SlideShare a Scribd company logo

Using the Internet to Hide Crime Techniques

J
jung921

This document discusses how criminals use the internet to hide evidence of crimes. It outlines various methods such as using anonymity tools like TOR, VPNs, and proxy servers to hide identities online. Criminals also form private online communities and use steganography and strong encryption to conceal criminal plans and activities. The document presents a hypothetical case study of how a child pornography ring hides its operations across multiple encrypted servers in different countries to evade law enforcement. It concludes that criminals pursuing anonymity can likely hide evidence of their crimes online, though investigators are improving their technical capabilities for tracking such activities.

Technology
1 of 44
Using the Internet to hide crime Alain Homewood & Jung Son
What we will talk about today • Introduction & Background • Internet Service: Legitimate Vs Criminal Uses • Using the Internet to hide evidence • Tools and techniques to hide crime using the internet
What we will talk about today • Ways in which investigators can get around the methods used to hide crime • Case study • Conclusions • References • Questions
Introduction & Background • In recent years, the Internet has developed rapidly and has been used as a great tool for various areas. • The Internet creates new ways for people to communicate and share information • Growth of Information Technology has led to a development of digital encryption technologies.
Introduction (Continue…) However … There are different impacts of the Internet.
Introduction (Continue…) • The Internet has transformed criminal opportunity to hide their crime. • Encryption also gives criminals a powerful tool for concealing their activities.
Introduction (Continue…) Schneider, J.L. (2003) notes: “ While this technology facilitates productive, legitimate interaction, it can also open a ‘Pandora’s Box’ of criminal opportunity.” (p. 375) He continues: “ Not only can criminals hide in terms of identity and location, but also the types of crimes being committed may not be a high priority for police and their high-tech crime units to investigate.” (p. 375) Schneider, J. L. (2003). Hiding in Plain Sight: An Exploration of the Illegal(?) Activities of a Drugs Newsgroup. The Howard Journal of Criminal Justice, 42(4), 374-389.
Introduction (Continue…) Denning & Baugh (1998) stated that: “ encryption is being used as a tool for hiding information in a variety of crimes, including fraud and other financial crimes, theft of proprietary information, computer crime, drugs, child pornography, terrorism, murder, and economic and military espionage.” (p. 47) Denning, D., & Baugh, W. (1998). Encryption and evolving technologies: Tools of organized crime and terrorism. Trends in Organized Crime, 3(3), 44-75.
Internet Service Legitimate Vs Criminal Uses Important communication tool Important Crime tool Sharing criminal ideas Sharing good ideas ….
Internet Service Legitimate Vs Criminal Uses Showing Hiding my my profile profile exchange of ideas and Enhance criminal beliefs VS activities Share criminal knowledge – Enhance (how to build Communication bombs) overcome overcome barriers of barriers of time investigation Interact Interact with with friends criminals
Using the Internet to hide evidence • News Group • Online Forums • Online file repository • Voice over chat (to avoid tracked conversation)  This provides a challenging set of circumstances for investigators to find evidence
Hiding Identity - Anonymity • The best way to hide crime is to ensure it can’t be tracked back to you. • In general if the perpetrator makes no attempt to conceal their identity online then they can be tracked.
Hiding Identity – Another Device/Network It is very easy for a criminal to simply use another device or network to conduct crime. This could involve the use of: • Authorised use of a device from their friend, employer, internet café, university etc. • A stolen device or one accessed without authorisation (i.e. steal a mobile and use it’s data plan) • Public wireless networks
Hiding Identity – Hacked Devices/Networks Criminals often have an array of hacked devices/networks that they can use to route their communications through. This includes. • Hacked servers • Hacked home computers (often under Botnet control) • Hacked wireless networks
Hiding Identity – Stolen Credentials Criminals may hack, steal or guess credentials for access to people’s online services. Crime is then conducted using these credentials. Popular targets include: • Online banking • Payment systems (e.g. Paypal) • Online merchants • Email & Social Networking (mainly for spam)
Hiding Identity – Identity Theft • Identity theft allows a criminal to appear as you while committing crime by stealing or fabricating your identifying documents. • Can open accounts in your name with any service provider. • Can get credentials for your existing accounts reset. • Complete identities are readily and cheaply available online.
Hiding Identity – Proxies • Proxies provide an intermediary for network traffic helping to conceal the identity of the source. • Can be chained together allowing the network traffic to travel through several proxies. • Not commonly used by criminals any more due to a lack of supply and better options being available.
Hiding Identity – VPNs/SSL Tunnels • VPNs (Virtual Private Networks) allow network traffic to be sent via a third party concealing the identity of the source. • All traffic between the user and the VPN provider is generally encrypted. • Thousands of commercial VPN providers with varying policies on keeping logs etc. • Many less legitimate providers who provide guarantees of not tracking anything you do.
Hiding Identity – TOR https://www.torproject.org TOR (The Onion Router) is essentially a peer to peer VPN network. Traffic is encrypted and routed through several peers before going out to the internet. Source: http://www.torproject.org/about/overview.html.en
Hiding Identity – TOR How it works Each connection made is routed through a random path. TOR makes your communications anonymous but not private. Exit nodes can see the unencrypted traffic. Source: http://www.torproject.org/about/overview.html.en
Hiding Crime – TOR Hidden Services TOR can also host hidden services (i.e. web servers) that can’t be tracked. TOR acts an intermediary allowing two users to talk to each other without ever connecting directly. Source: https://www.torproject.org/docs/hidden-services.html.en
Hiding Identity – TOR Hiding evidence of TOR Usage • Portable versions of TOR that can run off a USB flash drive are available. These leave limited traces on the host machine • Live Linux distributions including TOR are available. These leave no traces at all on the host machine. • Both of these options require zero configuration and are “plug and play” solutions for anonymous communication.
Hiding Identity – TOR Alternatives • I2P (http://www.i2p2.de/) is very similar to TOR but more decentralised. • FreeNet (https://freenetproject.org/) provides a similar function to TOR’s hidden services.
