What can be done to identify the perpetrator of crimes from their mobile phone usage? LATRO is a business that provides forensic support to the police, including the ability to determine the geographic location of individuals. We are joined by LATRO CEO Donald Reinhart and Tom Beiser, Director of LATRO’s Cellular Forensics Lab, to talk about the power and the limits of what can be established using network data.
Topical news items are debated by regular presenters, senior risk executive Lee Scargall, and the Editor of Commsrisk, Eric Priezkalns.
Transcript (auto-generated)
Hello, I'm Eric Priezkalns and this is the Communications Risk Show, the live streaming discussion show produced by Comms Risk in collaboration with the Risk and Assurance Group, RAG. Every Wednesday we talk to risk experts from around the world of electronic communications and we broadcast live, so you can also join the conversation submitting questions and observations as we go along. To ask a question, just type it into the window immediately beneath the streaming window on our website at tv.commsrisk.com. Messages on the website are anonymous, so write your name into the message if you want me to read it out. We're also streaming the show on LinkedIn. A member of our team is going to keep an eye on comments over there, so if you want to leave a comment or question there, that's great too. Later in the show we'll be talking about the challenges involved in interpreting CDR and other telecoms data as provided to law enforcement for their investigations. Joining us will be Donald Reinhart, CEO of LATRO, a business which provides forensic data services to police, and Tom Beiser, Director of LATRO's Cellular Forensics Lab, who previously was a police detective who specialised in using and obtaining intelligence from phones and comms providers. Today's show is sponsored by LATRO. But first, let's say hello to my co-presenter Lee Scargall. I'm never quite sure where you are in the world. Are you back in Manama at the moment, back in Bahrain, Lee? Back in sunny Bahrain today, Eric. In your plush apartment there, which no doubt has got 16 bedrooms and older. You probably told the servants to keep out of shock during the show. Lee's done all right for himself in life, fair play to the lad. His career has seen him switching between executive management and freelance consulting roles for a wide variety of communications providers in the Middle East, but not just the Middle East, in Europe and the Caribbean and Asia. Sadly, Ed Feingold couldn't be with us today but will be back next week. So, Lee, first subject, one that I think you're going to feel strongly about. So, let me just set the scene there for the audience. The recent arrest of Connor Brian Fitzpatrick, a 20-year-old New Yorker accused of running breach forums, an online market where hackers sold data obtained from data breaches of telcos, ISPs, social media networks, investment businesses, hospitals, all sorts of business, but a lot of commerce businesses definitely in there. Now, breach forums has been taken down now, but as of the beginning of this year, they had 340,000 members and its official database section of this marketplace contained 888 distinct data sets for sale with over 14 billion individual records between them. It's reincarnation of another forum that shared stolen data raid forums, which were seized in April 2022. Lee, a young lad, these things get set up in no time, huge numbers of users. Are you surprised at the scale of these black markets for stolen data and the speed at which they get set up once the police has been involved and tried to rip one down? Not really, Eric, right? There's data breaches all the time, right? So, to understand it, you really need to go back to around about 2005, and this is when businesses, they moved from paper to digital storage, and that's when it's all really started to happen. But actually, if you look back to 2005, it was actually 136 reported breaches, and ever since then, it's just been growing and growing each year, right? So, last year, there were over 4,000 data breaches around the world, right? And I read somewhere that since 2005, the average American has been breached at least seven times, right? So, when you look at the statistics, it's incredible, really. So, 68 records are lost or stolen every second. 45% of U.S. companies have experienced a data breach, right? But worryingly, right, the average time it takes to identify a data breach is 206 days on average, right? And the average cost of a data breach is around 4 million U.S. dollars. So, no, I'm not surprised, Eric, right? There's a market for stolen data, which is actively used by criminals to commit for. But what comes first? See, this is the thing. I hear what you're saying about the data breaches, plenty of data breaches, and every time it happens, business services are tremendously sophisticated, are incredibly sophisticated, most sophisticated hackers ever, something like a Hollywood movie, the way they cracked into our business. This marketplace, which is less than a year old when it gets ripped down, 340,000 members. So, you've got this incredible number of criminals who don't have to be sophisticated to get their hands on breach data. We've got such a supply chain of breach data, we have hundreds of thousands of people getting onto these forms, buying the data that they want. This guy, he sold these tokens, these credits to people, and they would use the in-market currency. This is how sophisticated it is, which tells us about the scale of what's taking place here, the extent to which the criminal underworld has grown. Now, there's been another story. Just yesterday, the FBI announced they took down another kind of online criminal market, the Genesis market, which had cookies, IP addresses, time zones, and device information that allows a criminal to impersonate the digital fingerprint of a subscriber to services like Gmail or Facebook, Netflix, Spotify, PayPal, Reddit, Amazon, you name it, all those kinds of online services. And this was an invite only site. So, you have to be literally invited as a criminal to use this marketplace. But they had, they reckon, they estimated that between 30 to 50 million fingerprints, always known as bots. So, effectively, the equivalent of a user's account would have been available for purchase from the Genesis market before the FBI ripped it down. These are people who can, this is a criminal who can just basically click on a few buttons on their web browser, use the plugin on the web browser, and then suddenly they become Lee Scargall, and they're using your Amazon account, your LinkedIn account, whatever. I'm amazed that even in a criminal's invite only, the scale of how quickly this thing just blows out. I mean, what are we doing wrong here? What are we doing wrong? I don't have the answer, Eric. I really don't have the answer to that because, you know, if you just look at it as one forum opens up, it gets shut down, another one gets opened up. Yeah, it just happens so quickly. Yeah, the pace of change. Okay, let me ask a different question. What are we doing wrong? Because I have a hell of a time telling people that they should exchange data about crime, and yet we're running supposedly, these people, you know, we work in an industry where supposedly we've got lots of technology sophistication, we've got the best minds in the business, we all really care about fighting crime. If you were to try and set up a marketplace