime that has already occurred or it to be proactive and to stop a crime before it has been completed? Maybe the purpose is general intelligence gathering or “open source investigations,” which were discussed in Chapter 4. Whatever the purpose, it must be specifically defined to keep the investigation focused.
2. Identify the means: What undercover persona (emails, profiles, etc.) needs to be developed? This will be dictated by the area which is the investigation’s focus. Is the investigation centered on chatroom activities or on IRC channels? Is it a P2P investigation? All of these locations require different means to go undercover. Additionally, it is also necessary to identify the needed offline communication methods, such as undercover cell phones and postal addresses, while maintaining the undercover personas.
3. Define time resources: What days and hours will you be online? This answer will likely be dictated by your undercover persona. You can’t pretend to be a minor if you are online when you are supposed to be in school or asleep. You also create difficulties if you are pretending to be located in one area, such as Europe, but are regularly online consistent with someone located in a Pacific Standard Time zone. How long will you be undercover in an online area before you conclude it is time to adjust your persona or location or altogether discontinue the activity?
4. Identify documentation requirements: How are you going to document your undercover activities? Up until this point we have talked about capturing websites and taking screenshots. However, documenting undercover activity online involves capturing not only the target’s activities but also your interactions with them. Also, don’t forget to consider any legal requirements that may exist for how you record your activities. For instance, recall in Chapter 4 we noted there are 12 states (CA, CN, FL, IL, MD, MA, MI, MO, NV, NH, PA, and WA) which require two-party consent to record a communication, unless some legal process is met. Deciding how you are going to meet that requirement is important if you have to record a telephone or Skype communication with your target. Additionally, undercover investigations in a gaming environment will likely require digital video capabilities to capture the interactions with targets. As such, a special area or room may be needed.
5. Plan for the unexpected: Undercover investigations occur in real time and you have to expect the unexpected. What if your target, a sex offender, wants to meet you as minor, in half an hour? How will you handle it? Will you be able to marshal the manpower needed in a moment’s notice or will you need to come up with a reasonable excuse why that can’t happen. Brainstorming “what-if” scenarios as well as training and experience will help you be prepared for the unexpected.
Working undercover online requires the investigator to act as someone else. The process of building an undercover background to use on the Internet can be from the simple to the complex. Simple can include merely creating a fake Gmail account. More complexity can be actually building a persona and supporting information about the identity. The investigation will always dictate the level of persona required. Each investigator should plan ahead for this purpose. This can be done by building a variety of personas. Some of these will be a general use tools such as throwaway email addresses. These can be used and dumped if the case is over or the account has been compromised during the course of its use. The building of a more complete persona can be simply preparing a personal background for the identity.
Undercover online operations are becoming more common, but management control still needs to be in place to ensure compliance with agency/company policy, local regulations, and the law. The first issue to resolve is does my agency/company have a policy regarding “Undercover Operations”? The reason for policy is to ensure not only compliance with company direction and the law, but to give the investigator the boundaries by which they can conduct undercover operations on the Internet. When considering the policy, the investigator should identify whether or not the investigation falls within the jurisdiction of the agency or company. The investigator needs to insure that their actions never exceed their authority. Even though the Internet is essentially an open book, there are some legal limits to your investigations. Additionally, the policy needs to ensure that the investigators actions do not violate federal, state, or local laws regulating undercover investigations.
Other policy considerations include how an agency or a company selects personnel for conducting undercover operations. Historically, undercover personnel in the real world have been selected based on their skills in dealing with people. A good “talker” or someone that can BS very well, outgoing, and aggressive was a good candidate for undercover work. On the Internet those same skills, along with a technology savvy background, are the kind of talents required to successfully investigate crimes online in an undercover capacity. The persons assigned to this kind of work should be volunteers and not personnel chosen because a slot needs to be filled. Persons selected for undercover work should not only possess the above skills but be interested in the work to safeguard the program’s integrity. Assigning disinterested personnel could have a detrimental effect on the program.