Hiding Activity • To hide crime online it is also important to be able to hide communications and criminal activity. • The easiest way to hide communications is hide in plain site; the internet is a big place and there’s only so many eyes watching. • Criminals are getting more sophisticated in the methods they use to hide their criminal activity online.
Hiding Activity – Private Communities • A lot of criminal activity on the internet happens in private or semi-private communities. • These typically involve private forums and chat rooms were criminals can communicate with each other securely. • These communities often have some sort of vetting process; usually a referral from an existing member.
Hiding Activity - Darknets • A Darknet is very similar to TOR with the exception that all the nodes in the network are known; it is friend-to-friend not peer-to- peer. • Darknets ensure that communication is only seen by people within the group thus ensuring privacy. • Darknets are harder to set up and maintain than TOR but also harder to detect and track.
Hiding Evidence - Encryption • Encryption is the process of applying a transformation to information using an algorithm to make it unreadable without special knowledge. • Algorithms range from the easy to crack (protected MS Office Files, MD5) to near impossible (AES, Twofish) • A wide range of commercial and free software available.
Hiding Evidence - Encryption • Criminal cases involving encryption have been steadily increasing. • Cracking encryption often isn’t feasible – try to find the password another way. • If you encounter a live system where encryption is likely to be used don’t turn it off.
Hiding Evidence - Steganography • Steganography is the process of hiding a hidden piece of information inside of legitimate/innocuous information. • This means the hidden information attracts no attentions. • Commercial and free software available that can hide files inside image, audio and video files. • Hidden information could be hiding inside any container file.
Hiding Evidence - Steganography • Can be used in conjunction with encryption to further hide evidence. • Very little if any use by criminals online. • The media has often reported that terrorists widely use steganography to hide communications online. This is a myth.
Other Techniques – Jurisdiction Issues • In the physical world criminals will often commit crime from or escape to jurisdictions were they cannot be prosecuted. This applies equally to online crime. • Most online crime originates in countries with poor electronic crime laws and/or a lack of motivation to prosecute criminals. • The use of computers/networks in multiple countries further complicates jurisdiction issues.
Ways in which investigators can get around the methods used to hide crime Hide Unhide Cryptography Cryptanalysis Cipher Decipher
Ways in which investigators can get around the methods used to hide crime • Cryptanalysis Study of methods for obtaining the meaning of encrypted information, without access to the secret information that is normally required to do so. Wikipedia. (2011) • Brute-force attack Tries every possible key until an intelligible information is obtained. Stallings, W. (2005). Cryptography and Network Security (4th ed.). Upper Saddle River, NJ: Prentice-Hall, Inc. Wikipedia. (2011). Cryptanalysis. Retrieved 20th March, 2011, from http://en.wikipedia.org/wiki/Cryptanalysis
Ways in which investigators can get around the methods used to hide crime • Software – PRTK (Password Recovered Toolkit) – EnCE (Hash Analysis) – FTK (Forensics ToolKit) – E-Discovery – Internet Evidence Finder – S-Tools (Steganography)
EnCast - Facebook Chat Artifacts Image source from: YouTube.com (http://www.youtube.com/watch?v=-rzX0LNply8)
Fox News - Steganography Source from: http://www.youtube.com/watch?v=SgxiBIt9siE&feature=related
Case study – An Insight Into Child Porn • In 2009 “Mr X” provided an expose on the current child porn industry to Wikileaks. • “Mr X” has 10+ years experience in the industry. • This expose details how the industry currently works and explains why attempts to set up filters will never work. http://mirror.wikileaks.info/wiki/An_insight_into_child_porn/
Case study – An Insight Into Child Porn Step 1 – Rent Servers • Rent servers in multiple countries (Germany is a favourite). These servers are paid for with stolen credit cards, prepaid credit cards (i.e. “Prezzy Cards”), PayPal or WebMoney. • Often identification is required; for this there is no shortage of high quality false identification.
Case study – An Insight Into Child Porn Step 2 – Configure Servers • Administrators connect to the servers anonymously (i.e. proxy chains and TOR) to configure them. • All operating system logging mechanisms that can be turned off are turned off. • Partitions are encrypted using TrueCrypt; If the server is shut down or some logs in locally these volumes are unmounted. • Servers configured to only accept connections from a limited range of IP addresses.
Case study – An Insight Into Child Porn Step 3 – Share Media • One server is the content server; content is uploading anonymously through proxies. • Other servers are “proxy servers” or “forward servers”. • A domain name is handed out that links to one of the forward servers (the server rotates each time) • Custom software on the forward server creates an encrypted tunnel through the other forward servers and then to the content server. • The user then connects through this tunnel to the content server using remote destkop tools like RDP or VNC.
Case study – An Insight Into Child Porn Conclusion • The content server attracts very little attention as it’s only talking to a very limited range of other servers. • All traffic from the content servers through the forward servers is encrypted and cannot be monitored. • If a forward server gets raided the TrueCrypt volume is unmounted automatically. If this is somehow defeated then there’s no illegal content on the server to find anyway. • If the user gets raided then it’s often difficult to prosecute. They were viewing a computer in another country remotely; nothing is actually on their computers
Conclusions • Criminals are becoming increasingly sophisticated in their attempts to hide crime online. • Investigators are also becoming more sophisticated. However there are still many challenges in tracking online crime. • Anyone who is serious about hiding crime online can probably do so in way that leaves little to no traces.
References • Denning, D., & Baugh, W. (1998). Encryption and evolving technologies: Tools of organized crime and terrorism. Trends in Organized Crime, 3(3), 44-75. • Schneider, J. L. (2003). Hiding in Plain Sight: An Exploration of the Illegal(?) Activities of a Drugs Newsgroup. The Howard Journal of Criminal Justice, 42(4), 374-389. doi: 10.1111/1468-2311.00293 • Stallings, W. (2005). Cryptography and Network Security (4th ed.). Upper Saddle River, NJ: Prentice-Hall, Inc. • Wikipedia. (2011). Cryptanalysis. Retrieved 20th March, 2011, from http://en.wikipedia.org/wiki/Cryptanalysis
Thank you!

