Peter Wilson, Sun Net Works Editor Vancouver Sun

His former employer was alleged to have been engaged in unlicensed trading and he was believed to have vital information on a case being investigated by the British Columbia Securities Commission.

The BCSC's John Pyrik needed to track the man down quickly. He turned to the Internet.

"Within 20 minutes I had located his resume," Pyrik said.

Armed with a current e-mail address for the missing man, investigator Pyrik fired off a message immediately.

"We began corresponding, and within four hours I had a witness statement that proved crucial to the investigation."

Score 1 for the Internet.

In another situation, a police officer was looking into the disappearance of 800 feet of railway track belonging to a bankrupt company.

An online search on Alta Vista found the company's name in a request for bids by the City of Vancouver. It provided the name of a contact who provided information that led to a major break in the case.

Pyrik, a former head of economic security for the Canadian Security Intelligence Service in Toronto, offers these two tales as examples of how a simple search on the Internet can aid in the investigation of economic crime.

And, Pyrik says, there's much more out there -- contained in the estimated 320 million or so pages of information online -- that can make the life of an investigator easier.

It can be as simple as using a reverse directory page to type in a phone number and come up with a name and address of a suspect plus the names and addresses of the surrounding neighbours.

Or it can be as complex as analyzing the word use, phrasing and information contained in the posting on in a discussion group to track down someone who is using rumour and innuendo to drive down the price of a stock.

Between these two lie any number of ways of using the World Wide Web to further investigations, including the use of commercial and free data bases (particularly those in the United States), specialized searching software and even methods of electronic disguise so that the investigations remain unknown to those whose business activities and lives are being probed.

Pyrik knows this stuff by heart. He's the chief instructor of the relatively new Internet for Investigations course, part of the Forensic Science Technology Program at the British Columbia Institute of Technology (www.bcit.ca/Programs/ Upgrading/UP_Pre_Entry/aca_forensic_up.htm)

Every day, he says, he comes across yet another way of tracking down leads online. And these get added into the course and find their way into the course's online home -- filled with links that can be used in investigations.

While the course is now aimed at police, investigators with government agencies and private detectives, Pyrik sees this knowledge becoming increasingly necessary for private industry as well.

He points to a recent news story in which the RCMP conceded they didn't have the staff to handle the increasing number of cases of white-collar crime in British Columbia.

"The private sector must recognize that law enforcement authorities have limited resources to deal with complicated commercial disputes and fraud," said Pyrik, adding that taking a course like the one offered at BCIT is a means of self protection.

As well, he said, business users need to learn how to use the information they get from the Net.

"Casual users might get away with an Internet course from their local library. More serious users should consider taking one developed for professional researchers or investigators."

Pyrik concedes, however, that its not easy to persuade traditional investigators to wade into the world of online investigation. They're used to relying on proprietary data bases and interviews with informants and often see Web sources as being peripheral and untrustworthy.

Sometimes they're right to be cynical and cautious, Pyrik concedes. Just as in the non-cyber world, they have to be wary of what they're being told.

"And yet there's so much of value on the Internet. There has been an explosion in the amount of information available to an investigator."

For example, self-published information on the Net -- such as the resume Pyrik used to track down the missing stock dealer, personal home pages and news group postings -- offers investigators a completely new source.

Pyrik says in his work for the BCSC he's often faced with a situation in which people tell conflicting stories that seem equally credible.

"The Internet then might be able to give me some context, might be able to tell me something about the background of those people, something about the relationship between the two of them. And that might not be something I could get out of an interview or my own sources."

Another use of the Internet for Pyrik is picking up personal background on an individual from the Net. A person might, for example, reveal hobbies by posting to groups concerned with say, wine tasting or perhaps classic cars.

"If you're going to make an approach to the person it will give you some idea of how you're going to talk to them, what their interests are and what topics are going to provoke an emotional reaction."

The advent of the Internet has also brought with it the stock market information (and sometimes disinformation) boom online. And this is where analysis of news and discussion group postings, which Pyrik is working to develop, can come in.

"We have people posting to Silicon Investor about Canadian mining stocks. And they may be slagging the stock and saying bad things about the company or management."