Some undercover assignments, even on the Internet, can be stressful and result in the possibility the investigator may develop mental health issues or concerns. Child abuse and pornography investigations are the most obvious. Wolak and Mitchell completed a 2009 study involving 511 agencies, whose employees work with Internet Crimes Against Children (ICAC) Task Force. Online survey responses were solicited from the participants. They found that about half of the survey participants were concerned about the psychological impacts of work exposure to child pornography. Thirty-five percent of ICAC Task Force participants had seen problems arising from work exposure to child pornography. The study also reported:
Survey participants noted that undercover investigations in which personnel pose as minors also create difficulties for some personnel because of their sexually explicit content. ‘Those that engage in undercover chat operations or those that work cases involving communication between adults and children are exposed to material that I believe can be just as harmful …’ (pg. 9–10)
Any stressful situation can cause mental health concerns if not monitored or identified by supervisors governing the investigations. The investigator needs to be aware of this as a problem and should pay attention to themselves and coworkers in an attempt to identify potential issues. From a policy concern, the agency or company should have guidelines for how to deal with investigators’ stressful situations from working undercover. This is particularly true for any law enforcement investigation dealing with the constant viewing of child pornography, not to mention the audio that unfortunately is present with many of the moving images. As noted above, frequently portraying a minor or deviant online to communicate with sex offenders, even without child pornography as a factor, can have a detrimental impact on an investigator’s mental well-being.
Some of the things the policy should address are there any preassignment screening conducted? One area noted by Wolak and Mitchell was the need for open communication with new staff about the nature of child exploitation investigations and what may be encountered by the investigator. They also noted an inquiry might be warranted to determine if the potential investigator might be particularly troubled by these investigations, for instance being a victim of abuse or currently having children themselves. Additionally, openly discussing potential negative effects on the investigator and what may be done to alleviate stress should be covered. Other policies to consider are regular screening and conducting post assignment screenings. Such proactive measures can aid in the identification and prevention of problems encountered by an employee during undercover Internet operations.
Jurisdictional considerations are another area that the investigator should be aware of and have references to in their policy. In the United States, some Internet crimes may share joint jurisdiction, with one legal entity having stricter penalties that might be more appropriate for the crime. Certain crimes lend themselves better to state and local jurisdictions versus federal prosecution. At other times a federal prosecution is a better course of action. Operational policy should provide guidance on the best possible options for the investigator’s case. The investigator also needs to be aware of their jurisdiction’s legal requirements for these cases. Some state statutes have elements that require there actually be a “real” victim and not just an undercover law enforcement investigator acting as one. As always the facts of the case should dictate involvement of different investigative and prosecutorial jurisdictions. The key for the investigator is to know and use all available legal resources.
Corporate investigators have their own concerns when it comes to jurisdiction, in particular when crossing international boundaries. For the investigator, these can cause significant issues they need to consider. Many countries have very different laws regarding, privacy, how Internet crimes can be prosecuted and how to deal with employee terminations based on internal investigations related to employee’s Internet actions. Clearly policy guidelines need to be vetted by the agencies or company’s legal authority.
Obviously the investigator conducting online investigations and those conducting undercover operations must follow a code of ethics that can define proper procedures. Investigators must follow all state, local guidelines and federal laws. But there are several other sources that the investigator should look to for guidance. The High Technology Crime Investigation Association (HTCIA) has a code of ethics and core values that if followed can give a proper foundation for conducting investigations, regardless of their type, i.e., criminal or civil. Additionally groups like the International Association of Investigative Specialists have membership code of ethics that drive the investigation of digital evidence. The High Tech Crime Consortium (HTCC) also has as its first goal… “To endorse high ethical standards and best practices in the investigation, acquisition and examination of digital evidence.” Additionally, HTCC is a partner in the Consortium for Digital Forensic Specialists, which is working to consolidate the digital forensic field around common standards and ethics.
Some areas that are not generally described in ethics statements are the not so obvious, such as offensive behaviors when conducting Internet investigations. We are not referring to offending someone, but the act of going on the offensive. The investigator again has to understand his role in the investigation and what he can and cannot legally do during the investigation. When do his actions cross the line from investigating a crime to potentially perpetrating one himself? This has been the age old problem with undercover operations and investigators’ interaction with the criminals. In fact, J. Edgar Hoover, the first director of the Federal Bureau of Investigations, resisted allowing his agents to work undercover against the Mafia, believing that although some criminals would be caught, some of his agents might be corrupted as well (New York Times, 1981).
