Translate this page:
Please select your language to translate the article


You can just close the window to don't translate
Library
Your profile

Back to contents

Police activity
Reference:

On the search for digital traces using OSINT in the detection and investigation of crimes related to the acquisition, storage, sale and smuggling of timber.

Viatkin Andrei Anatol'evich

ORCID: 0000-0002-3169-5111

Senior lecturer; Department of Prosecutorial Supervision and Participation of the Prosecutor in the consideration of civil and arbitration cases; Irkutsk Law Institute (branch) University of the Prosecutor's Office of the Russian Federation

664035, Russia, Irkutsk region, Irkutsk, Shevtsova str., 1

viatkin-chita@yandex.ru
Other publications by this author
 

 

DOI:

10.7256/2454-0692.2024.4.71179

EDN:

UPQFZB

Received:

02-07-2024


Published:

05-09-2024


Abstract: The subject of the study is the results of scientific research of a theoretical and applied nature, which are devoted to the disclosure and investigation of crimes related to the acquisition, storage and smuggling of timber, the search, fixation and analysis of digital traces, methods of working with computer information. Within the framework of the study, the author puts forward a hypothesis about digital criminalistically significant information that remains out of the field of view of preliminary investigation bodies and operational units, sets the task of finding the optimal method of working with digital traces in the disclosure and investigation of this category of crimes, substantiating the possibility of its use in this activity, identifying the specifics of digital traces that can be found on electronic media servers and other devices connected to the Internet. The methodological basis of this research is the general dialectical method of scientific cognition, methods of logical deduction, induction, cognitive methods and techniques of comparison, analysis, generalization, description, and the method of hypothesis. The scientific article considers open source intelligence (English OSINT, Open Source Intelligence) as a method of remote (remote) work with digital traces in the detection and investigation of crimes related to the acquisition, storage, sale and smuggling of timber, its advantages over forensic computer examinations are revealed. In addition, the author highlights the main stages of illegal timber export, based on the content of which the task of searching for digital traces is simplified, examples are given, and the main software tools that allow searching for such traces are listed. It is also concluded that it is advisable to conduct further more detailed scientific research and include the use of open source intelligence in the private forensic methodology for the disclosure and investigation of crimes of the studied category.


Keywords:

illegal timber trafficking, methodology for solving crimes, smuggling of forest products, OSINT, open sources of information, digital traces, preliminary investigation authorities, operational-search activity, digital information, virtual traces

This article is automatically translated.

On May 30, 2024, the All–Russian Scientific and Practical Conference "Baikal Environmental Forum" was held, organized by the Irkutsk Law Institute (branch) of the University of the Prosecutor's Office of the Russian Federation. Within the framework of the scientific discussion, special attention was paid to the results of the analysis of the state and prospects of countering environmental crime, as well as issues of detection, suppression and investigation of environmental crimes [1, p. 87].

The participants noted that in the Russian Federation today one of the strategically important tasks is the conservation of natural resources, and in many ways its solution is entrusted to the Ministry of Internal Affairs of the Russian Federation. The complexity of law enforcement in this area is due not only to the specifics of the crimes committed, but also to the variety of types of resources that are involved in domestic and international turnover.

At the same time, forest resources are of particular importance, since they are the most important renewable type of biosphere resources for multipurpose use, performing a number of environmental and economic functions [2, p. 54]. The Russian Federation ranks first in the world in terms of the size of the territory occupied by forests. This is 815 million hectares, which is 20% of the total forest area of the globe.

Unfortunately, illegal timber trafficking remains one of the most important problems in some regions of the Russian Federation. These include the Irkutsk Region, the Trans-Baikal Territory, and the Republic of Buryatia, where the volume of legal and illegal logging is relatively higher than in the regions of the European part of Russia. This is largely due to the geographical location of these entities, which allows timber to be exported to the People's Republic of China by rail.

A significant proportion of the work on countering crimes related to the acquisition, storage, sale and smuggling of timber in these regions is carried out by the East Siberian, Trans–Baikal linear departments of the Ministry of Internal Affairs of Russia for Transport, the Eastern Interregional Investigative Department for Transport of the Investigative Committee of the Russian Federation in cooperation with units of the Federal Customs Service of the Russian Federation. At the moment, these law enforcement agencies have developed a practice of effective disclosure and investigation of crimes of the specified specifics, which makes it possible to bring to criminal responsibility participants in illegal trafficking in forest products.

