During a recent illness I was doing some research into rendition and the Fourth Amendment evidentiary issues which may come up more often with an increased focus on prosecution of offshore cybercriminals. The challenge: how to recover both digital evidence for Stateside trial and the actual [foreign] cybercriminal with a less than cooperative home country. Now get that all done before the cybercriminal syndicate can cover their tracks by accessing their servers.
Rendition was actually the easier part to imagine: precedence from the 1980s in something called Operation Goldenrod and how it became a modern test case for rendition of terrorists from international waters. I knew about this little-discussed FBI / US Navy black op simply because in transporting the prisoner they happened to use the same model of jet aircraft in which I flew in to complete the nonstop 13 hour flight back to the United States from the deck of an aircraft carrier.
Very ‘24-esque’ since they sedated the terrorist and strapped him into the internal avionics access tunnel on a stretcher but it’s the real deal and was even used as a case study for the Naval Postgraduate School under John Arquilla back in 2001. I recall that may have been around the time Gordon Snow was in the Monterey area as well.
That’s a model for doing rendition the hard way with absolutely zero cooperation from other countries required for air space permission from within the Mediterranean Sea. I’m sure most cybercriminals wouldn’t have to be transported this way, but if it’s possible not to inconvenience smaller countries into giving up airspace flyover rights, this may become the model. If there were a cyberwarfare component things would become very tricky indeed.
So what about electronic evidence? How would they retrieve the evidence once the alleged cybercriminal is in custody. One would imagine that there would be a flurry of activity to access all the online resources before the rest of the criminal’s partners in crime moved, changed, or destroyed the server data. But what if the evidence, or a predominant amount of evidence, is located offshore? How exactly does that situation work?
It turns out foreign cybercriminals don’t have the same rights, at least they haven’t in the recent past. Dr. Susan Brenner, published author and blogwriter on Cyb3ercrim3 had this to say a few years back…
Right now it seems that not a lot of questions would be asked if the specific alleged criminal AND the evidence which would put him or her away were grabbed at the same time.
I can’t help but wonder which aircraft they’d use now that the Goldenrod platform – the S-3 Viking – is no longer around. My bet’s on those new MV-22 Ospreys to get the job done. There’s even plenty of room for relief pilots if they had to take the long way back to the States – comfort was something the Goldenrod pilot didn’t have.
Securing Our eCity Contributing Writer
Author ESET Research, We Live Security