• United States



The Agent Wore Madras

Sep 01, 20069 mins
Data and Information SecurityInvestigation and Forensics

When the FBI needed to search an employee's PC for gang-related activity, the CSO was in for a few surprises?

In the mid-1990s, the sounds of gunshots were all too familiar throughout the Northeast. From Brooklyn, N.Y., to Rutland, Vt., hundreds of young people, almost all of them males in their late teens, lost their lives as street gangs battled over turf. The gangs insisted that their organizations were mere social clubs, but people knew better. Crack cocaine was big business, city blocks were sales territories, and the 9 millimeter handgun was the chief negotiator.

The citizenry grew weary of the rising death toll and called for action. In response, a joint task force of local, state and federal agencies was formed. The FBI, the Bureau of Alcohol, Tobacco and Firearms, and the Drug Enforcement Administration worked side by side with state and local police to gather intelligence, understand the inner workings of the gangs and identify their leaders. The ultimate goal was to break up the gangs and end the violence plaguing the streets.

Armed with knowledge of their habits, hideouts and leadership, the task force went to work.

Houses and apartments were raided, and gangsters were hauled away and put to trial. Once convicted, the gangsters were sent to different prisons around the country in an effort to hamper gang communication.

A task force member who had managed to infiltrate one gang discovered that one of its leaders was producing and distributing gang propaganda with the use of a personal computer. During a predawn raid, the task force stormed the apartment of this tech-savvy gangster and seized the PC as evidence. When the computer was analyzed, a property tag identified the computer as belonging to the company where I was CSO. When the gangster was interrogated, he acknowledged that a relative of his held a job at my company. The PC was a loaner that enabled that person to work from home. Based on this information, the task force contacted my company through the U.S. Attorney’s office. Our company lawyers were directed to secure any computer equipment used by the alleged gangster’s relative and to await further instruction. That’s when I got a call.

I was summoned to an office where I was met by our corporate attorneys, who briefly explained to me that our company had been instructed to hold a particular PC and wait for the FBI to come in and look at it. Accompanied by a couple of our security guards, I dutifully went off down the hall to locate the PC. The office was vacant, and we gathered the PC and associated diskettes without incident.

Two weeks went by before I got a call letting me know that a special agent from the FBI would be coming in to look at the seized PC. On the day he arrived, I was called to meet the agent in our front lobby. When I arrived there, I scanned the visitors, looking for the one in the suit and dark sunglasses.

To my surprise there was no such person. When I asked the guard at the front desk which person was here to meet me, she pointed to a pleasant-looking man in khaki pants and a madras shirt. In his hand he held a stout, hard-sided satchel that looked more like luggage than a briefcase. I introduced myself and led the agent to the small conference room where I had locked the PC safely away.

Myths Dispelled

As the agent placed his briefcase on a table in the room, something thumped around inside it. I assumed that it was probably a thermos of coffee or a can of soda. Later, when he opened the case, I noticed a large-caliber handgun inside. Funny, I thought — this guy is not at all what I had expected. No suit, no sunglasses, no shoulder holster, and not once did I see him talk into a microphone hidden up his sleeve.

The agent explained that the FBI wanted to be as considerate as possible of my company’s concerns. He went on to tell me that my role would be to identify what was company-confidential information and what was not company-related. We started our search by write-protecting the PC so that no information could be accidentally updated. The agent explained that it was important for the potential evidence not to be tainted. (Back then, computer forensics was in its infancy, and we didn’t make a mirror image of the hard drive.) We methodically searched through all directories and files, and the agent asked questions. “Is that a company file?” “Does that look business-related or is that a personal letter?” And so it went.

The agent began to suggest certain words that I should look for in the files. At first, the words didn’t have much meaning to me, but then he uttered the word familia. Not remembering my high school Spanish lessons, I thought the word sounded Italian. Suddenly I feared the case dealt with the Mafia, which seemed like more than I wanted to be involved with. After a few more search words, it dawned on me that the words were Spanish and not Italian. I remember feeling relieved, thinking that Latin street gangs were somehow less of a concern than the Mafia. Later it occurred to me that any organization that solves problems by whacking people is worth worrying about.

After hours of scanning the PC’s hard drive with rudimentary search tools, we came up empty. We then turned our attention to the diskettes I had found. When I found files that were password-protected, the search stopped. The agent told me that he could get password-cracking tools, so we agreed to meet again.

A few days later, once we had the right tool, accessing the protected files was child’s play. The tool revealed the passwords, and the files opened. Sure enough, these files were not related to company business.

When the agent ran short on time and had to depart to work on another case, I was left to continue the search on my own. I conducted searches on the active files first, and then I began to look through the deleted files and slack bits. Then it happened: I hit pay dirt, the mother lode, the smoking gun.

Within a file that had been deleted I found a 200-page diatribe that recounted the history of a Latin street gang. Included were all the rules of the gang as well as the sanctions for disobeying them. For most serious offenses the sanction was the same: the “Big T” (termination), which I interpreted to mean they killed you. The FBI later confirmed that my interpretation was correct. If you violated the rules of the gang, the odds were good that you’d be shot dead.

When I informed the FBI agent of what I’d found, he was pleased and excited. I was invited to the local FBI field office and given the Cook’s tour of the place. They showed me binders containing photographs of tattoos of known gang members. They also had photos of certain apparel they referred to as “colors,” which indicated gang affiliation. I received a fascinating crash course in the inner workings of gangs. I never learned whether the information I had found significantly aided their case. It was apparent that the information was useful and my help was appreciated. That’s all that really mattered. As a security practitioner, I understand the concept of “need to know,” so the fact that they didn’t offer much more detail about the case seemed appropriate.

Not only was I pleasantly surprised with the amount of information the FBI agents were willing to

share about their procedures for investigating the gangs, I was also pleased with how respectful they were toward my company. I had heard tales that heavy-handed investigators took away computer equipment and trampled the rights of companies. There was no such infringement here. These agents were professional, respectful, considerate and just plain nice to deal with. They accommodated our need to protect our company-confidential information and worked in a collaborative manner.

This wasn’t the only time I dealt with the FBI. I had another situation when I called the bureau for assistance, and that too was handled with great professionalism. I’m sure that from field office to field office, and from agent to agent, some differences in competencies and personalities exist. However, my own experiences have been very positive. As far as I’m concerned, the jack-booted thug FBI agent is more myth than reality.

Still a Caveat

That’s not to say that you should ever relinquish control to the FBI haphazardly.

Even when outside entities are reasonable and act professionally, we CSOs need to look out for the interests of the organizations that pay our salaries. Those interests are not necessarily opposed, but we need to watch out for the one who brought us to the dance. There are times when crimes have been

committed and law enforcement has only so many options. Even then, though, the company still can have some control. Depending on the circumstance, you may have some say in things like the timing of arrests or the contents of press releases. The important thing is to assert the rights of your organization and to negotiate for the best possible outcome.

When faced with a delicate situation such as the involvement of company equipment in less-than-honorable circumstances, talk to your legal counsel. Understand what sort of legal ground you stand on before inviting others in. I’m not at all suggesting that you shouldn’t call law enforcement when appropriate. I’m merely saying that before you do, have a clue about what the various outcomes will be.

Go in with eyes wide open, and play your cards well. You’re playing with professionals.

Undercover is written anonymously by a real CSO.