Recommended

Darknet - Is this the future of Internet?
Darknet - Is this the future of Internet? Darknet - Is this the future of Internet?
Darknet - Is this the future of Internet? Bangladesh Network Operators Group
 
Cyber Law & Forensics
Cyber Law & ForensicsCyber Law & Forensics
Cyber Law & ForensicsHarshita Ved
 
Darknet
DarknetDarknet
DarknetKamalPreet Saluja
 
Dark Side of the Net Lecture 4 TOR
Dark Side of the Net Lecture 4 TOR Dark Side of the Net Lecture 4 TOR
Dark Side of the Net Lecture 4 TOR Marcus Leaning
 
Cyber Law & Forensics
Cyber Law & ForensicsCyber Law & Forensics
Cyber Law & ForensicsHarshita Ved
 
Net Neutrality Capacity Building Seminar
Net Neutrality Capacity Building SeminarNet Neutrality Capacity Building Seminar
Net Neutrality Capacity Building SeminarExcel Asama
 
Cyber Law & Forensics
Cyber Law & ForensicsCyber Law & Forensics
Cyber Law & ForensicsHarshita Ved
 
Dark net
Dark netDark net
Dark netPaolo Razon
 

Recommended

Darknet - Is this the future of Internet?
Darknet - Is this the future of Internet? Darknet - Is this the future of Internet?
Darknet - Is this the future of Internet? Bangladesh Network Operators Group
 
Cyber Law & Forensics
Cyber Law & ForensicsCyber Law & Forensics
Cyber Law & ForensicsHarshita Ved
 
Darknet
DarknetDarknet
DarknetKamalPreet Saluja
 
Dark Side of the Net Lecture 4 TOR
Dark Side of the Net Lecture 4 TOR Dark Side of the Net Lecture 4 TOR
Dark Side of the Net Lecture 4 TOR Marcus Leaning
 
Cyber Law & Forensics
Cyber Law & ForensicsCyber Law & Forensics
Cyber Law & ForensicsHarshita Ved
 
