Conducting Reactive and Proactive Internet Investigations
This chapter introduces the reader to the concepts of conducting proactive and reactive investigations. The chapter covers the importance of conducting thorough information and evidence collection early in the reporting process, a significant factor in successful reactive investigations. The concept of community policing via the Internet and online resources is also discussed. We also mentioned the growth of social media monitoring and its use as a policing tool. Additionally, the operational planning concepts related to Internet-based undercover investigations are covered. These discussions will help guide the reader, particularly those in management roles, to understand the various types of reactive and proactive Internet investigations.
Keywords
Reactive investigation; proactive investigation; social media intelligence; Socmint; social media monitoring; SMILE; undercover investigations; community policing in cyberspace DTTA; HTCIA; fusion centers; operations planning; Operation Fairplay
For the first time federal, state and local bureaus of investigation are coordinating their effort, to serve as eyes and ears and protect us against further attacks.
George Pataki, American Politician and former New York Governor
Reactive versus proactive investigations
According to a recent United Nations survey, over 90% of responding countries indicated that cybercrime most frequently comes to law enforcement’s attention through reports by individual or corporate victims. Generally, when the police respond to a crime that has already occurred we call that reactive. The vast majority of investigations are reactive in nature. The same United Nations report reflects that the proportion of cybercrime acts detected through proactive investigations was low, although some countries are focusing on undercover or proactive operations. Proactive investigations occur before and during the commission of the offense. In Chapter 10, we discussed covert online investigations, which can start as either reactive or proactive investigations. However, they are not the only or even the primary component to conducting Internet investigations or providing an online enforcement presence. There are other reactive and proactive investigative activities, which also need to be woven into agency or company’s online enforcement presence. This chapter will discuss these other components and their importance in addressing Internet crimes.
Reactive investigations
In noncyber offenses, a victim realizes a crime has occurred and notifies the police. A patrol officer is assigned to take the report, which may include being dispatched to the crime scene or the victim’s location. Generally the officer conducts some initial data collection, possibly some follow-up and completes a report. He makes the first assessment of victim/witness information, specifically its validity and reliability. He may also collect available physical evidence at the scene for later review. He may also collect victim and witness statements about the crime and possibly review and collect general police intelligence about the suspect (conduct an FBI/NCIC check and a local wants and warrants check).
Frequently, in a reactive investigation, after the patrolman completes the report, it is submitted through the record’s section to the detective unit. The report is reviewed by a supervisor and if warranted assigned to a detective to review and follow-up. The detective’s fundamental task is to establish who did what to whom, when, where, how, and why. Brown (2001) notes reactive investigations typically fall into the following three categories:
1. A Walk Through (solved at scene—by the patrolman).
2. A “Who done it?” (don’t know who the suspect is and requires follow-up).
3. Where are they? (the suspect is known but they need to be found).
Now let’s take a look at the typical reactive Internet investigations conducted by law enforcement. Just like a traditional crime, a report should be taken by a patrol officer and a detective is assigned to follow-up. Unfortunately, this might not always occur as there is still a misconception by some local law enforcement that the Internet is simply not their jurisdiction. Bill Siebert, a computer forensics legend, liked to retell the story of a conversation he had with a police administrator at the annual International Association of Chief of Police (IACP) conference. Bill indicated that this administrator insisted the Internet was not his jurisdiction. Bill asked him if the victims or possibly the suspect were in his town and if so how could the crime not have occurred in his community? The chief perplexed still could not accept that something occurring on the Internet was in any way connected to his community.
The result of this kind of jurisdictional blind spot is the victim may be redirected to some other agency. If the victim does not get discouraged and takes the effort to go to the second agency, they may likely become disheartened if the larger agency does not follow up as the crime may not meet their investigative threshold. Eventually, victims begin to believe that reporting an Internet crime is useless as either the local police can’t investigate as it is “not their jurisdiction” and larger regional or federal law enforcement will not investigate as it doesn’t meet their guidelines. Victims may also start to conclude that the cybercrime investigations are beyond the capabilities of their local police department.
