Cyber Sleuth Catches Crooks in Web of Deceit

Investigator Mike Thomas remembers staring at the law enforcement logo flashing across his computer screen during a computer training class years ago.

He studied it. It looked all right, he thought.

Then he spotted its secret. The computer programming was written to show a law enforcement shield. But under that image, another, more sinister one appeared.

It’s a cloaking technique is used by child pornographers to keep from getting busted.

“It’s amazing what [criminals] will do to hide their files,” said Thomas, a Ventura County district attorney’s investigator. “You could be looking at an agency’s seal, and it’s a drug list. But you’ll never know unless you understand the language.”

And Thomas has spent the past two decades learning to speak the language of computers fluently. These days, even the most sophisticated crook stands little chance of keeping incriminating documents and photos hidden behind computer code “gibberish.”

Passwords? Thomas cracks them. Encryption? Unlocks it. Deleted documents? He’ll resurrect them.

But as the use of personal computers multiplies, Thomas finds himself scrambling to keep up with a steady flow of confiscated laptops and hard drives streaming into his office.

The 52-year-old investigator is the county’s only full-time computer cop, serving the district attorney’s office and any other local police agency in need. The Sheriff’s Department employs a fraud investigator in Thousand Oaks, but he only takes on computer investigations part time.

“If I didn’t get another computer into this office all summer there would still be a three-month backlog,” Thomas said. “It’s getting to the point that, yeah, I’m having to turn down some requests. I just can’t get to it all.”

Some relief is in sight.

The district attorney’s office expects to receive grant money designed to encourage neighboring counties to combine efforts in computer investigation, or “computer forensics,” as it’s known in law enforcement.

Thomas and a yet-to-be-selected investigator from the Sheriff’s Department will join experts in Los Angeles and Orange counties to create a regional High Tech Crime Task Force, operating with a $660,000 annual budget and funded by state and federal grants.

Until the early 1990s, only the FBI attempted computer forensics. But between 1986 and 1992 the number of U.S. households with a personal computer grew about 120%, bolstered by the advent of Windows software in 1990.

Local law enforcement, however, was slow to pick up the FBI’s slack. And Ventura County is not alone in having a single computer forensics expert.

Technology grants are an incentive to encourage local agencies to train more computer-savvy investigators, said Gary Auer, head of the district attorney’s Bureau of Investigation.

Without funding for additional positions, investigations will grind to a halt, said Auer, who is Thomas’ boss. “The volume is so much, we’re going to be overwhelmed.”

Auer has one other investigator enrolled in classes, beginning the long process of becoming a computer forensics specialist. But it will take years before a new computer data detective is an expert.

Nobody knows that better than Thomas, who began his training in 1979 while working as a civilian investigator for the Department of Defense’s Naval Investigative Service. It started with a two-day course on computer crime and security.

Thomas was intimidated.

In those days, a computer mainframe filled an entire room--no such things as desktop hard drives or computer diskettes.

“Just a bunch of tapes and paper cards,” Thomas said. “That’s how the programs ran.”

But that first class sparked Thomas’ interest, and he continued his computer education by taking courses at community colleges and reading anything and everything he could find about computer technology. Even today, a yellow and black “DOS for Dummies” book rests among his collection of thickly bound computer guides.

Not that he is one of those, you know, computer nerds, he insists.

“I don’t want to use the word ‘geek,’ ” Thomas said. “I don’t think that’s fair.”

But by the time he joined the Ventura County’s district attorney’s office in 1980, he knew his head cylinders and sectors from his master boot record.

Thomas’ first job was as a fraud investigator, and computer sleuthing was simply a “collateral assignment.” But he took additional computer training offered by the FBI, the Department of Justice, and the High Technology Criminal Investigation Assn., which offers continuing-education classes.

The first local test of his computer skills came in 1981, when he investigated the telltale signs of someone attempting to break into the county’s computer system. How could he tell? He spotted a series of failed log-in attempts.

“You could see he was getting frustrated,” said Thomas, noting that after a while the would-be crook tried logging in with curse words. He or she never broke through, and Thomas didn’t catch the suspect--that time.

For the next decade or so, computer crimes were still minimal. Thomas passed time working in the county’s child support division, then in the gang unit.

But everything changed in 1994, as use of the Internet exploded. Suddenly, everyone had a personal computer, maybe two--one at work, another at home.

That’s also the year Thomas’ first big computer fraud case came through.

The county seized nine computers in an undercover sting operation aimed at arresting a network of chiropractors filing bogus claims to health insurance companies. The cases resulted in several arrests.

Then came a case of a Santa Barbara man accused of molesting a child in Ventura. Cracking into the man’s seized computer, Thomas found evidence of pedophilia--digital pictures of children engaged in various sex acts. In the ensuing investigation, police found letters from the man’s doctor indicating he was HIV-positive. The man was convicted, and, to date, none of the molested children has tested positive for the virus.

Before long, Thomas began working in computer forensics full time. Two years ago, Thomas scanned 18 hard drives looking for clues in criminal cases. Last year, that number jumped to 53.

Today, few search warrants are served in Ventura County without Thomas’ help. He’s called on to dismantle any computer in a home or office for safe transportation back to his desk at work, where eventually it will be dissected in a search for evidence.

“It’s virtually impossible today to do an investigation without computer access,” Auer said. “At one time, everyone’s records were on paper, stored in boxes. Now, they’re maintained on the computer. How are you going to read it without someone like Mike Thomas?”

And there is more than just hidden files. As he spoke, Thomas was trying to determine what time a woman made her last few key strokes on a computer. It was a murder-suicide case, and Thomas was intent on helping determine an approximate time of death.

It’s stressful work, Thomas acknowledges. But he works through the tension as the drummer for Gold Coast Pipe Band, a Scottish group appearing at local clubs and parties. He performs in full Scottish regalia, including kilt.

Back at work, Thomas says he’s still learning. It’s crucial if he wants to stay on top of the constantly evolving technology. And it’s a requirement to keep up with the crooks, who become more sophisticated all the time.

From forged documents to sexually explicit photos of children, crooks today know how to compress their files until they’re unrecognizable. Or protect them with a maze of passwords. Or hide them inside other images.

Thomas said he has even seen images embedded in a song. Download the data one way, it plays music. Download it another, sexually explicit pictures flash across the screen.

But Thomas is rarely fooled.

“You need the key to get in there and know what you’re seeing,” Thomas said. “Otherwise, you get in there and you don’t understand. What you see is all Klingon,” referring to the language of Star Trek’s alien warriors.

In today’s computer-driven economy, where “dot-com” is king, Thomas could take his cyber-sleuthing skills to a private corporation and easily pull in a six-figure salary. And he’s had offers.

But he refuses.

Part of the reason is his faith. Thomas said he is a deeply religious man, a member of the Fellowship of Christian Officers since 1982. The group gathers once a week to pray for each other and all those dedicated to law enforcement.

And then there’s his family. He’s been married for almost 30 years to Marie Thomas, a woman whom he says “lifts me up and gives me support.” The couple have two children: a son, 25, and a daughter, 27.

Thomas said thinks of them when he’s working to save an abused child, knowing his discoveries could help put the perpetrator behind bars.

And in most cases, an underage victim never has to take the stand. Images from a computer are often more powerful than any small child’s testimony.

“You work your hardest to keep your victim off the stand,” said Thomas. “If I can find the data to do that, well, that means a lot.”

A sign hanging in his office sums it up: “We make a living by what we get. We make a life by what we give.”