Belgian Senate
Brussels, 14 March 2014
Luc Beirens
Federal Computer Crime Unit
1101011001110110110011010100010
Give input for reflexions
on judicial action on social media
Why we need new solutions
Even in an era of NSA ...
(c) 20...
 Judicial actions
 Basic principles of police interventions
 Pre digital era methods
 Footprint & digital footprint
 ...
Detect & stop crime
Gather evidence
Identify and arrest criminal(s)
Bring him to court
Execute court decisions
(c) 20...
(c) 2014 Luc Beirens - Federal Computer Crime Unit
To maintain law and order in cyberspace
 Detect crime in cyberspace ?
...
Legality
• Police action must be based on legal provisions
(general law / police specific law)
Loyalty
• Whenever in act...
Goals of criminals Money
Power / influence
Banks /
moneytransport
Merchants / politicians
Activities Traces Police methods...
 Made by himself
 Not intentionally created
 Unique
 Proof of presence
 Non intentional safeguarding
 Non intentiona...
 House search and closed door
=> proportionate force allowed
to open the door
=> use lock smith or special forces
 Telec...
Nearly everyone
• has a computer
• has a mobile phone
• has a digital camera
• is internet connected
Every company is pr...
 Text spreadsheet
 Presentations
 E-mails
 Music
 Pictures
 Movies
 E-Banking
 Social networking
 Instant messagi...
(c) 2014 Luc Beirens - Federal Computer Crime Unit
 Cloud computing & virtualization
• Data and applications in the cloud for enterprises and enduser
• Security depends on ...
(c) 2014 Luc Beirens - Federal Computer Crime Unit
(c) 2014 Luc Beirens - Federal Computer Crime Unit
 Very dynamical digital footprint (based on user actions)
 Dispersed over different systems (internet)
 Often very easi...
 They are so much like everyone else
• Communication with friends / collegues
• Show off their wealth (voyages / parties ...
 Encryption tools
• Storage / Communication end to end
• Unability for police / authorities
 to make effective legal int...
Goals of criminals Money
Power / influence
Banks /
moneytransport
Merchants / politicians
Activities Traces Police methods...
 EU directive 54 / 2002
• obligation to delete / anonimize traces of electronic
communications after end of comm.
• excep...
 EU Directive
• 2006 : for technology of 2005 (pre social media)
• Only for EU member states
• Not for social media
• Did...
Internet
access
Internet
Services
Internet access
E-mail
IPTelephony
Web
publish
Chat
Instant
messenging
Newsgroups
Commun...
(c) 2014 Luc Beirens - Federal Computer Crime Unit
 Data freeze :
keep available data from moment of request
 Data prese...
Intelligence purposes
• Look and find criminals “digital identity”
• Verify content of social media profile
 Often need ...
 RCCU => specialized ICT forensics
Are social media “specialized”
 Via FCCU : identity data and historical
connexion dat...
The old investigation methods are not
so effective anymore
Social media : international (USA) providers
Sometimes diffic...
 Necessity for new laws ?
• Extended data retention => legal obligation
• “Infiltration” light / use of fictive identity ...
Vragen ?
Federal Judicial Police
Direction for Economical and Financial crime
Federal Computer Crime Unit
Notelaarstraat 211 - 1000...
Upcoming SlideShare
Loading in...5
×

20140314 Belgian Senate Judicial action of police on social media

3,324

Published on

Presentation given in the Belgian Senate on 14 03 2014.
Comparison of classical police investigation methods with the new cyber investigation methods.
Problems and proposals for better cyber investigations

Published in: News & Politics
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
3,324
On Slideshare
0
From Embeds
0
Number of Embeds
5
Actions
Shares
0
Downloads
17
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