In situations where the local police do take a report, in many cases little is done to further the initial investigation because patrolman or report takers lack the basic knowledge and training regarding Internet crimes. This prevents the initial traditionally done follow-up, and in most cases no basic evidence collection occurs. After the report is taken, it might not always go to the pertinent crime unit for that offense type. If it is a theft, vice, and/or fraud-related Internet crime, those reports might not go to the corresponding unit investigating those offenses, such as the Burglar, Vice, or Fraud Unit. Oftentimes these cybercrime reports go to the agency’s High Tech Crime Unit, get referred to federal task forces such as the United States Secret Services Electronic Crime Task Forces or the FBI’s Regional Computer Forensic Laboratory. Some unfortunately just plain get ignored.
“There are no procedures which can embody truth and fairness (or justice) without sacrificing one to the other, and both to cost” (Nobles & Schiff, 1997). This applies to Internet investigations as well. The problem law enforcement faces with reactive Internet investigations is the general lack of training in on-site digital collection methods and pertinent initial questions to ask victims or witnesses. Although a report and a statement may be taken, the first responder may not have the training to understand the appropriate questions to ask the victim. This delay in getting initial details can leave perishable online evidence uncollected and a frustrated victim. Ironically, in many cases only a little training and effort is needed to properly collect on-site physical or digital evidence and interview victims/witness (Figure 11.1).
The importance of proper initial interviewing and evidence collection in Internet crime investigations cannot be overstated. In 1975 the US Department of Justice commissioned the Rand Corporation to conduct a study on US criminal investigative practices. This study found the most important factor in solving a crime was the initial information collected by the patrolman responding to the crime. Of particular note was that if a suspect was not identified in the initial patrolman’s investigation the likelihood of future identification diminished greatly. The Rand Corporation Study recommended that patrolman:
• conduct witness and victims interviews,
• collect physical evidence and prepare investigative report,
• decide if the case should be continued for investigation or suspended.
These factors are no less important for Internet crimes, particularly in view of how evidence can be altered or destroyed. It is therefore imperative that all first responders have a firm grasp of initial questions that are important in investigating Internet crime. We have provided such questions in Chapter 5 of this book. Additionally, first responders should be familiar with specific cybercrime statutes in their jurisdiction. They should also be familiar with how “traditional” statutes can be brought to bear on the Internet crimes. For instance, a theft by deception statute may be used to prosecute an Internet fraud.
First responders should also be able to identify evidence source containers, such as computers, laptops, cell phones, mobile devices, and gaming systems. Once identification has been made, there are several decisions that have to be made. Is there violable data (evidence) present which must be collected before a device is turned off or can the device be “bagged and tagged” and examined by someone else? We have provided details on numerous tools that can be used for collecting live data in Chapter 6. However, each agency or company must provide clear policy directing trained first responders to collect such evidence or pointing them to those who can collect digital evidence in a timely manner.
Proactive investigations
Proactive Internet investigations involved actively seeking information and persons on the Internet who may be committing crimes. There are a variety of proactive investigation types. These include your typical undercover investigations looking for child pornographers or traditional vice violations. The investigator can look into various peer-to-peer networks for the sharing of contraband or the illegal trade in music or videos. Proactive investigations on the Internet can also include traditional “Sting” operations. Intelligence collection of information can also fall under the proactive category which can include gang, terrorist, and traditional intelligence investigations.
Frequently, when individuals think of proactive criminal investigations they are thinking of undercover investigations. But, we would argue that being proactive is not limited to just these undercover investigations. With presence of social media, law enforcement and private sector need to take a broader approach, getting the community at large involved. In law enforcement, this is known as community policing. The Bureau of Justice Assistance, US Department of Justice (1995) noted:
Community policing is, in essence, a collaboration between the police and the community that identifies and solves community problems. With the police no longer the sole guardians of law and order, all members of the community become active allies in the effort to enhance the safety and quality of neighborhoods. Community policing has far-reaching implications. The expanded outlook on crime control and prevention, the new emphasis on making community members active participants in the process of problem solving, and the patrol officers’ pivotal role in community policing require profound changes within the police organization. The neighborhood patrol officer, backed by the police organization, helps community members mobilize support and resources to solve problems and enhance their quality of life. Community members voice their concerns, contribute advice, and take action to address these concerns. Creating a constructive partnership will require the energy, creativity, understanding, and patience of all involved.