for exchanging data to fight crime, it would not be set up as quickly as these criminals are setting up. So what are we doing wrong? Again, I don't have the answer to that, Eric. It just seems that the bad guys, the bad guys really do know how to set these things up and share information a lot quicker than what the good guys do. A 20 year old kid can set up something, and we've got grey hairs like me fighting, fighting in this industry to get companies to exchange data. There's something off here in terms of our motivation, I would say. This makes me think about the war on drugs. And it makes me think about the war on drugs, because you'd have the big drugs seizures that would like always grab the headlines, look, we're winning the war on drugs, we're fighting the war on drugs, we've got the big drug seizure. You're just taking the top off the surface here, you know, there's so much going on underneath that you're not dealing with. You've simply lost control of the situation. But yeah, I mean, Eric, I think you've just hit the nail on the head there. It's all about the motivation, right? Now, the motivation for these guys is if they can share this information, they get paid for it, right? So you've got this perpetual type of, yeah, exactly. So you've got this perpetual type of thing. And I think when you come to the good guys, you know, what's in it for us? Why do I want to share this information? Yeah. But we lose money, too. The businesses lose money, too. Exactly. But But why do I see so many kind of so many kind of telcos? They find this fraud, but they don't share that information. They don't they don't share it with places like the GSMA. They don't share it with, say, rag, this type of stuff. And then you have to ask yourself the question is like, why not? But I think it comes back down to the motivation. Yeah. You're right. All right. I'll calm myself down by reading out an advert now from our main series sponsors, Blue Gem. Blue Gem is a global provider of testing services for telecoms, government and software businesses. They use real phone devices, which means they can create real events such as data, video streaming and music events and even fraud bypass test calls using real SIMs across a global network platform. Blue Gem can give you insights into a number of key areas such as sandbox detection, OTT and refiling frauds, roaming service assurance and customer journey testing. They can detect sandbox fraud using a hybrid developed system of automated devices and crowd testers, which means they use real devices and SIMs to detect a higher rate of fraud. The popularity of OTT applications like Viber, WhatsApp and Telegram, just to name a few, has also seen the increase of OTT bypass fraud and Blue Gem's OTT solution automatically detects IP voice and chat apps for any fraudulent activity. Blue Gem's approach to fraud bypass is to use a risk-based test methodology, which means they strategically target higher risk routes and countries to detect on-net and off-net fraud. With automated alerts, this enables customers to profile fraudulent routes quickly and Blue Gem's flexible solution will adapt to ensure fraudsters are not aware of the sandbox detection. So, if you want assurance of your interconnected routes and want to tackle sandbox OTT or refiling frauds, then you should call upon the experienced team of specialists at Blue Gem. So, Lee, back to the topical chat and let's continue to talk about these data breaches because although I had a minute or so there calming down thinking about the good work that Blue Gem do, these data breaches is driving me crazy. I've been involved in data protection and data integrity, looking at loads of these things since the late 1990s, and we just seem to be heading towards an apocalypse. And I've been working in one of the industry sectors that's the most targeted of all. Comms providers, they have a tremendous amount of data, about millions of people. They're targeted by social engineering attacks all the time, stealing data, taking over people's accounts with frauds like sim swap frauds and other accounts of account takeover. Lee, when we look at the scale of this problem, here's one parameter we don't often talk about because you tend to get obsessed with the technology. Is it fair to generalise that young men are especially prone to this kind of internet and communications-based crime? Are law enforcement and societies in general drawing the right conclusions about who we need to be focusing on to tackle these crimes? Well, it's not just young men who are doing this, Eric, right? There's a whole- It is young men. It's not. It is young men. It isn't, right? There's a whole range of bad actors out there doing this type of stuff, right? So you've got the young script kiddies, right? Or the lone hackers, right? These are the guys who are motivated to get some kind of fame, right? And if you cast your mind back to the TalkTalk hack in about 2015, I think it was a 17-year-old school kid, and he did it, but he said he was just showing off to his friends, right? But then you have, you've got the organised cyber criminal gangs, right? And these are driven by the money. So these are the likes of your Cobalt cyber gang. You've got the Lazarus Group, the Evil Corp, yeah. And then you've got the state-sponsored groups, right? And these are the ones who are targeting companies to get data on individuals, right? Now, telecommunications companies, if you just mentioned previously, they're often targeted because of the type of information they hold, right? So you've got people, they want to know who the people are calling, where are they located, what's the browsing history, they want to intercept your voice calls, your messages. So basically, they're just gathering intelligence on people. So in essence, right, Eric, just to summarise this, it's not just young men, right? There's a whole range of bad actors out there who are motivated for different reasons. We have to target our resources when it has the most effect. And if you say it's not just young men, we create the impression that, you know, somebody's granny needs to be targeted just as much. It's not old women in a retirement home that we're talking about here. We're talking about teenagers, we're talking about 20-somethings. They're being trained at a young age. They're being trained in their bedrooms. We're not breaking the chain here in terms of the education. Now, if you were to work, or you do work for telcos, but if you were to go out and say, how do I get my team trained, you might find it quite difficult to find the right training course for your team to get them educated. Not hard for a 17-year-old lad to be sat at home on the internet connection to get a very good training in how to do hacking, stealing data. This Fitzpatrick guy who the FBI just arrested, he was very sophisticated. He provided an escrow service for other criminals, holding the funds for the purchases of the stolen data, whilst ensuring the stolen information was supplied. 