Net Neutrality Capacity Building Seminar
Net Neutrality Capacity Building SeminarNet Neutrality Capacity Building Seminar
Net Neutrality Capacity Building SeminarExcel Asama
 
Cyber Law & Forensics
Cyber Law & ForensicsCyber Law & Forensics
Cyber Law & ForensicsHarshita Ved
 
Dark net
Dark netDark net
Dark netPaolo Razon
 
FNC Corporate Protect Workshop
FNC Corporate Protect WorkshopFNC Corporate Protect Workshop
FNC Corporate Protect Workshopforensicsnation
 
03.fnc corporate protect workshop new
03.fnc corporate protect workshop new03.fnc corporate protect workshop new
03.fnc corporate protect workshop newforensicsnation
 
SEO2India - Cyber crime
SEO2India - Cyber crimeSEO2India - Cyber crime
SEO2India - Cyber crimeSEO2India - Devang Barot - SEO2India
 
Darknet
DarknetDarknet
DarknetBijayKumarSingh11
 
FreeSpeak- Anonymous messaging over on-demand cloud services
FreeSpeak- Anonymous messaging over on-demand cloud servicesFreeSpeak- Anonymous messaging over on-demand cloud services
FreeSpeak- Anonymous messaging over on-demand cloud servicesPablo Panero
 
DCB1309 - F2_Dark_Net
DCB1309 - F2_Dark_NetDCB1309 - F2_Dark_Net
DCB1309 - F2_Dark_NetPaul Elliott
 
Cyber crime
Cyber crimeCyber crime
Cyber crime24sneha
 
The Darknet and the Future of Everything*
The Darknet and the Future of Everything*The Darknet and the Future of Everything*
The Darknet and the Future of Everything*PeterNBiddle
 
Digital Identity
Digital Identity Digital Identity
Digital Identity SanjaySharma1059
 
Obstacles to Cybercrime Investigations
Obstacles to Cybercrime InvestigationsObstacles to Cybercrime Investigations
Obstacles to Cybercrime InvestigationsDr. Prashant Vats
 
Traditional problem associated with cyber crime
Traditional problem associated with cyber crimeTraditional problem associated with cyber crime
Traditional problem associated with cyber crimevishalgohel12195
 
Dark web
Dark webDark web
Dark webVaishnaviSrivastava18
 
Samer faraj AUB arab spring talk cc mar 1-2012
Samer faraj AUB arab spring talk cc mar 1-2012Samer faraj AUB arab spring talk cc mar 1-2012
Samer faraj AUB arab spring talk cc mar 1-2012sfaraj
 
Darknet
DarknetDarknet
DarknetHiro Oshikawa
 
Digital Crime & Forensics - Report
Digital Crime & Forensics - ReportDigital Crime & Forensics - Report
Digital Crime & Forensics - Reportprashant3535
 
An Introduction to Cyber World to a Newbie
An Introduction to Cyber World to a NewbieAn Introduction to Cyber World to a Newbie
An Introduction to Cyber World to a NewbieAnuj Khandelwal
 
The Dark web - Why the hidden part of the web is even more dangerous?
The Dark web - Why the hidden part of the web is even more dangerous?The Dark web - Why the hidden part of the web is even more dangerous?
The Dark web - Why the hidden part of the web is even more dangerous?Pierluigi Paganini
 
Cyber Crime Investigation
Cyber Crime InvestigationCyber Crime Investigation
Cyber Crime InvestigationHarshita Ved
 
Cybe Crime & Its Type
Cybe Crime & Its TypeCybe Crime & Its Type
Cybe Crime & Its TypeDeepak Kumar (D3)
 
Social Engineering
Social EngineeringSocial Engineering
Social EngineeringNeelu Tripathy
 
Dw communication
Dw communicationDw communication
Dw communicationArjun Chetry
 
Cyber crime- a case study
Cyber crime- a case studyCyber crime- a case study
Cyber crime- a case studyShubh Thakkar
 

More Related Content

What's hot

FNC Corporate Protect Workshop
FNC Corporate Protect WorkshopFNC Corporate Protect Workshop
FNC Corporate Protect Workshopforensicsnation
 
03.fnc corporate protect workshop new
03.fnc corporate protect workshop new03.fnc corporate protect workshop new
03.fnc corporate protect workshop newforensicsnation
 
FreeSpeak- Anonymous messaging over on-demand cloud services
FreeSpeak- Anonymous messaging over on-demand cloud servicesFreeSpeak- Anonymous messaging over on-demand cloud services
FreeSpeak- Anonymous messaging over on-demand cloud servicesPablo Panero
 