(BJS, 1994, p. vii)
Community policing in cyberspace
In 1996, the Chicago Tribune reported that a Chicago Police Department Sergeant was a “trailblazer” for having created a police department webpage (Searcey, 1996). In 2013, there are countless city, state, and local government communicating online. In less than 20 years, the concepts of community policing has changed to require the inclusion of the Internet as part of an agency’s interaction with its citizens. This change is no doubt due to the general population’s migration from somewhat static websites to an interactive Internet populated by social media sites. Citizens can now interact online with law enforcement much easier than they could when a static website was considered the “avant-garde” of modern cyberpolicing.
In 2012, LexisNexis Risk Solutions, in partnership with PoliceOne, conducted an online survey of 1,221 law enforcement officers. The findings revealed four out of five officers were using social media platforms, such as Facebook, YouTube, and Twitter to help solve crimes. Fifty percent of the survey participants used social media on at least a weekly basis and two-thirds believed that social media was helping to solve crimes more quickly. Law enforcement’s use of these sites were not just limited to investigative techniques discussed thus far but also included proactive activities, such as anticipating crimes that may be occurring and understanding criminal networks. Wyllie (2012) noted that one survey participant cited the detection of an online threat, leading to the discovery of a “Columbine”-type scenario, anecdotal evidence that a police presence on social media can prevent serious crime. Samantha Gwinn, Government Solutions Consultant for LexiNexis Risk Solutions, noted: “Investigation and analysis of social media content provides a huge opportunity in terms of crime prevention and offender apprehension” (Wyllie, 2012).
Community policy according to COPS Office of the US Department of Justice is “… a philosophy that promotes organizational strategies which support the systematic use of partnerships and problem-solving techniques, to proactively address the immediate conditions that give rise to public safety issues such as crime, social disorder, and fear of crime.” Most of what we have discussed so far is creating those organizational strategies that can make use of online technology to enhance an agency’s ability to communicate and collaborate with its citizens. Cyberspace, or the Internet in general, is an effective tool for any agency or company to employ as a communication protocol in multiple venues. We have spent most of this text discussing the use of the Internet for investigative purposes as that is our book’s purpose. However, from a general communications position, the Internet provides an unparalleled method for accessing the public. Investigators can use the Internet for general access to the agency. A simple webpage can provide the public basic general information, such as contact details and hours of operation for an agency or company. Various social media tools, from Facebook to Twitter, can further enhance timely communication by providing information on upcoming events and wanted persons, and access directly to various departments. When engaging the problem-solving processes of community policing, the agency needs to consider how the Internet and the various communication tools fit into the process. Evaluating community problems must include how the Internet affects the issue. When developing the response and evaluating the success of the problem-solving process, the Internet and the various social media sites and other tools need to play a factor.
Social media policy considerations
In February 2013, the Bureau of Justice Assistance (BJA), Office of Justice Programs, US Department of Justice, in collaboration with the Global Advisory Committee of the US Attorney published, Developing a Policy on the Use of Social Media in Intelligence and Investigative Activities: Guidance and Recommendations. This document recognizes the proactive and reactive uses of social media by law enforcement in the United States. Accordingly, the guide concludes law enforcement’s use of social media should reflect an authorized purpose, limitations of using social media information, and the appropriate manner social media sites may be accessed, such as during normal working hours or via agency systems. The guide references the following three distinct investigative uses of social media, each of which is more intrusive and accordingly should necessitate a higher level of justification and authorization.
• Apparent/Overt use is where an officer accesses public areas of the Internet, such as “Googling” someone and searching social media sites (Facebook, YouTube, etc.). This activity may be targeted at a particular individual of interest or generally searching of a social media site, such as Twitter, to develop a situational awareness for the jurisdiction.
• Discrete use occurs where law enforcement takes steps to conceal its online investigative activities with use of undercover techniques noted in Chapter 9 of this book. Specific steps are also taken to conceal the investigator’s IP address from the subject or groups under investigation. Discrete use also includes searching and retaining information from public access sites.
• Covert use is considered the most intrusive investigative use of social media. It involves not only concealing the investigation but the creating of an undercover persona as outlined in Chapter 10 of this book. Additionally, unlike discrete use, this investigative type also involves interaction with the subject. Covert use may also involve lawful interceptions of communication through a court order or other legal process.
