I.Voronov

The methods of determining the facts of modern special devices use by criminal groups in Internet

The technical progress development history indicate that any innovation in this sphere attract the persons to it, which try to use it in the crime purposes and there are arise new tasks before law-enforcement authorities requiring adequate approach and solution.

The receiving by law-enforcement authorities the information, which represent the operative interest, essentially influence on the crime discovering or investigation process. The whole volume of information about any person crime activity could not be received only one of the possible accessing methods. The more information possibilities the law-enforcement authorities will be have the more successes may be reached in the struggle and, the main thing, in the crimes prevention.

The possibility to operative information exchange has always attracted of offenders. And with appearance of PC and Internet the opportunity to send any kind and volume of information on the unlimited distances, to mask the crime activity traces more carefully and to act at a range become real. It designed the tendency to information technologies use by organized crime groups and spreading their activity on the international level [1.3].

Any information which have probative meaning for crime discovering and guilty determining must be under researching in the crime legal proceeding, not depending from the way and kind of its receiving, with the exception of the events which straight disallow by law [2.5]. Situated in the computer electronic information is not the exception on our point of view, if it lead of about crime preparing, committing and hiding.

So, the new way of information search as the received and sent mails appear. “Modern condition of struggle with the crime-Konovalova V. marks-require developing of new aspects of investigation organization, including carrying out of separated procedural actions [3.3].

To the law-enforcement authorities actions be lawful, it is necessary to enter into the criminal law legislative substance the canon-187 (2), which should be regulate “ Access to computer, system or computer network with the aim to copy the information[2.20]”. Based on that “information” meaning require specification, to our point of view, it should be more correct the next wording-”Access to electronic information, which is of operative interest”.

So, it will be created legal preconditions for operative-detecting measures realizing, directed to the interested information receiving. The matter of development of special method of information detection and fixing is very actual. Also its require necessary special training of operative staffs in the computer technology field, which will be guarantor of the largest effectiveness.

Necessary information receiving and getting both in the text and in the graphic kind require usage of special program means. There are two kinds of programs allowing to receive and send of necessary information. The first one is the special frame, specially created for that global network function, for example, Microsoft Outlook and Outlook Express. To the second kind concerned the programs inserted in the mail systems mail.ru, ukr.net, aport.ru, yandex.com and others. The main difference between listed program kinds is what during usage of in-built mail frames the possibility of direct access to sent and received massages is absent. So, when the fact of in-built systems using by any person has determined, it is necessary to find out the provider, which provide of telecommunication services and to ask for him to give necessary information. For electronic massages finding in the presence and during using of the person of Microsoft Outlook and Outlook Express, it is necessary to have a view about structure and work of these applications and have experience of detection of outgoing and incoming massages, to fix the information exchange participants [4.8]. Detected the fact of information deleting it is necessary to take the steps for it recovery [5.55]. It is necessary to check computer “trash” or use special tools. There was expressed the opinion in the juridical literature that the crime traces in the computer usage sphere remain, as a rule, not by the way of changes of outer according to the electronic components environment, but in the way of difficult inner conditions and processes [6.206].

It would be well to take into consideration, that the crime character information exchange, no sanction connecting technically may be done with absence of phone line or modem. The more actual data transmitting has become the transmitting with use of mobile phone [7.65]. So, modem or telephone line absence indoors must not be taken as the fact of no using the Internet-communication by the crimes for information exchange or no sanction connecting. For connection to the network the crimes may use the mobile equipment (fig. 1)

Fig.1. Mobile equipment for operative connection to the network. Notebook Toshiba Tecra and Nokia 5110
with cable interface GSM Kit ( left) and Nokia 6210 with IK-port (right).

Supported on listed above, we can assert with certainty that using by crimes of global network Internet opportunities must reflected by perfect kind on the organization of information searching and fixing.

At the same time it is necessary to take into consideration the possibility of data archiving, as the information volume could become smaller and placed on the soft magnetic transmitter. Besides in order to required information not be recovered by the law-enforcement authorities, the crime mask it. The masking of information arrays come to their archiving to one file with password installation for back process and than produced the replacement of the expansion (Fig.2).


Fig.2. Information files masking.

Information, archiving it is made with the purpose of grate information file hiding in the one file. At present more often are used the archivists WinRAR, WinZIP and others. Accordingly, produced by these programs files have expansion *.rar and *.zip. The function “search” of program frame Windows provides the safe files searching, knowing as minimum one symbol from the name or file expansion. So to hide the dates effectively, the PC user change the file expansion from *.rar to *.dll, *.asp or *.dat, which is the service expansions of the frame Windows. Expediency of modification file positioning into folder Windows is that there approximately seven thousand files and two hundred directories are situated in it and this is essentially will make difficult the searching not knowing neither it name nor it expansion. But it is not hopeless situation. There is although laborious but simple by the logic way - usage of tools FAR for “looking through” of every separate file. Thus for the some time the searched “hided” file will be detected. The direction of making of special searching programs, which could raise the inspection speed and effectiveness, is the perspective.

Use of computer technologies in the crime purposes cardinally influence on the some aspects of the law-enforcement organs activity, changing the traditional idea about methods of reaching of it specific purposes. The famous Russian scientist, Doctor of Juridical Science Ovchinsky S. was one of the first who has developed the new category -”cyber intelligence”. As this matter was not enough searched, it was not reflected in the special or science literature [8.367]. Taking into account listed above, we can mark, that method of determining the facts of the use by the criminals the means of information exchange, which has an operative interest is the important category in the scientific-practical aspect and demand the further development.

V. Kozlov V. Theory and practice of the struggle with the cyber crime.-M.:Hot-line-Telecom, 2002.-P.3.
Procedural regulation of the operative-search work require completion:Science report/Authors : E. Didorenko, S. Kirichenko, B. Rozovsky - Lugansk: RVV LAVS, 2002.-P.5.
V. Konovalova. Examination: tactics and psychology.-Kharkov,1999.-P.3.
S. Glushakov, D. Lomotko, I. Melnikov. Work in the Internet: Educational course. Kiev,2000.-P.8.
B. Andreev, P. Pak ,V. Horst . Searching of the crimes in the computer information sphere.M.: “Urlitinform” Ltd, 2001.-P.55.
I. Voronov Conception and classification of the crime traces in the computer usage sphere//Bulletin of the Lugansk academy of the law-enforcement of the Ministry of Internal Affairs named by the 10-th anniversary of the Ukraine independence.-2002.-¹3.-P.206.
V. Sayko How to transmit the files with help of mobile office// Computers+programs,2001-¹9-P.65.
S. Ovchinsky Operative-searching information.-M.:INFRA-M,2000.-P.367.