==Phrack Magazine==

                 Volume Four, Issue Forty-Four, File 5 of 27

****************************************************************************

                             Computer Cop Prophile

                                by The Grimmace



    The following file is something I thought of and did
a LOT of research on before writing.  It's something that
I haven't seen in PHRACK and I've been a devout fan of
this zine since the beginning.

    The "PHRACK PROPHILES" on hackers and phreakers give
readers an insight into the movers and shakers of the P/H
world, but how about a profile or profiles on the
anti-hacker/phreaker establishment that seems to be
growing by leaps and bounds lately?

 In the past years we've seen cops and feds who know
nothing about computers and/or telephone systems bungle their
way through search warrants and arrests and have had some good
laughs at their expense.  But now it seems that the "computer
cops", the feds especially, are putting a big push on training
agents in the "tricks of the trade" and their conviction rate
is getting better.

 The primary source of this training is the Federal Law
Enforcement Training Center in Glynco, Georgia, where they're
teaching computer seizure and analysis techniques,
computer-targeted search warrants, and telecommunications fraud
investigations.  (They're very accommodating about giving out
information on the phone as long as you tell them you're a
cop).  The FBI Academy in Quantico also has a computer crimes
course.

    On the technical side of things, there's an organization
called IACIS which stands for the International Association
of Computer Investigative Specialists based in Portland,
Oregon, and which consists of members of both local law
enforcement agencies nationwide as well as various and
sundry federal agencies.  This group teaches and certifies
cops in how to get evidence from computer systems that can't be
attacked in court (Of course, anything CAN be attacked, but
getting the evidence squashed is not always a sure thing unless
the judge is a computerphobe).

 As much satisfaction as we've gained at the expense of
the US Secret Service from the Steve Jackson Games case, it's
widely publicized problems may prove to be a double-edged sword
hanging over our heads.  Law enforcement learned a LOT of lessons
from mistakes made in that investigation.

    Like most of you, I've spent a lot of years
exploring computer systems (usually those belonging to others)
and personally feel that I've done nothing wrong (know the
feeling?).  I'm sure others across the country also can
conduct a little socially-engineered reconnaissance and
get the lowdown on some of the people we NEVER want to see
knocking on our doors with a sledge hammer in the middle of the
night.

    This profile contains information on the ONLY computer
crime cop I could identify in the Louisville/Jefferson County
area after calling all the major departments posing as a writer
for a law enforcement magazine doing a survey.  Information
about him was obtained not only from his department, but from
sources in the local and federal court systems, Ma Bell
Security, and the Federal Law Enforcement Training Center.  Lt.
Baker is *not* a potential donor to the CPSR or EFF to say the
least.

 I'm currently compiling similar information on other
law enforcement types in the Secret Service, Columbus Ohio PD,
Dallas PD, Georgia Bureau of Investigation and members of Ma
Bell's Data Security Group in Atlanta. Baker was just the
closest to me so I started with him.  If I can get the
information I've requested, then future submissions will
also include lesson plans furnished by FLETC on their training
courses and analysis protocols suggested by the USSS...heh...heh.

Yours,

The Grimmace


   *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*
                          COMPUTER-COP PROFILE I

                              LT. BILL BAKER

                    JEFFERSON COUNTY POLICE DEPARTMENT
                           LOUISVILLE, KENTUCKY


                         INFORMATION COMPILED BY:

                            ** THE GRIMMACE **

   *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*


       NAME:  Bill Baker
       RANK:  Lieutenant

               AGENCY:    Jefferson County Police Department
                         768 Barret Ave.
                         Louisville, Kentucky  40204

                   AGE:     43
 YEARS OF COMPUTER EXP:     13

        YEARS AS A COP:     18
    YEARS IN COMPUTER/
         TELECOM CRIME:      8

              TRAINING:  Federal Law Enforcement Training Ctr.
                                Glynco, Ga.
                      - Telecommunications Crime
                          Telecom Fraud
                          Cellular Fraud
                          PBX Fraud
                      - Computer Crime
                            Illegal Access Crimes
                            Computer Crime Inves.
                            Seized System Analysis

                 FBI Academy
                 Quantico, Va.
                      - Computers in Narcotics Investigations
                      - Computer Crime Investigations

