WIRED requested the names of those prosecutors but did not receive a response.
No Receipts
The challenges in Ohio and Texas have hinged on an unusual aspect of Cybercheck that differentiates it from other digital forensics tools: The automated system doesn’t retain supporting evidence for its findings. As Mosher has testified under oath in multiple jurisdictions, Cybercheck doesn’t record where it sources its data, how it draws connections between various data points, or how it specifically calculates its accuracy rates.
In Mendoza’s case, for example, no one knows exactly how Cybercheck determined that the email address “ladypimpjuice625@aol.com” belonged to Mendoza. Nor did Global Intelligence explain exactly how the system determined that Mendoza’s cyber profile had pinged the wireless devices near 1228 Fifth Avenue.
Mosher has testified that the only information Cybercheck retains during its search process is the data it deems relevant to the investigation, all of which is included in the reports it automatically generates for investigators. Anything else, including potentially contradictory information about who owns a particular email address or online alias, is supposedly processed by the algorithms and used to calculate the accuracy scores that Cybercheck includes in its reports but isn’t archived.
“When you’re asking, you know, do we preserve all the artifacts and all the data that we crawl—we couldn’t realistically do that because it’s zettabytes of data,” Mosher testified in the Texas Daubert hearing on January 19, 2024. A zettabyte is equivalent to more than 1 trillion gigabytes.
Mosher has testified that Cybercheck doesn’t need to show its work because its conclusions are derived from open source data that anyone with the proper open source intelligence (OSINT) training can find on the web.
“If you give that [Cybercheck] report to a skilled investigator that knows cyberspace and machine learning, they’re going to come up with the exact same results,” Mosher testified during the murder trial of Adarus Black, in Summit County.
Rob Lee is an OSINT expert and chief of research and faculty lead at the SANS Institute, a leading provider of cybersecurity and infosec training. According to Mosher’s résumé and court testimony, Mosher took more than a dozen SANS Institute training courses prior to founding Global Intelligence.
At WIRED’s request, Lee and a team of researchers at the SANS Institute reviewed Cybercheck reports and the descriptions of the system that Mosher has given under oath. They say it’s highly unlikely that some of the information in the reports can be gathered from publicly available sources.
