261 lines
11 KiB
Plaintext
261 lines
11 KiB
Plaintext
Here is a letter from the Director of the Secret Service to US
|
|
Rep. Don Edwards, D-California, in response to questions raised
|
|
by Edwards' Subcommittee. This copy comes from Computer Professionals
|
|
for Social Responsibility in Washington, DC.
|
|
|
|
DEPARTMENT OF TREASURY
|
|
UNITED STATES SECRET SERVICE
|
|
WASHINGTON, DC 20223
|
|
APR 30 1990
|
|
|
|
The Honorable Don Edwards
|
|
Chairman
|
|
Subcommittee on Civil and Constitutional Rights
|
|
Committee on the Judiciary
|
|
House of Representatives
|
|
Washington, D.C. 20515
|
|
|
|
Dear Mr. Chairman:
|
|
|
|
Thank you for your letter of April 3, 1990, concerning your
|
|
committee's interest in computer fraud. We welcome the
|
|
opportunity to discuss this issue with your committee and I
|
|
hope the following responses adequately answer your
|
|
questions.
|
|
|
|
Question 1:
|
|
|
|
Please describe the Secret Service's process for investigating
|
|
computer related crimes under Title 18, United States Code,
|
|
Section 1030 and any other related statutes.
|
|
|
|
Response:
|
|
|
|
The process by which the Secret Service investigates
|
|
computer related crimes is similar to the methods we use to
|
|
investigate other types of criminal investigations. Most of the
|
|
investigative techniques are the same; surveillances, record
|
|
checks, witness and suspect interviews, etc. the primary
|
|
difference is we had to develop resources to assist in the
|
|
collection and review of computer evidence.
|
|
|
|
To provide our agents with this expertise, the secret service
|
|
developed a computer fraud investigation course which, as of
|
|
this date, has trained approximately 150 agents in the proper
|
|
methods for conducting a computer fraud investigation.
|
|
Additionally, we established a computer Diagnostics center,
|
|
staffed with computer professional, to review evidence on
|
|
computer systems.
|
|
|
|
Referrals of computer related criminal investigations occur in
|
|
much the same manner as any other case. A victim sustains a
|
|
loss and reports the crime, or, a computer related crime is
|
|
discovered during the course of another investigation.
|
|
|
|
In the investigations we do select, it is not our intention to
|
|
attempt to supplant local or state law enforcement. We
|
|
provide enforcement in those cases that are interstate or
|
|
international in nature and for one reason or another are
|
|
beyond the capability of state and local law enforcement
|
|
agencies.
|
|
|
|
When computer related crimes are referred by the various
|
|
affected industries to the local field offices, the Special
|
|
Agent in Charge (SAIC) determines which cases will be
|
|
investigated based on a variety of criteria. Each SAIC must
|
|
consider the economic impact of each case, the prosecutive
|
|
guidelines of the United States Attorney, and the investigative
|
|
resources available in the office to investigate the case .
|
|
|
|
In response to the other portion of your question, the other
|
|
primary statute we use to investigate computer related crimes
|
|
is Title 18, United States Code, Section 1029 ( Access Device
|
|
Fraud). This service has primary jurisdiction in those cases
|
|
which are initiated outside a bank and do not involve
|
|
organized crime, terrorism, or foreign counterintelligence
|
|
(traditional responsibilities of the FBI).
|
|
|
|
The term "access device" encompasses credit cards, debit
|
|
cards, automatic teller machines (ATM) cards, personal
|
|
identification numbers (PIN's) used to activate ATM machines,
|
|
credit or debit card account numbers, long distance telephone
|
|
access codes, computer passwords and logon sequences, and
|
|
among other things the computer chips in cellular car phones
|
|
which assign billing.
|
|
|
|
Additionally, this Service has primary jurisdiction in cases
|
|
involving electronic fund transfers by consumer (individuals)
|
|
under Title 15, U. S. code, section 169n (Electronic Fund
|
|
Transfer Act). This could involve any scheme designed to
|
|
defraud EFT systems used by the public, such as pay by phone
|
|
systems, home banking, direct deposit, automatic payments,
|
|
and violations concerning automatic teller machines. If the
|
|
violations can be construed to be a violation of the banking
|
|
laws by bank employee, the FBI would have primary
|
|
jurisdiction.
|
|
|
|
There are many other statutes which have been used to
|
|
prosecute computer criminals but it is within the purview of
|
|
the U.S. Attorney to determine which statute will be used to
|
|
prosecute an individual.
|
|
|
|
Question 2:
|
|
|
|
Has the Secret Service ever monitored any computer bulletin
|
|
boards or networks? Please describe the procedures for
|
|
initiating such monitoring, and list those computer bulletin
|
|
boards or networks monitored by the Secret Service since
|
|
January 1988.
|
|
|
|
Response:
|
|
|
|
Yes, we have occasionally monitored computer bulletin boards.
|
|
The monitoring occurred after we received complaints
|
|
concerning criminal activity on a particular computer bulletin
|
|
board. The computer bulletin boards were monitored as part of
|
|
an official investigation and in accordance with the directives
|
|
of the Electronic Communications Privacy Act of 1986 (Title
|
|
18 USC 2510)
|
|
|
|
The procedures used to monitor computer bulletin boards
|
|
during an official investigation have involved either the use of
|
|
an informant (under the direct supervision of the investigating
|
|
agent) or an agent operating in an undercover capacity. In
|
|
either case, the informant or agent had received authorization
|
|
from the computer bulletin board's owner/operator to access
|
|
the system.
