Logo Fiscalia General De La Nacion Colombia
Fiscalia General De La Nacion Colombia (Credit: fiscalia.gov.co/colombia/)

The complex underworld activities of criminal organizations in the Republic of Colombia run the gamut from human trafficking to child pornography to contract killing. Members of these organizations are often responsible for planning and executing multiple crimes. The challenge for Colombian law enforcement is not only keeping up with an ever-expanding list of investigations involving organized crime groups but also trying to figure out if and how certain crimes are connected. For prosecutors, the challenge is gathering enough solid Digital Intelligence to convict these criminals.

Digital Intelligence is comprised of two parts—the data collected from digital sources and data types (smartphones, computers, and the Cloud) and the process by which agencies access, manage, and obtain insights from this data to more efficiently run their investigations.

Correlating evidence is currently a manual, time-consuming and often, disappointing exercise for investigators in Colombia. The rapidly growing volume of digital evidence from mobile devices, computers, and the Cloud that is being collected for cases is only making their work, and their ability to produce swift and meaningful results, that much more difficult.

“Without a digital platform for collaborating, cases are essentially siloed — and evidence of the connections between crimes isn’t clear. And Cellebrite’s solution has vast capabilities that will help us evolve the analysis and management of digital evidence.”

But soon, authorities in the Colombian departments of Caldas, Quindío, and Risaralda will have an easier time working together to connect the dots on crimes in their region thanks, in large part, to the efforts of Andrés Molina, Research Technician, Computer Forensics/Investigations Section, for Fiscalía General de la Nación.[1] The computer forensics lab works jointly with Colombia’s National Police.

Molina, with help from Cellebrite, is implementing a centralized forensics data repository that will allow investigators in the three Colombian departments to collaborate on cases and share forensics data faster and more efficiently. The former systems engineer is currently earning a master’s degree in information security, and this initiative to create the repository stems from his dissertation project to set up an analytics tool for the department of Caldas.

Cellebrite Pathfinder is one of the tools the authorities in Caldas, Quindío, and Risaralda will use to analyze the data they are sharing. The solution uses artificial intelligence and machine learning to automatically analyze collected data to surface evidence and leads, allowing investigators to work quickly and also get as granular as necessary when sifting through vast quantities of data.

Cellebrite Pathfinder quickly assembles all of the connections between the suspect and those they have been in contact with to begin building valuable timelines in cases. (Pic: Cellebrite)

Some of the key features of Cellebrite Pathfinder include the ability to detect and categorize image frames such as child exploitation, weapons, and documents using image categorization and facial recognition tools. And they can jump to specific images fast, including in video. Investigators can also quickly discover what device users were searching for while on the Internet, what they were doing on social media channels, and who they were communicating with, when and how often online or by phone.

They can even use the solution to determine the latitude and longitude of victim and suspect locations at specific times. Developing detailed but easy-to-read reports are also simpler and less time-consuming, as Cellebrite Pathfinder allows users to drag and drop visuals, make notations, and export information into PDF files for distribution to attorneys, jury members, and others.

The implementation of the centralized forensics data repository and the use of Cellebrite’s solutions are supported not only by Fiscalía General de la Nación but also by the mayor of Caldas. Molina says the mayor is eager to have everything up in running by next year so that his office can start correlating and analyzing data.

“Everyone involved with this project has recognized it is a necessary investment that can deliver very significant returns,” says Molina. “Without a digital platform for collaborating, cases are essentially siloed — and evidence of the connections between crimes isn’t clear. And Cellebrite’s solution has vast capabilities that will help us evolve the analysis and management of digital evidence.”

Tracking down the central figure in a child prostitution case

Molina works in Manizales, the capital of Caldas. In Fiscalía General de la Nación’s computer forensics lab, he is currently a one-person operation — and he shoulders a very heavy workload. Molina prepares expert reports and assists prosecutors and investigators with extracting and analyzing data from mobile devices to find digital evidence to help support the theory of their cases.

Kiosini / CC BY-SA (https://creativecommons.org/licenses/by-sa/4.0)
UFED was used at the Fiscalía General de la Nación’s lab to access the suspect’s phones and extract all the information available on the devices. (Credit: Kiosini / CC BY-SA (https://creativecommons.org/licenses/by-sa/4.0))

Investigations of contract killings and the exploitation of minors (e.g., sexting, grooming for prostitution) are the types of cases that Molina is frequently asked to help investigate. His go-to tools for collecting digital evidence include Cellebrite UFED, for accessing and extracting data from mobile devices, and Cellebrite Physical Analyzer, for turning encrypted data into actionable intelligence for investigations. When needed, Molina can get advanced support from Cellebrite Advanced Services (CAS) for unlocking and extracting mobile digital evidence.