DCB1309 - F2_Dark_Net
DCB1309 - F2_Dark_NetDCB1309 - F2_Dark_Net
DCB1309 - F2_Dark_NetPaul Elliott
 
Cyber crime
Cyber crimeCyber crime
Cyber crime24sneha
 
The Darknet and the Future of Everything*
The Darknet and the Future of Everything*The Darknet and the Future of Everything*
The Darknet and the Future of Everything*PeterNBiddle
 
Obstacles to Cybercrime Investigations
Obstacles to Cybercrime InvestigationsObstacles to Cybercrime Investigations
Obstacles to Cybercrime InvestigationsDr. Prashant Vats
 
Traditional problem associated with cyber crime
Traditional problem associated with cyber crimeTraditional problem associated with cyber crime
Traditional problem associated with cyber crimevishalgohel12195
 
Samer faraj AUB arab spring talk cc mar 1-2012
Samer faraj AUB arab spring talk cc mar 1-2012Samer faraj AUB arab spring talk cc mar 1-2012
Samer faraj AUB arab spring talk cc mar 1-2012sfaraj
 
Digital Crime & Forensics - Report
Digital Crime & Forensics - ReportDigital Crime & Forensics - Report
Digital Crime & Forensics - Reportprashant3535
 
An Introduction to Cyber World to a Newbie
An Introduction to Cyber World to a NewbieAn Introduction to Cyber World to a Newbie
An Introduction to Cyber World to a NewbieAnuj Khandelwal
 
The Dark web - Why the hidden part of the web is even more dangerous?
The Dark web - Why the hidden part of the web is even more dangerous?The Dark web - Why the hidden part of the web is even more dangerous?
The Dark web - Why the hidden part of the web is even more dangerous?Pierluigi Paganini
 
Cyber Crime Investigation
Cyber Crime InvestigationCyber Crime Investigation
Cyber Crime InvestigationHarshita Ved
 

What's hot (20)

FNC Corporate Protect Workshop
FNC Corporate Protect WorkshopFNC Corporate Protect Workshop
FNC Corporate Protect Workshop
 
03.fnc corporate protect workshop new
03.fnc corporate protect workshop new03.fnc corporate protect workshop new
03.fnc corporate protect workshop new
 
SEO2India - Cyber crime
SEO2India - Cyber crimeSEO2India - Cyber crime
SEO2India - Cyber crime
 
Darknet
DarknetDarknet
Darknet
 
FreeSpeak- Anonymous messaging over on-demand cloud services
FreeSpeak- Anonymous messaging over on-demand cloud servicesFreeSpeak- Anonymous messaging over on-demand cloud services
FreeSpeak- Anonymous messaging over on-demand cloud services
 
DCB1309 - F2_Dark_Net
DCB1309 - F2_Dark_NetDCB1309 - F2_Dark_Net
DCB1309 - F2_Dark_Net
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
 
The Darknet and the Future of Everything*
The Darknet and the Future of Everything*The Darknet and the Future of Everything*
The Darknet and the Future of Everything*
 
Digital Identity
Digital Identity Digital Identity
Digital Identity
 
Obstacles to Cybercrime Investigations
Obstacles to Cybercrime InvestigationsObstacles to Cybercrime Investigations
Obstacles to Cybercrime Investigations
 
Traditional problem associated with cyber crime
Traditional problem associated with cyber crimeTraditional problem associated with cyber crime
Traditional problem associated with cyber crime
 
Dark web
Dark webDark web
Dark web
 
Samer faraj AUB arab spring talk cc mar 1-2012
Samer faraj AUB arab spring talk cc mar 1-2012Samer faraj AUB arab spring talk cc mar 1-2012
Samer faraj AUB arab spring talk cc mar 1-2012
 
Darknet
DarknetDarknet
Darknet
 
Digital Crime & Forensics - Report
Digital Crime & Forensics - ReportDigital Crime & Forensics - Report
Digital Crime & Forensics - Report
 
An Introduction to Cyber World to a Newbie
An Introduction to Cyber World to a NewbieAn Introduction to Cyber World to a Newbie
An Introduction to Cyber World to a Newbie
 
The Dark web - Why the hidden part of the web is even more dangerous?
The Dark web - Why the hidden part of the web is even more dangerous?The Dark web - Why the hidden part of the web is even more dangerous?
The Dark web - Why the hidden part of the web is even more dangerous?
 