|
|
|
|
We do not keep records of the bulletin boards which we have
|
|
monitored but can provide information concerning a particular
|
|
board if we are given the name of the board.
|
|
|
|
Question 3:
|
|
|
|
Has the Secret Service or someone acting its direction ever
|
|
opened an account on a computer bulletin board or network?
|
|
Please describe the procedures for opening such an account and
|
|
list those bulletin boards or networks on which such accounts
|
|
have been opened since January 1988.
|
|
|
|
Response:
|
|
|
|
Yes, the U.S. Secret Service has on many occasions, during the
|
|
course of a criminal investigation, opened accounts on
|
|
computer bulletin boards or networks.
|
|
|
|
The procedure for opening an account involves asking the
|
|
system administrator/operator for permission to access to the
|
|
system. Generally, the system administrator/operator will
|
|
grant everyone immediate access to the computer bulletin
|
|
board but only for lower level of the system. The common
|
|
"pirate" computer bulletin boards associated with most of
|
|
computer crimes have many different level in their systems.
|
|
The first level is generally available to the public and does not
|
|
contain any information relation to criminal activity. Only
|
|
after a person has demonstrated unique computer skills, been
|
|
referred by a known "hacker," or provided stolen long-distance
|
|
telephone access codes or stolen credit card account
|
|
information, will the system administrator/operator permit a
|
|
person to access the higher levels of the bulletin board system
|
|
which contains the information on the criminal activity.
|
|
|
|
As previously reported in our answer for Question 2, we do not
|
|
keep records of the computer bulletin boards on which we have
|
|
established accounts.
|
|
|
|
Question 4:
|
|
|
|
Has the Secret Service os0someone acting under its direction
|
|
ever created a computer bulletin board or network that was
|
|
offered to the public? Please describe any such bulletin board
|
|
or networks.
|
|
|
|
Response:
|
|
|
|
No, the U. S. Secret Service has not created a computer bulletin
|
|
board nor a network which was offered to members of the
|
|
public. We have created an undercover bulletin board which
|
|
was offered to a select number of individuals who had
|
|
demonstrated an interest in conducting criminal activities.
|
|
This was done with the guidance of the U.S. Attorney's office
|
|
and was consistent with the Electronic Communications
|
|
Privacy Act.
|
|
|
|
Question 5:
|
|
|
|
Has the Secret Service ever collected, reviewed or
|
|
"downloaded" transmissions or information from any computer
|
|
network or bulletin board? What procedures does the Secret
|
|
Service have for obtaining information from computer bulletin
|
|
boards or networks? Please list the occasions where
|
|
information has been obtained since January 1988, including
|
|
the identity of the bulletin boards or networks, the type of
|
|
information obtained, and how that information was obtained
|
|
(was it downloaded, for example).
|
|
|
|
Response:
|
|
|
|
Yes, during the course of several investigations, the U. S.
|
|
Secret Service has "down loaded" information from computer
|
|
bulletin boards. A review of information gained in this manner
|
|
(in an undercover capacity after being granted access to the
|
|
system by it's system administrator) is performed in order to
|
|
determine whether or not that bulletin board is being used to
|
|
traffic in unauthorized access codes or to gather other
|
|
information of a criminal intelligence nature. At all times,
|
|
our methods are in keeping with the procedures as outlined in
|
|
the Electronic Communications Privacy Act (ECPA).
|
|
|
|
If a commercial network was suspected of containing
|
|
information concerning a criminal activity, we would obtain
|
|
the proper court order to obtain this information in keeping
|
|
with the ECPA.
|
|
|
|
The U. S. Secret Service does not maintain a record of the
|
|
bulletin boards we have accessed.
|
|
|
|
Question 6:
|
|
|
|
Does the Secret Service employ, or is it considering employing,
|
|
any system or program that could automatically review the
|
|
contents of a computer file, scan the file for key items,
|
|
phrases or data elements, and flag them or recommend further
|
|
investigative action? If so, what is the status of any such
|
|
system. Please describe this system and research being
|
|
conducted to develop it.
|
|
|
|
Response:
|
|
|
|
The Secret Service has pioneered the concept of a Computer
|
|
Diagnostic Center (CDC) to facilitate the review and
|
|
evaluation of electronically stored information. To streamline
|
|
the tedious task of reviewing thousands of files per
|
|
investigation, we have gathered both hardware and software
|
|
tools to assist our search of files for specific information or
|
|
characteristics. Almost all of these products are
|
|
commercially developed products and are available to the
|
|
public. It is conceivable that an artificial intelligence process
|
|
may someday be developed and have application to this law
|
|
enforcement function but we are unaware if such a system is
|
|
being developed.
|
|
|
|
The process of evaluating the information and making
|
|
recommendations for further investigative action is currently
|
|
a manual one at our CDC. We process thousands of computer
|
|
disks annually as well as review evidence contained in other
|
|
types of storage devices (tapes, hard drives, etc.). We are
|
|
constantly seeking ways to enhance our investigative mission.
|
|
The development of high tech resources like the CDC saved
|
|
investigative manhours and assist in the detection of criminal
|
|
activity.
|
|
|
|
Again, thank you for your interest. Should you have any further
|
|
questions, we will be happy to address them.
|
|
|
|
Sincerely,
|
|
/s/
|
|
John R. Simpson, Director
|
|
|
|
cc: Honorable Charles E. Schumer
|
|
|