Tracking digital footprints
Police are becoming increasingly adept at tackling online crimes
'On the Internet, nobody knows you're a dog." That famous caption of a cartoon by Peter Steiner from 1993 still holds true in 2010. It's getting harder and harder to identify real people online on the ubiquitous social networking site, Facebook.
More and more often, people take on alternate identities or even steal the identifies of others. Some just have fun while others break the law and commit serious offences. Prosecution is difficult due to the intangible nature of the evidence and lack of witnesses.
However, in cyberspace, digital footprints can be used as evidence of crimes. Police are growing increasingly adept at identifying and proving online crimes.
Speaking at the Guidelines to Handle ICT threats seminar hosted by the Ministry of Information and Communication Technology, Pol Lt Col Supat Thamthanarag, Special Case Inquiry, Official Senior Professional Level at the Department of Special Investigations, said that investigation was especially challenging as the sites are often hosted overseas but that digital forensics can still be used to identify the perpetrator.
The key challenge is to prove identity. Suspects commit crimes without witnesses on social networks. The officer needs to find out basic information about the user's profile such as contact email, friends and telephone numbers that can be used to identify the suspect.
More evidence needs to be captured, such as screenshots, real Facebook wall posts and other activities that can lead to an IP address to help identify the location or phone number from where the crime was committed.
All too often, on social networking sites such as Facebook, suspects deny actions and claim that their account was stolen or hacked, blaming the crime on others.
A recent high profile case concerned Wipas Raksakulthai, who was arrested and accused of violating the country's lese majesty legislation with a posting on Facebook.
Wipas was reported to have posted inappropriate messages and compromised national security by insulting the monarchy. He accepted that it was his name on Facebook, but denied the allegation and claimed that his password was hacked during the time the postings occurred.
Another egregious case concerns the nefarious activities of Thanapol Bumrungsri, aged 31, who used the names of several innocent Facebook users. The DSI has issued a warrant for his arrest, but so far he remains at large.
Pol Lt Col Supat said that identifying suspects in the cyberworld needs international collaboration and skilled investigators who can call on many laws such as the Computer Misuse Act and criminal law.
"The important thing is for witnesses to help by collecting evidence such as screenshots and related content to help officers identify and catch the suspect," Pol Lt Col Supat said.
Pol Col Siripong Timula, commander of the high-tech crime centre at the Central Investigation Bureau, added that log files are important digital evidence but the challenge is finding relevant information.
Today, criminals are better prepared and organised, many luring their victims to initiate ATM money transfers over voice IP calls and hoax calls, pretending to be from banks or from the Revenue Department.
Pol Col Siripong said that often the caller ID is traced back to China where criminal gangs use Taiwanese technology to operate, offering software, scripts and even call centre operations to criminals.
"In the cyberworld, if you do any transaction it will leave a footprint that officers can trace and track to find what you are doing and how you did it," Pol Col Siripong said.
Citing Internet world statistics, in 2009 Thailand ranked last out of 10 countries in Asia with 16.1 people online, and 21st in the world in terms of Facebook users, with 4.2 million users, according to Nontawattana Saraman, a security expert.
Moreover, he also found that in the first half of this year, 1,233 cases of inappropriate websites were reported to the Internet Security Operation Centre or ISOC, mainly pornography, gambling and security risks.
Many other crimes such as data theft, inaccurate stock exchange data and hacking of telco prepaid databases are on the increase, pointing to the higher risk of ICT threats we face today.
To investigate and identify suspects, officials need to process the chain of events by sifting through log files of Internet traffic, identity logs and event logs.
Somchai Chantharamatsakan, a public prosecutor at the Office of the Attorney General, said it is important to preserve digital evidence and prevent it being tampered with, just like with normal forensics, for it to be accepted as evidence in court.
The important thing is that whoever gathers evidence needs to be trained so that timestamps and other important data cannot be changed, or else the evidence will be rejected by the courts. Normally, an MICT-certified "Guideline First Incident Responder" needs to be called in to preserve the evidence.
Somchai added that in order to fight cybersecurity threats, Thailand should implement a Cyberspace Security Strategy like in the US which has its National Strategy to Secure Cyberspace consistent with the National Strategy for Homeland Security.