At the same time, it should be noted that crime is evolving, the rapid process of digitalization of various fields of activity has a significant impact on the methods chosen by criminals to commit crimes. At the same time, as noted by E. I. Tretyakova, S. S. Bosholov and R. P. Shcherbina, "more and more information and telecommunication technologies are being introduced into the mechanism of committing crimes that have already become traditional" [3, p. 107].

According to E. N. Rakhmanova and E. V. Ponomareva, "the explosive growth of technological innovations outstrips the capabilities (or readiness) of the state to understand, monitor and effectively manage them and their negative consequences" [4, p. 203]. We consider this thesis to be justified, since the disclosure of crimes committed using information and communication technologies is really difficult for law enforcement agencies today.

The judicial and investigative practice formed on the territory of the above–mentioned regions shows that crimes related to the acquisition, storage, sale and smuggling of timber are most often committed by organized criminal groups (hereinafter referred to as organized criminal groups).

They usually include people who have higher education, experience and skills in doing business, as well as handling modern technology. Such members of the organized criminal group are quite capable of using technologies in criminal activities that allow the transfer of various information via the Internet, store it, create documents, transfer funds, etc. In this regard, it seems paradoxical that there is currently no stable functioning mechanism for searching, analyzing, and recording digital information for the purpose of disclosing and investigating such crimes. In addition, the emerging practice of arresting criminally obtained property and countering its legalization does not correspond to the growing popularity of using digital assets in society.

Based on the above, in our opinion, it is permissible to put forward a hypothesis that some criminally significant digital information simply remains out of sight of law enforcement agencies.

In order to find a solution to this problem, we consider it necessary to refer to the following conclusion contained in the scientific work of V. V. Polyakov: "One of the urgent tasks of modern criminology is the development of a private methodology designed to counter the rapidly developing high-tech crime, which is becoming one of the main criminal threats of modern society" [5, p. 117]. We support the point of view of this scientist, however, we consider it necessary to note that such a private methodology, from the perspective of the problem formulated in this study, will not take into account significant features of the disclosure and investigation of crimes related to the acquisition, storage, sale and smuggling of timber. In addition, it is quite difficult to fully classify such crimes as high-tech, since in many ways they retain traditional, archaic features.

In this regard, it seems advisable to develop an up-to-date private methodology that will solve the problems of disclosure and investigation of this particular category of crimes, while focusing on the possibility of working with digital traces. Such traces are also referred to in various scientific papers as electronic, computer, and virtual [6].

For the purposes of this study, we consider it necessary to refer to the definition formulated by A. A. Bessonov: "Electronic traces are information recorded in digital format, contained in electronic computers and other digital devices created on the basis of their technologies, in mobile radiotelephone communications and on various digital information carriers, causally related to the event of the crime, which allows to establish the circumstances of the committed crime and the perpetrator" [7, p. 47].

To date, there are convenient and fairly universal methods of working with criminally significant information contained in electronic devices seized as part of the investigation. For example, the monograph by O. P. Gribunov, P. B. Nikonov, C. B. Parkhomenko, E. V. Rogovoy, V. N. Shikhanova describes in detail the possibilities of forensic examinations in the investigation of crimes committed using digital currency [8, p. 29]. The monograph by V. V. Kolominov and D. A. Stepanenko reveals the possibilities of using special knowledge when working with digital traces within the framework of computer expertise [9, p. 112].

However, it should be noted that it is not always possible to remove electronic devices for further examination, which may be due to various factors, including: lack of information about the storage location of criminally significant digital information (about its electronic media); location of the electronic media abroad; the need for pre-processing and analysis of a large amount of data, which are stored on several devices connected to the Internet.

The existence of such a problem is confirmed, among other things, by the conclusions of scientists of the Republic of Belarus. For example, it is formulated by D. A. Sviridov: "in practice, a person conducting a criminal investigation often has such a problem — computer information may be difficult to access due to its location on remote servers, including outside the state, and access to it may be limited by certain identification data, which can be obtained it is quite problematic, but it is impossible without special knowledge" [10, p. 300].

