==Phrack Magazine== Volume Four, Issue Forty-Four, File 5 of 27 **************************************************************************** Computer Cop Prophile by The Grimmace The following file is something I thought of and did a LOT of research on before writing. It's something that I haven't seen in PHRACK and I've been a devout fan of this zine since the beginning. The "PHRACK PROPHILES" on hackers and phreakers give readers an insight into the movers and shakers of the P/H world, but how about a profile or profiles on the anti-hacker/phreaker establishment that seems to be growing by leaps and bounds lately? In the past years we've seen cops and feds who know nothing about computers and/or telephone systems bungle their way through search warrants and arrests and have had some good laughs at their expense. But now it seems that the "computer cops", the feds especially, are putting a big push on training agents in the "tricks of the trade" and their conviction rate is getting better. The primary source of this training is the Federal Law Enforcement Training Center in Glynco, Georgia, where they're teaching computer seizure and analysis techniques, computer-targeted search warrants, and telecommunications fraud investigations. (They're very accommodating about giving out information on the phone as long as you tell them you're a cop). The FBI Academy in Quantico also has a computer crimes course. On the technical side of things, there's an organization called IACIS which stands for the International Association of Computer Investigative Specialists based in Portland, Oregon, and which consists of members of both local law enforcement agencies nationwide as well as various and sundry federal agencies. This group teaches and certifies cops in how to get evidence from computer systems that can't be attacked in court (Of course, anything CAN be attacked, but getting the evidence squashed is not always a sure thing unless the judge is a computerphobe). As much satisfaction as we've gained at the expense of the US Secret Service from the Steve Jackson Games case, it's widely publicized problems may prove to be a double-edged sword hanging over our heads. Law enforcement learned a LOT of lessons from mistakes made in that investigation. Like most of you, I've spent a lot of years exploring computer systems (usually those belonging to others) and personally feel that I've done nothing wrong (know the feeling?). I'm sure others across the country also can conduct a little socially-engineered reconnaissance and get the lowdown on some of the people we NEVER want to see knocking on our doors with a sledge hammer in the middle of the night. This profile contains information on the ONLY computer crime cop I could identify in the Louisville/Jefferson County area after calling all the major departments posing as a writer for a law enforcement magazine doing a survey. Information about him was obtained not only from his department, but from sources in the local and federal court systems, Ma Bell Security, and the Federal Law Enforcement Training Center. Lt. Baker is *not* a potential donor to the CPSR or EFF to say the least. I'm currently compiling similar information on other law enforcement types in the Secret Service, Columbus Ohio PD, Dallas PD, Georgia Bureau of Investigation and members of Ma Bell's Data Security Group in Atlanta. Baker was just the closest to me so I started with him. If I can get the information I've requested, then future submissions will also include lesson plans furnished by FLETC on their training courses and analysis protocols suggested by the USSS...heh...heh. Yours, The Grimmace *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* COMPUTER-COP PROFILE I LT. BILL BAKER JEFFERSON COUNTY POLICE DEPARTMENT LOUISVILLE, KENTUCKY INFORMATION COMPILED BY: ** THE GRIMMACE ** *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* NAME: Bill Baker RANK: Lieutenant AGENCY: Jefferson County Police Department 768 Barret Ave. Louisville, Kentucky 40204 AGE: 43 YEARS OF COMPUTER EXP: 13 YEARS AS A COP: 18 YEARS IN COMPUTER/ TELECOM CRIME: 8 TRAINING: Federal Law Enforcement Training Ctr. Glynco, Ga. - Telecommunications Crime Telecom Fraud Cellular Fraud PBX Fraud - Computer Crime Illegal Access Crimes Computer Crime Inves. Seized System Analysis FBI Academy Quantico, Va. - Computers in Narcotics Investigations - Computer Crime Investigations National Intelligence Academy Ft. Lauderdale, Fl. - Supervising Intelligence Operations Surveillance Techniques Electronic Tracking Electronic Eavesdroping Video Evidence Techniques - Telephone Systems Wiretaps Dialed Number Recorders Pager/Fax Intercepts Technical Telephony Course PREVIOUS ASSIGNMENTS: Patrol Criminal Investigations/Burglary Criminal Investigations/Homicide Crime Prevention Special Investigations/Vice-Intel MEMBER: Communications Fraud Control Association Washington, D.C. PUBLICATIONS: Various computer/telecommunications crime oriented articles for assorted law enforcement and computer industry magazines (i.e., POLICE CHIEF, DATA TODAY) Posing as a freelance writer from the "Law Enforcement Journal", I made calls to local police agencies all over this area asking about their Computer Crime Units and received replies ranging from "What are you talking about?" to "Maybe FRAUD handles that...hey, Charlie...do the FRAUD guys do anything with compoooters?". So much for the Louisville Division of Police...no fear there, right? But I decided to push on since Louisville, though not a hotbed of phreakers/hackers, IS the latest home of TAP MAGAZINE (a la Blitzkrieg BBS and the Predat0r) and has a smattering of "hometown" folks engaged in less than legal activities through the local phone lines. The call made to the Jefferson County Police got me a solid response of "You'll have to talk to Lt. Bill Baker. Hey, Charlie, where's Lt. Baker working now?" (This guy is so low key his own department doesn't even know where he works!) They finally decide he's someplace called "Adam Station" and through "various" contacts and a friendly local attorney who rarely pays for telephone calls