This guide also provides seven key elements for law enforcement considering developing a social media policy. Many of these elements have been restated in this book in the context of dealing with other areas of online investigation. However, they are worth restating in the context of using social media. They are as follows:
1. “Articulate that the use of social media resources will be consistent with applicable laws, regulations, and other agency policies.
2. Define if and when the use of social media sites or tools is authorized (as well as use of information on these sites pursuant to the agency’s legal authorities and mission requirements).
3. Articulate and define the authorization levels needed to use information from social media sites.
4. Specify that information obtained from social media resources will undergo evaluation to determine confidence levels (source reliability and content validity).
5. Specify the documentation, storage, and retention requirements related to information obtained from social media resources.
6. Identify the reasons and purpose, if any, for off-duty personnel to use social media information in connection with their law enforcement responsibilities, as well as how and when personal equipment may be utilized for an authorized law enforcement purpose.
7. Identify dissemination procedures for criminal intelligence and investigative products that contain information obtained from social media sites, including appropriate limitations on the dissemination of personally identifiable information (PII)” (BJA, 2013, p. 9).
Social media monitoring
“Social media monitoring is the active monitoring of social media channels for information about a company or organization” (Financial Times Lexicon, 2013). Dyer (2013) further notes “… over the last decade, social media monitoring has become a primary form of business intelligence, used to identify, predict, and respond to consumer behavior.” Additionally, some organizations, such as the Australian Securities Exchange, are requiring its member companies to actively monitor social media for disclosures of confidential information that may require an official announcement to inform investors (Robertson, 2013).
Law enforcement is also turning to social media monitoring as a proactive investigative tool. The United Kingdom’s Metropolitan Police Department (Met) has created a unit to monitor social media for intelligence gathering, referred to as social media intelligence or Socmint (Wright, 2013). Umut Ertogral, Head of the Met Opensource Intelligence Unit, noted “[Social media] almost acts like CCTV on the ground for us. Just like the private sector use it for marketing and branding, we’ve developed something to listen in and see what the public are thinking” (Wright, 2013). Social media monitoring is also occurring in the United States. In 2011, the New York Police Department formed Facebook and Twitter units in order to track down and monitor criminals and criminal behavior on social media sites (Parascandola, 2011). Both the FBI and the US Department of Homeland Security are also using social media for intelligence and investigative purposes (Rushe, 2012; Stone, 2012). Fusion Centers, DHS supported “… focal points within the state and local environment for the receipt, analysis, gathering, and sharing of threat-related information…” are also using social media monitoring tools (DHS, 2013).
At a basic level, monitoring can be conducted simply by having an account on social media and being connected with the community. More advanced techniques involve the use of social monitoring tools which capture data and monitor social media sites via webcrawlers and word search functions. Some law enforcement agencies are defining how social monitoring tools are to be used. For instance, the Georgia Bureau of Investigation social networking policy requires the following information be included in all requests to use these tools:
1. “A description of the social media monitoring tool;
2. Its purpose and intended use;
3. The social media websites the tool will access;
4. Whether the tool is accessing information in the public domain or information protected by privacy settings; and
5. Whether information will be retained by the GBI and if so, the applicable retention period for such information” (BJA, p. 33).
Social media monitoring is somewhat like computer forensics in that it is both an art and a science. The tools to be effective require search parameters and terms be properly defined. If the geographic area is too broad information will be collected that is not prurient to a jurisdiction. Likewise, if the search terms are too broad, the monitoring will produce data that contains false positives and too large a data stream to be useful in a timely manner. However, if the terms are too narrow important information might be missed.
Using a single social media profile or a social media management tool, which combines numerous profiles into one user interface, can also be problematic. Unlike tools that are just merely data gatherers, these methods allow the user to also interact with social media. This kind of community interaction requires the user have a clear understanding of the agency or company’s mission. The user in charge of such outlets must also not disclose sensitive information or provide contradictory statements in the quest to develop sources or get information. Equally troubling is security concerns. If a profile or social media management tool is compromised, the resulting communication can be very damaging for the agency or company. Recently, Burger King’s Twitter account was hacked, resulting in bogus statements that the company had been bought out by McDonald’s (Manker, 2013). The results of a law enforcement social media account being hacked could be disastrous for the community it serves.