In addition, the search for information by removing devices with subsequent examinations is not always justified, in many cases it may not allow some tactical decisions to be implemented as part of operational investigative activities or investigations, and also take a long time.

In this regard, we consider it necessary to find a way to work with digital traces that will allow law enforcement agencies to act remotely (remotely), before the seizure of electronic media or without it at all. The conclusion of S. S. Bosholov, I. S. Bragina and S. N. Serikov seems absolutely fair: "the greatest success in the detection and investigation of crimes committed using information and telecommunication technologies is achieved precisely with active operational investigative support, the essence of which is the integrated use of modern software and hardware complexes and methods of operational investigative activities aimed at exposing and documenting the illegal activities of the person who committed the crime" [11, p. 74]. However, we add that the introduction of such elements is advisable not only in operational investigative activities, but also in the activities of the preliminary investigation bodies.

To answer the question about a specific way to search for digital traces and further work with them, let's turn to the research conducted by V. Yu. Ivanov. This scientist, in his scientific article "The use of OSINT in the detection and investigation of crimes", considers the possibility of law enforcement agencies using the so-called open source intelligence (English OSINT, Open Source Intelligence). At the same time, the author explains: "attackers are increasingly using information and telecommunications technologies for their criminal purposes. Information about the identity of the perpetrator and the crime in general can often be found in the public domain on the Internet. But searching for information from open sources is not as easy as it may seem, it requires certain skills and knowledge of where to look and what to look for. This activity is commonly referred to as OSINT" [12, p. 63].

Indeed, since its creation, the global network has been accumulating huge amounts of various data about users and their activities. New types of digital information are emerging, which is collected automatically, due to the development of such areas as mobile communication services, digital media, social networks, and the Internet of Things. Major changes have also been taking place since the beginning of the integration of satellite navigation into network technologies.

In such circumstances, valuable information about the criminal begins to be stored on numerous electronic media even before the moment of criminal intent. Even a person's refusal to use the Internet and modern electronic devices does not prevent this, since information about him in the form of text recordings, photographs and video material can be stored on various network resources as a result of the activities of other persons, the media, automatic video cameras, etc.

There are various classifications of digital footprints in scientific papers, each of which deserves attention. For this study, we use the provisions contained in M. M. Lyanov's scientific article "A modern approach to the classification of digital traces". In this paper, the author suggests quite logically classifying digital footprints according to the following criteria: the type of electronic information carrier on which the virtual footprint is located; the location of the virtual footprint; the circumstance to be proved in a criminal case; the structure and content of information [13, p. 49].

In addition to the above universal classification, in order to describe digital traces that are of interest for the disclosure and investigation of crimes related to the acquisition, storage, sale and smuggling of timber, it is necessary to consider the main typical method of committing such crimes and divide it into stages.

As a rule, in the territories of the regions mentioned earlier, such crimes are united by the main purpose – the illegal movement of timber abroad and are committed sequentially (from acquisition to smuggling). At the final stage, criminals carry out an unreliable declaration of such goods, for this purpose they enter information about the origin of timber into customs documents that do not correspond to reality. The supporting documents are usually fictitious agreements on transactions, as a result of which the exported forest products were allegedly purchased from legal entities or individual entrepreneurs, as well as fictitious documents confirming the receipt of wood as a result of its harvesting in a designated forest area.

It should also be noted that the entire chain of criminal actions may be accompanied by auxiliary crimes related to the creation of fictitious organizations, the legalization of criminally obtained income, property, etc. The list of such crimes, of course, is individual in each case, but in general it is permissible to generalize and highlight the following main stages:

1. The formation of criminal ties, the distribution of functions between members of the organized criminal group.

2. Creating conditions for the commission of crimes, including the registration of legal entities, the formation of a material and technical base, the organization of document management and accounting, logistics.

3. Search for channels for the purchase and sale of knowingly illegally harvested wood abroad, the conclusion of international contracts.

4. Purchase of wood, the cost of which is significantly lower than the cost of legally harvested wood (due to the lack of title documents).

5. Provision of products intended for illegal export with fictitious documents confirming the legality of their origin. At this stage, other members of the organized criminal group may be sought out who have the necessary skills and abilities in the manufacture of forged documents.