Traditional investigators working undercover are always on guard to ensure that their actions don’t cross the line from observer to active participant, either as a follower or leader. On the Internet, there are other things that could ethically cross that similar line. An investigator in general, without proper legal authority, should never be sending virus, Trojan, or worms to a suspect or any other type of file that would disrupt, delay, or destroy another person’s computer system. This is not to say that at certain times and under the requisite legal authority that this cannot be done, but in general some of these actions are not acceptable. Additionally, investigators must never send actual child pornography images or other digital contraband to a target.
One real concern in online undercover cases in the United States is the issue of entrapment. In U.S. v. Poehlman, 217 F. 3d 692 (Court of Appeals, 9th Circuit 2000) an appellate court overturned Mark Poehlman’s conviction, which originated as an Internet sting investigation. Poehlman was a retired Navy man, who was also a cross-dresser and foot-fetishist. He had posted to “alternative lifestyle” discussion groups. His posts were initially rejected. Eventually, one woman, “Sharon,” responded to his posts and they began their online relationship. “Sharon” however was an undercover agent.
Sharon advised Poehlman that she had three female children aged 7, 10, and 12 and she needed a “special mentor” for them. After several emails, Poehlman finally understood she was looking for a sex teacher for her children, and he graphically responded how he would “instruct” them. Eventually, Poehlman traveled from Florida to California to meet Sharon and to have sex with her female children in a hotel. After meeting with “Sharon” he was shown some child pornography, which he examined and indicated he always looked at little girls. He was then directed to an adjunct room containing the “children.” Much to his surprise the room contained Naval Criminal Investigation Special Agents, FBI agents and Los Angeles County Sheriff’s Deputies and he was arrested.1
The Ninth Circuit indicated that examining an entrapment defense requires the following questions be asked: (1) Did government agents induce the defendant to commit the crime and (2) Was the defendant predisposed to commit the crime? If the answer to the first question was “yes” a conviction could still be upheld if the answer to the second question was also “yes”.
The Ninth Circuit found that Poehlman was interested in a relationship with “Sharon.” However, it was only after she made future communication dependent upon him agreeing to serve as sexual mentor to her children did he finally agreed to play the role she had in mind for him. The Ninth Circuit found it was clear that the government had induced Poehlman to commit the crime based upon the communication between Poehlman and “Sharon.”
The Ninth Circuit then focused on whether Poehlman was predisposed to commit the offense before he had any contact with government agents. Based upon all the communications and facts of the case, the Ninth Circuit concluded that the government had not met its burden to prove he was … “predisposed to demonstrate any preexisting propensity to engage in the criminal conduct at issue.” As a result the Ninth Circuit overturned Poehlman’s federal conviction.
The Poehlman case demonstrates that law enforcement must be very careful not to induce someone who has no previous propensity to commit a crime during their online activities. It is also important to note that the entrapment defense in the United States is only available to those who have not committed the crime before their interaction with law enforcement. Law enforcement using Internet techniques to investigate a crime that has already committed only have entrapment concerns about new crimes that may be committed after their interactions with the target. Even then their concerns are less as the target in these cases has already demonstrated a propensity for criminal behavior.
Undercover procedures require that the investigator follow the agency or company policy for undercover operations. Basic procedures by many law enforcement agencies may already exist and can be referred to for guidance when conducting online investigations. However, many companies and agencies have not developed separate policies regarding conducting online investigations, and even fewer have developed specific guidance for working undercover on the Internet. One of the primary reasons for the lack of guidance in conducting online undercover investigations is many organizations never contemplated conducting undercover actives prior to the Internet. This is particularly the case for corrections (pretrial services, probation, and parole) and corporate organizations, as their primary function is not law enforcement. They only now are contemplating undercover investigations as it seems so “easy” with the Internet. After all “online role playing” seems to be a regular occurrence, which can be done by anyone. Make no mistake. Online role playing is not the same as working undercover online. The stakes and consequences are much higher and accordingly working on these investigations should not be taken lightly. The following items are things that the investigator should consider when developing their procedures for conducting undercover Internet operations:
a. The level of undercover preparation would reflect the level of the investigation that the case requires. General intelligence gathering is different than conducting an investigation. Proactive investigations are also different than reactive investigations.
2. Prepare undercover profiles for a range of suspects, based upon the scope of your agency’s mission. Here is a nonexhaustive list of possibilities:
e. Intellectual property thief
a. Traditional methods of profile documentation are to use a form designed to prepare/document the persona. The form is then used by the investigator to refer to while undercover. Other options include automated tools like those in Vere software WebCase. WebCase has dedicated modules for streamlining the process for the investigators to record and provide access to the investigator's undercover identity.