                 National Intelligence Academy
                 Ft. Lauderdale, Fl.
                      - Supervising Intelligence Operations
                            Surveillance Techniques
                            Electronic Tracking
                            Electronic Eavesdroping
                            Video Evidence Techniques
                      - Telephone Systems
                            Wiretaps
                            Dialed Number Recorders
                            Pager/Fax Intercepts
                            Technical Telephony Course

  PREVIOUS ASSIGNMENTS:  Patrol
                            Criminal Investigations/Burglary
                            Criminal Investigations/Homicide
                            Crime Prevention
                            Special Investigations/Vice-Intel

    MEMBER:  Communications Fraud Control Association
                    Washington, D.C.

  PUBLICATIONS:     Various computer/telecommunications
             crime oriented articles for assorted
             law enforcement and computer industry
             magazines (i.e., POLICE CHIEF, DATA TODAY)


 Posing as a freelance writer from the "Law Enforcement
Journal", I made calls to local police agencies all over this
area asking about their Computer Crime Units and received
replies ranging from "What are you talking about?" to "Maybe
FRAUD handles that...hey, Charlie...do the FRAUD guys do
anything with compoooters?".  So much for the Louisville
Division of Police...no fear there, right?

 But I decided to push on since Louisville, though not a
hotbed of phreakers/hackers, IS the latest home of TAP MAGAZINE
(a la Blitzkrieg BBS and the Predat0r) and has a smattering of
"hometown" folks engaged in less than legal activities through
the local phone lines.

 The call made to the Jefferson County Police got me a
solid response of "You'll have to talk to Lt. Bill Baker.  Hey,
Charlie, where's Lt. Baker working now?" (This guy is so low
key his own department doesn't even know where he works!) They
finally decide he's someplace called "Adam Station" and
through "various" contacts and a friendly local attorney who
rarely pays for telephone calls himself, I managed to obtain
quite a bit of information about Lt. Baker and his obviously
misguided quest.

 Lt. Baker is fairly typical of the "new breed" of
high-tech investigator currently being churned out by the
various federal training schools.  He's aggressive and, from
talking to other members of his department, thought of as a
"computer weenie" who was probably a hacker himself before he
embraced the "dark side" of "the FORCE". (I personally believe
that this may be more fact than fantasy after talking to him on
the phone since he seems to know more about phreaking and
hacking than one would think would be taught in the
aforementioned federal institutes of higher learning.)

 I finally managed to speak with Lt. Baker on the phone
and gave him my "writing about computer crime" rap which he
bought with little suspicion.  The following are excerpts from
the recording I made of the conversation [comments in brackets
are mine]:

TG:     How would you rate the progress of computer and
        telecommunications crime investigations in this area?

Baker:  There have been some good cases made here, but there's
        still a long way to go.  The main problem is that there
        hasn't been a push from local businesses in this area to combat
        these types of crimes.  Most of'em don't want to admit they've
        been hit from the outside.  If there's no complaints,
        then the departments aren't likely to want to spend the money
        to dig up additional crime, right?

TG:     Of the hackers you've worked on, what kind of capabilities
        do they have and how good do you think they are?

Baker:  Well, hackers and phreaks are like any other cross-section
        of a criminal group...there are some that are very good
        and some that are pitiful.  The best thing you can say
        about working hacker/phreaker cases is that a lot of them
        catch themselves.  They have huge egos and tend to brag
        a good deal about what they've done and how they did it.

TG:     Does that mean that you don't think a computer crime
        investigator has to be as good as the criminals
        he chases...I mean, because a lot of these people leave
        so many clues behind?  How would you rate your ability
        in this field?

Baker:  Nope...not at all.  I think that as technology gets better
        so will the crooks. Let's keep the record straight here.
        Sure, there are bozos out there who read a how-to file in
        an old PHRACK and decide that they have the knowledge
        they need to nuke the phone company or ride a VAX like
        a Hell's Angel rides a Harley.  Those are the easy ones.
        The ones who -write- [author's emphasis] the technical
        articles in PHRACK are the ones to worry about.  There
        are some stomp-down [??] incredibly knowledgeable
        individuals in circulation blasting away with their modems
        at any target of opportunity.

TG:     You didn't mention your own ability for investigating
        these people.