20 years old. This is not a lad who's just worked out how to do this. He's copying what other people are doing. Why are we not focusing our resources on societies training, educating young men about the seriousness of these crimes? Well, I think that that's something which has to be built into, say, something like the school curriculum, right, from an early age, just to kind of demonstrate the seriousness of doing this. I think if you look at things like YouTube, you can go on YouTube, you can actually find, it's just like a tutorial of how you actually do this stuff. It actually tells you links to websites, how to download this information. But I keep saying this, Eric, week after week is that you don't have to have any coding experience to do these type of hacks. You just go down, you get Kali Linux or Metasploit, and you just point these things towards a company. It goes off and it comes back. It'll give you a list to say, right, these are the number of exploits within this particular website. What do you want to do? Do you want to do ransomware? Do you want to hack the email server? Whatever, right? And it's just an option one, option two, option three. And then you just click it and off it goes. And it does it. It's, I mean, it's completely incredible. It really is. But why are we so tolerant in our societies of so-called legitimate businesses? I mean, legal businesses, let's put it that way. Legal, but they're advertising GSM gateways, but they're advertising IMSEE catchers. It's all very well and good to say, well, actually selling actually selling those things isn't illegal. Who do we think they're selling them to? I mean, how naive do we have to be as a society that we have to wait until, say in the case of IMSEE catchers, we have to catch somebody driving around Paris with an IMSEE catcher in the back of the ambulance before we go, oh, duh, we never thought, oh, we didn't know it could be used for that. Oh, why didn't we think of that before? Why are we not focusing more on the root cause? And of course, if you are a supplier of this equipment, who are the people who are doing the YouTube videos, the training? If I'm selling a GSM gateway, and I know that most of my customers are sandbox fraudsters, I'm the one who's producing the videos explaining how to do the sandbox fraud at the same time. Why are we being so naive about this? It seems as though we're almost wantonly naive, maybe even the sectors of society, people in power who are profiting from the crime, and that's why we're not tackling the root cause. Do you think I'm just a conspiracy mad maniac, or do you think there's some truth that there's some higher echelons in society involved in this kind of fraud? Well, the problem with the internet, and I've always said this, is that there are no laws on the internet, right? Nobody controls it, and maybe that's one of the good things about the internet, but maybe it's one of the bad things as well, right? So, but I think if I draw, if you come back to the UK, and you have the UK online safety bill, now if you go back even a couple of years, I think it wasn't even illegal to sell like drugs and guns on the internet in the UK, right? I think it's illegal to sell it, it's illegal to sell it, yeah, but it's not illegal to advertise it on the internet, right? But I think now with the online safety bill coming in, they can actually take these websites down, yeah? So, but that's the UK, and then if you go back to other jurisdictions around the world, there's no kind of controls or rules which go around that, and a lot of the Emsi catches which I was looking at, right, that you buy them from Malaysia, right? So it's quite easy, you can go on there, you can get them shipped to you, even if you're living in the UK or anywhere else, right? So it's just a general problem with the internet, that's, I don't know how to fix it, Eric, maybe you have an opinion on that. Well, I'll keep on with the opinions, but next we'll do another advert, this time for Symmetry, and the PRISM Fact of the Week. Now, each week, Symmetry Solutions supplies with some interesting information, but it's based upon the intelligence gathering done from their PRISM fraud intelligence service. And this one's a real doozy, my gosh, on the topic of marketplaces for criminals, the team that gathers Intelligence PRISM has observed an astonishing 55,786% increase in the number of North American phone numbers being offered to sale to criminals being offered to sale to criminals since 2020. There's been an astonishing 43,835% increase in US numbers, but the proportionate rise in Canadian numbers is even worse, 69,340%. And you might be, you might be thinking you can guess which regions, which parts of the dialling plan these increases have been the largest, but it's not that straightforward. Alaska, 218,000% increase. Hawaii, 145%, 145,000% increase. And yet California, 29,300% increase. South Dakota, 37,800% increase in number of phone numbers. And some of Canada's worst affected provinces, also some of their most populous provinces. Ontario, 135,700% increase in the number of numbers offered to fraudsters. British Columbia, 119,600% increase. These numbers are astonishing. And it's not just premium rate numbers or geographic numbers that are being sold to criminals. For the PRISM team, there's also been a rapid rise in toll-free numbers being sold to criminals and organised crime is also being offered numbers, which are especially reserved for emergency use only. So if you want to learn more, or you want to arrange a trial of PRISM's data, then get in touch with the team at Symmetry Solutions. Their URL, symmetrysolutions.co.uk. Holy, wow, so there we go. The scale of this thing is out of control and put in certain parts of the world there in North America. So astonishing statistics there from the Symmetry Solutions PRISM team. Something else that's caused a lot of consternation recently, US police and law enforcement around the world, they want a lot of data, they ask for a lot of data. And sometimes that upsets the civil rights people in various countries. This year, we've already had the redacted report from the Department of Homeland Security that some agencies failed to obtain legal permission as required for the deployment of emergency catches. And I recently saw a press release from a business called Afani that promises detection and protection from emergency catches. But who are they selling this service to? Lawyers in order to protect the confidentiality of their clients. So the implication being that lawyers are being spied upon using emergency catches. Lee, do you think there's any substance to this claim that there may be lawyers out there who are being spied upon by law enforcement that they need to resort to all sorts of methods to stop the phone surveillance? So we talked on last week's show about how easy it was to buy emergency catches on the internet for about $8,000. And these things, they can intercept the calls, right, because they downgrade it down to 2G. Now, so yes, it is a real threat, Eric. Now, I would probably recommend that if you're in a job where you have access to this kind of sensitive information, then you might want to take precautions, right? I've recently stopped giving out my phone number because, you know, in the wrong hands, right, I could be targeted for a SIM swap, right? And once they take over your account, then they can do all kinds of damage, right? But I think the risk to the average person, right, on this is pretty low, and they shouldn't get too paranoid about it. Yeah, but aren't you worried about people driving by with emergency catches around your massive estate in the north of England and around your plush apartment building, which look like absolutely dead set targets for high net worth individuals? They may not be targeting you specifically, but they'll be gathering your data because they know that you're a rich man with huge amounts in your bank