6. Submission of documents containing deliberately false information about the legality of the origin of timber to the Federal Service for Veterinary and Phytosanitary Supervision (in order to obtain phytosanitary certificates that are mandatory for the export of timber).

7. Entering deliberately false information about the origin of illegally harvested timber in the declaration of goods, providing the customs authorities with a package of supporting forged documents and phytosanitary certificates.

8. Movement of timber abroad on the basis of concluded international contracts (usually by rail), receipt of funds.

Thus, the specifics of the digital traces inherent in such crimes can be disclosed taking into account their classification, as well as based on the specific stage to which they relate.

For example, at stages No. 1, 3, 5, digital traces will be of the greatest interest, which may indicate communication between criminals and their interaction with other persons. Information about correspondence between users, personal data of individuals, their unique names, photographs (including the geographical location of the shooting location, the date of shooting or the date of uploading the photo), phone numbers, and email addresses may remain on the electronic media of the servers. The possible involvement of a person in a certain type of activity (including a criminal role in an organized criminal group) may even be evidenced by the way his phone number is stored in other people's phone books.

At stage 2, traces are formed during the registration of organizations, as well as when they are used for other legitimate and illegal purposes. Information about them can be accumulated and grouped according to a certain principle in digital databases that are publicly available.

For stages No. 4, 8, digital traces in the form of entries in the registers of blockchain systems will be of particular importance, since calculations can be made by transferring cryptocurrencies or transferring other digital assets. This may be indicated by the evasion of criminals from fulfilling their obligations to repatriate funds in foreign currency or the currency of the Russian Federation (Article 193 of the Criminal Code of the Russian Federation).

To search and analyze publicly available information (in order to detect digital traces), it is necessary to use software and services designed for this purpose on the Internet. They allow you to process large amounts of data, extract metadata from files, detect connections between information located in different places, and build graphical diagrams of the detected connections. Such software is quite accessible, described by D. A. Sviridov: "based on the array of collected digital traces, modern algorithmized systems have the opportunity, by filtering out information noise, to create a so—called filter bubble - an exclusive version of the human virtual space" [14, p. 262].

For example, such tools include: Shodan, Maltego, Getcontact, Google Earth, Venator. O. A. Slashchin additionally lists software that allows analyzing cryptocurrency transactions: GraphSense, Reactor, Crystal Expert [15, p. 265].

It is noteworthy that they allow you to work with data that is located on foreign servers. This is especially important, since illegal exports of forest products are quite often committed by citizens of the Russian Federation together with citizens of the People's Republic of China, criminals can use the "Darknet" for conspiracy purposes.

Thus, OSINT tools can help in preparing for investigative actions and operational search activities, reduce time costs and simplify the process of obtaining criminally significant information.

In addition, they can be used in conjunction with other methods of searching for information about traces, to complement the work with those mentioned in the scientific article by O. P. Gribunov and V. A. Kosykh: the state forest register; LesEGAIS; electronic information from the Federal Tax Service, the Federal State Statistics Service and the Federal Customs Service of the Russian Federation [16, p. 148].

This determines the expediency of further scientific research and the inclusion of OSINT application issues in the private forensic methodology for the disclosure and investigation of crimes related to the acquisition, storage, sale and smuggling of timber.