Some of these people might be short sellers posting anonymously and trying to depress the value of the shares.

But, he adds, just as the Internet allows people to post anonymously, it also provides tools for tracking them down. Even the unique wording and phrasing of the postings themselves may, ultimately, reveal the identity of the author.

"Maybe you could determine from content that this has to be someone closely associated with the situation. Okay, we know most of these people. And it's got to be someone from a particular faction because that's their point of view on these issues."

Then an investigator might tell from the stilted and formal language used that the person is a non-English speaker. And his familiarity with technical issues means he might be part of a certain profession.

"Now what we've done is take the list of suspects down to 20 from 200. And if you can do that you've got a very powerful tool because you've saved yourself a hell of a lot of time."

Investigators, says Pyrik, have to be careful, however, that they don't get tripped up by their own lack of knowledge when they gather information on the Net.

In his own work, Pyrik might use a browser to go on the Web site of a firm under investigation. One of the reasons for doing this is to take a snapshot of what the site looked like at a particular point in time.

The owner of the site might, however, see that someone had been in to take a look around and be tipped to the probe by the unique Net (IP) address of the securities commission.

"But there are ways of doing that anonymously so they don't know who visited their site."

This can be done, says Pyrik, by using an anonymizer service, like that of Anonymizer.com.

One thing that Pyrik emphasizes is that investigators shouldn't use just one search engine and feel that they've done a thorough probe of what's available on the Web.

Alta Vista, for example, might say it has indexed 70 per cent of the Web but that's largely just the opening pages of sites.

"The analogy I use in class is that you're in a mall looking for a lawn mower. You talk to the guy at the information desk and you say, 'Do you have any lawn mowers in this mall?' And the guy says, 'Nope,' and you walk away.

"The problem is that the man on the information desk, if he's Alta Vista, has only been in 70 per cent of the stores and, in most cases, he's only looked in the front window."

Pyrik recommends using stand-alone programs, like a Canadian product called Copernic, to search the search engines and a number of other sources as well.

Ultimately, Pyrik says, he hopes his course will help investigators to understand the nature of the Net and not to automatically discount what they find there.

"I don't think we'll ever get to the point where you can stand up in front of a judge or an adjudication panel and say, 'Sir, this is what happened based on what I read on the Internet.' "

More likely, Pyrik adds, information found on the Net would lead to a person and that person would be interviewed and their credibility assessed and then what was gathered from the interview would be used.

Among those who have high praise for the course Ken Fraser of the Financial Institutions Commission, Jenny Johnstone, an intelligence analyst with Revenue Canada's Customs Service and Jacob Hung of the security department at Telus.

Fraser, who is taking the course at the moment, says he took a similar course from the RCMP, but the BCIT course touched on different areas. He says he particularly liked the introduction to the commercial data bases.

Johnstone says that she now uses the Internet as a research tool on all of her files.

"And the amount of time this takes has decreased because I have learned to search smarter and better."

Hung says he feels the course would be useful not just to security professionals but also to people who have a more general interest in learning about finding out information on the Internet.

You can reach Peter Wilson at networks @pacpress.southam.ca

• Anonymizer (www. anonymizer.com) allows you to wander the Web without revealing your identity. Also provides extensive information on why you might want to do this.
• Copernic (www.copernic.com) is a cross platform (Windows and Mac) stand-alone program that allows you to search the search engines and other information sites.
• BullsEye (www.intelliseek.com/prod/bullseye.htm) is similar to Copernic but somewhat more powerful. It operates on Windows machines only.
• Mapquest (www.mapquest.com). Type in an address in Canada or the U.S. and get a printable map that pinpoints it.
• InfoSpace (pic2.infospace.com/_1_261974045__info/people.htm) will not only track down a person but will also provide a list of neighbours and their phone numbers.
• Deja.com's power search (www.deja.com/home_ps.shtml) allows you to see what individuals have been posting to news groups on Usenet.
• Journalism Net's people finding page (www.journalismnet.com/people.htm) offers multiple methods of, well, finding people.
• Black Book Online (www.crimetime.com/online.html) is yet another repository of online investigative information.