account, Lou. Well, I think there's so many factual errors in what you've just said there, Eric. But no, look, if I've got, you know, something sensitive, I don't put it through my mobile phone, right? And that's, you know, that would be my advice. I think certain individuals will be targeted. So if you're a politician, yeah, if you're a, you know, a minister, high ranking minister, then I'm certain these people will be targeted by some people. You know, businessmen as well, if you're high profile businessmen, I'm sure people like Elon and all these people, I'm sure there's people out there tracking these guys as well. But I'm sure they're not stupid enough to put anything sensitive through a mobile phone these days. Well, I think you give people too much credit. Having all this crime, there wasn't a lot of stupidity out there. People in order to steal from, let's flip the question like I said, you've worked in telcos, you've been a consultant to telcos. Where should telcos draw the line in refusing demands of information from law enforcement? Where should they refuse it? I'm not sure they can refuse it, right, if there's a warrant requesting that release of information. In some countries that I've worked in, Eric, right, the police, they just have direct access to everything anyway, right? But, you know, if we go back to, say, something like Privacy International, I'm not sure if you've heard of Privacy International, but they've been warning that the police forces in the UK, right, they've been using IMSI catchers since 2011, right, and the police in the UK, they don't even have to disclose they're using them, right, due to issues around national security. So it's not just being used in the USA, these IMSI catchers, they're also being used in other countries too, by the police. Lots of comments coming in here from the people watching online. So apologies to the people apologies as I butt in, Lee, and share some of these observations with you now. Very interesting stuff. One viewer here has pointed out who has a vested interest in scaffolding such laws to prevent fraud to a favourable degree, we need to identify what organisations individuals have an interest in committing fraud, then work on communicating those parties, how they can play a favourable role in protecting our technical environment. Somebody else here says, another anonymous one, sorry, telling me off, because I'm saying it's young men, they agree with you. Apparently, it's women too, except I've never seen any names of any women. I read these stories, and I'm always seeing men and I'm always seeing young men. So that's why I'm jumping to the conclusion it's always young men. Those are the ones who get mentioned in the press release from law enforcement. If it was women, I would absolutely scold women too, but I'm not seeing women, you know, you might want to argue there's a gender gap there. I'm not so sure that's a gender gap women need to be closing, perhaps as quickly as some other gender gaps in society. And another comment here, this one from Sossina Tafari. The US is open about explaining data breaches, partly due to policies, what the breaches look like in emerging markets? Good question. As banking and telecom services move to convergent, how can companies protect their customers from following victim to such frauds? How can governments hold companies to better protection to their users? Lee, you've worked in a lot of emerging markets, are emerging markets following the model that's seen in countries like USA? There's more need to be done in emerging markets to protect people from data breaches. There is, but you know, if we look at it, you know, a lot of the data breaches are coming from the USA, right? Now, is that just the disclosure thing? Maybe, right? Maybe in some of these developing countries, they don't report it, right? But I think there was a very good interesting comment there just coming in about the women. Maybe the women, maybe Eric, they're better hackers at disguising their traces than what the men are. I'm so sexist. I don't agree with that kind of sexism. I'm saying a compliment there, Eric. Yeah, but you're sexist against men. That's what I'm saying. You're being sexist against men, Lee. I'm not so sure I'm allowing that on this show. Both genders absolutely equal. We're not going to tolerate that kind of blatant sexism from you, Lee. And I'm thankful that I'm not going to get angry at now because of your blatant sexism, because I'm going to line up our next advert. So, you're going to get off the hook. Otherwise, if we were still out of time, I'd be having a right old go at you for that, Lee. I really would. So, sometimes it's easy to get fixated about the problems in one country and fail to step back and to see what's happening else and to fail to see the good in Liverpool. It's not all bad after all. That's why we're so grateful to our friends at Geolocation, Fraud Prevention and Coal Authentication Business, OneRoute, for their regular feature, which they call The World in Your Phone. Each week, Jeffrey Ross of OneRoute asks us to step back and take a look at a different part of the world. And this week, Jeffrey's destination is Ethiopia. So, producer James, roll VT. Hey, everyone from OneRoute. I'm Jeffrey Ross, and this is The World in Your Phone. Let's talk about Ethiopia. Now, I'm sure you've heard the name, but how much do you know about this intriguing African nation? It's got beautiful landscapes and wonderful wildlife. But did you know that Safaricom just started a brand new network there in Ethiopia? Started in 2022, they are bringing and delivering new connectivity, expanding into massive regions across the country, and they will continue to grow and bring M-Pesa, the mobile money, into Ethiopia. It'll be fantastic to watch and see as that telecom company grows in Ethiopia. Something else that I found interesting about Ethiopia is that it is home to the lowest place on the African continent, the Danukil Depression. The Depression is at the junction of three tectonic plates in the Horn of Africa, and it sits approximately 125 meters below sea level. Who knew? But also, on the flip side, Addis Ababa, the capital city, is the highest capital city in Africa. Located in the highlands, Addis Ababa sits at about 2,355 meters above sea level. But most importantly, Ethiopia, birthplace of coffee. And I can tell you from personal experience, their coffee is amazing. So thank you, Ethiopia, for bringing us coffee. Be sure to tune in and subscribe to our channel on YouTube or other social media platforms and click to like, subscribe, do all that fun stuff. And stay tuned for more of these series, along with watching our One Route Roundup, where we put a spotlight on individuals making a positive impact on the telecom industry. Now onto another great communications risk show. So the guys from later will be joining us any moment now. Let me just warm you up in terms of the topics that they'll be covering. CDR analysis, we know that's a proven method for uncovering illegal activity and the abuse of service in mobile networks. For many years, telecom fraud management professionals relied upon analysis CDRs detect patterns of malicious misuse and abuse of service in mobile networks. For many years, telecom fraud management professionals relied upon analysis CDRs detect patterns of malicious misuse of services to defraud communications companies. However, for some criminal investigations, the outcome of CDR analysis, even