Feeds

You've been arrested for computer crime: Here's what happens next

The knock on the door you REALLY don't want to hear

The essential guide to IT transformation

It isn't just paedophiles. It is the accountant who thinks he is worth more than the company decides to pay him, and decides to create and pay fictitious invoices. It is the card-cloning gangs buying and selling mag stripes and card dumps. It is the drug dealers who think they are smarter than the police.

Or it is just the plain unlucky techie, who has been been swept up into a cybercrime investigation through no real fault of their own.

Tiny ginger kitten puts its paws up in the manner of a person being arrested.

What follows is a blow-by-blow account of what will happen if you, or someone you know, gets arrested for a computer-related crime. It is written with the guidance and help of an expert in IT forensics as well as a detective with over 20 years experience of dealing with the darker side of IT.

You're under arrest

Everyone hopes it never happens to them. Mud sticks, especially where computer crimes are concerned. Contrary to popular belief, the 5am door knock is rarely used for e-crime suspects as they are usually in custody by the time the evidence collection happens.

The information that leads to your arrest is not dreamed up by some bored copper. Rather, it will likely come from one of two distinct avenues. It can be allegations made by individuals, or alternatively, it can be what the police call “intelligence-led” - where potential information comes from other police operations.

An example of intelligence-led investigations are where people who use their credit cards to purchase illegal porn are revealed. Sometimes evidence even comes from rape or murder cases. When such cases occur, computers are taken as they can contain a whole treasure trove of information, such as a suspect using Google to research “How poisons work” in preparation for carrying out a murder.

A computer crime suspect would be treated in the same manner as any other. They would be arrested, their homes searched, and they would be questioned about any evidence found during the search. This would be done under caution, with the famous rubric: "You do not have to say anything. But it may harm your defence if you do not mention when questioned something which you later rely on in court. Anything you do say may be given in evidence."

The type of police officer who seizes the offending items depends on the perceived complexity of the case and mitigating factors such as the expected level of knowledge of the user.

If the suspect is an average home user then a specially trained PC would pay a visit the home and seize any and all computer equipment and associated media on the premises. These officers, although not forensic experts, are trained in preserving and logging evidence into custody. The shocked residents sharing the house with the suspect would be treated to a hard door knock, a signed warrant and a house full of burly coppers collecting all the evidence they could find, ripping the place apart looking for anything incriminating. Not an ideal way to start the day, for sure.

Seized items are bagged with tamper proof ID and tags, clicking shut like the same cable ties we use to keep our own systems in order. The tag holds details such as item description and photographs of the evidence as it was seized. Inside the clear bags would be all the IT gear belonging to the suspect. Other attributes include the time and place of seizure, as well as case references and exhibit ID. Evidence is not just computers and disks, but can also be passwords on Post-It notes or scraps of paper, printouts or even financial statements. The potential mountain of IT paraphernalia will then be put in the back of a police van and driven away - just as we’ve seen on countless news and cop shows.

In situations where a business computer is involved the collection method can be very different. In cases such as these you can't take all the computers or the business would just fold.

Sometimes the police will be invited in by the business after financial irregularities or incriminating logs have been found and the individual has had their access keys and VPN access cancelled before being summarily marched off the premises, or if they are lucky, put on gardening leave. In such instances the suspect’s computer may be seized as evidence.

Other computers in the office would be cloned using a specialist software forensic tool such as EnCase in conjunction with a write blocker to preserve the integrity of the source disk. A write blocker is a hardware device that prevents any writes to the source disk. Any source disk that is written to is considered tainted evidence.

If police even suspect there might be illegal images on the computer in question, the computer will be removed for inspection. If a financial crime is suspected the police will still seize the equipment. Rarely is anything left behind.

You will then be taken to the police station.

5 things you didn’t know about cloud backup

More from The Register

next story
True fact: 1 in 4 Brits are now TERRORISTS
YouGov poll reveals terrible truth about the enemy within
Hello, police, El Reg here. Are we a bunch of terrorists now?
Do Brits risk arrest for watching beheading video nasty? We asked the fuzz
Snowden on NSA's MonsterMind TERROR: It may trigger cyberwar
Plus: Syria's internet going down? That was a US cock-up
UK government accused of hiding TRUTH about Universal Credit fiasco
'Reset rating keeps secrets on one-dole-to-rule-them-all plan', say MPs
Caught red-handed: UK cops, PCSOs, specials behaving badly… on social media
No Mr Fuzz, don't ask a crime victim to be your pal on Facebook
e-Borders fiasco: Brits stung for £224m after US IT giant sues UK govt
Defeat to Raytheon branded 'catastrophic result'
NBN Co claims 96 mbps download speeds for FTTN trial
Umina trial also delivers 30 mbps uploads, but exact rig used not revealed
Don't even THINK about copyright violation, says Indian state
Pre-emptive arrest for pirates in Karnataka
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
7 Elements of Radically Simple OS Migration
Avoid the typical headaches of OS migration during your next project by learning about 7 elements of radically simple OS migration.
BYOD's dark side: Data protection
An endpoint data protection solution that adds value to the user and the organization so it can protect itself from data loss as well as leverage corporate data.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?