Government Agencies Use Regular Software

Although there is some software they cannot talk about, officers are certainly willing to talk about the goodies they use that everyone has access to.

by Alex Goldman ISP-Planet Managing Editor [January 28, 2005]

Captain Chet Bowen is a member of the Louisiana Chapter of the High Technology Crime Investigation Association (HTCIA), whose members are local law enforcement as well as security professionals. Security professionals are welcome to apply to join.

Bowen works for law enforcement and has been a member for some time. "I've been with HTCIA for about six years, ever since they got the program started," he says, talking through the flu. He's based in New Orleans, but the state chapter of the HTCIA is based in Baton Rouge.

We contact him with the aid of Turlock, Calif.-based Visualware, whose website carries his customer testimonial praising the company's VisualRoute software.

"Before VisualRoute there was a program called NeoTrace," he notes. "They wouldn't upgrade the software. I came across Visualware's VisualRoute and liked the reliability. I also looked at the graphics."

Graphics are particularly important in Bowen's line of work. "Many people, particularly when you're dealing with the perpetrator's peers such as jurors, don't understand computers or how the Internet works. You can show them a piece of paper with the whois information, but it doesn't mean much to them. They don't understand how there's a paper trail on everything you do on a computer."

VisualRoute, which produces a graphical map image, is more convincing than the text data produced by other methods of tracing a criminal.

"It's the first step in our line of defense. You could use it to track an e-mail, such as a request from an agency, or an ISP, or a Web address that might be a hate site or a child porn site."

If you find a child porn site, you must not store or forward images of the porn. "We have to contact the U.S. Customs or the FBI and let them handle it, though these days they're so wrapped up in homeland security. If someone tells me about a child porn site, I tell them, 'whatever you do, do not copy the pictures and send them to me or they'll put you in jail no matter how good your intentions are. Contact law enforcement.'" That's useful advice.

When Bowen does contact an ISP, he says most are very helpful. "AOL is the worst in the world for it. AOL or Yahoo! are always going to ask for a subpoena [before giving us anything]. Of course, we will be able to serve a subpoena anyway."

Sometimes the rewards of a simple trace can be significant. "Early on, we were having trouble grabbing the right IP address. The perpetrator was selling pirated copies of Windows 95, back when it was a big deal, at a crazy price, about $19 per copy. The US Postal Service told us that unless a victim had thousands of dollars in loss, they couldn't do anything. I got some detectives from the local police department."

What they found was quite surprising. "She had a yacht, a BMW, a Corvette. We shut her down because of the traceroute. VisualRoute had a map showing where it was."

Sometimes it's not so easy. "When you're crossing over international boundaries, you have to be very careful. It's okay to trace as long as the information gets to the appropriate authorities. I now have contacts in Sweden, Australia, and the UK. The other day, an Australian policeman complained to me about someone who was sending him a virus every day. I was able to find out that it came from France. I gave him the location where it was coming from and told him to talk to the French authorities. I did a snapshot of the geographical area where the e-mail was coming from generated by VisualRoute and sent to him. He wrote back and thanked me and told me he was contacting the ISP."

Although the FBI does have tools they cannot talk about, government agencies also use the software that everybody else has. "Some of this off the counter stuff, you'd be surprised how much of the FBI is using. I visited the main offices and they were using SnagIt!"

— End