more serious consequences, extracted from mobile devices provided under judicial warrant for very serious crimes. When compared to the physical location of individual cell towers, including the orientation of antennas mounted on them, CDRs can show the location of a mobile phone by triangulating from mobile switching centres, but they don't point a cell phone user's location with the same precision as techniques like GPS. They do indicate a phone's general location or cell relative to the network's tower. That's why Americans often refer to cellular networks. Now, knowing a subscriber's location in comparison to towers or the base transceiver stations, as they're called by technicians, is vital to delivery of communication services. Otherwise, mobile networks be unable to manage the mobility users, be limited to a simple fixed site wireless network. But there's more definitive source of data, like I say, the history of GPS data, which can be forensically extracted as digital evidence from a phone or another kind of handset. There are several solutions in the market for forensic professionals to extract, gather and prepare digital evidence for mobile devices, including the well-known one in this space, Cellebrite. In addition to GPS location data, other critical information can be sourced forensically as part of digital evidence gathering and preparation related to contacts, connections, situational clues from media like pictures, and video. And here's a few eye-opening facts that the La Trobe team has shared with us to get us going with this conversation. Increase in digital evidence, a 2020 survey conducted by the National Institute of Justice found that 96% of law enforcement agencies in the US reported an increase in digital evidence over the past five years, with mobile devices being a significant contributor. Mobile devices investigations, according to a 2019 SANS Institute survey on digital forensics incident responses, 88% of respondents reported that mobile devices were part of their investigations, emphasizing the critical role of cellular forensics. Location data, again, the National Institute of Justice found that data which is derived from CDRs and other mobile device data was the most frequently used and valued type of digital evidence in criminal investigations. And from the SANS Institute, 45% of respondents said encryption was the most significant barrier to accessing data on mobile devices, highlighting the need for advanced cellular forensic techniques and tools to overcome that challenge. So complicated stuff. It's a good show if we've got two real experts to talk about it with us. To talk about it, we'll now be joined by our two experts from LATRO, who not only know about CDR analysis and mobile network technology as it applies to forensics, but also to revenue assurance and fraud management. So these are well-rounded chaps who are joining them, and we've had one of them on the show before, so we welcome Don Reinhart back. Donald Reinhart is the CEO of LATRO, providers of revenue assurance, fraud management, police forensics services. Don's been overseeing LATRO's growth since its early days, first as a vice president, then as CTO and COO, and then finally becoming CEO in 2021. And joining us for the first time, Tom Beiser is the director of LATRO's Cellular Forensics Lab. He's been with LATRO since 2017, but he also knows what it's like to use telecoms data for police work from the other side of the fence. He previously specialized in CDR analysis and mobile phone forensics when he was a detective in the police force of Eastern Pennsylvania. Tom, Don, it's a pleasure to have you both on the show. Before we dive into the forensic analysis, I'm just glad to hear that everybody's fine. There was some terrible fire in your offices in Eastern in Pennsylvania, but I gather, Tom, nobody was hurt. That's correct, sir. Thank you, Eric, for having us. Well, I'm glad that everything's fine, but you're still up and running. The fire hasn't knocked you offline. You're still able to work even though you're doing entirely sensitive stuff. It has slowed us down a little bit, but we are still able to work, yes. Thanks. That's great to hear, guys. That's great to hear. So let's get into the meat of this subject area now, which is a heck of a subject in order to be talked about. Don, how did LATRO get into this business of cellular forensics, and how are your cellular forensics services used today? Yeah, great question. When we started LATRO, my co-founder, Alex Wilkinson, had an expensive experience in the forensics world through his law enforcement background. So he left Verizon and started LATRO with me, but he really foresaw this huge demand. Eric, would you mention some of the statistics already in the U.S. for digital and evidence processing and cellular forensics? So we started basically supplementing overflow demand, if you will, from the law enforcement community where there just wasn't enough internal resources to handle the caseload and the amount of work, as well as just the technology expertise that really is key to a lot of this investigation work. We later brought on Tom, who has over 20 years of experience in law enforcement and doing this kind of work. So it's been a great business for us and something we really feel like we're making an impact in the U.S. market. That's great to hear. Now, your forensics business, U.S.-centric, but LATRO is known globally for your revenue assurance, fraud management, analytics, products, and services. Are you providing any of these forensic services outside of the U.S.? Not currently. So our biggest markets and our biggest customers are part of our revenue assurance and fraud management business, which is almost entirely international. Our forensics business is U.S.-centric and U.S.-focused. The nature of that business is market dependent. So, for example, Tom is an expert qualified witness in the U.S. court systems, and that just wouldn't translate to other jurisdictions outside of the U.S. So we've looked at whether this business is scalable and feasible internationally. Currently for us, that doesn't seem to be the case. So we've just been operating and delivering those services here in the U.S. I'm glad you mentioned the process of Tom being an expert witness there. I've had a couple of occasions in my life I've been asked to be an expert witness, and I turned him down because I didn't think I was expert enough to do that kind of role. So I don't know from firsthand what it's like to be involved in legal proceedings like that. What is it like for LATRO and for your people to be involved in the legal proceedings? Tell us a little bit about what it's like to be involved in a typical case and how that links to what you're doing in terms of your end-to-end forensics. Absolutely. Thank you. So LATRO will often be retained by either the prosecution or defense team. If we think about the resources available to law enforcement, they have many of those tools and softwares and resources that LATRO currently does. However, as a whole, they lack the expertise and the technology and putting all of those resources together. So that being said, in some very serious criminal matters and criminal cases, that prosecution team will bring LATRO in to assist them. Defense attorneys don't have those resources that prosecution does, so they're always trying to bring LATRO in and trying to beat the prosecution to retaining us to assist with that. So typically in most