Members of organized crime groups in Colombia are often the key suspects in the cases Molina investigates, but sometimes, the suspects in focus are individual actors. For example, the central figure in a 2017 case that Molina was assigned by the attorney general’s office to investigate was a doctor and local politician — the former mayor of La Dorada, a town and municipality in the department of Caldas.

The Sex Crimes Group of the regional Division of Criminal Investigation of National Police (SIJIN) led the investigation, and the prosecutor on the case specifically requested Molina’s help because of the quality of work he had delivered on previous cases.

“Cellebrite’s technology was crucial in this case because it allowed me to identify and perform specific searches on suspect’s devices quickly and efficiently…”

The suspect was prostituting minors — two girls under the age of 15 and a slightly older girl who was the intermediary who had helped to recruit and groom the other girls. The activity came to the attention of authorities when the mother of one of the victims found messages on her daughter’s phone from the suspect, offering money for sexual acts. Her daughter would not identify the suspect to the investigating officer initially, but during interviews with the police, she verified his identity.

The victims and the intermediary then gave their mobile devices — a Samsung, a ZTE, and an AOC — to the investigators voluntarily. On orders from the prosecutor, Molina extracted and analyzed information from the three phones, including WhatsApp and Facebook Messenger messages. That analysis yielded the suspect’s WhatsApp number and Facebook user ID, giving the police enough evidence to make an arrest. They confiscated two cell phones, a Samsung and a Huawei, belonging to the suspect in the process — but the suspect refused to provide access to them.

Working on a tight timeline — with no cooperation from the suspect

Molina used Cellebrite UFED to access the suspect’s phones and extract all the information available on the devices. The Samsung device held little useful data. However, analysis of call logs and Facebook and WhatsApp conversations that were extracted from the Huawei phone provided ample evidence to support the prosecutor’s case. The evidence was so strong, in fact, that the suspect was advised by his attorney to plead guilty. He was prosecuted and, ultimately, sentenced to 18 years in prison without the possibility of parole.

“Cellebrite’s technology was crucial in this case because it allowed me to identify and perform specific searches on suspect’s devices quickly and efficiently,” says Molina. “I had a strict, 15-day period to produce results because the suspect was in custody. Without Cellebrite, it would have taken me much longer than 15 days because the phones were locked, and I would’ve had to do all the work manually.”

Cellebrite Pathfinder allows investigators to gather disparate pieces of evidence to provide a complete visualization of a case. (Credit: Cellebrite)

“When we can more easily correlate information about these cases, we know we will be able to identify child pornography organizations that are operating at the international level…”

Molina notes that Cellebrite UFED was even more of a difference-maker in this case because the password from the suspect’s Samsung phone had to be extracted by brute force, and the Huawei phone needed to be rooted. “Not all extractors — or analysts — can do that,” he says.

Reducing the duplication of work to preserve resources and improve outcomes

Once the centralized forensics data repository and Cellebrite Pathfinder are in place, and investigators from Caldas, Quindío, and Risaralda are collaborating digitally, Molina expects to see many more cases concluding like the prostitution case in 2017. “The suspect’s attorney counseled him to take a plea because the evidence was so compelling,” he says. “By collaborating digitally, investigators and prosecutors can collect, analyze, and provide even stronger evidence for future cases — and that can help shorten investigations, too.”

Right now, because work on cases is often siloed, authorities in the region often end up investigating the same crimes or individuals. “That’s a waste of precious time and resources,” Molina says. He explains that the overlapping investigations often relate to child pornography, which tends to be complex cases involving vast amounts of digital information. They also often lead to organized crime elements in Colombia — as well as child pornography rings that extend to countries around the globe.

“When we can more easily correlate information about these cases, we know we will be able to identify child pornography organizations that are operating at the international level,” says Molina.

Looking ahead, Molina says he hopes to see more organizations in Colombia and elsewhere following Fiscalía General de la Nación’s example to invest in technology solutions that can improve how their investigators collaborate, and access and use data and analytics in their day-to-day work. “It will help them work smarter and better, and it will prepare them for the future,” he says.

Sources:
[1] The Office of the Attorney General of Colombia