4. Learn online terminology from targeted offenses as well as commonly used vernacular used by the intended profile.
5. Set up undercover accounts for each persona (as required):
Depending upon the online operation being conducted, the investigator has several things to consider when developing the appropriate Internet persona. Name, address, age, and date of birth would seem the simplest of the persona building process. However, determining a name for your undercover identity can be problematic. Is the name and age of your new identity similar to that of a living person? Is that living person geographically located in the investigator’s region? The investigator needs to think about this as in an issue when developing the persona so as not to allow for the possible confusion with the false identity and a real person. Why would this be of concern to the investigator? Well depending on the case being investigated, a real person with the same name could be identified by another law enforcement agency as a potential perpetrator of a crime. Or a suspect might identify that person as the investigator and possibly do them harm. The liability for the investigator is too high to ignore. This is not to say you can’t use the real identity of a person in an investigation. In fact during an identity “Take Over,” that is exactly what the investigator does. In such situations, a signed consent needs obtained waiving liability and giving permission to the investigator to operate that profile during the investigation. Such waivers should reflect how the profile is going to be used and for how long and that the person consenting to its use will not attempt to regain or circumvent control of the profile. Additionally, once consent is obtained the investigator should immediately change the password to the account to prevent the person from interfering with the investigation.
Other things to consider when building the persona are how deep of an identity do you need to create? For instance, general intelligence gathering personas only need to be further developed if they will be used to actively interact with targets. Especially with online undercover identities, designing personal family information can aid in your ability to quickly and effectively communicate and make your identity believable. Information on the identities of direct family members, friends, school, and/or work can be developed ahead of time allowing the investigator to better think on his feet and respond in online conversations. The depth of the persona can include email addresses and contacts, phone numbers, building undercover banking or credit card accounts, and online fund transfer methods, such as Paypal or Bitcoin (Figure 10.1).
Regardless of what persona is created, law enforcement investigators should run local and state checks to ensure your undercover identity does not match an actual person. The civilian investigator should do the same due diligence by checking with your corporate counsel about the use of undercover personas and researching the persona online to determine if there is any potential match in your locale. Whatever method is used to confirm information about the identity should be documented in the investigator’s case file. The identity can always be used in other investigations if it is not revealed and can be built on to improve its effectiveness as the investigator’s online persona.
Determining the need for an undercover identity is mainly dictated by the type of investigation being conducted. In general there are two types of roles, (1) proactive identities and (2) reactive identities. Common proactive identities could include:
Reactive investigations frequently involve assuming another’s identity, such as the victim or a sex offender’s profile to facilitate the investigation of other pedophiles. An investigator’s predesigned identity might also be used. For instance, if the victim was a minor female and the investigator’s predesigned identity of another minor female might be used to further investigate or target the offender.
When the investigator builds the online identity, he will look at obtaining various accounts and profiles from popular online sites. Adding several accounts can add in the depth of the identity and its believability. The investigator should be aware though that long periods of inactivity with the account could indicate to the investigation target that the account may be a phony. Another consideration is obtaining only the accounts required for that persona’s level of technology understanding. Having multiple email accounts and social networking sites might not fit the persona’s identity. However, having gamer tags and numerous accounts on Twitter and Facebook might fit the technology astute user and fit into the online community being investigated.
Other considerations when developing the undercover persona include the collection of false identity, undercover credit cards, untraceable cell phone, false business cards and letter head, and potentially a mailing address to use to accept packages and or traditional correspondence. Mailboxes require identification and can complicate the investigations. Law enforcement investigators can enlist the support of the Postal Service Investigators for this purpose. Internet Service accounts can be established with large companies using the same undercover identification. Simple use of Internet access at the local Starbucks or Barnes and Noble store can sometimes suit the investigation’s needs. However, remember that as you trace the targets they can also trace you. Ensure that your use of an Internet service fits your persona. If your persona is a 10-year old boy, accessing the Internet from Starbuck’s probably won’t fit.
Before you go live with your persona have it reviewed by several individuals in your agency or company to check for areas that are potential problems or inconsistencies. Recently, an undercover sting case targeting sex offender was lost due to an unscrutinized picture. In this case, a picture of a very young looking female police officer, posing as a minor, was sent to the target. Unfortunately, no one realized the young officer was wearing a wedding band, until the arrested target noted he believed it was all fantasy and the minor was an adult because he saw the band. Check and double check all facets of the developed persona to make sure there are no loose ends.