criminal investigations, all of this evidence, all this digital evidence, including CDRs and the cell phones and the data within those phones, that is typically seized by law enforcement. So no matter what side we're working for, that information is ultimately turned over to LATRO so that we can assist with that investigation. So CDRs would be turned over to us in the original format as received by the carriers, and we'll often receive those by means of either encrypted emails and or passcode protected USB or external hard drives. The same would go for any of that data that is extracted from the cell phone itself. If law enforcement is extracting that data from the phone, we are then provided with that raw data to analyze. If they lack the resources to conduct that forensic examination, they'll also bring that to LATRO, and we can extract that data in a forensically sound manner. So there's a lot of digital information and digital evidence here at play that they will bring to us, and we'll start analyzing it. Once we dive into that data and we kind of get a feel for what we have, we're going to take a look at all the other discovery that were provided from the attorneys and try to figure out what kind of criminal investigation does this entail and what criminal charges. Determine who the players are, where those individuals live, where they work, where the crime was committed. We start putting all this together, we start analyzing our data, and we'll eventually put together a thorough analysis report with our attorney clients, often consulting with them along the way to make sure that that report meets their needs of that investigation. Absolutely fascinating, Tom, I have to say. And one thing I just want to pick up there in terms of particular point you're making there, you aid both prosecutors and the defendants, both of them. It almost sounded like you perhaps sometimes have, you're more likely to have the defendants as your clients rather than the prosecutors, which kind of implies that there is also value in defendants protecting themselves from prosecutors who perhaps haven't looked at the data as well as you're being asked to look at it when you do forensic analysis. That's absolutely true. Again, law enforcement has many of those resources that LACCHO offers. In many cases, they might be different departments, they might be different departments and or agencies contributing as a whole to provide all of those resources that we have. So we do find that most of our clients are on the defense side. Those individuals and those attorneys who don't have those resources will often come to LACCHO. Many of those resources involve the analysis of those call detail records and breaking down the volume of information stored within those records. So not just the date and time and the duration of those calls or the party A and party B numbers, but more specifically, mapping the cell phone towers that we're hoping to get within those records as well. I'm guessing that this data comes to you through some kind of disclosure process that takes place. But how does law enforcement get there for the information? What do they do to apply for a warrant and therefore get the data from the telecom companies, the CDRs and whatever the data in the first place before you get it on behalf of your defendants? Yes, the two primary methods of law enforcement obtaining this data are a court order. And most of your court orders are based on reasonable grounds. It's a less burden to prove that a crime likely happened, that this number and or this device may have been associated with that crime. When you get call detail records specifically, in this case, with a court order, you're going to get much of the same information that we would with the other method, which I'll describe in a minute. However, you're not going to get location information. So we're not going to get the cell phone towers that were used to facilitate that communication on a court order for call detail records. The second primary method would be a search warrant. A search warrant requires probable cause, which is more of a burden to meet for law enforcement. When law enforcement does get a search warrant, they are requesting that tower location for those call detail records. They might request content of text messages. They may request those specialized location records or timing grants records, RTT, per call measurement data. Different operators define them differently. So obviously, a lot of information here and potentially very sensitive information. We talked about the volumes itself and obviously you're recipients of it in terms of doing your specialized work. This is the kind of area where civil rights group people like the Electronic Frontier Foundation, privacy activists, they may get a bit nervous about the data and who's got access to the data. What are the legal requirements for handling this potentially sensitive data? Obviously, to obtain the data, law enforcement would need one of those methods that I described, a court order or search warrant. From there, the laws in possessing this data and how we handle that data are very much different in the US as they are in some other countries, including the UK. So for example, when law enforcement obtains this data, whether it be from the physical device itself and or from the operators and by way of call detail records, that information must be then provided to the prosecution team. It must be provided in a non-redacted manner. And then that information also, by way of the rules of discovery, must be provided to the defense team in order to identify the rules of discovery must be provided to the defense team in an unredacted manner as well. So regardless of which team we are working for on any given case, we are receiving that unredacted data. Now, obviously, there's still some sensitive information there. And we will handle that information as sensitive. So we're not disclosing that information. Non-disclosure agreements are signed between all parties involved. And there are certain security measures that we follow within Latro to make sure that data is as secure as it can be. Between just physical security within our office spaces and ensuring that all digital devices and digital data are locked up in additional security measures. Absolutely fascinating stuff. And I can see that from the legal side, that even if the technology is the same in different countries, that's why it may be difficult to transfer the service from one domain to another legal domain because of the protocols around what you're allowed to do and how you do these things. But so far, we've been quite abstract. We talk about process and the rules and the framework for how we do these things. Please give us a story about your forensic services making an impact in a court case. Well, you provided some statistics in the beginning of this show about just the number of cases where this digital evidence comes to play. And it is always increasing. The number of cases that I've seen alone with Latro has increased every year. So talk about one specific case that Latro was brought in on. And one of the reasons I was brought in on this specific case by the prosecution team is I assisted with the investigation in my last several months as a detective with the City of Eastern Police Department. It involved a crime spree that took place in late 2016 into 2017. It involved numerous crimes in excess of seven different armed robberies. There were six