It should go without saying that, in every situation where a crime is taking place, it is most desirable to catch the perpetrator. Doing anything else, including merely disrupting their operation, is simply a consolation. With this in mind, I find that best practices are not always laid out properly so that professionals going into this situation know how to meet the desired end. Even though I specialize in online investigations, I come from the old school and believe that those skills are sometimes a lost art in the new world of online investigations. We will always be investigating people, not their tools. If I hear another firm tell me they are “investigating a website” I’ll pull my hair out. You are investigating the crimes being committed by the operator(s) of a website. Just as a homicide investigator would not say he is investigating a bullet, or even a gun, you are not investigating a thing either. Things are tools people use to commit crimes. Although the tools are important, they are mere hurdles between you and the culprit.
This leads me to discuss the concept of investigation strategy on the Web. I’m not going to get into details on how to be anonymous on the Web because there are a lot of great articles on that. What I’m interested in talking about is the philosophy I’ve developed during my twenty-two years of investigating people online and working with hundreds of firms. This leads me to The Crack House Principle. I originally introduced this principle in a presentation to the International AntiCounterfeiting Coalition in 2005. The presentation itself was fairly broad and covered many aspects of the Web and investigations therein. Since then, I’ve incorporated these teaching into my IPCybercrime Boot Camp that toured North America a few years back. I realized the other day that I have never written a post on this topic. Shame on me!
Imagine, if you will, you are assigned to investigate a drug operation in Venice Beach. Drugs are rampant and you received a tip that the primary source for a number of the local dealers is operating out of a house on Mildred Avenue, just a couple blocks from the Venice Canals. You decide to go to the house wearing your office clothes, walk around the backyard and peek into all the windows. After enough peeping, you decide to knock on the door. Surprisingly, someone answers. He is musclebound and covered in tattoos. His name is probably Spider. He opens the door and says nothing. You politely say, “Hey fella. Got any crack?”. The door slams. You return to the office feeling somewhat accomplished. It’s time for someone else to visit and close the deal.
Ernie from your office putts over there in his 1990 Corolla and parks out front. He fixes his hair in the rear view mirror and takes a breath mint. After a couple minutes of repeating affirmations from a CD, he garners the courage to get out and beeline to the door. Ernie walks up the six steps, avoiding a deteriorating mattress and a couple stray cats. He adjusts his bow tie, clears his throat and knocks. No one answers. After a short bit, he knocks again. No one answers. Instead of leaving, Ernie walks around to the backyard and starts peering into windows. After a few peeps, he finally sees a a female in a bedroom fiddling with a laptop. Ernie clears his throat again and says, “Excuse me, ma’am?” She jerks her head to him as Ernie continues, “Umm… pardon me, but do you have any crack?” She turns her head back toward the Facebook game she is playing. Ernie tucks his tail between his legs and proceeds back to the office where he reports his findings to you.
Not a person to quickly give up, you decide to wait a few days and then send your secretary Agnes over to Mildred Avenue to do a third round of recon. You now know that this MUST work. Because, well, Mom always said, “If at first you don’t succeed, try, try again.” Why doubt Mom, right? So, Agnes, excited to get out of the office, grabs her purse, slathers on some lipstick, hops into her minivan and jets over to our target location in Venice Beach. When she arrives, she repeats Ernie’s moves. She knocks, peeks around yells, “Hey y’all! Got any crack?” into a few windows to no avail. Agnes reports back to the office and you put on your thinking cap. You say to yourself, “Our informant told us there was crack being sold there. It’s there. I know it! I guess it’s time to kick it up a notch and call my trusty private investigator.”
Good choice! So you get on the horn and call your trusty P.I. You fill her in on the address and what she should be looking for. The P.I. heads there and is surprised to find a “For Sale” sign out front with no signs of life. She decides to take a look inside since the door is wide open. Even inside, there are no signs of life. Your investigator then calls in her forensic team and scours for evidence. Everything has been cleaned out. Not a trace of drugs or fingerprints. So you celebrate. We stopped ’em! You even pop a cork and pour a few drinks for the staff. Two days later, you get a call that drugs are not only still rampant on Venice Beach, but an informant tells you that there is talk among the criminal underworld that a law firm has been snooping around and, hence, taught the dealers how to avoid them by revealing their methods so openly. These people have done this before. We’re dealing with professionals. Go figure!
You go back to your investigator and tell her the story. She flatly tells you there is nothing she can do at this time and mentions that, if you called her earlier, the dealers could have been caught. There are some things your investigator knows from so many years of training that you could not possibly have known. You hang up and sulk in the fact that the case is blown and it is everybody’s fault but your own. Does this sound realistic? No, not literally. In the physical world, any attorney would know that knocking on doors and peeking into windows randomly asking for crack would result in an empty crack house.
That is why I invented The Crack House Principle to help attorneys understand the concept of online investigations. On the Web, just like the physical world, crooks can see you coming. They can see where you’ve been, where you are poking around on their site and, worst yet, most times the can figure out exactly who you are. It may surprise you that most times when you pass a website investigation to your investigator, this is the exact scenario.
So, hopefully, this has been an interesting article for you to read. Please, no one think the purpose of this is to talk down to you. It is not. The purpose is to help you understand the intricacies of the investigator’s job so that you will know next time it is best to pass the case off as soon as it has been received. I know from my lifetime of doing this that, the sooner collaboration begins, the higher the likelihood the case is solved. And isn’t that what we’re all looking for?
Now, I’m going to finish my coffee.