Futures regulators want smartphone hacking device

The Commodity Futures Trading Commission is searching for a phone hacking tool to investigate suspects' mobile devices for evidence of links to Ponzi schemes, insider trades and other illicit dealings.

With Americans' increasing reliance on smartphones, evidence of fraud often can be found in phonebook contacts, call history logs, text messages and locational data, according to computer forensics experts.

The commission charged with policing the $600 trillion market of derivatives transactions is surveying industry for systems that can collect evidence in the field and in the lab, so ideally, the equipment would not rely on a PC, according to an Oct. 19 sources sought notice. CFTC already uses extraction tools that work on specific phone models such as the Apple-compatible BlackLight system, but it now wants a "comprehensive solution" that can copy files from any wireless model.

Currently, handheld mobile forensics field kits that don't require a laptop cost between $8,000 and $15,000, according to Darren R. Hayes, a computer information systems program chairman at Pace University. The school was recently awarded a Defense Department grant for work on mobile forensics. He estimates the type of device CFTC needs would cost roughly $20,000.

The 2010 Dodd-Frank Wall Street Reform and Consumer Protection Act endowed CFTC with the power, for the first time, to regulate the once "dark" derivatives markets. Unpoliced bets on swaps were blamed for contributing to the fall of American International Group Inc. and Lehman Brothers Holdings Inc. in 2008 and the subsequent financial meltdown.

Now, to bolster enforcement actions, the commission is expanding the use of computer forensic analysis, according to its fiscal 2012 President's Budget and Performance Plan. The possible acquisition announced last week would work with the iPhone, iPad, BlackBerry, and Android- and Windows-based devices. It would be able to extract deleted items, recover and analyze a device's internal memory chip, and clone external memory cards.

Vendor responses are due Nov. 10.

There are limitations to mobile forensics. Less than half the portable electronics currently available can be imaged, or copied, by a forensics tool, said Hayes, who started his career in computer forensics at financial services firm Cantor Fitzgerald. Before duplicating phone files, investigators would have to obtain a warrant, he said.

Still, mobile forensic analysis is catching on governmentwide, as evidenced by numerous contracts for extraction systems awarded during the past year. Special agents at U.S. Immigration and Customs Enforcement, who target terrorists and organized crime groups, last September inked

a $2.4 million deal with Cellebrite USA Corp for mobile phone forensic devices.

"Mobile digital evidence has become prevalent in ICE investigative cases and has become crucial to the prosecution and conviction of offenders in criminal cases," the ICE solicitation stated.

In April, the Defense Intelligence Agency's contracting arm procured a Cellebrite mobile data extraction tool as part of a larger $71,708.60 equipment purchase.

"I do see more and more proposals out there for mobile forensics and more and more smaller agencies looking to grow their competencies in mobile forensics," Hayes said.

Ray Bjorklund, chief knowledge officer at market research firm Deltek, said CFTC's desired technology also could be a "means to track the flow of money similar to [Treasury's Financial Crimes Enforcement Network's] mission, considering today's technology generally supports transactions from mobile phones and tablet computers." The agency analyzes financial reports for signs of terrorist-financing and money-laundering.

In fiscal 2011, CFTC levied civil penalties totaling more than $290 million and ordered more than $160 million in restitution and disgorgement payments from market schemers, which more than doubled the previous year's sanctions, according to the commission.

A number of regulatory and enforcement agencies are using the technology to investigate insider trading, dissemination of sensitive information, evidence of price-fixing and other fraud, according to officials at Dell, which sells mobile forensics systems to various government agencies.

Joe Trickey, Dell marketing brand manager for rugged and digital forensics, said costs vary, depending on factors like system speed and the volume of phones a product can handle.

The ability to examine an array of digital devices, which CFTC seems to be experiencing difficulty with, "helps those on scene to rapidly identify crucial or potentially time-sensitive information quickly so the investigation can rapidly progress from there," he said.