Using the Internet to hide crime        Alain Homewood & Jung Son
What we will talk about today• Introduction & Background• Internet Service: Legitimate Vs Criminal Uses• Using the Interne...
What we will talk about today• Ways in which investigators can get around the  methods used to hide crime• Case study• Con...
Introduction & Background• In recent years, the Internet has developed rapidly  and has been used as a great tool for vari...
Introduction (Continue…)However                 …There are different impacts of the Internet.
Introduction (Continue…)• The Internet has transformed criminal  opportunity to hide their crime.• Encryption also gives c...
Introduction (Continue…) Schneider, J.L. (2003) notes:   “ While this technology facilitates productive, legitimate     in...
Introduction (Continue…)Denning & Baugh (1998) stated that:   “ encryption is being used as a tool for hiding   informatio...
Internet Service Legitimate Vs Criminal UsesImportant communication tool    Important Crime tool    Sharing criminal ideas...
Internet Service                       Legitimate Vs Criminal Uses    Showing                                             ...
Using the Internet to hide evidence•   News Group•   Online Forums•   Online file repository•   Voice over chat (to avoid ...
Hiding Identity - Anonymity• The best way to hide crime is to ensure it can’t  be tracked back to you.• In general if the ...
Hiding Identity – Another Device/NetworkIt is very easy for a criminal to simply useanother device or network to conduct c...
Hiding Identity – Hacked Devices/NetworksCriminals often have an array of hackeddevices/networks that they can use to rout...
Hiding Identity – Stolen CredentialsCriminals may hack, steal or guess credentialsfor access to people’s online services. ...
Hiding Identity – Identity Theft• Identity theft allows a criminal to appear as  you while committing crime by stealing or...
Hiding Identity – Proxies• Proxies provide an intermediary for network  traffic helping to conceal the identity of the  so...
Hiding Identity – VPNs/SSL Tunnels• VPNs (Virtual Private Networks) allow network  traffic to be sent via a third party co...
Hiding Identity – TOR                https://www.torproject.orgTOR (The Onion Router) is essentially a peer to peerVPN net...
Hiding Identity – TOR                              How it worksEach connection made is routed through a randompath. TOR ma...
Hiding Crime – TOR                             Hidden ServicesTOR can also host hidden services (i.e. web servers)that can...
Hiding Identity – TOR            Hiding evidence of TOR Usage• Portable versions of TOR that can run off a  USB flash driv...
Hiding Identity – TOR                    Alternatives• I2P (http://www.i2p2.de/) is very similar to  TOR but more decentra...
Hiding Activity• To hide crime online it is also important to be  able to hide communications and criminal  activity.• The...
Hiding Activity – Private Communities• A lot of criminal activity on the internet  happens in private or semi-private  com...
Hiding Activity - Darknets• A Darknet is very similar to TOR with the  exception that all the nodes in the network  are kn...
Hiding Evidence - Encryption• Encryption is the process of applying a  transformation to information using an  algorithm t...
Hiding Evidence - Encryption• Criminal cases involving encryption have been  steadily increasing.• Cracking encryption oft...
Hiding Evidence - Steganography• Steganography is the process of hiding a  hidden piece of information inside of  legitima...
Hiding Evidence - Steganography• Can be used in conjunction with encryption to  further hide evidence.• Very little if any...
Other Techniques – Jurisdiction Issues• In the physical world criminals will often  commit crime from or escape to jurisdi...
Ways in which investigators can get around    the methods used to hide crimeHide                           UnhideCryptogra...
Ways in which investigators can get around             the methods used to hide crime• Cryptanalysis   Study of methods fo...
Ways in which investigators can get around        the methods used to hide crime• Software  – PRTK (Password Recovered Too...
EnCast - Facebook Chat ArtifactsImage source from: YouTube.com (http://www.youtube.com/watch?v=-rzX0LNply8)
Fox News - SteganographySource from: http://www.youtube.com/watch?v=SgxiBIt9siE&feature=related
Case study – An Insight Into Child Porn• In 2009 “Mr X” provided an expose on the  current child porn industry to Wikileak...
Case study – An Insight Into Child Porn           Step 1 – Rent Servers• Rent servers in multiple countries (Germany is  a...
Case study – An Insight Into Child Porn         Step 2 – Configure Servers• Administrators connect to the servers  anonymo...
Case study – An Insight Into Child Porn           Step 3 – Share Media• One server is the content server; content is  uplo...
Case study – An Insight Into Child Porn                Conclusion• The content server attracts very little attention as it...
Conclusions• Criminals are becoming increasingly  sophisticated in their attempts to hide crime  online.• Investigators ar...
References• Denning, D., & Baugh, W. (1998). Encryption and evolving technologies:  Tools of organized crime and terrorism...
Thank you!
Upcoming SlideShare
Loading in …5
×