cell phone stores that were robbed. There was a jewelry store that was robbed. It involved a homicide and it involved a second incident of attempted kidnapping. All of these crimes occurred over three separate counties, seven different jurisdictions in two different states. So if you can just imagine the law enforcement investigations and I say plural investigations going on because, again, you had several different agencies investigating each one of these crimes. They kind of got in over their head. And it wasn't until I had gotten in my department, I got more involved in the investigation where we identified one of the suspects using his cell phone during one of the robberies. Now we had two suspects involved. One had left the store. We saw another suspect inside the store that they were robbing using his cell phone. We ordered certain call detail records from all the phone companies, all the operators, and were eventually able to identify the phone numbers associated with these criminals and thus were able to then identify them. And once we get additional call detail records for those numbers, we were able to see that they were involved in all of these different crimes over the last over the six months or so. That additional information led to search warrants being conducted in numerous different jurisdictions in numerous different states. And much of the evidence that we were looking for, including some of those items that were stolen from the cell phone store robberies, the jewelry from the jewelry store robbery, and the weapon that was used in the outside were seized during the search warrants. So that's just one rather large investigation. And I say large not only with the number of crimes involved, but the number of agencies that were leading that investigations. It's a great example of just taking all of this data, all the collective data from cell phone forensic examinations and call detail records and all the different types of records that we're getting from the operator, putting it all together, working with a number of different agencies and really bringing this crime gang and criminal gang and crime spree to an end. It's mind blowing when you think about the scale of these things and what can be done in terms of information. And it is hard sometimes, I think, for members of the public to fully appreciate the level of work that needs to go into this and the importance of the work that goes into it. But I think maybe the public's a bit more aware because following the last presidential election in the US, there was a bit of a hoo-ha in the capital. I'll say it like that because I don't want to pick either side in terms of how big to make a deal of it or how little to make a deal of it. But there was a lot of trespassers who are definitely breaking the law because they weren't allowed to be in the US Capitol, the building where the Congress sits, and yet they were in the US Capitol. Some people say they were just larking around and doing a bit of sightseeing and taking selfies whilst they're wearing their helmets with the horns on the side of it. And other people were saying that they were trying to interfere with the transfer of power to the new US president, the head of state. So they were definitely committing treason. I won't pick a side in terms of who's that. But nevertheless, a big deal and a lot of people in a building at a specific point in time. So therefore, a lot of interest in terms of use of data to identify those people and the legal proceedings that follow in terms of using that data to prosecute that people. So tell us a little bit in terms about the techniques, the methods, the way in which that's been approached in the USA. And maybe also tell us a little bit in terms of how much it's changed perceptions of your work. Absolutely. So we're referring to the incident on January 6 in Washington DC and specifically at the Capitol. So you can imagine if law enforcement is searching for one individual and or there's one or a handful of individuals in an area that large outside the Capitol. I'm sure that they have ample surveillance coverage and cameras that they can pick up that one individual. But if you start adding thousands of people into an area, and regardless of the size of that area, it obviously becomes more difficult to identify any one person. So in this specific case, you had thousands of people potentially committing crimes. So we're, you know, the law enforcement is going to have to investigate that. So one of the ways that they did investigate that is with call detail records. So identifying the phone numbers of those physical cell phones that were in that area, taking that information, and following up again with the operators and identifying those individuals who those phone numbers belong to. Once you once they start doing that, you'll start, I don't want to call it conspiracy, but you might identify other key players or suspects that are affiliated with any one of those individuals that you've now identified through the use of call detail records, and the analysis of those call detail records. So it's it's definitely a growing field. We constantly constantly see the need in the wealth of data and information that we are able to obtain from the operators. I've got a question here from a viewer I want to share with you guys now. A question asks, the January 6 capital invasion, was this an unprecedented investigation by the police using mobile operator data? Or has the US police forces already reached a point where this is now normal practice? I would say it might be unprecedented, unprecedented in just the numbers alone of individuals being investigated and being identified, perhaps, perhaps mostly through the analysis of CDRs. But I'm sure there have been many other events, some high profile bombings that we might see or high profile violent crimes, where law enforcement is going to try to identify either those individuals involved or potential witnesses to those crimes through the analysis of CDR. So I think one of the aspects or two of the aspects that makes this unprecedented is just the number of individuals involved and how public it was. So it's certainly it's not the only time an event like this has occurred where law enforcement is analyzing this number of phone numbers and or devices. But it's impressive from just the press involved. Another point I wanted to make is there is a distinction between, at least in the US market, between sort of federal policing and local and state level policing. And at the federal level, there's, of course, a lot more funding and resources and technology available to handle these kinds of investigations. A lot of the work we do is at the state and local level, which is a different set of funding and resources available. So, you know, definitely a lot of interesting things going on in the US market across the board. I was just going to add there is I don't think this this type of, you know, happens in happens in the USA. I'm sure this is happening in places like Iran as well with all the protests going on there. I'm sure the authorities are there trying to find out who's involved in the protests over there as well. Well, and this is why it comes to sensitive topic in terms of the rights and limits of these things that links to a comment here we've got from Ray Green from Focused Data. He says, you need to be careful of using cell phone data for evidential purposes. It has a number of flaws. It is data created for one purpose