Cyber Crime Investigation
Cyber Crime InvestigationCyber Crime Investigation
Cyber Crime Investigation
 
Cybe Crime & Its Type
Cybe Crime & Its TypeCybe Crime & Its Type
Cybe Crime & Its Type
 
Social Engineering
Social EngineeringSocial Engineering
Social Engineering
 

Similar to Using the Internet to Hide Crime Techniques

Cyber crime- a case study
Cyber crime- a case studyCyber crime- a case study
Cyber crime- a case studyShubh Thakkar
 
Dark Web and Threat Intelligence
Dark Web and Threat IntelligenceDark Web and Threat Intelligence
Dark Web and Threat IntelligenceMarlabs
 
Tor network seminar by 13504
Tor network seminar by 13504 Tor network seminar by 13504
Tor network seminar by 13504 Prashant Rana
 
What are cybercrimes? How cybercrime works?
What are cybercrimes? How cybercrime works?What are cybercrimes? How cybercrime works?
What are cybercrimes? How cybercrime works?FarjanaMitu3
 
Pichman privacy, the dark web, & hacker devices i school (1)
Pichman privacy, the dark web, & hacker devices i school (1)Pichman privacy, the dark web, & hacker devices i school (1)
Pichman privacy, the dark web, & hacker devices i school (1)Stephen Abram
 
Dark web sites - Navigating the Depths of Secrecy, Sites, and Links.pdf
Dark web sites - Navigating the Depths of Secrecy, Sites, and Links.pdfDark web sites - Navigating the Depths of Secrecy, Sites, and Links.pdf
Dark web sites - Navigating the Depths of Secrecy, Sites, and Links.pdfAuto Parts Wholesale Online
 
cyberlaws and cyberforensics,biometrics
cyberlaws and cyberforensics,biometricscyberlaws and cyberforensics,biometrics
cyberlaws and cyberforensics,biometricsMayank Diwakar
 
Acpe 2014 Internet Anonymity Using Tor
Acpe 2014 Internet Anonymity Using TorAcpe 2014 Internet Anonymity Using Tor
Acpe 2014 Internet Anonymity Using TorJack Maynard
 
darkwebbbvxvbjvccjjbvcgjnbvvvbnhc nmk.pptx
darkwebbbvxvbjvccjjbvcgjnbvvvbnhc nmk.pptxdarkwebbbvxvbjvccjjbvcgjnbvvvbnhc nmk.pptx
darkwebbbvxvbjvccjjbvcgjnbvvvbnhc nmk.pptxGeetha982072
 

Similar to Using the Internet to Hide Crime Techniques (20)

Dw communication
Dw communicationDw communication
Dw communication
 
Cyber crime- a case study
Cyber crime- a case studyCyber crime- a case study
Cyber crime- a case study
 
Cyber Crime
Cyber CrimeCyber Crime
Cyber Crime
 
Dark Web Site.pdf
Dark Web Site.pdfDark Web Site.pdf
Dark Web Site.pdf
 
unit-1.pptx
unit-1.pptxunit-1.pptx
unit-1.pptx
 
Dark Web and Threat Intelligence
Dark Web and Threat IntelligenceDark Web and Threat Intelligence
Dark Web and Threat Intelligence
 
Tor network seminar by 13504
Tor network seminar by 13504 Tor network seminar by 13504
Tor network seminar by 13504
 
What are cybercrimes? How cybercrime works?
What are cybercrimes? How cybercrime works?What are cybercrimes? How cybercrime works?
What are cybercrimes? How cybercrime works?
 
CYBERFORENSICS
CYBERFORENSICSCYBERFORENSICS
CYBERFORENSICS
 
Darknet (ec)
Darknet (ec) Darknet (ec)
Darknet (ec)
 
Research in the deep web
Research in the deep webResearch in the deep web
Research in the deep web
 
Pichman privacy, the dark web, & hacker devices i school (1)
Pichman privacy, the dark web, & hacker devices i school (1)Pichman privacy, the dark web, & hacker devices i school (1)
Pichman privacy, the dark web, & hacker devices i school (1)
 
Dark web sites - Navigating the Depths of Secrecy, Sites, and Links.pdf
Dark web sites - Navigating the Depths of Secrecy, Sites, and Links.pdfDark web sites - Navigating the Depths of Secrecy, Sites, and Links.pdf
Dark web sites - Navigating the Depths of Secrecy, Sites, and Links.pdf
 
Unit 2
Unit 2Unit 2
Unit 2
 
Unit 2
Unit 2Unit 2
Unit 2
 
cyberlaws and cyberforensics,biometrics
cyberlaws and cyberforensics,biometricscyberlaws and cyberforensics,biometrics
cyberlaws and cyberforensics,biometrics
 
Acpe 2014 Internet Anonymity Using Tor
Acpe 2014 Internet Anonymity Using TorAcpe 2014 Internet Anonymity Using Tor
Acpe 2014 Internet Anonymity Using Tor
 