Baker:  (Laughs) Yeah, well...let's say I know enough to get by
        and am smart enough to know that there are no absolute
        experts.

TG:     How would you comment on the Steve Jackson Games case?
        Do you think the Secret Service set a lot of bad
        precedents?

Baker:  (Laughs) Noooooooo....sorry, pal.  That's been jawed to death
        in every phreak/hack mag, legal journal, and Internet
        newsgroup in existence and I'm not about to stick my
        neck out on that one, OK?  I will say that everyone learned
        a lot from that case and I seriously doubt if you'll see the
        same set of problems reoccurring in future cases.  Maybe
        the CSPR or EFF hired guns can come up with a new group
        of loopholes, in which case we'll have to find new ways
        to circumvent those attacks.

TG:     You sound a little critical of the EFF and CSPR efforts
        in their defense of so-called "computer criminals".

Baker:  Well, I'm sure that they believe in what they're doing.
        They must to invest that much cash and energy.  But I
        think there has to be some middle ground agreed upon
        rather than just whining about "all information should
        be free" and "if I can get into your system then I should
        be allowed to look around".  I'm not going to launch into
        a diatribe on organizations that I don't agree with. I'm
        simply going to work harder at dotting every "i" and
        crossing every "t" to make my cases more secure.  Stealing
        telephone service is a crime, defrauding businesses is a
        crime, gaining unauthorized access into someone else's
        computer system is, in most states, a crime, and even if
        there's no law on the books making it a crime, it's
        wrong.

TG:     Since by your own statement, you feel that high-tech
        crime investigation is still in its infancy, what groups
        or organizations would you say are in the lead in trying
        to combat this type of crime?

Baker:  The most significant two I know are the Federal Law
        Enforcement Training Center in Glynco, Georgia, and the
        Communications Fraud Control Association based out of
        Washington, D.C.  FLETC [he pronounces it FLET-SEE]
        probably has the finest computer crimes training program
        in the country.  They bring in acknowledged experts and
        don't cut the students any slack as far as learning to
        do things correctly and, most importantly, legally. The
        CFCA is the leader in Telecommunications security and
        provide training and assistance to telecom and computer
        companies along with law enforcement agencies all over
        the country.

TG:     Why do you think so few law enforcement agencies know
        anything about computer crime investigations?  Are they
        going to leave the phreaks to the feds?

Baker:  Nah...I don't think you can simplify it that easily.
        Most departments don't have dedicated computer crime units
        because of lack of funds to support such a unit, lack of
        trained personnel, lack of understanding of the magnitude
        of the problem, fear of increasing their crime stats or
        any combination of those reasons.  When I first got into
        this, there weren't any experts.  John Maxfield and his
        BOARDSCAN operation got a lot of talk in the hack/phreak
        journals and there were a small handful of others, but
        no real standout authorities. I talked to an awful lot
        of people before I hooked up with Clo Fleming at SPRINT
        Security who helped me a lot.

TG:     Do you still trade information with SPRINT?

Baker:  I have contacts with all the major telecom carriers.
        The training I got at FLETC really helped make some valuable
        contacts.  But I guess SPRINT and Clo Fleming would be
        my first choice simply because they were willing to help
        me when no one else would.  You can't operate in this
        environment without contacts in the OCC's.  It can't be
        done and the OCC's [Other Common Carriers] are a lot
        more willing to assist law enforcement now than they
        were in 1985.  Of course, the telecommunications industry
        is taking a $4-5 billion hit a year from fraud and that
        has a lot to do with it.

TG:     Do you subscribe to the hacker/phreaker magazines?

Baker:  Sure...I subscribe to 2600 and get copies of some
        others.  I think PHRACK's probably the best overall,
        but I can't afford the subscription rate they've imposed
        on government agencies since Craig Neidorf took the hit
        for publishing the "golden" E911 document. I've learned
        a ton of stuff over the years from PHRACK and wish it
        were still free, but they have a right to their info
        just like the people who own the systems attacked by
        hackers.  It'd be kind of hypocritical for me to rip off
        PHRACK and then turn and prosecute some other guy for
        ripping off information from another source, right?

TG:     What problems do you foresee in the future in computer
        and telecom crime investigations?