20140314 Belgian Senate Judicial action of police on social media

  1. 1. Belgian Senate Brussels, 14 March 2014 Luc Beirens Federal Computer Crime Unit 1101011001110110110011010100010
  2. 2. Give input for reflexions on judicial action on social media Why we need new solutions Even in an era of NSA ... (c) 2014 Luc Beirens - Federal Computer Crime Unit
  3. 3.  Judicial actions  Basic principles of police interventions  Pre digital era methods  Footprint & digital footprint  Digital era impact on police methods  Problems  Solutions (c) 2014 Luc Beirens - Federal Computer Crime Unit
  4. 4. Detect & stop crime Gather evidence Identify and arrest criminal(s) Bring him to court Execute court decisions (c) 2014 Luc Beirens - Federal Computer Crime Unit
  5. 5. (c) 2014 Luc Beirens - Federal Computer Crime Unit To maintain law and order in cyberspace  Detect crime in cyberspace ? => patrolling => Privacy intrusion ?  Identify users (criminals, victims) in cyberspace  Locate communications geographically and in time  Identify correspondents => contact network  Gather and analyse electronic evidence  Protect ourselves and methods  Enforce court decisions also in cyberspace
  6. 6. Legality • Police action must be based on legal provisions (general law / police specific law) Loyalty • Whenever in action : give proof of your quality as policeman except when legally allowed not to do so (c) 2014 Luc Beirens - Federal Computer Crime Unit
  7. 7. Goals of criminals Money Power / influence Banks / moneytransport Merchants / politicians Activities Traces Police methods -Meeting crime partners -Search victims -Reconnaissance -Perpetrate crime -Hide criminal proceeds -Wipe out – traces ?? - seen with victim - present on crime scene - paper traces - material traces -Interrogate witnesses -Use informants -House searches -Forensic analysis of traces Location of the crime Physically present in our jurisdiction We were territorially competent (c) 2014 Luc Beirens - Federal Computer Crime Unit
  8. 8.  Made by himself  Not intentionally created  Unique  Proof of presence  Non intentional safeguarding  Non intentional erasure (c) 2010 Luc Beirens - Federal Computer Crime Unit
  9. 9.  House search and closed door => proportionate force allowed to open the door => use lock smith or special forces  Telecom interceptions with help of operator  Special investigative measures • Observation / infiltration / informants • Use of fictive identity : only  For serious crime and if serious indications available  after very strict evaluation procedure (c) 2014 Luc Beirens - Federal Computer Crime Unit
  10. 10. Nearly everyone • has a computer • has a mobile phone • has a digital camera • is internet connected Every company is present on the net • is connecting more and more internal networks Wireless connections become dominant (c) 2014 Luc Beirens - Federal Computer Crime Unit
  11. 11.  Text spreadsheet  Presentations  E-mails  Music  Pictures  Movies  E-Banking  Social networking  Instant messaging  Blogging  Twittering (c) 2010 Luc Beirens - Federal Computer Crime Unit(c) 2014 Luc Beirens - Federal Computer Crime Unit
  12. 12. (c) 2014 Luc Beirens - Federal Computer Crime Unit
  13. 13.  Cloud computing & virtualization • Data and applications in the cloud for enterprises and enduser • Security depends on cloud provider (too often still user id & pw)  Social media : integrators and identity providers • bring access to all your internet services together  Geolocated services • Based on location – user or device based signal • Buddy list information • Commercial links  Instant broadcasting of information  Internet of things everything connected (c) 2014 Luc Beirens - Federal Computer Crime Unit
  14. 14. (c) 2014 Luc Beirens - Federal Computer Crime Unit
  15. 15. (c) 2014 Luc Beirens - Federal Computer Crime Unit
  16. 16.  Very dynamical digital footprint (based on user actions)  Dispersed over different systems (internet)  Often very easily searchable and accessable  A lot of people give an awfull lot of private information free on the internet in different formats (identity, education, contact, family, social life)  Information storage is moving towards internet accounts  Who are these service providers ? Do they want to help end users ? How do they take care (or not) of your data ? (c) 2014 Luc Beirens - Federal Computer Crime Unit
  17. 17.  They are so much like everyone else • Communication with friends / collegues • Show off their wealth (voyages / parties ...)  Search for & communication with victims  Getting personal data of victim  Creation of false profiles  Hacking & abuse of existing profiles  Vector for infection with malware  Abuse of profiles buying possibilities (c) 2014 Luc Beirens - Federal Computer Crime Unit