References
1. Karpysheva, Yu. O. (2024). Results of the All-Russian scientific and practical conference Baikal Ecological Forum. The Art of Law, 2(10), 87–88.
2. Lysyuk, R. N. (2019). Ecological and economic assessment of forest resources as a component of sustainable development of the forestry complex. Bulletin of the Brest State Technical University. Series: Economics, 3(116), 54–56.
3. Tretyakova, E. I. (2021). Possibilities of de-anonymization of persons committing fraud using spoofing attacks. Forensics: yesterday, today, tomorrow, 4(20), 106–118.
4. Rakhmanova, E. N. (2023). Cybercrime, digital crime and cybersecurity: problems of definition and relationship. Criminal law: development strategy in the 21st century, 3, 202–209.
5. Polyakov, V.V. (2023). Group form of committing crimes as one of the signs of high-tech crime. Russian Legal Journal, 1(148), 117–126.
6. Gribunov, O. P. (2023). Improving the methodology for investigating crimes associated with changing the markings of vehicles. O. P. Gribunov, A. S. Agafonov. Moscow: Yurlitinform.
7. Bessonov, A. A. (2019). About some possibilities of modern forensics in working with electronic traces. Bulletin of the O. E. Kutafin University (MSAL), 3(55), 46–52.
8. Gribunov, O. P. (2023). Digital currency and digital financial rights as a subject and means of committing crimes. O. P. Gribunov, P. V. Nikonov, S. V. Parkhomenko, E. V. Rogova, V. N. Shikhanov. Irkutsk: Irkutsk Law Institute (branch) of the federal state government educational institution of higher education "University of the Prosecutor's Office of the Russian Federation".
9. Kolominov, V. V. (2022). Investigation of fraud in the field of computer information: theoretical and applied aspects of the initial stage. V. V. Kolominov, D. A. Stepanenko. Moscow: Yurlitinform.
10. Sviridov, D. A. (2022). Features of the inspection of computer information in cases of business activities carried out without special permission (license). Legal culture in modern society: a collection of scientific articles, Mogilev, May 20, 2022. Mogilev: Educational Institution "Mogilev Institute of the Ministry of Internal Affairs of the Republic of Belarus", pp. 297–301.
11. Bosholov, S. S. (2021). Current issues about the need to create conditions for effective work in solving and investigating crimes committed using information and telecommunication technologies. Forensics: yesterday, today, tomorrow, 3(19), 69–76.
12. Ivanov, V. Yu. (2023). Use of OSINT in solving and investigating crimes. Bulletin of the Ural Law Institute of the Ministry of Internal Affairs of Russia, 1(37), 62–66.
13. Lyanov, M. M. (2020). Modern approach to the classification of virtual traces. Siberian criminal procedural and forensic readings, 4(30), 47–55.
14. Sviridov, D. A. (2023). Digital trace and its significance in the practice of crime investigation. Legal culture in modern society: Collection of scientific articles of the VI International Scientific and Practical Conference, Mogilev, May 19, 2023. Mogilev: Educational Institution "Mogilev Institute of the Ministry of Internal Affairs of the Republic of Belarus", pp. 260–263.
15. Slashchinin, O. A. (2023). Cryptocurrency in investigative activities: features of detection, establishment of the nature and circumstances of its use. Conceptual foundations of modern criminology: theory and practice: materials of a scientific and practical conference with international participation dedicated to 50th anniversary of the formation of the Department of Criminalistics, Faculty of Law, Belarusian State University, Minsk, April 13, 2023. Minsk: Belarusian State University, pp. 262–270.
16. Gribunov, O. P. (2023). Information technologies in the system of combating illegal timber trafficking. Bulletin of the East Siberian Institute of the Ministry of Internal Affairs of Russia, 4(107), 143–156.

Peer Review

Peer reviewers' evaluations remain confidential and are not disclosed to the public. Only external reviews, authorized for publication by the article's author(s), are made public. Typically, these final reviews are conducted after the manuscript's revision. Adhering to our double-blind review policy, the reviewer's identity is kept confidential.
The list of publisher reviewers can be found here.