FNC Corporate Protect
FNC Corporate ProtectFNC Corporate Protect
FNC Corporate Protect
 
darkwebbbvxvbjvccjjbvcgjnbvvvbnhc nmk.pptx
darkwebbbvxvbjvccjjbvcgjnbvvvbnhc nmk.pptxdarkwebbbvxvbjvccjjbvcgjnbvvvbnhc nmk.pptx
darkwebbbvxvbjvccjjbvcgjnbvvvbnhc nmk.pptx
 
Invisible Web
Invisible Web Invisible Web
Invisible Web
 

Recently uploaded

Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostZilliz
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 

Recently uploaded (20)

Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 

Using the Internet to Hide Crime Techniques

  • 1. Using the Internet to hide crime Alain Homewood & Jung Son
  • 2. What we will talk about today • Introduction & Background • Internet Service: Legitimate Vs Criminal Uses • Using the Internet to hide evidence • Tools and techniques to hide crime using the internet
  • 3. What we will talk about today • Ways in which investigators can get around the methods used to hide crime • Case study • Conclusions • References • Questions
  • 4. Introduction & Background • In recent years, the Internet has developed rapidly and has been used as a great tool for various areas. • The Internet creates new ways for people to communicate and share information • Growth of Information Technology has led to a development of digital encryption technologies.
  • 5. Introduction (Continue…) However … There are different impacts of the Internet.
  • 6. Introduction (Continue…) • The Internet has transformed criminal opportunity to hide their crime. • Encryption also gives criminals a powerful tool for concealing their activities.
  • 7. Introduction (Continue…) Schneider, J.L. (2003) notes: “ While this technology facilitates productive, legitimate interaction, it can also open a ‘Pandora’s Box’ of criminal opportunity.” (p. 375) He continues: “ Not only can criminals hide in terms of identity and location, but also the types of crimes being committed may not be a high priority for police and their high-tech crime units to investigate.” (p. 375) Schneider, J. L. (2003). Hiding in Plain Sight: An Exploration of the Illegal(?) Activities of a Drugs Newsgroup. The Howard Journal of Criminal Justice, 42(4), 374-389.
  • 8. Introduction (Continue…) Denning & Baugh (1998) stated that: “ encryption is being used as a tool for hiding information in a variety of crimes, including fraud and other financial crimes, theft of proprietary information, computer crime, drugs, child pornography, terrorism, murder, and economic and military espionage.” (p. 47) Denning, D., & Baugh, W. (1998). Encryption and evolving technologies: Tools of organized crime and terrorism. Trends in Organized Crime, 3(3), 44-75.
  • 9. Internet Service Legitimate Vs Criminal Uses Important communication tool Important Crime tool Sharing criminal ideas Sharing good ideas ….
  • 10. Internet Service Legitimate Vs Criminal Uses Showing Hiding my my profile profile exchange of ideas and Enhance criminal beliefs VS activities Share criminal knowledge – Enhance (how to build Communication bombs) overcome overcome barriers of barriers of time investigation Interact Interact with with friends criminals
  • 11. Using the Internet to hide evidence • News Group • Online Forums • Online file repository • Voice over chat (to avoid tracked conversation)  This provides a challenging set of circumstances for investigators to find evidence
  • 12. Hiding Identity - Anonymity • The best way to hide crime is to ensure it can’t be tracked back to you. • In general if the perpetrator makes no attempt to conceal their identity online then they can be tracked.
  • 13. Hiding Identity – Another Device/Network It is very easy for a criminal to simply use another device or network to conduct crime. This could involve the use of: • Authorised use of a device from their friend, employer, internet café, university etc. • A stolen device or one accessed without authorisation (i.e. steal a mobile and use it’s data plan) • Public wireless networks
  • 14. Hiding Identity – Hacked Devices/Networks Criminals often have an array of hacked devices/networks that they can use to route their communications through. This includes. • Hacked servers • Hacked home computers (often under Botnet control) • Hacked wireless networks
  • 15. Hiding Identity – Stolen Credentials Criminals may hack, steal or guess credentials for access to people’s online services. Crime is then conducted using these credentials. Popular targets include: • Online banking • Payment systems (e.g. Paypal) • Online merchants • Email & Social Networking (mainly for spam)
  • 16. Hiding Identity – Identity Theft • Identity theft allows a criminal to appear as you while committing crime by stealing or fabricating your identifying documents. • Can open accounts in your name with any service provider. • Can get credentials for your existing accounts reset. • Complete identities are readily and cheaply available online.
  • 17. Hiding Identity – Proxies • Proxies provide an intermediary for network traffic helping to conceal the identity of the source. • Can be chained together allowing the network traffic to travel through several proxies. • Not commonly used by criminals any more due to a lack of supply and better options being available.