himself, I managed to obtain quite a bit of information about Lt. Baker and his obviously misguided quest. Lt. Baker is fairly typical of the "new breed" of high-tech investigator currently being churned out by the various federal training schools. He's aggressive and, from talking to other members of his department, thought of as a "computer weenie" who was probably a hacker himself before he embraced the "dark side" of "the FORCE". (I personally believe that this may be more fact than fantasy after talking to him on the phone since he seems to know more about phreaking and hacking than one would think would be taught in the aforementioned federal institutes of higher learning.) I finally managed to speak with Lt. Baker on the phone and gave him my "writing about computer crime" rap which he bought with little suspicion. The following are excerpts from the recording I made of the conversation [comments in brackets are mine]: TG: How would you rate the progress of computer and telecommunications crime investigations in this area? Baker: There have been some good cases made here, but there's still a long way to go. The main problem is that there hasn't been a push from local businesses in this area to combat these types of crimes. Most of'em don't want to admit they've been hit from the outside. If there's no complaints, then the departments aren't likely to want to spend the money to dig up additional crime, right? TG: Of the hackers you've worked on, what kind of capabilities do they have and how good do you think they are? Baker: Well, hackers and phreaks are like any other cross-section of a criminal group...there are some that are very good and some that are pitiful. The best thing you can say about working hacker/phreaker cases is that a lot of them catch themselves. They have huge egos and tend to brag a good deal about what they've done and how they did it. TG: Does that mean that you don't think a computer crime investigator has to be as good as the criminals he chases...I mean, because a lot of these people leave so many clues behind? How would you rate your ability in this field? Baker: Nope...not at all. I think that as technology gets better so will the crooks. Let's keep the record straight here. Sure, there are bozos out there who read a how-to file in an old PHRACK and decide that they have the knowledge they need to nuke the phone company or ride a VAX like a Hell's Angel rides a Harley. Those are the easy ones. The ones who -write- [author's emphasis] the technical articles in PHRACK are the ones to worry about. There are some stomp-down [??] incredibly knowledgeable individuals in circulation blasting away with their modems at any target of opportunity. TG: You didn't mention your own ability for investigating these people. Baker: (Laughs) Yeah, well...let's say I know enough to get by and am smart enough to know that there are no absolute experts. TG: How would you comment on the Steve Jackson Games case? Do you think the Secret Service set a lot of bad precedents? Baker: (Laughs) Noooooooo....sorry, pal. That's been jawed to death in every phreak/hack mag, legal journal, and Internet newsgroup in existence and I'm not about to stick my neck out on that one, OK? I will say that everyone learned a lot from that case and I seriously doubt if you'll see the same set of problems reoccurring in future cases. Maybe the CSPR or EFF hired guns can come up with a new group of loopholes, in which case we'll have to find new ways to circumvent those attacks. TG: You sound a little critical of the EFF and CSPR efforts in their defense of so-called "computer criminals". Baker: Well, I'm sure that they believe in what they're doing. They must to invest that much cash and energy. But I think there has to be some middle ground agreed upon rather than just whining about "all information should be free" and "if I can get into your system then I should be allowed to look around". I'm not going to launch into a diatribe on organizations that I don't agree with. I'm simply going to work harder at dotting every "i" and crossing every "t" to make my cases more secure. Stealing telephone service is a crime, defrauding businesses is a crime, gaining unauthorized access into someone else's computer system is, in most states, a crime, and even if there's no law on the books making it a crime, it's wrong. TG: Since by your own statement, you feel that high-tech crime investigation is still in its infancy, what groups or organizations would you say are in the lead in trying to combat this type of crime? Baker: The most significant two I know are the Federal Law Enforcement Training Center in Glynco, Georgia, and the Communications Fraud Control Association based out of Washington, D.C. FLETC [he pronounces it FLET-SEE] probably has the finest computer crimes training program in the country. They bring in acknowledged experts and don't cut the students any slack as far as learning to do things correctly and, most importantly, legally. The CFCA is the leader in Telecommunications security and provide training and assistance to telecom and computer companies along with law enforcement agencies all over the country. TG: Why do you think so few law enforcement agencies know anything about computer crime investigations? Are they going to leave the phreaks to the feds? Baker: Nah...I don't think you can simplify it that easily. Most departments don't have dedicated computer crime units because of lack of funds to support such a unit, lack of trained personnel, lack of understanding of the magnitude of the problem, fear of increasing their crime stats or any combination of those reasons. When I first got into this, there weren't any experts. John Maxfield and his BOARDSCAN operation got a lot of talk in the hack/phreak journals and there were a small handful of others, but no real standout authorities. I talked to an awful lot of people before I hooked up with Clo Fleming at SPRINT Security who helped me a lot. TG: Do you still trade information with SPRINT? Baker: I have contacts with all the major telecom carriers. The training I got at FLETC really