Mt. Lebanon police work cyber crime beat
When Mt. Lebanon police sought the person who emailed threats that closed Seton-La Salle High School for several days in April, detectives were surprised to find the suspect was likely a 16-year-old boy in Tennessee. The unidentified juvenile has been charged with various federal crimes after he sent similar threats to at least 16 schools in Massachusetts, Virginia, Tennessee and Pennsylvania, but he hasn’t officially yet been charged with crimes in connection to the Seton-La Salle incident.
“We believe this is our guy. We’re still working on this. We’re asking, ‘Why did he pick Seton-La Salle?’ And that’s because we think there may be a local connection, or a person he may have known near or in the school system,” said Mt. Lebanon police Chief Aaron Lauth.
Detective Jeff Heidenrich, one of the department’s cyber crime investigators, said it’s going to take more time to analyze the suspect’s computer and other devices because of the massive amounts of data involved. Heidenrich called on the assistance of Pittsburgh-based FBI agents to probe and analyze the data.
“It’s the CSI-TV-effect, because the public thinks we can just push a couple of buttons, and there’s our guy,” Heindenrich said.
“The other complicating factor is this individual was making great attempts to hide his identity; bouncing around the deep, dark web and masking his Internet protocol addresses. And he didn’t use his own email. He went right onto the high school website and used their contact forms, specified several staff members, and sent out a note with very concerning language in it – language that was nearly identical in these other school cases,” Lauth said.
Part of the painstaking process of investigating cyber crimes is virtually tip-toeing around the crime scene with digital latex gloves of sorts, and making sure the evidence isn’t tampered with.
“Anything a person does with files leaves a digital footprint. It’s no different than going to a murder scene and you getting finger prints on things, or otherwise tampering with the scene,” Heindenrich said. “So we have to use forensically-sound programs that can scan files without tampering with them, and those aren’t something you can get with these third-party freeware programs on the Internet.”
The easiest cases then, are harassment cases involving social media or texting.
“It’s right there on Facebook, Instagram, Twitter – whatever the suspect is using, we can screen capture that complete with time stamps and other information,” Lauth said.
Child pornography investigations are also cases where detectives are careful about tampering with files and verifying identities.
“We handle maybe two or three of those cases a year. We do work with watchdog groups, but we’re not setting up reverse investigations, trawling the net or setting up meets, so we rely mostly on tips from residents who know something may be going on,” Lauth said.
“The Seton-La Salle case is still the furthest we’ve seen a person go to mask their identity, and the most work we’ve had to put in to scour for information and analyze it. But in almost all of our fraud cases, we see attempts to mask identity,” Heindenrich said.
The most time-consuming and consequential investigations involve fraud schemes. From lottery and work-at-home scams forwarded through emails, to the now-increasing prevalence of credit card “skimming,” fraudsters are masking their identity in both the virtual and physical worlds.
“For these skimming scams, a person will physically steal your credit card out of your wallet, swipe it with a small, discreet card reader, then place the card back in your purse or wallet. Now that person has all the info they need, and they go and produce a copy of your card, go on down to Best Buy and rack up thousands in merchandise,” Lauth said.
“The tough thing there is, they’re almost never local. They’re with a foreign group or a traveling group that hits a city or neighborhood for a couple of days, then they’re gone,” Heindenrich said. “But these incidents are recoverable. The credit card company, if you report it in time, will eat that cost.”
Not the case for most email scams.
“If it’s the person saying over the telephone they’re your grandson, or it’s an email scam promising you cash to be the middle man in a shipping ‘business,’ once you wire that money, that is on you. It’s likely gone forever, and we seldom catch those suspects because they are often out of the country, or have left the area,” Heindenrich said.
From June 25 through July 6, Mt. Lebanon police investigated six incidents of credit card fraud, four of which involved a person stealing a card and pilfering the card’s data to make a duplicate.