Developing a social media presence for law enforcement is beyond the scope of this book. Readers interested in exploring this area are directed to Social Media the Internet and Law Enforcement (SMILE) Conference, http://smileconference.com/, which brings law enforcement together for training on this topic. Additionally, ConnectedCOPS, http://connectedcops.net/ is a website designed “… to enhance law officers’ ability to succeed with social media tools by providing insight, encouragement, education and the overall support required.”
Policy considerations for undercover operations
Internet undercover investigations focus usually on a single type of crime such as Internet Crimes Against Children (ICAC), Online pharmaceuticals, prostitution, and so on. These crimes allow the investigator to assume the role of a provider, seller, or consumer of illicit goods or services, and employ a sting or buy-bust strategy to detect and apprehend criminals.
Proactive undercover investigations should be governed by cost versus benefit analysis. Is the cost of the crime to the community higher than the expense of undercover resources (time, personal, equipment, etc.) needed to detect and investigate it before it is known and reported to police? Obviously, one of the reasons why ICAC undercover investigations are at the forefront of proactive investigations is, we as a society have concluded that the prevention of harm to even one child justifies the expenses associated with these operations. The other part of this analysis is, will the expense of the undercover resources produce beneficial results, such as the apprehension and prosecution of criminals and overall improvement to a community?
This cost versus benefit analysis is second nature to those in the corporate world. Instead of community protection, they are concerned with protecting company assets. Obviously, a company may initiate an undercover investigation to detect theft, both internal and external. But at a proactive level, can a company justify expending resources to detect small loses before they occur? Again, the question becomes, does the benefit (preemptively catching the perpetrators) offset the expenditure of resources to run an undercover operation? Common with major software vendors as well as the music/video industry is the use of undercover Internet investigation to detect piracy. In this case, the asset being protected is frequently not only the company’s intellectual property but it’s very brand. After all, if the market becomes flooded with counterfeit, substandard goods, consumers may opt for another brand as opposed to the risk of getting a cheap imitation. These undercover investigations are not only protecting the company’s assets but also its market share and even future existence.
Undercover Internet investigations require a different skill set, equipment, and training than traditional investigation. We have discussed these issues in previous chapters. In some cases, the corporate world takes a lead in an undercover investigation, particularly when it comes to piracy and counterfeiting of their product. Obviously, having a vested interest is one reason but the other is likely that they have specific knowledge that is required about their product to make the investigations successful. The simple fact is law enforcement and corporations frequently need to work together in the investigation of advanced crimes.
Managing undercover Internet investigations
Internet undercover strategies can be as controversial as real world operations. In addition to the entrapment issue raised in the last chapter, there can be unique issues, specific to the nature of cybercrimes. One such example is the “fantasy” defense, frequently raised by offenders charged with sexually enticing a minor over the Internet, where there is no minor but a police officer. This defense is usually not effective in the courtroom. However, managers need to be able to articulate to their superiors that these investigations are not focused on “fantasy” but on individuals who clearly are intent on doing criminal acts in the real world.
Another unique issue also associated with these kinds of undercover investigations is the strain it may bring to bear on a community’s legal resources. For instance, a small police department commences conducting undercover online operations to catch sexual predators in their community. However, by using the Internet to arranged meetings between the offender and the “minor,” they have expended their operations to not only their community but also literally to the entire world. In short order, they not only catch sexual predators who reside in their community, but those who live in adjunct jurisdictions, and even several states away. They quickly have increased the workload of the entire justice system in their area. Now the tax payers are paying for prosecutions of nonresidents who but for the fact of the police’s undercover sting operation, may have never traveled to their community. Clearly, law enforcement managers need to be aware of these issues and coordinate such investigations with their local prosecutors to insure they are not biting off more than they can effectively chew.
Other things to think about in preparation for conducting undercover investigations include the agency policy regarding undercover investigations. These policies require management fully understand Internet investigations and the liability and rewards they may bring for the agency/company. Management needs to evaluate the organization’s internal capabilities, including its ability to support these investigations. They need to identify what capabilities currently exist within the organization to further Internet investigations and what additional resources, equipment, personnel, as well as training may be needed to conduct them effectively. Cost evaluations of equipment and personnel require the agency to determine their ability to financially support these kinds of operations.