Using the Internet to hide crime

3,389 views

Published on

Using the Internet to hide crime

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
3,389
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
0
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Using the Internet to hide crime

  1. 1. Using the Internet to hide crime Alain Homewood & Jung Son
  2. 2. What we will talk about today• Introduction & Background• Internet Service: Legitimate Vs Criminal Uses• Using the Internet to hide evidence• Tools and techniques to hide crime using the internet
  3. 3. What we will talk about today• Ways in which investigators can get around the methods used to hide crime• Case study• Conclusions• References• Questions
  4. 4. Introduction & Background• In recent years, the Internet has developed rapidly and has been used as a great tool for various areas.• The Internet creates new ways for people to communicate and share information• Growth of Information Technology has led to a development of digital encryption technologies.
  5. 5. Introduction (Continue…)However …There are different impacts of the Internet.
  6. 6. Introduction (Continue…)• The Internet has transformed criminal opportunity to hide their crime.• Encryption also gives criminals a powerful tool for concealing their activities.
  7. 7. Introduction (Continue…) Schneider, J.L. (2003) notes: “ While this technology facilitates productive, legitimate interaction, it can also open a ‘Pandora’s Box’ of criminal opportunity.” (p. 375) He continues: “ Not only can criminals hide in terms of identity and location, but also the types of crimes being committed may not be a high priority for police and their high-tech crime units to investigate.” (p. 375)Schneider, J. L. (2003). Hiding in Plain Sight: An Exploration of the Illegal(?) Activities of a Drugs Newsgroup. The Howard Journal of Criminal Justice, 42(4), 374-389.
  8. 8. Introduction (Continue…)Denning & Baugh (1998) stated that: “ encryption is being used as a tool for hiding information in a variety of crimes, including fraud and other financial crimes, theft of proprietary information, computer crime, drugs, child pornography, terrorism, murder, and economic and military espionage.” (p. 47)Denning, D., & Baugh, W. (1998). Encryption and evolving technologies: Tools of organized crime and terrorism. Trends in Organized Crime, 3(3), 44-75.
  9. 9. Internet Service Legitimate Vs Criminal UsesImportant communication tool Important Crime tool Sharing criminal ideas Sharing good ideas ….
  10. 10. Internet Service Legitimate Vs Criminal Uses Showing Hiding my my profile profile exchange of ideas and Enhance criminal beliefs VS activities Share criminal knowledge – Enhance (how to buildCommunication bombs) overcome overcome barriers of barriers of time investigation Interact Interact with with friends criminals
  11. 11. Using the Internet to hide evidence• News Group• Online Forums• Online file repository• Voice over chat (to avoid tracked conversation) This provides a challenging set of circumstances for investigators to find evidence
  12. 12. Hiding Identity - Anonymity• The best way to hide crime is to ensure it can’t be tracked back to you.• In general if the perpetrator makes no attempt to conceal their identity online then they can be tracked.
  13. 13. Hiding Identity – Another Device/NetworkIt is very easy for a criminal to simply useanother device or network to conduct crime.This could involve the use of:• Authorised use of a device from their friend, employer, internet café, university etc.• A stolen device or one accessed without authorisation (i.e. steal a mobile and use it’s data plan)• Public wireless networks
  14. 14. Hiding Identity – Hacked Devices/NetworksCriminals often have an array of hackeddevices/networks that they can use to routetheir communications through. This includes.• Hacked servers• Hacked home computers (often under Botnet control)• Hacked wireless networks
  15. 15. Hiding Identity – Stolen CredentialsCriminals may hack, steal or guess credentialsfor access to people’s online services. Crime isthen conducted using these credentials. Populartargets include:• Online banking• Payment systems (e.g. Paypal)• Online merchants• Email & Social Networking (mainly for spam)
  16. 16. Hiding Identity – Identity Theft• Identity theft allows a criminal to appear as you while committing crime by stealing or fabricating your identifying documents.• Can open accounts in your name with any service provider.• Can get credentials for your existing accounts reset.• Complete identities are readily and cheaply available online.