  18. 18.  Encryption tools • Storage / Communication end to end • Unability for police / authorities  to make effective legal intercept  to get to the content of stored information  Peer 2 peer applications • No more central provider • Hiding escaping from responsability  Strong authentication procedures (c) 2014 Luc Beirens - Federal Computer Crime Unit
  19. 19. Goals of criminals Money Power / influence Banks / moneytransport Merchants / politicians Activities Traces Police methods -Meeting crime partners -Search victims -Reconnaissance -Perpetrate crime -Hide criminal proceeds -Wipe out – traces ?? - not seen with victim - not present on crime scene - no paper traces - no material traces -Only digital traces -Interrogate witnesses ? -Use informants -House searches -Forensic analysis of traces Location of the crime Not physically present in our jurisdiction are we were competent territorially? (c) 2014 Luc Beirens - Federal Computer Crime Unit
  20. 20.  EU directive 54 / 2002 • obligation to delete / anonimize traces of electronic communications after end of comm. • except if there is a national law that obliges it  EU directive 24/2006 • tries to harmonize EU national laws • general dataretention for traffic data for all users • between 6 and 24 months • Carrier / internet access / IP telephony & e-mail • Not about content • Resistance in implementation • Invalidated laws by consitutional courts in DE and RO • BE implementation since 2013 => 12 month (c) 2014 Luc Beirens - Federal Computer Crime Unit
  21. 21.  EU Directive • 2006 : for technology of 2005 (pre social media) • Only for EU member states • Not for social media • Didn’t regulate organizational aspects (exchange formats / time frames / technical)  Very strict legal limitations to obtain • Prosecutor / Investigating judge • Serious crime ? • => slowing down identification process (c) 2014 Luc Beirens - Federal Computer Crime Unit
  22. 22. Internet access Internet Services Internet access E-mail IPTelephony Web publish Chat Instant messenging Newsgroups Communities Peer2Peer Video- conference SMSgateway .... Signal carrier Fixedlines Telephony Mobile Telephony xDSL Cable WIMAX Satelite telephony .... .... (c) 2014 Luc Beirens - Federal Computer Crime Unit
  23. 23. (c) 2014 Luc Beirens - Federal Computer Crime Unit  Data freeze : keep available data from moment of request  Data preservation start storing comm. data from moment of request  These instruments are needed but not sufficient • no proof – no traces of criminal activity if “one time attack” e.g. terrorism • does not show links with crimes that happend in the past (links with places where crimes happened) • does not show networks if actor is arrested  Network investigations (art 88 ter BE Crim Proc C) • No hacking allowed ? (opening doors ?)
  24. 24. Intelligence purposes • Look and find criminals “digital identity” • Verify content of social media profile  Often need for “own” profile to use service  Using our own ”real” identity (?) => risk for private life  Fictive identity (?) => based on which law Gathering evidence • Public available content / request IP-addresses (c) 2014 Luc Beirens - Federal Computer Crime Unit
  25. 25.  RCCU => specialized ICT forensics Are social media “specialized”  Via FCCU : identity data and historical connexion data to international ISPs Microsoft, Facebook, Google,... On voluntary base => no obligation No content / no complete answers Risks cfr Twitter  But every case officer should know National security plan => training (c) 2014 Luc Beirens - Federal Computer Crime Unit
  26. 26. The old investigation methods are not so effective anymore Social media : international (USA) providers Sometimes difficult to contact / get cooperation Ineffective in removing content from social media even when there is a court decision (no international directive => volontary) (c) 2014 Luc Beirens - Federal Computer Crime Unit
  27. 27.  Necessity for new laws ? • Extended data retention => legal obligation • “Infiltration” light / use of fictive identity to patrol • Legal hacking  Opening the digital locker  Get access to be able to intercept before encryption • Obligations to remove / block content for social media  International legal framework  Organizational matters • Collaboration with internet service providers to automate exchange (national & international) => faster / improved transparency (c) 2014 Luc Beirens - Federal Computer Crime Unit
  28. 28. Vragen ?
  29. 29. Federal Judicial Police Direction for Economical and Financial crime Federal Computer Crime Unit Notelaarstraat 211 - 1000 Brussels – Belgium Tel office : +32 2 743 74 74 E-mail : luc.beirens@fccu.be Twitter : @LucBeirens Slides : www.slideshare.net/lucbeirens (c) 2014 Luc Beirens - Federal Computer Crime Unit
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×