Last October, as officers and agents from a hodgepodge of law enforcement entities were scrambling to identify the origin of a bomb threat made at a local hospital, Kevin Levy, commander of the Mobile Police Department’s (MPD) cyber division, sat a few feet away in his office with a big smile on his face.
“As they’re going through all of these things, someone turns around and asks me why I’m smiling, and I said, ‘because it’s working,’” Levy said. “I was smiling because I was sitting there watching what normally would have required weeks of phone calls, emails, getting in the car and driving to someone else’s office, but yet here they were sitting here doing all of that in about five or 10 minutes.”
Fortunately, there was never an actual bomb at a hospital that day, but the threat itself is exactly the type of crime Mobile’s Gulf Coast Technology Center (GCTC) was built for.
Outfitted with some of the most cutting-edge technologies, the GCTC is a collaborative space in Mobile where officers and investigators from more than a dozen local, state and federal agencies share resources, manpower and know-how in the fight against violent, cyber and financial crimes.
While the facility is the natural epicenter for working cyber crimes, it has also become an invaluable resource in all kinds of police work because of the prevalence of technology. But while things like cell phones can provide key evidence, they have to be carefully collected, examined and documented to be admissible in courts still figuring out how new technology can be handled constitutionally by law enforcement.
Outside of helping support officers in real-time situations, the GCTC staff works with officers from MPD and other municipalities to teach them those proper techniques and they also proved to be instrumental in helping to extract and properly preserve digital evidence for investigators around the Gulf Coast.
Levy said “there is no jurisdiction” when it comes to cyber crimes.
“A bad case in a neighboring jurisdiction is just as bad for us when it comes to digital evidence,” he said. “I would rather have everybody that handles digital evidence do it correctly. It’s science; whatever is on this phone is there, but if the process is not done properly, you can start losing really valuable evidence.”
An “anti-task force”
There are currently 20 people from 18 partnering agencies who regularly report to the GCTC, which opened in mid-2018. It’s been billed as a “force multiplier” that allows officers from agencies like the Mobile and Baldwin county sheriffs’ offices, FBI, Alabama Law Enforcement Agency, the U.S. Secret Service and a number of municipal police forces to work together on each other’s cases.
It has also allowed agencies to pool their collective resources and equipment. Though MPD does not disclose the location of the building, it is currently being rented by the city of Mobile. For its contribution, the Secret Service invested roughly $750,000 in equipment and training when it was opened.
It’s not unusual for federal, state and local law enforcement to work together, especially in a city like Mobile where all three have a presence. However, Levy — who retired from the Secret Service himself — said the GCTC is different because it doesn’t have the singular focus some federal task forces can.
Typically, a task force would be set up by an agency like the FBI, which might invite a handful of local officers among its ranks. However, those officers would be focusing on specific FBI cases and priorities.
Under the GCTC model, that approach is turned on its head. Under one roof in Mobile, those same agencies might instead be helping police on cases from Foley or Saraland — lending resources and experience to cases they might normally have never looked at.
Levy calls the group an “anti-task force”
“We’re all in this together to combat violent crime, conduct threat mitigation and to provide training and intelligence. So, it really doesn’t matter what logo is on a shirt or what badge somebody is wearing,” he said. “If somebody brings in a threat against a school, we work it. If somebody brings in a cyber case involving a grandma who got defrauded online, we work it. And we do that by supporting everyone’s investigators and providing the resources and tools needed to help them get to their suspects.”
The help the GCTC can offer isn’t limited to 18 agencies that contribute to it, either. Levy said agencies from various places have sought assistance from the center either on specific cases, in training or through guidance on how to set up a similar facility in their own jurisdictions. Members held a training in Biloxi last month and officers from the Montgomery Police Department visited GCTC in September.
While there’s no overarching objective, the GCTC staff does focus on a few key areas: solving and preventing violent crimes, mitigating online threats, investigating cyber attacks and conducting digital media forensics on location at crime scenes or by examining devices brought in from other agencies.
