Cyber Crime Fighters Escape Funding Cut

California’s computer crime force was on the chopping block. It was May, and state budget cutters were threatening the five regional investigative squads with a 30% slash in funding.

Then came disclosure of a high-tech crime close to home at Sacramento’s Teale Data Center: A hacker had accessed the state controller’s computer, which holds the Social Security numbers of 265,000 state employees, including Gov. Gray Davis.

As investigators followed the trail, they discovered computer intrusion on a global scale. By hacking into a computer server known as “Godzilla,” the intruder had gained access to nearly every state computer in California. Systems in 156 countries had also been cracked, including those of more than 1,000 businesses and agencies in the United States.

The complex case, still unsolved, is just one of thousands of computer crimes confronting California law enforcement.

Whether the breach at the Teale Data Center influenced the Legislature, no one wants to say. But the 30% cut was eliminated, despite the state’s continuing budget crunch. A spokesman for the governor’s office of criminal justice planning said last week that full funding would continue for the state’s high-technology crime investigators.

“The task forces will be funded at the same level as the previous year’s funding,” said the spokesman, Tim Herrera. “There has been speculation about cuts, but the governor sees this as an area that needs funding so these cyber cops can do their jobs.”

State Atty. Gen. Bill Lockyer believes that even more computer investigators are required.

“We need to dramatically expand these operations,” said Lockyer. “If we doubled them in size, that might be a start.... This is the fastest-growing crime in America.”

From the most violent murders to the most common frauds, police and prosecutors increasingly find that high-tech detective work is now a necessary part of almost every investigation. Even if a computer is not used to commit a crime, it still can hold valuable evidence in its memory.

“The computer takes away what I call the moral speed bumps,” said Deputy Atty. Gen. Robert Morgester, who helped start the state task force system. “Like stalking somebody. Without a computer, you have to leave your house and do it yourself. Now you can do it right in your home.”

A few years ago, the state had only one high-tech criminal investigator. Today there are 167 from state, federal and local agencies. Together, they receive about $13 million from the state and similar amounts from local funding and grants.

Just as the state has beefed up its resources, the FBI has made cyber crime an increasingly important priority. Larger police agencies have done the same. And the Secret Service recently announced the opening of new task forces in Los Angeles and San Francisco, aimed primarily at protecting banking and other financial infrastructures from cyber terrorists.

Some computer-based swindles net tens of millions of dollars; some hit hundreds or thousands of people for small amounts each. Some people use computers to stalk and terrorize. Many more use them for sexual exploitation, especially of children.

People using computers can counterfeit everything from bank checks to high-quality $100 bills. A Social Security or credit card number is often all a criminal needs to clean somebody out.

Altogether, according to state statistics through June 2001, in just two years, 410,000 people were affected by cyber crime. The amount known to have been lost by companies and individuals approaches $333 million.

Most recently, the San Diego task force was called to help solve a Riverside County case that had court officials puzzled. Employees had noticed that bail amounts had been reduced to zero in some cases and future court dates had been deleted.

Investigators logged on to the computer system and began watching it around the clock, said the task force leader, Michael Groch.

“The investigators could see the suspect activity while it was taking place,” Groch said. “Eventually, it turned out to involve a man with considerable computer skills.”

According to investigators, Brandon Wilson and William Grace cracked into the county’s court computer system 72 times, altering Wilson’s records and those of four other people to make it appear that their cases had been closed.

Charges included possession of illegal drugs and weapons, failure to appear in court, driving under the influence, and manufacturing and importing weapons. Officials say Wilson changed the records to show that the charges had been dismissed.

Wilson also changed drug and gun charges for one woman, and traffic charges for a man, investigators said. Wilson also was charged with altering the records of an accused embezzler and another man charged with driving under the influence.

Facing 216 felony counts each since their arrest in June, Wilson and Grace have pleaded not guilty and await trial in Riverside County.

Morgester said one problem in past computer crime cases has been a history of light sentences. In addition, many prosecutors are reluctant to pursue them because they are often complex and pose difficult jurisdictional problems. A criminal can touch victims thousands of miles away.

“An old adage in law enforcement is, ‘If it doesn’t bleed, it isn’t a crime,’ ” Morgester said.

As with the state’s other task forces in San Jose, Napa, Los Angeles and San Diego, the Sacramento office is a mix of top electronics experts and cops pulled from other duties.

On a Tuesday morning, Sacramento County Sheriff’s Det. Dave Wright, assigned to a federally funded program on Internet crimes against children, said thousands of chat rooms focus on child porn.

“Computers are great for business, but they are wrecking our society,” Wright said. “Child porn is as common as speeding on the freeway.”

The range of cyber cases is just as broad for the Southern California High Tech Task Force in Norwalk, led by Los Angeles County Sheriff’s Deputy Rick Craigo.

“One of our biggest cases was counterfeit software coming in from Taiwan,” Craigo said. “We received information last November from Microsoft and [the] U.S. Customs [Service] that it was arriving. We arrested the chief suspect the same day, and ultimately wound up with $100 million in counterfeit software of Microsoft and Symantec products. The chief suspect here faces a possible sentence of up to nine years.”

Such cases are only the most visible types of cyber crime, however, Craigo said.

“By Dec. 31 this year, we estimate we will have 12,000 identity theft cases in Los Angeles alone. We have 11 investigators to handle them,” Craigo said.

But even as cyber crime investigators scratch for more money, they speak of the need for U.S. businesses and private citizens to take a more critical view of the personal information now being routinely gathered on every citizen.

“Ask yourself: Does your dentist really need to know your Social Security number?” said Lt. Mike Tsuchida of the Sacramento task force. “Do all those businesses out there really need all the information they gather now? Should you be giving it so freely?”

Much the same point is made by those on the academic side of the issue. Fred Cotton, director of a national computer training center based in Sacramento, said government and businesses need to rethink their information-gathering processes.

“We really need to think about how we can be more cautious,” he said. “The public needs to question this too. The bad guys are taking advantage of home systems. Most people need to protect themselves better.”