  17. 17. Hiding Identity – Proxies• Proxies provide an intermediary for network traffic helping to conceal the identity of the source.• Can be chained together allowing the network traffic to travel through several proxies.• Not commonly used by criminals any more due to a lack of supply and better options being available.
  18. 18. Hiding Identity – VPNs/SSL Tunnels• VPNs (Virtual Private Networks) allow network traffic to be sent via a third party concealing the identity of the source.• All traffic between the user and the VPN provider is generally encrypted.• Thousands of commercial VPN providers with varying policies on keeping logs etc.• Many less legitimate providers who provide guarantees of not tracking anything you do.
  19. 19. Hiding Identity – TOR https://www.torproject.orgTOR (The Onion Router) is essentially a peer to peerVPN network. Traffic is encrypted and routedthrough several peers before going out to theinternet. Source: http://www.torproject.org/about/overview.html.en
  20. 20. Hiding Identity – TOR How it worksEach connection made is routed through a randompath. TOR makes your communications anonymousbut not private. Exit nodes can see the unencryptedtraffic. Source: http://www.torproject.org/about/overview.html.en
  21. 21. Hiding Crime – TOR Hidden ServicesTOR can also host hidden services (i.e. web servers)that can’t be tracked. TOR acts an intermediaryallowing two users to talk to each other withoutever connecting directly. Source: https://www.torproject.org/docs/hidden-services.html.en
  22. 22. Hiding Identity – TOR Hiding evidence of TOR Usage• Portable versions of TOR that can run off a USB flash drive are available. These leave limited traces on the host machine• Live Linux distributions including TOR are available. These leave no traces at all on the host machine.• Both of these options require zero configuration and are “plug and play” solutions for anonymous communication.
  23. 23. Hiding Identity – TOR Alternatives• I2P (http://www.i2p2.de/) is very similar to TOR but more decentralised.• FreeNet (https://freenetproject.org/) provides a similar function to TOR’s hidden services.
  24. 24. Hiding Activity• To hide crime online it is also important to be able to hide communications and criminal activity.• The easiest way to hide communications is hide in plain site; the internet is a big place and there’s only so many eyes watching.• Criminals are getting more sophisticated in the methods they use to hide their criminal activity online.
  25. 25. Hiding Activity – Private Communities• A lot of criminal activity on the internet happens in private or semi-private communities.• These typically involve private forums and chat rooms were criminals can communicate with each other securely.• These communities often have some sort of vetting process; usually a referral from an existing member.
  26. 26. Hiding Activity - Darknets• A Darknet is very similar to TOR with the exception that all the nodes in the network are known; it is friend-to-friend not peer-to- peer.• Darknets ensure that communication is only seen by people within the group thus ensuring privacy.• Darknets are harder to set up and maintain than TOR but also harder to detect and track.
  27. 27. Hiding Evidence - Encryption• Encryption is the process of applying a transformation to information using an algorithm to make it unreadable without special knowledge.• Algorithms range from the easy to crack (protected MS Office Files, MD5) to near impossible (AES, Twofish)• A wide range of commercial and free software available.
  28. 28. Hiding Evidence - Encryption• Criminal cases involving encryption have been steadily increasing.• Cracking encryption often isn’t feasible – try to find the password another way.• If you encounter a live system where encryption is likely to be used don’t turn it off.
  29. 29. Hiding Evidence - Steganography• Steganography is the process of hiding a hidden piece of information inside of legitimate/innocuous information.• This means the hidden information attracts no attentions.• Commercial and free software available that can hide files inside image, audio and video files.• Hidden information could be hiding inside any container file.
  30. 30. Hiding Evidence - Steganography• Can be used in conjunction with encryption to further hide evidence.• Very little if any use by criminals online.• The media has often reported that terrorists widely use steganography to hide communications online. This is a myth.
  31. 31. Other Techniques – Jurisdiction Issues• In the physical world criminals will often commit crime from or escape to jurisdictions were they cannot be prosecuted. This applies equally to online crime.• Most online crime originates in countries with poor electronic crime laws and/or a lack of motivation to prosecute criminals.• The use of computers/networks in multiple countries further complicates jurisdiction issues.