Internet investigation policy
An agency or company policy regarding Internet investigations should clearly lay out guidance for supervision of these operations and the staff’s conduct during their execution. Looking to traditional undercover investigation practices, the Internet investigators can identify commonality between these two types of covert activities. Traditional undercover investigation will have a supervisor managing the operation. The supervisor monitors all activities on the undercover operation including overseeing the undercover investigator’s surreptitious body wire communications. In other words, the supervisor is intimately involved in the operation’s management and the undercover investigator’s actions. All of this direct monitoring is intended to prevent the investigator from making a mistake and keeping the investigator safe.
Internet undercover investigations are a little different. Commonly during an undercover online operation, the supervisor isn’t sitting over the investigator’s shoulder watching hours of online chat. The supervisor generally reviews content after the investigators take actions. Their review of the Internet investigation is done after the fact and from reports of the investigator’s conduct. The need for direct monitoring during an Internet investigation is not an officer safety issue from the supervisor’s point of view.
From a practical implementation point of view, the traditional undercover investigation has more supervisory input and management. This is normally because of the need for officer protection, but still it is a better practice than the typical Internet investigation. The Internet investigation policy should address the supervisory role managers play during the investigation. Internet investigation managers should have a hands-on role. Undercover operations regardless of their location can still be a risk to the investigator. Remember at some point the target has to be arrested and handcuffs can’t be put on remotely. Managers should be engaged throughout the operation to ensure the overall operation’s goals and objectives are met. They should also be verifying that the agency policy is being complied with during the operation.
Operational planning
Operations planning for Internet investigations require the same kinds of information needed for investigations in the real world. Going online in an undercover capacity to investigate a crime requires pre-thought and planning. The investigator in consultation with their superiors need to identify the intent and scope of the undercover operation, identify the legal restrictions around the undercover operation, determine the limits of the investigator’s authority while on the Internet, identify the available resources to support the undercover investigation, prepare a risk assessment of the operation, and identify data collection requirements. All of these help the investigator determine the direction the undercover operation will take and contribute to its likelihood of success.
1. Identify the intent and scope of the undercover operation.
Each undercover investigation on the Internet is different. The investigator needs to collect information up front about the case. Including the kind of investigation, the potential locations for working undercover on the Internet, the depth of the persona required, estimates of the resources needed to support the investigation, the time estimated to complete the investigation, and the personnel commitment needed to support the investigation.
2. Identify the legal restrictions around the undercover operation.
During an undercover Internet investigation, the legal requirements related to the investigation need to be identified. Does your jurisdiction support this kind of investigation? Does your agency have a policy for conducting undercover investigations on the Internet?
3. Determine the limit of the investigator’s authority while on the Internet.
The limit of the investigator’s authority deals with identifying the investigator’s legal ability to conduct certain investigative tasks online. Again agency policy will help to dictate the limits.
4. Identify the available resources to support the undercover investigation.
The investigator needs to evaluate the personnel required for the operation, the equipment required (the undercover computer is only one cost), and the time investment (depending on the type of the investigations the time investment can be significant). Identifying this early can help managers understand the financial and resource commitment an Internet investigation requires.
5. Prepare a risk assessment of the operation.
Preparing a risk assessment, specifically a cost versus benefit analysis, is probably the most overlooked part of the planning process. The risk assessment is a management process for the investigation to determine whether or not the investigations should be conducted and to what benefit the agency or company will get out of the investigation. The basis for the risk assessment includes identifying the potential for success. This can mean the likelihood of a prosecution of an offender or the recovery of stolen property and the accountability of the investigators during the investigation.
6. Identify data collection requirements.
What are the requirements for documenting and collecting the required evidence to support a prosecution? A printed email may be entered in as a piece of evidence that is authenticated by the sender or receiver, but the metadata from the header in the email may tell a different version. How the investigator collects the data can provide the difference between a well-documented investigation and one that poorly represents the facts of the case.
Internet crime analysis
Internet crime analysis is in its infancy. Internet crime is not tracked nor is it reported well. As we addressed earlier in Chapter 1, poor documentation and no standard for reporting these offenses hamper efforts to grasp the extent of Internet crime. However, there are various reports and reporting agencies that can give us a clearer picture of the incidents of Internet crime. Reports from the National White Collar Crime Center’s (NWCCC) Internet Crime Complaint Center (ICCC), the Computer Security Institute, and Norton’s Cybercrime Study can give us a better understanding of the cybercrime problem. From the cybercrime perspective we can begin to measure the effectiveness of our investigative responses. Traditional crime response effectiveness is measured by looking at the number of crimes reported and identifying the number of crimes solved in comparison. This is a simple statistical measure. With Internet-related crimes we can identify similar effectiveness of the reported crimes. Effective understanding of an agency or company’s response to cybercrime depends on its ability to record the known crime. With the known numbers of cybercrimes committed, a clear solution rate can then be identified.
