Cybercrime and Cybersecurity Lawyers
Our Firm conducts in-house computer forensics on computers, smartphones and electronics seized by law enforcement and local police in child pornography investigations, which is reflected in our background in cybersecurity. The Firm has handled some of the most complex child pornography investigations in Ontario, and one of the few businesses to have successfully defended international projects involving police forces from around the world. The Firm’s background in cybersecurity enables it to thoroughly review police investigative techniques which involve the use of highly sophisticated and often secret technology. Governments are continuing to develop and deploy advanced technology to successfully apprehend cybercriminals. The Firm has defeated international child pornography investigations initiated by all social media companies including, Facebook, Instagram, Twitter, Kik, Skype, Apple, Mega and may more,
NSO Group out of Isreal produces the Pegasus prgram, which is a mobile phone spyware program that allows operators to monitor a target. This advanced program can be installed without permission overriding the phone’s security system. It can send private information of the device to the operator and even give access to the microphone or camera.
We typically obtain a system image of all material and software. operating systems seized by police for independent analysis where applicable, which requires special forensic law enforcement software to review. We reverse engineer the process to determine whether information corresponds with that used by law enforcement to obtain a search warrant, such as the information provided by the Officer in Charge in the Information to Obtain (ITO). The Firm also employs on contract retired Internet Child Exploitation (ICE) police officers, for expert opinion.
We provide an independent categorization of the alleged material seized by law enforcement. Including relevant defence details associated with this material frequently used and important to sentencing. We have been retained to advance defences associated with inflated number counts and duplicate content between different storage mediums, as law enforcement does not distinguish these categories in detail when the size of a collection becomes excessive.
In 2022, the Firm successfully represented an individual charged with 7 child pornography charges including making child pornography, possessing child pornography and distributing child pornography in R. v. E.Z. . The accused, a second-time offender, was charged after he was discovered by law enforcement to be communicating with other offenders online and trading child pornography material. The large amount of child pornography material found in the client’s possession was particularly heinous, leading to the Crown asking for 7 years prison upon conviction. Donich Law conducted a forensic analysis of the devices seized by police and analyzed all production warrants and search warrants. The Firm uncovered an error in the information used to obtain the search warrant and launched a section 8 Charter challenge as well as a section 11(b) Charter challenge. The challenges led to the Crown significantly altering their position on sentence and ultimately withdrawing 5 of the worst charges against the client.
When this material is disclosed to defence counsel by law enforcement, it is generally a system image or copy of the alleged material. Some of our clients are unaware of the material or its origin, notwithstanding its existence on the hard drive. Accordingly, we have worked with Police Technological Crimes Officers to convert this system image into a Virtual Machine, i.e., enabling the user to browse the seized computer as if it were fully functioning. This was accomplished in the Firm’s R. v. M.C. , where it was able to secure a withdrawal of Distribution of Child Pornography. The client indicated the existence of the material was unknown, the Firm was eventually able to prove the existence of malicious software of Russian origin on the computer.
This type of examination enables a more comprehensive level of testing than simply browsing the system image. Extreme caution is required when undertaking these measures, as the forensic examiner risks distribution of the child pornography upon booting the Virtual Machine, depending on which programs were running at the time of seizure. Special safeguards are required if you are undertaking this level of analysis.
We have been involved in investigations with the National Child Exploitation Coordination Centre (NCECC) and the FBI, who often receive complaints from the National Centre for Missing and Exploited Children (NCMEC), located in the United States. We have also defended numerous allegations where the agencies have worked in collaboration with the Internet Child Exploitation Unit (ICE), here in Ontario.
Many of the Firm’s clients are surprised to have been caught downloading illegal content on Tor Browser, Virtual Private Networks and Proxy Servers as a way to conceal their online identity. Even though an individual’s data is encrypted along each of the relay nodes, their final connection point at the last relay in the chain may be compromised if the site the user is accessing does now have a secure socket layer. Since Tor was created alongside the United States Navy and is currently used by numerous American government agencies, many governments actively look out for Tor users. VPN providers are also required to reveal logs should a government agency demand it. These sophisticated offenders are often aggressively prosecuted for their substantial efforts to avoid detection and preserve illegal material.
In the Firm’s R. v. A.B. , it was able to secure a withdrawal of Making Child Pornography x2, Possession of Child Pornography and Voyeurism x2 after obtaining a forensic image of the computer seized by law enforcement. The file took 2 years to resolve and ultimately it was proven the accused did not create the alleged sexually explicit material. After forensic examination, the Firm was also able to prove the images did not meet the definition of child pornography in the criminal code.
Offences involving the possession or distribution of child pornography are very serious allegations of sexual misconduct. Crown prosecutors vigorously prosecute individuals charged with these offences. The consequences of a conviction can be enormous, and include serious social, relationship, employment and travel consequences in addition to potentially severe penal sanctions.
If you are charged with a child sex offence, you can expect to be placed on bail or sentenced with specific prohibitions orders restricting your contact with children. Some of these conditions include places children may be or restrictions on internet use.
Click here for more information on new changes to child sex offence sentencing and for more information on other consequences associated with a child pornography conviction. For more details on the laws about reporting child pornography and new changes to sex offence laws in 2021 click on the links above.
CBC Radio: International Crime and Cyber Attacks.
Toronto Star: Pornhub and Revenge Porn.
Toronto Star: New Corporate Liability for Child Pornography in Canada.
Toronto Star: Police Power and Social Media Companies.
Global News: Can an airline tell you to stop recording and delete a cellphone video?
