Cybercrime – Can the Locard exchange principle be applied to cybercrime?

Cybercrime is replacing drug trafficking. Recent government findings indicate that cybercrime has overshadowed the illicit drug trade as a major source of hundreds of millions of dollars in illicit profits worldwide. In its infancy, the Internet seemed like something that could become a useful tool for scientific research. If we had known at the time what potential it had, perhaps more thought would have been given to its protection.

Today, the news wires are filled with reports of massive thefts of personal information and depleted bank accounts, all due to the criminal element that, for a small investment in a computer and an Internet connection, is changing the investigative landscape. criminal. A highly regarded research survey indicated that 8.1 million Americans were victims of identity theft in 2010. Losses were in the hundreds of millions.

The Locard Exchange Principle (LEP)

Dr. Edmond Locard (1877-1966), known to many as the French “Sherlock Holmes”, was a pioneer in the investigation of forensic evidence. Locard defends the basic principle of forensic science: “Every contact leaves a trace”. Of course, Locard’s theory deals with the physical contact perpetrators make with crime scene items. But today’s crime scene may not involve a physical structure, most likely the crime scene is located in cyberspace.

The question then arises: “Does Locard’s exchange principle apply to an electromagnet passing over a rotating disk?” Some digital detectives think so. For example, a hacker gains access to a computer system that may or may not be secure. Is any computer completely safe? Of course, security software is effective against many of these invasions, but a secure system will only take a hacker a little longer to break into. Now, the question is, does the exchange principle apply?

Cyber ​​crimes leave no physical evidence

On the surface, the infiltrator would not leave physical trace of having been there. But other evidence of electronic tracking may be present. If the computer’s file access logs were accessible, there may be a log available showing that the file was, in fact, accessed, and even followed by a network transmission. There is also the possibility that a side channel analysis of any activity on the hard drive will uncover network operations. As a last resort, the examiner can check Internet Service Provider (ISP) access logs to uncover surreptitious entries. This step will not necessarily reveal what specific data was removed, but it will indicate that the data was, in fact, removed from the line.

Industrial espionage is becoming common

Personal information and cash are not the only targets of this growing threat. Online industrial espionage is a growing threat to the American economy, as well as to our national security. US intelligence agencies recently warned elected officials that China and Russia are involved in cyber espionage. “Trade secrets developed over thousands of hours of work by our brightest minds are stolen in a split second and transferred to our competitors,” said a counterintelligence executive. These foreign governments deny this claim.

The Principle of Cyber ​​Exchange

Perhaps when it comes to cybercrime, the “Cyber ​​Exchange Principle” applies. Forensic examination of a computer or server will uncover hacking artifacts. So the investigator is faced with a situation where the crime scene is not limited to a single computer and may involve another computer in the middle of the world.

The hacker will not leave any latent fingerprints, footprints or traces of physiological fluids as a result of their intrusion. But the electronic activity in this case can be much more valuable in the bits and bytes that this activity leaves behind. The principle that Locard championed so long ago must be on the minds of our digital detectives as they search for what clues a compromised computer contains, as well as what traces are waiting to be discovered in cyberspace.

Leave a Reply

Your email address will not be published. Required fields are marked *