Another asset to local police is real-time intelligence sharing, which can get crucial information to cops on the ground. However, exactly what tools the GCTC has at its disposal is a bit unclear. Levy declined to get into specifics because he doesn’t want to disclose too much information about its operations.
It is known the center has powerful software that can process mountains of data more quickly than most PCs. MPD’s cyber division can also access Project Shield — a voluntary initiative giving police access to residential and business cameras throughout the region, including some that can be viewed remotely in real time.
Whether it’s a bomb at a hospital or a teenager saying he’ll “shoot up” a school, online threats can often be complicated by how quickly they spread. A threatening post might be photographed, screenshot and shared hundreds of times before investigators ever see it. Levy compared retracing those steps to “peeling back layers of an onion,” but said having multiple agencies work on the same threat saves valuable time.
“The time to deal with a threat at a school is not once a student is on campus, because that’s too late if they are truly intent on committing some kind of crime,” he said. “If we have a school targeted in a threat, we don’t stop and come back in the morning … we’re going after them nonstop with all that we have.”
Ransomware and malware attacks are another area where policing overlaps with new technology. Over the summer, multiple agencies with a presence at GCTC reportedly helped investigate an attack on Spring Hill Medical Center, though neither the hospital nor police ever confirmed a ransom was demanded.
Though they are less technical, the Mobile Housing Board (MHB) and the Alabama State Port Authority (ASPA) have also fallen victim to “business email compromise” attacks. Cyber criminals using these kind of “spear phishing” attacks typically mimic an email from a high-level employee or a third party.
This type of scam caused the release of hundreds of ASPA employees’ tax information in 2017, and a seperate attack in 2018 led to MHB releasing $480,000 to what it thought was an unpaid contractor.
In addition to law enforcement, one way to mitigate cyber crimes is training a security workforce that’s equipped to combat them in the future. That’s some of what Todd McDonald, a professor of computer science, and his colleagues are doing at the University of South Alabama’s (USA) School of Computing.
“Technology changes so much that we’re always having to play catch up,” McDonald told Lagniappe. “The hard part about being the defender is you have to continuously protect against all possible intrusion, but an attacker only has to be right once and you have a massive data breach. We have the harder job, but that’s why we’re here trying to prepare students to be those defenders — to be the good guys.”
Sometimes the “good guys” train by learning what skills the “bad guys” are using.
One common cyber security tool is penetration testing, which is where a company or organization will pay someone to try to identify and exploit potential vulnerabilities in their networks. Large companies like Google have held public competitions in the past asking people to hack them, and events like the annual Collegiate Penetration Testing Competition (CPTC) give students a chance to do the same.
This year, USA was the only college in Alabama that participated in CPTC. The school of computing is also designated as one of the National Centers of Academic Excellence in Information Assurance, which means it can offer scholarships to prospective students that cover tuition and — in some cases — actually pay them to attend school in exchange for agreeing to take a federal job in cyber and information security after graduation.
According to McDonald, USA has brought in more than $6 million from those scholarships since 2012, but despite some progress in the area, he said the government is still working to address a skills gap. He added recent studies have indicated three out of four jobs in cyber security remain unfilled.
“One thing you can say about people in our field is that we have job security,” McDonald said. “We took one of our teams to a national cyber defense competition about two years ago, and pretty much if you’re good enough to be at a competition at that level, there’s vendors and sponsors who are there to talk with students, and it’s pretty much considered a job interview.”
Fortunately, Levy said Mobile has not been a frequent target of large-scale cyber attacks, but warned individuals and businesses can easily fall victim to online predators if they let their guard down online.
Whether the endgame of a cyber crime is to get someone’s banking information, install ransomware that holds personal information hostage or contact and exploit underage children, Levy said the biggest danger of the internet is “it’s sometimes difficult to know what’s true and what’s false.”