The subject of the research in the article submitted for review is, as its name implies, the problem of searching for digital traces using OSINT in the disclosure and investigation of crimes related to the acquisition, storage, sale and smuggling of timber. The stated boundaries of the study are observed by the author. The methodology of the research is not disclosed in the text of the article. The relevance of the research topic chosen by the author is undeniable and justified by him as follows: "On May 0, 2024, the All–Russian Scientific and Practical conference "Baikal Environmental Forum" was held, organized by the Irkutsk Law Institute (branch) of the University of the Prosecutor's Office of the Russian Federation. Within the framework of the scientific discussion, special attention was paid to the results of the analysis of the state and prospects of countering environmental crime, as well as issues of detection, suppression and investigation of environmental crimes [1, p. 87]. The participants noted that in the Russian Federation today one of the strategically important tasks is the conservation of natural resources, and in many ways its solution is entrusted to the Ministry of Internal Affairs of the Russian Federation. The complexity of law enforcement in this area is due not only to the specifics of the crimes committed, but also to the variety of types of resources that are involved in domestic and international turnover. At the same time, forest resources are of particular importance, since they are the most important renewable type of biosphere resources for multipurpose use, performing a number of environmental and economic functions [2, p. 54]. The Russian Federation ranks first in the world in terms of the size of the territory occupied by forests. This is 815 million hectares, which is 20% of the total forest area of the globe. Unfortunately, illegal timber trafficking remains one of the most important problems in some regions of the Russian Federation. These include the Irkutsk Region, the Trans-Baikal Territory, and the Republic of Buryatia, where the volume of legal and illegal logging is relatively higher than in the regions of the European part of Russia. This is largely due to the geographical location of these entities, which allows timber to be exported to the People's Republic of China by rail," etc. Additionally, the scientist needs to list the names of the leading experts who have been engaged in the study of the problems raised in the article, as well as reveal the degree of their study. The scientific novelty of the work is manifested in a number of conclusions and suggestions of the author: "In order to find a solution to the identified problem, we consider it necessary to refer to the following conclusion contained in the scientific work of V. V. Polyakov: "One of the urgent tasks of modern criminology is the development of a private methodology designed to counter rapidly developing high-tech crime, which is becoming one of the main criminal threats to modern society" [5, p. 117]. We support the point of view of this scientist, however, we consider it necessary to note that such a private methodology, from the perspective of the problem formulated in this study, will not take into account significant features of the disclosure and investigation of crimes related to the acquisition, storage, sale and smuggling of timber. In addition, it is quite difficult to fully classify such crimes as high-tech, since in many ways they retain traditional, archaic features. In this regard, it seems advisable to develop an up-to-date private methodology that will solve the problems of disclosure and investigation of this particular category of crimes, while focusing on the possibility of working with digital traces. The scientific style of the research is fully sustained by the author"; "In addition to the above universal classification, in order to describe digital traces that are of interest for the disclosure and investigation of crimes related to the acquisition, storage, sale and smuggling of timber, it is necessary to consider the main typical method of committing such crimes and divide it into stages. As a rule, in the territories of the regions mentioned earlier, such crimes are united by the main purpose – the illegal movement of timber abroad and are committed sequentially (from acquisition to smuggling). At the final stage, criminals carry out an unreliable declaration of such goods, for this purpose they enter information about the origin of timber into customs documents that do not correspond to reality. The supporting documents are usually fictitious agreements on transactions, as a result of which the exported forest products were allegedly purchased from legal entities or individual entrepreneurs, as well as fictitious documents confirming the receipt of wood as a result of its harvesting in a designated forest area," etc. Thus. The article makes a definite contribution to the development of Russian legal science and, of course, deserves the attention of potential readers. The structure of the work is quite logical. In the introductory part of the article, the scientist substantiates the relevance of his chosen research topic. In the main part of the work, the author proposes a methodology for searching for digital traces using OSINT in the detection and investigation of crimes related to the acquisition, storage, sale and smuggling of timber. The final part of the article contains conclusions based on the results of the study. The content of the article corresponds to its title and does not cause any particular complaints. The bibliography of the study is presented by 16 sources (monographs and scientific articles). From a formal and factual point of view, this is enough. The author managed to reveal the research topic with the necessary depth and completeness. There is an appeal to opponents, both general and private (D. A. Sviridov, M. M. Lyanov), and it is quite sufficient. The scientific discussion is conducted by the author correctly, the provisions of the work are justified to the appropriate extent. There are conclusions based on the results of the study ("Thus, OSINT tools can help in preparing for investigative actions and operational search activities, reduce time costs and simplify the process of obtaining criminally significant information. In addition, they can be used in conjunction with other methods of searching for information about traces, to complement the work with those mentioned in the scientific article by O. P. Gribunov and V. A. Kosykh: the state forest register; LesEGAIS; electronic information from the Federal Tax Service, the Federal State Statistics Service and the Federal Customs Service of the Russian Federation [16, p. 148]. This determines the expediency of further scientific research and the inclusion of OSINT application issues in the private forensic methodology for the disclosure and investigation of crimes related to the acquisition, storage, sale and smuggling of timber"), have the properties of reliability, validity and undoubtedly deserve the attention of the scientific community. The interest of the readership in the article submitted for review can be shown primarily by specialists in the field of criminal law, criminal procedure, criminalistics, provided that it is slightly improved: disclosure of the research methodology and additional justification of the relevance of its topic (within the framework of the remark made).