Once the persona is finalized it needs to be fully documented, such as in a notebook or binder, or in an automated tools such as WebCase, for easy reference (Figure 10.2). This is particularly important in case the person who commenced an undercover operation can no longer continue the activity. Additionally, this reference can be provided if others are required to take on certain facets of the operation. For instance, a male agent has developed a minor female persona and sometime during the operation a female is needed to speak to the target via a cell phone. This persona profile, as well as other records, such as chat logs, will help insure the female agent accurately portrays the persona during the call.
In cases involving an identity “Take Over,” investigators should interview the cooperating person, gathering and documenting all facets, that may be needed to accurate impersonate them online. In cases, where “appropriating the online identity” is necessary, the investigator should likewise research and document as much as possible about the real person to facilitate the impersonation. Again, this information should be in a ready format for quick review if the need arises.
The investigator should also pay attention to the numbers and types of personas he maintains. Keeping track of the different personas is a required task when working on multiple undercover cases. If the investigator does not track and manage the personas, he could potentially use conflicting information in an investigation. Additionally, are these personas used in cases that another agency might be investigating? The term “deconfliction” has come about as a method law enforcement uses to identify whether or not another investigator is undercover in someone else’s case. (The ICAC Task Forces regularly have investigators check for deconfliction.)
Diligence in protecting your online persona can mean the difference between failing to solve the crime investigated and a successful apprehension of a criminal. Steps can include being cautious of your mail drop when picking up items. Criminals often apply the same techniques law enforcement and civil investigators do. Surveillance works both ways. Pay attention to the location when checking or picking up items from a drop box location. Investigations on the Internet are about real people and real places. Eventually when these cases come to a conclusion, the investigator has to get off the Internet and into the real world to place handcuffs on someone. When connecting to your ISP, make sure you are in the correct geographical location for your operation. If you state that you are in Austin, you do not want your IP Address resolving back to Los Angeles.
When using the cell phones to contact the suspect, be aware of caller ID and call return capabilities. There are services like Google phone numbers that can be applied to assist in hiding the investigator’s identity, but they are employed by the targets too. The investigator should set up and use anonymous email accounts as much as possible. These can be throwaway accounts that can be used repeatedly or abandoned if they are compromised. Yahoo mail, Google mail, and Windows Microsoft Live are popular free email services. Using an email account from a business or a local or regional Internet service can play both ways. It can assist in identifying the persona and legitimizing it to the target or it may have the opposite chilling effect if not part of the persona.
In today’s environment, getting the tools to support the identity such as cell phones and credit cards is much simpler for the investigator than in the past. Just as hiding on the Internet has become much easier, so has concealing your financial transactions and communications. Obtaining a traditional “cold phone,” one that is not identifiable to the agency or company, is fairly simple today. Walk into any Walmart store or your favorite Radio Shack and simply buy a “Tracfone.” The purchase can be a cash-only transaction along with the purchase of the minutes for the phone. Criminals have figured this out and are now regularly using this as a means of communication. If it is compromised, they can just remove the battery (and SIM card if it has one) and toss the phone in a nearby trash can. Undercover credit cards can be purchased through “Green Dot” kiosks at local stores or through the use of Visa or Mastercard gift cards.
Selecting appropriate social media sites for undercover personas is critical in today’s operations on the Internet. There are a few more challenges though with social media than simply getting an email address for the persona. The investigator should review the sites’ TOS. Many sites actually prevent the use of their sites with false identities. In fact Facebook has specifically stated that they will make no exception for even law enforcement using undercover accounts on their service.
Facebook spokesman Simon Axten said that the site’s rules forbid people from using fake names and that Facebook would not make an exception for police officers working undercover. Facebook is based on a real name culture, so fake names and false identities are actually a violation of the terms of use.” Axten wrote in an email. “We disable the accounts of people operating under pseudonyms.”2 (Masis, 2009)
Some social media however understands that law enforcement’s presence online, even in an undercover capacity, can make the Internet environment safer. As such they have no issue with an undercover profile being created, as long as they are notified of its creation. However, depending upon the investigative focus, this prior notification may not be possible. Again, the investigation dictates and legal concerns will guide whether prior notification should be made.