“Online I can be anybody I want to be, and if you’re a victim — especially if you have problems at home and now you’ve got someone who just listens and says they understand you — it’s so easy to get lured in,” he said. “You’re probably saying that could affect every child, but probably about half of our victims are adults. They suffer from some of the same issues: they get lonely, they want to talk to somebody.”
There was nothing tech savvy about USA professor Dr. Matthew Wiser’s murder last month.
He was gunned down in his home during a robbery, and for weeks police had struggled to identify a potential suspect. It appears that all changed because of a video game, though. According to prosecutors, Wiser’s Nintendo Switch signed onto to an online network days after he was found dead in his home — a break that led investigators straight to arrested suspects Derric Scott and Tiquez Timmons.
Though Levy and other MPD personnel wouldn’t discuss the pending case, the investigation of Wiser’s death offers a good example of how advanced technology can be used to solve seemingly primitive crimes because of how many things are connected to the internet and to each other in modern society.
Cell phone pings can pierce holes in albis. Deleted Google searches can clearly show motive, and the “digital forensics” that produce that kind of evidence for prosecutors has helped lead to convictions in numerous local homicide cases over the past several years.
“I’d say we’ve likely worked on every digital device that has come up during a homicide case in Mobile for the past several years. With homicides, there aren’t many witnesses in most instances, and that kind of evidence can speak volumes,” Levy said. “If we can, we physically get our hands on the phone and we can see if somebody searched for a map location or whether somebody connected to Wi-Fi at a hotel. We can also establish where a device has traveled by looking at how the phone company sees those devices.”
When properly collected and preserved, Levy said courts give digital evidence the same weight as physical evidence, though there are a number of challenges digital forensics pose for investigators.
For starters, like physical crime scenes, investigators have to make sure a phone or any other digital crime scene is secure and can’t be tampered with. That can be a little trickier than just putting up police tape, and Levy said any kind of change after a device is in police custody could cause a piece of evidence to be lost or lead to a defense attorney challenging its admissibility in court and keeping it out of a trial.
Devices can be secured with specialized evidence bags that prevent them from accessing or being accessed by any kind of wireless network, but those get pricey. Currently, GCTC distributes evidence kits to local officers that use a type of coated aluminum foil that essentially does the same thing.
Levy said GCTC also works to train investigators on what they’re allowed to do when they encounter a digital device they believe could contain useful evidence — something he said can be confusing because many of the laws that still govern that kind of evidence were written before cell phones even existed.
That said, Levy said the U.S. Constitution was written broadly enough to give some guidance for police.
“I always tell officers that, legally speaking, a cell phone is exactly the same as a house,” Levy said. “Whatever rules or laws apply when you’re dealing with a person’s house, it’s the same for their phone. If you need a search warrant to get into the house, you’ll need a search warrant to get into the phone.Levy said it’s also become harder to obtain some evidence from private companies, many of which have begun to markf98uyf98uyqef98hqefp98hqefp98heqp97ghefqqefwh89fqh9efh89h89[h89[f 89[hfw et customers’ personal privacy as part of their brand. However, the law still allows companies to release information to governmental agencies in emergencies and investigators are still available to access a lot of information through subpoenas and search warrants.
Those processes can also slow down an investigation, though.
As laws regarding digital evidence and personal privacy are hashed out in courtrooms across the country, Levy said MPD is continuing to take an “overly conservative” approach when it comes to what evidence it’s willing to get and how it’s willing to get it. He also said the department tries to keep an eye on relevant cases in other jurisdictions as certain issues come before U.S. appeals courts.
“We set a really simple goal when we started this place: We don’t ever want to see United States v. Mobile Police Department — we do not want to be case law,” Levy said. “So, we are very cautious when it comes to what activities that we do, but we still can’t let that inhibit our ability to work a case or solve a crime. We’ve still got to go out, find the phone, find the evidence and get the bad guy.”
This page is available to subscribers. Click here to sign in or get access. During the month of December, give (or get) a one year subscription with TWO months FREE.