Conclusion
This chapter introduced the concepts of reactive and proactive Internet investigations. We know generally that traditional reactive investigations are frequently better handled by patrol officers and report takers than Internet reactive investigations. We have to improve. Managers and supervisors have to understand that these offenses are not going to go away and their line staff must be prepared to handle them in the earliest stages of the investigation. Being prepared requires not only providing training and resources but also a commitment from upper management that Internet crimes do fall under their jurisdiction. Additionally, we hopefully expanded the concept of proactive investigations beyond just undercover online investigations. Social media clearly presents new and challenging opportunities for community policing. We also drove home that management needs to also take an active role in overseeing and supporting Internet undercover investigations. Finally, we again stressed that management needs to work on Internet crime analysis so they can adjust their reactive and proactive investigative efforts accordingly.
References
1. 3i-MIND. (n.d.). 3i-MIND. Retrieved from <http://www.3i-mind.com>.
2. BrightPlanet | Deep Web Intelligence. (n.d.). BrightPlanet | Deep Web Intelligence. Retrieved from <http://www.brightplanet.com/>.
3. Brown MF. Criminal investigation: Law and practice 2nd ed Boston, MA: Butterworth-Heinemann; 2001.
4. Chaiken JM, Greenwood PW, Petersilia J. June The criminal investigation process: A summary report Santa Monica, CA: The Rand Corporation; 1976.
5. Community Policing Dispatch. (n.d.). COPS Office: Grants and Resources for Community Policing. Retrieved from <http://www.cops.usdoj.gov/html/dispatch/january/>.
6. Developing a Policy on the Use of Social Media in Intelligence and Investigative Activities: Guidance and Recommendations. (2013). Washington, DC: Bureau of Justice Assistance, Office of Justice Programs, US Department of Justice (BJA) and Global Justice Information Sharing Initiative.
7. Dyer, P. (2013, May 13). 50 top tools for social media monitoring, analytics, and management. Socialmediatoday.com. Retrieved from <http://socialmediatoday.com/pamdyer/1458746/50-top-tools-social-media-monitoring-analytics-and-management-2013/>.
8. Geofeedia—Search & Monitor Social Media by Location. (n.d.). Geofeedia—Search & Monitor Social Media by Location. Retrieved from <http://corp.geofeedia.com/>.
9. Google Alerts—Monitor the Web for interesting new content. (n.d.). Google. Retrieved from <http://www.google.com/alerts>.
10. HMS Technologies, Inc. | GEOCOP. (n.d.). HMS Technologies, Inc. | IT Systems Integration. Retrieved from <http://www.hmstech.com/geocop>.
11. Horvath, F., Messig, R. T., with the assistance of Lee, Y. H. (November, 2001). A National Survey of Police Policies and Practices Regarding the Criminal Investigation Process: Twenty-five years after Rand [Electronic version] (United States Department of Justice, National Institute of Justice, NCJRS Publication No. 202902). Rockville, MD.
12. HTCIA | High Technology Crime Investigation Association. (n.d.). HTCIA | High Technology Crime Investigation Association. Retrieved from <http://htcia.org>.
13. Manker, R. (2013, February 19). Burger King apologizes for Twitter hack: Account was changed to look like McDonald’s. Chicago Tribune. Retrieved from <http://articles.chicagotribune.com/2013-02-19/business/ct-burger-king-twitter-hack-0219-20130218_1_tweets-mcdonalds-hack>.
14. Meltwater IceRocket. (n.d.). Meltwater IceRocket. Retrieved from <http://www.icerocket.com/>.
15. Nobles R, Schiff D. The never ending story: Disguising tragic choices in criminal justice. Modern Law Review. 1977;60:299.
16. Parascandola, R. (2011, August 11). NYPD forms new social media unit to mine Facebook and Twitter for mayhem. NY Daily News. Retrieved from <http://www.nydailynews.com/new-york/nypd-forms-new-social-media-unit-facebook-twitter-mayhem-article-1.945242#ixzz2XiL4RCsu>.
