Chasing the Connected Vehicle – The $50,000 Cell Phone You’re Ignoring

3

Fall 2022.Issue 3 | By Kipp Loving | Michigan Police Chiefs |

Does your crime involve a motor vehicle? Rarely does an investigative tool come along that directly affects such a wide range of your everyday investigations

In the late 90’s and early 2000’s, I recall reaching out to my department drug cops and sharing with them multiple accounts of the bigger agencies around us utilizing mobile phone data as part of their drug investigations. At that time, agencies were using off-the-shelf programs from RadioShack, a major electronics store, to download the Motorola and Nokia phone book, call logs and, in rare cases, short SMS text messages. I still recall some of the looks I would get from my well-respected colleagues who would simply question why they would need to go through the effort for mostly slam dunk drug cases that they already had in the bag.

It wasn’t until a probation search conducted on one of their regulars that they ran into a box of 30 cellphones. I was dispatched to the scene, and we extracted enough information to not only tie their target to a recent drug sale, but also that their target was part of a much larger network. The officers discovered that the phone log on his Nokia phone provided pieces to the puzzle which were previously unknown. Additionally, we learned that he was in the business of cloning and selling phones to other drug dealers. This led to the first ever phone cloning conviction in Modesto, CA (Stanislaus County).

Twenty years later, the law enforcement community is on the precipice of technology that is involved in a high percentage of law enforcement related activity. However, this technology is constantly ignored. Just like in the early flip-phone days, with cell phone books, call logs and eventually, tower tracking, we now have vehicles consistently checking in with momma (vehicle manufacturers via cellular technology), providing digital breadcrumbs. With proper court documents, this progress can be extremely helpful in finding a particular piece to the puzzle. This data, which can include details of the vehicle operation, prior, during, and post incident, is consistently missed in the investigative process regardless of whether it is a missing person, stolen vehicle, robbery series, rape, or even a homicide investigation.

CHANGE FOR YOUR AGENCY
So, let’s discuss this new technology and recognize the benefits related to what I call chasing the connected vehicle. In simple terms, modern vehicles today have a mobile cellular SIM card embedded in the vehicle. In some vehicles, there is more than one SIM card, providing internet connectivity via mobile wi-fi to multiple passengers at a time.

These Global SIM cards are activated on the factory floor regardless of the vehicle manufacturer location around the world. As soon as the battery is connected to the vehicle at the factory, the telematics component connects to the nearest cellular tower and connects to the provisioned carrier. This process begins the cellular company’s relationship with the manufacturer.

During my connected vehicle class, a constant question is why are these vehicles consistently pinging their location? To answer this, one must remove their law enforcement hat and look at it from the perspective of the vehicle manufacturer. These vehicles are one big computer which need to be constantly updated. Your average car today will have 60 or 70 different computers running multiple networks processing approximately 30 gigabytes of data per hour. The only realistic way to keep these computers updated is to have constant access, which the embedded cellular modems provide. Without them, the vehicles would have to be recalled and repaired at the dealership for critical software updates. This isn’t a financially feasible solution for manufacturers. As autonomous features are continually added to baseline vehicles, this statement gets amplified.

To know what vehicle information can be used as part of an investigation, one must treat a modern vehicle the same as a mobile phone. A vehicle that is tied to your suspect, victim, or significant witness as part of your active case may have data. This data can be locations, or further information such as who’s connected to the vehicle, speeds, location, etc.

Now, let’s put our law enforcement hat back on. Although none of this data was designed for the direct benefit of law enforcement, it is not a difficult lift to see how a vehicle’s telematic related data could assist in non-criminal (missing person, grey alerts) to full blown criminal investigations.

With proper court authorization, this data can not only be used during an active criminal investigation, but especially post investigation. This is also relevant to whether one has access to the vehicle of interest or not. In addition, witness statements might only mention that the vehicle was a certain make. Just having that information, in conjunction with the area of incident and window of time, could create an active lead to search for the vehicle.

Exploiting this type of lead requires one to ask the cellular carrier for a list of all vehicles at a particular tower location around the time of incident. Tower dumps provide an array of details for all mobile devices associated with a specific location. I have personally assisted in numerous cases resulting in the identification of the suspects connected to vehicles used during a specific incident.

THE CHALLENGE
We are so accustomed to learning about a new tool and then are tasked with providing justifications for a budget increase for this cool new tool. Well, here’s the good news…there’s no new budget line, there’s no new enhanced training, there’s no new magic.

I would argue that law enforcement agencies are already conducting cellular records investigations. There are those well versed in the ability to extract data from mobile devices, phone apps, and to look at cellular tower tracking as part of the existing investigative toolbox. Although there are a couple of tools out there that exploit this information, one only needs some enhanced computer skills, such as Excel.

Once the value of this is understood for investigative toolboxes in everyday cases, your agency needs to send investigators to attend a connected vehicle class as soon as possible. Upon identifying personnel for enhanced connected vehicle training, do not forget your traffic gods. Major accident investigation teams (MAIT) are regularly dealing with anything from hit and runs, to major fatality crashes that could find connected vehicle data helpful well beyond their vehicle autopsy and black box extractions.

WHAT NEXT?
So, you’re convinced to push this out within your investigation teams…what next? For that, let’s talk two resources for your department.

Recently I was asked to assist with building a website related to connected cars. We identified some of the most asked questions related to connected car investigations:
– Is my target vehicle a connected vehicle?
– I have the VIN of my vehicle, what now?
– What carrier is my target vehicle connecting to?
– So, my vehicle is in fact connected, what’s the search warrant language?
– Exigent circumstance, I need to locate my target vehicle now!

The best place to start to answer each one of these questions would be the Hawk Toolbox provided by Hawk Analytics. Currently, this is a free tool for law enforcement use only. Once you gain access, you will be provided a connected vehicle website that will answer the above questions for you. A team, including Tom Bruce, Juliet Bravo, Denver Prosecutor Katherine Hansen, and me help keep this site updated.

The second location would be a website that I started a number of years ago that provides resources for the investigator as it relates to high tech topics. You can access the LE only website at kloving.net. On my website, you will find additional connected car resources.

Lastly, when identifying training for your personnel I suggest the following:
JulietBravo.co: For updated list of available training and resources
NW3C.org: Access to the two-day, hands-on connected vehicle classes
tradecrafttraining.org: Online connected vehicle training classes
kloving.net: Additional high-tech resources including connected vehicle search warrant language.

Detective Kipp Loving, retired after 31 years in law enforcement. For the last twelve years of his career, he was a U.S. Marshal assigned to the FBI Cyber Crime ICAC Task Force & Sacramento Valley Hi-Tech Crimes Task Force, assisting agents with crimes related to the abuse of children. He has worked and assisted in numerous high-profile cases involving technology.

Detective Loving regularly instructs for local, state, and federal law enforcement on the topics of Reviver Digital License Plates, Cell Phone Evidence, Surveillance Equipment, Court Presentation of Hi-Tech Evidence, Onsite Search Tools and ID Theft. He maintains a Hi-Tech Crime Training website (kloving.net) used by law enforcement around the world. Kipp can be contacted by email at cyberkop@pm.me or by phone at (209) 678-0100.

Read the original article in Michigan Police Chiefs HERE.

Visited 159 Times, 1 Visit today