helped make some valuable contacts. But I guess SPRINT and Clo Fleming would be my first choice simply because they were willing to help me when no one else would. You can't operate in this environment without contacts in the OCC's. It can't be done and the OCC's [Other Common Carriers] are a lot more willing to assist law enforcement now than they were in 1985. Of course, the telecommunications industry is taking a $4-5 billion hit a year from fraud and that has a lot to do with it. TG: Do you subscribe to the hacker/phreaker magazines? Baker: Sure...I subscribe to 2600 and get copies of some others. I think PHRACK's probably the best overall, but I can't afford the subscription rate they've imposed on government agencies since Craig Neidorf took the hit for publishing the "golden" E911 document. I've learned a ton of stuff over the years from PHRACK and wish it were still free, but they have a right to their info just like the people who own the systems attacked by hackers. It'd be kind of hypocritical for me to rip off PHRACK and then turn and prosecute some other guy for ripping off information from another source, right? TG: What problems do you foresee in the future in computer and telecom crime investigations? Baker: Jeez...why don't you ask me when we'll have world peace or something easy? OK, I think we'll probably see the larger departments being forced to play catch-up with the current trends and always being a little behind in this area. I also think you'll see more officers losing cases and being sued, a la SJG, until they get the specific training required to handle these cases the right way. Turning seized systems over to the local "computer guy" in the department is going to cost'em in the long run because every lawyer who gets one of these cases is going to compare it bit by bit with the SJG case to see if there's anything there he can use for his client's defense. TG: There has been a lot of discussion about whether or not computer systems should be seized rather than just making copies of the data for evidence. What is your policy on equipment seizures when working cases like this? Baker: First of all, I don't go on fishing expeditions with search warrants. If I have enough to convict a guy then I get the warrant. I take everything that's there and do the analysis. I've had cases where the defendant has requested copies of data he needed for various reasons and I've had no problems with furnishing them as long as the request is reasonable. I ask for forfeiture of the equipment if I can link it to the crime because the law says I can. If I can't link the computers, then I give them back...simple as that. I think it's kind of interesting that most hackers or phreaks will refuse to take a guilty plea for a reduced charge, even if I have them stone cold and they're looking at a 99.999999% chance of conviction in a jury trial, if it means they'll lose their equipment in the deal. It makes good leverage in certain situations. TG: Did you have any part in Operation Sun-Devil? Baker: Nope. Though I'd have liked to. I was on a lot of the systems taken down in Sun-Devil. TG: You said you were on some of the systems busted in the Sun-Devil operation, are you still on phreak/hack boards and would you name any? Baker: (Laughs a lot) I think I'll pass on naming systems I'm on, OK? That'd be cheating. (Laughs again) But I get around enough to know what's going on. There are lots of investigators out there calling the boards. TG: I appreciate your time, Lt. Baker, and would like to ask one last question. What motivates you in these cases since the alleged "theft" involves pretty intangible property? Baker: Motivation? Hmmmm...I suppose you could say it's the chase that motivates me more than the catch, though the catch is pretty good, too. These cases tend to be more one-on-one than some other types and the adversaries can be very good at covering their tracks. Hell, I probably have more in common with the people I target than they'd like to believe. As for the "intangibility" of the stolen goods, well, that's why we have court systems, isn't it...to define those little details. TG: A lot of computer crime investigators would rather stay in the background, but you don't seem to have taken that position. Why not? Baker: Well, like anyone involved in anything relatively new, as opposed to the old standard type crimes like murder and armed robbery, it's to my benefit to have anything printed informing people of the problems created by this type of activity. We all pay the price for telecom fraud, credit card fraud, data loss due to illegal access to computers and all the rest. But the people involved in these crimes, for the most part, don't exhibit the same profiles as the so-called "violent" criminals. In fact, I've had some very friendly conversations with a number of phreaks and hackers. Investigators who have problems would probably have them no matter what crimes they were investigating. I never assume that I'm smarter than anyone I'm chasing and I don't rub their noses in it when I make a case. Just like I don't lose sleep when I just can't seem to get that last piece of the puzzle and one gets away. It's hide-and-seek in cyberspace. Pretty good game, actually. For what it's worth, there it is. The interview printed here doesn't contain a lot of the bullshit that was thrown back and forth during our conversation, just the relevant details which tend to give an insight into this guy. Frankly, I was impressed by the fact that he didn't seem anything like I had expected after reading horror stories about other agencies and investigators. This guy was personable and maybe that's an indicator that he's dangerous. Never, ever underestimate your opponents -- even if they do sound like "good ole boys" and talk to you like you're the best friend they ever had. Always remember that COPS INVENTED SOCIAL ENGINEERING! My next "computer cop" profile will deal with a rising star in the U.S. Secret Service and his connections to the Guidry Group, a consulting organization working for the cellular phone industry in combating cellular fraud.