17. Pataki. (n.d.). BrainyQuote.com. Retrieved from <http://www.brainyquote.com/quotes/quotes/g/georgepata274179.html>.
18. Plancast—Find Things to Do & Upcoming Local Events | Event Planning & Promotions | Plancast. (n.d.). Retrieved from <http://plancast.com/>.
19. Robertson, A. (2013, June 7). Beware of tweeters and bloggers: New social media rules for listed companies–—Business—ABC News (Australian Broadcasting Corporation) ABC.net.au. Retrieved from <http://www.abc.net.au/news/2013-06-04/beware-of-tweeters-and-bloggers-new-social-media/4733374?section=business>.
20. Rushe, D. (2012, January 26). FBI to step up monitoring of social media sites amid privacy concerns. Latest US news, world news, sport and comment from the Guardian | guardiannews.com | The Guardian. Retrieved from <http://www.guardian.co.uk/world/2012/jan/26/fbi-social-media-monitoring-privacy>.
21. Searcey, D.(1996, February 2). Web surfers gain cop in cyberspace—Chicago Tribune. Featured Articles From The Chicago Tribune. Retrieved from <http://articles.chicagotribune.com/1996-02-19/news/9602190148_1_home-page-police-sergeant-southwest-side>.
22. SMILE Conference. (n.d.). SMILE Conference. Retrieved from <http://smileconference.com/>.
23. Social Media Monitoring, Analytics, Engagement & Publishing For RTM—NetBase.com. (n.d.). Social media monitoring, analytics, engagement & publishing for RTM—NetBase.com. Retrieved from <http://www.netbase.com>.
24. Social Media Monitoring Definition from Financial Times Lexicon. (n.d.). Financial Times Lexicon—The Definitive Dictionary of Economic, Financial and Business Terms. Retrieved from <http://lexicon.ft.com/Term?term=social-media-monitoring>.
25. Social Media Monitoring Tools & Sentiment Analysis Software | Trackur. (n.d.). Social media monitoring tools & sentiment analysis software | Trackur. Retrieved from <http://www.trackur.com/>.
26. SocialPointer—Real-Time Social Media Marketing Tools Campaign & Tactics. (n.d.). SocialPointer. Retrieved from <http://www.socialpointer.com/>.
27. State and Major Urban Area Fusion Centers Homeland Security.(n.d.). US Department of Homeland Security. Retrieved from <www.dhs.gov/state-and-major-urban-area-fusion-centers>.
28. Stone, A. (2012, February 16). DHS monitoring of social media under scrutiny by lawmakers. Breaking news and opinion on The Huffington Post. Retrieved from <http://www.huffingtonpost.com/2012/02/16/dhs-monitoring-of-social-media_n_1282494.html>.
29. Topsy—Instant social insight. (n.d.). Topsy—Instant Social Insight. Retrieved from <http://topsy.com/>.
30. Twitterfall. (n.d.). Twitterfall. Retrieved from <http://twitterfall.com/>.
31. Understanding Community Policing: A Framework for Action. (1994). Washington, DC: Bureau of Justice Assistance.
32. United Nations. (2013). Comprehensive Study on Cybercrime Draft: February 2013New York, NY: United Nations.
33. US Department of Homeland Security. Civil Rights/Civil Liberties Impact Assessment: DHS Support to the National Network of Fusion Centers Report to Congress March 1, 2013 Washington, DC: Office for Civil Rights and Civil Liberties, U.S. Department of Homeland Security.
34. Webster, R. (n.d.). ConnectedCOPS.net—Law Enforcement’s Partner on the Social Web. Retrieved from <http://connectedcops.net>.
35. Wright, P. (2013, June 13). Meet prism’s little brother: Socmint (Wired UK). Wired.co.uk Future Science, Culture & Technology News and Reviews (Wired UK). Retrieved from <http://www.wired.co.uk/news/archive/2013-06/26/socmint>.
36. Wyllie, D. (2012, July 31). Infographic: How police investigators are using social media. Police Officers, Cops & Law Enforcement | PoliceOne. Retrieved from <http://www.policeone.com/investigations/articles/5885971-Infographic-How-police-investigators-are-using-social-media>.