Métro Montréal: Avec le temps chaud, il n’y a pas que le mercure qui grimpe: le nombre de cas de voyeurisme aussi.
CityNews: As the temperatures outside get warmer, police say the reported number of cases of voyeurism tend to rise.
VICE News: An Image Site is Victimizing Women and Little Can be Done.
Frequently Asked Questions
What is a Cyberthreat?
What are some Cyber Risks?
Why do people Commit Cybercrime?
Smartphones and Child Pornography
What’s a Cyberwarefare Vendor?
What are Common Types of Cyberattacks?
-Distributed Denial-of-Service Attachs (DDoS)
What is Malware?
-Viruses and Worms
Assaulting a Peace Officer
Sexual Assault Law in Canada
Sex Offender Prohibition Orders
Consequences of a Criminal Record
Keeping Charges Private
Travel & US Waivers
Vulnerable Sector Screening
Elements of a Crime
What is a Cyberthreat?
Cyberthreats are typically malicious acts intended to undermine an organization’s cybersecurity for the purpose of gaining access to sensitive information or critical infrastructure. Many threats are external which arise from deliberate attempts from cybercriminals to gain access to an organization’s information systems. Some threats also arise from internal actors or employees who carry out various forms of cybercrime either for financial gain, spite or revenge.
What are the some Cyber Risks?
Cyber risks to an organization are caused by cyberthreats which can cause a loss or damage to an organization. An organization can face several risks from a cyberattack, these include risks related to the failure of critical business systems. In this case a hacker could disable key infrastructure which is required for an organization to operate. A business can also face reputational risks arising from harm caused to the organizations public image. The public may lose trust in a business when they are compromised, which ultimately affects its bottom line. Like any business, it may also face legal or compliance risks from customers who suffer damages as a result of the cyberattack.
Why do people Commit Cybercrime?
There are a number of reasons why people commit cybercrime, which are often similar to other form of criminality. For many its financial gain, the thrill of breaking the law or “outsmarting” the authorities or in some cases of child pornography, an addiction.
When an organization is breached, cybercriminals profit from selling stolen data or extorting money from organizations through the use of ransomware. Some hackers or groups have ideological views which motivate their behaviors or simply want bragging rights.
Smartphones and Child Pornography
Online child sexual abuse is a serious global issue that is not constrained by geopolitical boundaries. As technology has become democratized and cheaper to access, the marketplace and demand for child pornography has unfortunately continued to grow. Simply put, it’s now faster to access, share and create than ever before.
Offenders accessing child pornography can in some cases be abusing their own children which is why the charges are aggressively investigated and prosecuted. Unfortunately, with all the good technology brings us, it can also fuel an equal amount of suffering. Smartphones make it easier to create, share and distribute child pornography, which continues to re-victimize children and sustain a marketplace for illegal content.
What’s a Cyberwarefare Vendor?
These are professional suppliers of cyber weapons who supply governments. Israel’s NSO Group is a vendor who produces the Pegasus program. This program is a form of spyware which allows government operators or law enforcement to monitor and track a target. Unlike traditional spyware, the user may not actually have to click on anything. The program can be installed without permission from the user, which overrides the operating system. Once enabled, Pegasus can access most of the smartphones data, including messages, location, calls and even the microphone and camera.
Whare are common types of Cyberattacks?
These types of attacks are used to collect sensitive information so a cybercriminal can gain access to an organization’s network or sensitive data. These attacks are often disguised in email links or private messages designed to redirect users to a dummy website they believe is trusted. Users will then enter their credentials, providing this information to hackers to use for financial gain or other malicious purposes. Some sophisticated attacks known as spear-phishing will attempt to target specific individuals in an organization. For example, a law clerk may receive an email from who they believe to be the senior partner in the firm, this trust will be leveraged to increase the success of an attack.
Distributed Denial-of-Service Attacks (DDoS)
In its simplest form, a DDoS attack is an attempt to render an entity inoperable by overwhelming it with traffic or data. Hackers will deploy a zombie army of infected computers also known as a botnet, to flood the targeted system’s network. With the increased and focused traffic, the organizations critical infrastructure fails, rendering it inoperable.
These attacks are basically trial and error methods used to guess the correct password to a network. Software generally is deployed to undertake this process with advances in machine learning and artificial intelligence being used to increase the effectiveness of these attacks.
What is Malware?
Malware is essentially malicious code intended to be planted on a targeted computer or server. Generally speaking, malware can include several types of malicious software designed to take control of a computer, render it inoperable or to acquire confidential information. Some of the common forms of malware include:
Viruses and Worms
Viruses are a type of computer program which can replicate by modifying other software. When compromised files are transferred, viruses can spread to other computers. The primary function of a worm is to self-replicate and infect other computers on the network. Unlike viruses, worms are able to spread without the original infected file.
A rootkit is a form of malicious software designed to provide unauthorized access to a computer or network. Rootkits can be installed in the operating system of the computer making them difficult to detect and unlike viruses, they are unable to replicate.
Spyware is a type of malicious software designed to track users and gather data. In some circumstances cyberwarfare vendors design spyware and sell it to governments or law enforcement. This software can then be used to copy details on a smartphone or even access the camera and microphone.
Cybercriminals often use ransomware to extort money from an organization. Hackers will instal ransomware on critical infrastructure or data in an organization rendering it inoperable. Businesses will then be extorted to pay in order to have their data returned.
A Trojan is another form of malicious code designed to grant a hacker access to a targeted computer. Trojans can be dangerous because they are disguised to look like legitimate programs. Once infected, a hacker will be able to monitor all activity on the computer, almost as if they were secretly watching your screen.