that is being used for another. I can give you a number of instances where the data has been misleading. And that follows into another question for the guys from LATRO here. Perhaps Tom would like to field this one. That's a bit of a cheeky one. So I warn you in advance, it's a bit cheeky. If you were asked to defend somebody who had been accused in the January 6th insurrection, that's how they write it. If you were asked to defend them, what's the first thing that you would turn to in terms of looking for data that they weren't involved? I'd say that's a tough question. So obviously, I would have to analyze that data, which they do have against them. And you're going to look for any inaccuracies or some maybe missed data within there that wasn't apparently analyzed. And I think that's where you start. So that might give us or me as the investigator, a better idea of what data I need to go out and search for. Does that data involve additional surveillance video, license plate readers, which we could subpoena? Maybe the physical device and extracting the data out of there to get a bigger and better picture of exactly what was going on. Obviously, when we were looking at call detail records, that's just one source of data. So if you're thinking about it as pieces in a jigsaw puzzle, that's just one or several pieces of that entire jigsaw puzzle. So we want to try to uncover any possible evidence and not just digital evidence that might help that investigation. Good point. But I guess a lot of the time, one of the issues that comes up in court cases, tell me if I'm wrong, but I guess one of the things that comes up a lot of the time is that people say, well, you have a record saying I'm somewhere, but I wasn't actually there. I was nearby. There's some error in the data. How do you deal with this question in court as to how accurate the data is in terms of determining where somebody is? And of course, this is absolutely essential to something like what happened in the January 6th US Capitol invasion, because if you're not in the building, then you're not committing the crime of trespassing in the building. So I guess the accuracy must vary a lot depending upon circumstances. How do you deal with that in terms of finding the right estimate of accuracy? The accuracy does change and does vary, as you said. And what we try to do, and this is primarily what I do on a day-to-day basis when I'm diving into call detail records and combining that with the information from the device itself, you're trying to establish a pattern, a pattern of life, if you will, which is often how it's referred to in the field. So for example, I've seen several cases in one specific case involving a homicide where it was portrayed that the defendant was in the area at the time the homicide was committed. But what was not brought up was that the defendant is always in that area. That's his most frequently used area. If you're looking at the frequency of the cell phone towers and cell IDs used, the defendant lives in that area. So you would expect to find them in that area. So it's ensuring that you analyze the data as a whole and don't be selective about just certain points in there. Yes, we know that the RF survey also changes and it could vary. So again, you don't want to focus on one very short piece of those call detail records. You want to look at them as a whole. You want to get as much discovery, as much information about this case, and about the suspects involved that you can and combine all that data. That is a great insight. The fact that it's not just about having some data, it's about analysis of the data, interpreting the data, so you draw the right conclusions from the data rather than just what seems like the first plausible conclusion you want to make. We're running out of time, guys. It's been a great conversation. So I'll leave you with just one last question to sum up where we are in terms of the situation these days. What are the biggest challenges that both mobile operators and law enforcement face today when it comes to using network data, device data in legal proceedings? I would say one of the biggest challenges for the operators is just the growing number of legal requests for this data and the high demands that it puts on their already outstretched resources. So whether it's manning resources, equipment resources, financially, that's got to be a challenge to them. And we see that on the law enforcement side, too. The law enforcement is constantly attempting to get this data and preparing the legal documentation for this data. And sometimes getting that data is slow. And I'm just talking about through the operators themselves. And then you have that security issue with the devices themselves. Our device manufacturers are constantly upgrading their security, which prohibits or inhibits law enforcement from getting inside that device. So there's numerous challenges to both sides when it comes to attempting to get this data and analyze the data. Fantastic. Well, thank you so much. I'm afraid we're out of time, guys. But Tom, Don, I really appreciate having a show. I've gained a lot of insights from this interview. I'd love to continue talking. I'm sure we will continue talking after the live stream ends, but I need to start the show now. So thank you again, Tom, Don, for joining us on today's show. Thank you. Thanks, Luke. That's all for today's show. Lee and I will be back with our regular co-presenter, Ed Feingold, on Wednesday next week when we'll be talking about managing risk as communications providers of increasingly complicated financial services and when it becomes necessary to regulate them like banks. So Lee, Ed and I will be joined by our good friend Joseph Nderitu. He's a director at business advisory firm Integrated Risk Services and one of the most broadly traveled and experienced communications risk consultants working in sub-Saharan Africa. We'll be all together. The live stream will occur on Wednesday, 12th of April at 4 p.m. UK, 6 p.m. Saudi Arabia, 10 a.m. U.S. Central. But why not save the show to your diary by clicking on the relevant link at the Communications Risk Show webpage? Or better still, subscribe to our broadcast schedule and have every weekly show uploaded to your diary automatically. Thanks again to today's guests. Donald Reinhart, CEO of LATRO. Tom Beiser, Director of LATRO Cellular Forensics Lab. LATRO were sponsors of today's episode. Thanks to my co-presenter, Lee Scargall. I'm always learning new things from him every time we're on this show. I've known him for a long time. I still don't know the secret of success, how it's gotten so well for you. But apart from that, I've learned a lot from Lee. And thanks to our hardworking producers of the show who've been complaining that they'll never get rich with the amount that I pay them. They are Matt Carter, who's been assisting James Greenley as our producer today. And that's it for episode four of the Communications Risk Show. I'm your host, Eric Piscance. You'll find recordings of all our previous broadcasts at the show's website, tv.commsrisk.com. Also visit our main site at commsrisk.com for news and opinion about risks in the comms industry. And don't forget that the Risk and Assurance Group offers free services and contact for risk managers, including the RAG Block Chain and RAG's comprehensive fraud and leakage catalogs. You'll find them all at RiskandAssuranceGroup.org. Thanks for watching today. We'll see you next Wednesday.