Using social media accounts during online undercover investigations is almost a necessity these days. However, these are complicated tools to use effectively and make believable. The investigator has to consider how they will get and make “Friends” requests as a start. Building the social media piece of the persona without them makes them less believable. The investigator needs to request “Friends” who are not investigation subjects, are not law enforcement friends or connected directly or indirectly to law enforcement, or connected to the investigator’s real identity. This certainly complicates the building of the identity because the persona has no real friends or family to connect to. The whole purpose of social media is to connect to people you know. Other things to consider regarding setting up your social media undercover accounts is will your online interactions with other “Friends” or “Friend’s” page compromise your investigation? One way to make your social network persona more realistic is to consider networking with your colleagues personas profiles. In this manner you are “legitimatizing” each other’s profile to make is appear to be real. However, doing so could expose the identities of one or more of them if anyone of the identities is later revealed as a law enforcement investigator. At some point this will occur if the identity is used in a prosecution or litigation.
Social media services are constantly updating and changing their security, functions, and online services. Setting up a practice account on the social networking site you are considering using can be an effect way to identify issues with the service and its effective use prior to deploying your undercover identity on that service. Spending time observing how the social networking service operates can also prepare you for its effective use in your investigation.
Preparing the computer system for undercover operations needs have the same importance as any other undercover operation in the real world. The computer you use, the Internet service you select, and the browser you use, all tell a tale of who you are. First, the equipment should only be used for undercover operations. Accessing the Internet for an agency or a company owned system may reveal your real identity. Personal information and/or agency or company information should never be stored on the undercover computer. This prevents the possibility of an adversary identifying your true identity if they offensively work back to your computer. The computer should not be connected to any network system within the agency or company. The investigator should plan for and prepare for the possibility that the undercover system could be accessed by a target while you are connected to the Internet.
In the “real world,” undercover operations are a strong tool to identify targets in criminal investigations. They can also be effective tools in investigating Internet crimes. However, investigators need to be aware of their agency or company policy regarding conducting undercover online investigations. Besides investigative planning, undercover online investigations require: a clearly defined purpose, identification of the means for conducting the investigation, defining time resources, identifying documentation requirements, and planning for the unexpected. Building undercover personas is a somewhat complicated concept especially when dealing with social media investigations. There are also unique issues associated with an identity take over. Investigators also need to be familiar with the concepts required to conduct undercover operations on the Internet and the ethical considerations surrounding these operations.
1. Bitcoin Exchange Rate/Value Calculator. (n.d.). Bitcoinexchangerate.org. Retrieved from <http://www.bitcoinexchangerate.org/>.
2. Chick, L. (2012, May 2). Bomb plot reveals hidden dangers of the occupy movement. Breitbart.com. Retrieved from <www.breitbart.com/Big-Government/2012/05/02/bomb-plot-reveals-hidden-dangers-of-the-occupy-movement>.
3. Code of Ethics & Bylaws. (n.d.). High Technology Crime Investigation Association (HTCIA). Retrieved from <http://www.htcia.org/code-of-ethics-bylaws/>.
4. Consortium of Digital Forensic Specialists. (n.d.). Consortium of digital forensic specialists. Retrieved from <http://www.cdfs.org/objectives.php>.
5. Facebook Policies. (n.d.). Facebook. Retrieved from <https://www.facebook.com/policies/?ref=pf>.
6. Fleishman, G. (2000, December 14). Cartoon captures spirit of the Internet —New York Times. The New York Times—Breaking News, World News & Multimedia. Retrieved from <http://www.nytimes.com/2000/12/14/technology/cartoon-captures-spirit-of-the-internet.html>.
7. Foran, T. (n.d.). Famous quotes at BrainyQuote. Retrieved from <http://www.brainyquote.com/quotes/quotes/t/thomasfora191172.html>.
8. HTCC—Mission and Goals. (n.d.). High Tech Crime Consortium (HTCC). Retrieved from <http://www.hightechcrimecops.org/mission.html>.
9. ICAC Home. (n.d.). Internet Crimes Against Children Task Force. Retrieved from <https://www.icactaskforce.org/Pages/Home.aspx>.
10. Integrated Units. (n.d.). Royal Canadian Mounted Police. Retrieved from <http://bc.rcmp-grc.gc.ca/ViewPage.action?siteNodeId=342&languageId=1&contentId=1570>.