  32. 32. Ways in which investigators can get around the methods used to hide crimeHide UnhideCryptography CryptanalysisCipher Decipher
  33. 33. Ways in which investigators can get around the methods used to hide crime• Cryptanalysis Study of methods for obtaining the meaning of encrypted information, without access to the secret information that is normally required to do so. Wikipedia. (2011)• Brute-force attack Tries every possible key until an intelligible information is obtained.Stallings, W. (2005). Cryptography and Network Security (4th ed.). Upper Saddle River, NJ: Prentice-Hall,Inc.Wikipedia. (2011). Cryptanalysis. Retrieved 20th March, 2011, from http://en.wikipedia.org/wiki/Cryptanalysis
  34. 34. Ways in which investigators can get around the methods used to hide crime• Software – PRTK (Password Recovered Toolkit) – EnCE (Hash Analysis) – FTK (Forensics ToolKit) – E-Discovery – Internet Evidence Finder – S-Tools (Steganography)
  35. 35. EnCast - Facebook Chat ArtifactsImage source from: YouTube.com (http://www.youtube.com/watch?v=-rzX0LNply8)
  36. 36. Fox News - SteganographySource from: http://www.youtube.com/watch?v=SgxiBIt9siE&feature=related
  37. 37. Case study – An Insight Into Child Porn• In 2009 “Mr X” provided an expose on the current child porn industry to Wikileaks.• “Mr X” has 10+ years experience in the industry.• This expose details how the industry currently works and explains why attempts to set up filters will never work.http://mirror.wikileaks.info/wiki/An_insight_into_child_porn/
  38. 38. Case study – An Insight Into Child Porn Step 1 – Rent Servers• Rent servers in multiple countries (Germany is a favourite). These servers are paid for with stolen credit cards, prepaid credit cards (i.e. “Prezzy Cards”), PayPal or WebMoney.• Often identification is required; for this there is no shortage of high quality false identification.
  39. 39. Case study – An Insight Into Child Porn Step 2 – Configure Servers• Administrators connect to the servers anonymously (i.e. proxy chains and TOR) to configure them.• All operating system logging mechanisms that can be turned off are turned off.• Partitions are encrypted using TrueCrypt; If the server is shut down or some logs in locally these volumes are unmounted.• Servers configured to only accept connections from a limited range of IP addresses.
  40. 40. Case study – An Insight Into Child Porn Step 3 – Share Media• One server is the content server; content is uploading anonymously through proxies.• Other servers are “proxy servers” or “forward servers”.• A domain name is handed out that links to one of the forward servers (the server rotates each time)• Custom software on the forward server creates an encrypted tunnel through the other forward servers and then to the content server.• The user then connects through this tunnel to the content server using remote destkop tools like RDP or VNC.
  41. 41. Case study – An Insight Into Child Porn Conclusion• The content server attracts very little attention as it’s only talking to a very limited range of other servers.• All traffic from the content servers through the forward servers is encrypted and cannot be monitored.• If a forward server gets raided the TrueCrypt volume is unmounted automatically. If this is somehow defeated then there’s no illegal content on the server to find anyway.• If the user gets raided then it’s often difficult to prosecute. They were viewing a computer in another country remotely; nothing is actually on their computers
  42. 42. Conclusions• Criminals are becoming increasingly sophisticated in their attempts to hide crime online.• Investigators are also becoming more sophisticated. However there are still many challenges in tracking online crime.• Anyone who is serious about hiding crime online can probably do so in way that leaves little to no traces.
  43. 43. References• Denning, D., & Baugh, W. (1998). Encryption and evolving technologies: Tools of organized crime and terrorism. Trends in Organized Crime, 3(3), 44-75.• Schneider, J. L. (2003). Hiding in Plain Sight: An Exploration of the Illegal(?) Activities of a Drugs Newsgroup. The Howard Journal of Criminal Justice, 42(4), 374-389. doi: 10.1111/1468-2311.00293• Stallings, W. (2005). Cryptography and Network Security (4th ed.). Upper Saddle River, NJ: Prentice-Hall, Inc.• Wikipedia. (2011). Cryptanalysis. Retrieved 20th March, 2011, from http://en.wikipedia.org/wiki/Cryptanalysis
  44. 44. Thank you!

×