CBRN-Cyber Crime and new technologies

Featured Image sources/copyright: ISEMI via Czech police

Investigating CBRN crimes requires special qualifications, training, and the assistance of new technologies. Especially when it comes to the connection between CBRN crime and Cybercrime. In recent years, in cyberspace, we have seen many attempts to procure CBRN materials through the DARKNET, as well as the preparation of terrorist attacks using dangerous substances. The investigation of the mentioned specific crimes presents many challenges, especially when securing digital evidence and during cyber profiling.

The necessity of using new technologies in securing digital evidence, but also within the so-called Cyberprofiling is therefore unquestionable. For this purpose, there are tools such as Psycholinguistic analysis of digital communication, Shaw’s Remote assessment methodology (Turvey, 2012) and Idiographic digital profiling (Steel, 2014). Their existence confirmed the justification, but it is necessary to further develop and combine them with other effective IT tools.

Although there is no recognized unified methodology for Cyberprofiling, it is gradually being developed within professional circles of behavioural analysis. The success of using cyber profiling has already been proven.

As an example of the use of psycholinguistic analysis and idiographic digital profiling, we can mention the case of “The Dread Pirate Roberts”. Pirate Roberts under the real name Ross William Ulbricht was considered the head of the Darknet platform Silk Road, which was known to be used to trade in illegal drugs. The above-mentioned analysis generated several important features and a profile of the perpetrator, which were used to issue an arrest warrant against Ulbricht. It was mainly a combination of communication details on Google and LinkedIn accounts. One of Ulbricht’s photos posted on these accounts was also on mises.org, whereby The Dread Pirate Roberts account contained links to mises.org in his Darknet signatures. Other profiling aspects included the same timeline in which Ulbricht made contributions to all accounts. The way he communicated and behaved on the Internet in connection with digital footprints as an IP address has allowed the investigation to be completed and Ulbricht to be charged (United States Government, 2013).

Cyberprofiling can be performed using metrics that allow the identification of a profile of cyber-criminals through an assessment of the offender’s modus operandi, psychology, and on-line behavioural characteristics including motivations (Bada and Nurse, 2021).

The creation of a special digital tool that would contain several analytical categories of indicators and algorithms of behaviour and modus operandi in cyberspace would be of great importance for law enforcement and intelligence agencies. These categories should then be automatically analyzed in connection with technical information related to the production, handling, use, theft, storage and weaponisation of CBRN materials or means and objects used for their production, personal protection and subsequent decontamination activities. It would also be necessary to combine this information with the above-mentioned psycholinguistic analysis of online communication.

Another specific case from the Czech Republic, which we have analysed in cooperation with the Czech police, confirmed the importance of developing structured and scientifically verified cyber profiling methods using new technologies within the framework of international cooperation.

In 2017, the perpetrator M.H. unsuccessfully attempted to acquire dimethylmercury via the darknet. Between February and March 2018, he attempted to acquire C4 plastic explosives via the darknet. Again, unsuccessful, he turned his attention to the biological toxin abrin. Finally, he negotiated with a darknet seller to buy 100 grams of dimethylmercury and 200 milligrams of abrin. These ampules were hidden inside small toys and a clock for distribution to the buyer. The investigation involved the security forces of the Czech Republic in cooperation with the U.S. Federal Bureau of Investigation (FBI). The perpetrator was detained and several ampoules with the inscription dimethylmercury and abrin were seized. However, laboratory testing confirmed the substances sent to the perpetrator by the seller were counterfeit. The investigation for prosecution focused on terrorism and the illegal acquisition of chemical and biological agents. A clear motive for these acts was not established. M.H. was convicted under § 21 par. 1 – § 284 of the Criminal Code for the attempted crime of possession of narcotics, psychotropic substances, and poisons, and according to § 21 par. 1 – § 272 par. 1 for the attempted crime of public menace. As no intention or motive could be proven, the perpetrator could not be convicted of other crimes, such as attempted murder or even terrorism. The main challenges included securing digital evidence as well as creating a profile and identifying the seller. (Kolencik, 2021).

Despite the existing well-developed methodology of Interpol‘s “Operational Manual on Investigating Biological and Chemical Terrorism on the Darknet” focused on CB crime investigation procedures (Interpol, 2019), there is a necessity confirmed by practitioners to strengthen analytical tools for the above type of investigation. Therefore, the NOTIONS project could be an important support in identifying and proposing relevant technological solutions.

Author: Marian Kolencik, ISEM Institute

References:

Bada, M. and Nurse, J.R.C. (2021) “Profiling the Cybercriminal: A Systematic Review of Research,” 2021 International Conference on Cyber Situational Awareness, Data Analytics and Assessment (CyberSA), 2021, pp. 1-8, doi: 10.1109/CyberSA52016.2021.9478246.

Interpol (2019) Operational Manual on Investigating Biological and Chemical Terrorism on the Darknet. Not publicly available.

Kolencik, M. (June, 2021) CBRN-E crime and offenders´ motives, ISEM Institute. Available at: https://www.researchgate.net/publication/352860728_CBRN-E_crime_and_offenders’_motives_What_is_it_Why_people_do_it

Steel, Chad M. (2014) “Idiographic Digital Profiling: Behavioral Analysis Based On Digital Forensics,” Journal of Digital Forensics, Security and Law: Vol. 9 , Article 1. DOI: https://doi.org/10.15394/jdfsl.2014.1160  Available at: https://commons.erau.edu/jdfsl/vol9/iss1/1

Turvey, B. E. (2012) Criminal Profiling: An Introduction to Behavioral Evidence Analysis. Elsevier ltd., Academic Press. ISBN 978-0-12-385243-4

United States Government (2013, September 27) Criminal Complaint. Available from http://www.scribd.com/doc/172773407/Ulbricht-Criminal-Complaint-Silk-Road

Bibilography:

Toleubayev, T., Hoile, R., Austin, P., Collyer, G., Wood, R., Minks, S., Kolencik, M. (2022) A Prosecutor’s Guide to Chemical and Biological Crimes. UNITED NATIONS INTERREGIONAL CRIME AND JUSTICE RESEARCH INSTITUTE. Available at: https://www.researchgate.net/publication/360803303_A_Prosecutor’s_Guide_to_Chemical_and_Biological_Crimes