11. Investigations involving the Internet and computer networks. (2007). US Dept. of Justice, Office of Justice Programs, National Institute of Justice.
12. Lemos, R. (2008, May 16). Legal experts wary of MySpace hacking charges. SecurityFocus. Retrieved from <http://www.securityfocus.com/news/11519>.
13. Masis, J. (2009, January 11). Police increasingly use social networking websites in detective work—The Boston Globe. Boston.com—Boston, MA News, Breaking News, Sports, Video. Retrieved from <http://www.boston.com/news/local/articles/2009/01/11/is_this_lawman_your_facebook_friend/?page=full>.
14. Mitchella K, Finkelhorb D, Jonesa L, Wolaka J. Growth and change in undercover online child exploitation investigations, 2000–2006. Policing and Society: An International Journal of Research and Policy. 2010;20(4):416–431.
15. New Membership: Code of Ethics. (n.d.). The International Association of Computer Investigative Specialists (IACIS). Retrieved from <https://www.iacis.com/new_membership/code_of_ethics/>.
16. Police Investigate Habbo Hotel Virtual Furniture Theft. (2010, June 1). BBC—Homepage. Retrieved from <http://www.bbc.co.uk/news/10207486/>.
17. Regli B, Mitkus M, D’Ovidio R. Our digital playgrounds: Virtual worlds and online games: Criminal threats are emerging in online communities where adults and children play Camden, NJ: Drakontas LLC; 2012.
18. Sanders, T. (2013, June 12). The Wild Wild West of Digital Currency. Informationintersection.com. Retrieved from <www.informationintersection.com/2013/06/the-wild-wild-west-of-digital-currency/>.
19. Santora, M., Rashbaum, W., & Perlroth, N. (2013, May 29). Liberty Reserve operators accused of money laundering—NYTimes.com. The New York Times—Breaking News, World News & Multimedia. Retrieved from <http://www.nytimes.com/2013/05/29/nyregion/liberty-reserve-operators-accused-of-money-laundering.html?pagewanted=all&_r=0>.
20. Tetzlaff-Bemiller M. Undercover online: An extension of traditional policing in the United States. International Journal of Cyber Criminology. 2011;5(2):813–824.
21. The Department of Justice’s Principles for Conducting Online Undercover Operations. (n.d.). Public intelligence. Retrieved from <http://publicintelligence.net/the-department-of-justices-principles-for-conducting-online-undercover-operations/>.
22. TinEye Reverse Image Search. (n.d.). Retrieved from <www.tineye.com/>.
23. USDOJ: Project Safe Childhood. (n.d.). United States Department of Justice. Retrieved from <http://www.justice.gov/psc/>.
24. Undercover With the New F.B.I.—NYTimes.com. (1981, November 29). The New York Times—Breaking News, World News & Multimedia. Retrieved from <http://www.nytimes.com/1981/11/29/opinion/undercover-with-the-new-fbi.html>.
25. Undercover Policing: Interim Report: Thirteenth Report of Session 2012–13: Report, Together with Formal Minutes, Oral and Written Evidence. (2013). London: Stationery Office.
26. U.S. v. Poehlman, 217 F. 3d 692 (Court of Appeals, 9th Circuit 2000).
27. User Agreement (n.d.). LinkedIn. World’s Largest Professional Network. Retrieved from <http://www.linkedin.com/legal/user-agreement>.
28. Voris, B.V. (2011, October 22). Facebook Claimant’s lawyer must pay award in child porn lawsuit—Bloomberg. Bloomberg—Business, Financial & Economic News, Stock Quotes. Retrieved from <http://www.bloomberg.com/news/2011-10-21/facebook-claimant-s-lawyer-hit-with-morphed-child-porn-images-judgment.html>.
29. Wolak, J., & Mitchell, K. (2009). Work exposure to child pornography in ICAC task forces and affiliates. Durham: Crimes against Children Research Center. Retrieved from <http://www.unh.edu/ccrc/pdf/Law%20Enforcement%20Work%20Exposure%20to%20CP.pdf>.
1He was also convicted in California state court for attempted lewd acts with a minor. He completed his 1-year prison sentence and was charged federally 2 years after his release from state custody.
2Facebook also has a policy against allowing sex offenders to use their site. Seems kind of ironic that with this stated policy they are making it harder for law enforcement to catch repeat sex offenders who are illegally using their site to look for children to victimize.
52.14.151.45