Baker:  Jeez...why don't you ask me when we'll have world peace
        or something easy? OK, I think we'll probably see the
        larger departments being forced to play catch-up with
        the current trends and always being a little behind in
        this area.  I also think you'll see more officers losing
        cases and being sued, a la SJG, until they get the
        specific training required to handle these cases the
        right way.  Turning seized systems over to the local
        "computer guy" in the department is going to cost'em in
        the long run because every lawyer who gets one of these
        cases is going to compare it bit by bit with the SJG
        case to see if there's anything there he can use for
        his client's defense.

TG:     There has been a lot of discussion about whether or not
        computer systems should be seized rather than just
        making copies of the data for evidence.  What is your
        policy on equipment seizures when working cases like
        this?

Baker:  First of all, I don't go on fishing expeditions with
        search warrants. If I have enough to convict a guy then
        I get the warrant.  I take everything that's there and
        do the analysis.  I've had cases where the defendant has
        requested copies of data he needed for various reasons
        and I've had no problems with furnishing them as long
        as the request is reasonable.  I ask for forfeiture of
        the equipment if I can link it to the crime because the
        law says I can.  If I can't link the computers, then I
        give them back...simple as that.  I think it's kind of
        interesting that most hackers or phreaks will refuse to
        take a guilty plea for a reduced charge, even if I have
        them stone cold and they're looking at a 99.999999%
        chance of conviction in a jury trial, if it means
        they'll lose their equipment in the deal.  It makes good
        leverage in certain situations.

TG:     Did you have any part in Operation Sun-Devil?

Baker:  Nope.  Though I'd have liked to.  I was on a lot of the
        systems taken down in Sun-Devil.

TG:     You said you were on some of the systems busted in the
        Sun-Devil operation, are you still on phreak/hack
        boards and would you name any?

Baker:  (Laughs a lot) I think I'll pass on naming systems I'm
        on, OK?  That'd be cheating. (Laughs again)  But I get
        around enough to know what's going on.  There are lots
        of investigators out there calling the boards.

TG:     I appreciate your time, Lt. Baker, and would like to ask
        one last question.  What motivates you in these cases
        since the alleged "theft" involves pretty intangible
        property?

Baker:  Motivation? Hmmmm...I suppose you could say it's the
        chase that motivates me more than the catch, though
        the catch is pretty good, too.  These cases tend to
        be more one-on-one than some other types and the
        adversaries can be very good at covering their tracks.
        Hell, I probably have more in common with the people
        I target than they'd like to believe.  As for the
        "intangibility" of the stolen goods, well, that's why
        we have court systems, isn't it...to define those
        little details.

TG:     A lot of computer crime investigators would rather stay
        in the background, but you don't seem to have taken that
        position.  Why not?

Baker:  Well, like anyone involved in anything relatively new,
        as opposed to the old standard type crimes like murder
        and armed robbery, it's to my benefit to have anything
        printed informing people of the problems created by
        this type of activity.  We all pay the price for telecom
        fraud, credit card fraud, data loss due to illegal
        access to computers and all the rest.  But the people
        involved in these crimes, for the most part, don't
        exhibit the same profiles as the so-called "violent"
        criminals.  In fact, I've had some very friendly
        conversations with a number of phreaks and hackers.
        Investigators who have problems would probably have
        them no matter what crimes they were investigating.
        I never assume that I'm smarter than anyone I'm
        chasing and I don't rub their noses in it when I make
        a case.  Just like I don't lose sleep when I just can't
        seem to get that last piece of the puzzle and one gets
        away.  It's hide-and-seek in cyberspace.  Pretty good
        game, actually.

For what it's worth, there it is.  The interview printed here
doesn't contain a lot of the bullshit that was thrown back and
forth during our conversation, just the relevant details which
tend to give an insight into this guy.

Frankly, I was impressed by the fact that he didn't seem
anything like I had expected after reading horror stories about
other agencies and investigators.  This guy was personable and
maybe that's an indicator that he's dangerous. Never, ever
underestimate your opponents -- even if they do sound like
"good ole boys" and talk to you like you're the best friend
they ever had.  Always remember that COPS INVENTED SOCIAL
ENGINEERING!

My next "computer cop" profile will deal with a rising star in
the U.S. Secret Service and his connections to the Guidry
Group, a consulting organization working for the cellular phone
industry in combating cellular fraud.