  • 18. Hiding Identity – VPNs/SSL Tunnels • VPNs (Virtual Private Networks) allow network traffic to be sent via a third party concealing the identity of the source. • All traffic between the user and the VPN provider is generally encrypted. • Thousands of commercial VPN providers with varying policies on keeping logs etc. • Many less legitimate providers who provide guarantees of not tracking anything you do.
  • 19. Hiding Identity – TOR https://www.torproject.org TOR (The Onion Router) is essentially a peer to peer VPN network. Traffic is encrypted and routed through several peers before going out to the internet. Source: http://www.torproject.org/about/overview.html.en
  • 20. Hiding Identity – TOR How it works Each connection made is routed through a random path. TOR makes your communications anonymous but not private. Exit nodes can see the unencrypted traffic. Source: http://www.torproject.org/about/overview.html.en
  • 21. Hiding Crime – TOR Hidden Services TOR can also host hidden services (i.e. web servers) that can’t be tracked. TOR acts an intermediary allowing two users to talk to each other without ever connecting directly. Source: https://www.torproject.org/docs/hidden-services.html.en
  • 22. Hiding Identity – TOR Hiding evidence of TOR Usage • Portable versions of TOR that can run off a USB flash drive are available. These leave limited traces on the host machine • Live Linux distributions including TOR are available. These leave no traces at all on the host machine. • Both of these options require zero configuration and are “plug and play” solutions for anonymous communication.
  • 23. Hiding Identity – TOR Alternatives • I2P (http://www.i2p2.de/) is very similar to TOR but more decentralised. • FreeNet (https://freenetproject.org/) provides a similar function to TOR’s hidden services.
  • 24. Hiding Activity • To hide crime online it is also important to be able to hide communications and criminal activity. • The easiest way to hide communications is hide in plain site; the internet is a big place and there’s only so many eyes watching. • Criminals are getting more sophisticated in the methods they use to hide their criminal activity online.
  • 25. Hiding Activity – Private Communities • A lot of criminal activity on the internet happens in private or semi-private communities. • These typically involve private forums and chat rooms were criminals can communicate with each other securely. • These communities often have some sort of vetting process; usually a referral from an existing member.
  • 26. Hiding Activity - Darknets • A Darknet is very similar to TOR with the exception that all the nodes in the network are known; it is friend-to-friend not peer-to- peer. • Darknets ensure that communication is only seen by people within the group thus ensuring privacy. • Darknets are harder to set up and maintain than TOR but also harder to detect and track.
  • 27. Hiding Evidence - Encryption • Encryption is the process of applying a transformation to information using an algorithm to make it unreadable without special knowledge. • Algorithms range from the easy to crack (protected MS Office Files, MD5) to near impossible (AES, Twofish) • A wide range of commercial and free software available.
  • 28. Hiding Evidence - Encryption • Criminal cases involving encryption have been steadily increasing. • Cracking encryption often isn’t feasible – try to find the password another way. • If you encounter a live system where encryption is likely to be used don’t turn it off.
  • 29. Hiding Evidence - Steganography • Steganography is the process of hiding a hidden piece of information inside of legitimate/innocuous information. • This means the hidden information attracts no attentions. • Commercial and free software available that can hide files inside image, audio and video files. • Hidden information could be hiding inside any container file.
  • 30. Hiding Evidence - Steganography • Can be used in conjunction with encryption to further hide evidence. • Very little if any use by criminals online. • The media has often reported that terrorists widely use steganography to hide communications online. This is a myth.
  • 31. Other Techniques – Jurisdiction Issues • In the physical world criminals will often commit crime from or escape to jurisdictions were they cannot be prosecuted. This applies equally to online crime. • Most online crime originates in countries with poor electronic crime laws and/or a lack of motivation to prosecute criminals. • The use of computers/networks in multiple countries further complicates jurisdiction issues.
  • 32. Ways in which investigators can get around the methods used to hide crime Hide Unhide Cryptography Cryptanalysis Cipher Decipher
  • 33. Ways in which investigators can get around the methods used to hide crime • Cryptanalysis Study of methods for obtaining the meaning of encrypted information, without access to the secret information that is normally required to do so. Wikipedia. (2011) • Brute-force attack Tries every possible key until an intelligible information is obtained. Stallings, W. (2005). Cryptography and Network Security (4th ed.). Upper Saddle River, NJ: Prentice-Hall, Inc. Wikipedia. (2011). Cryptanalysis. Retrieved 20th March, 2011, from http://en.wikipedia.org/wiki/Cryptanalysis
  • 34. Ways in which investigators can get around the methods used to hide crime • Software – PRTK (Password Recovered Toolkit) – EnCE (Hash Analysis) – FTK (Forensics ToolKit) – E-Discovery – Internet Evidence Finder – S-Tools (Steganography)
  • 35. EnCast - Facebook Chat Artifacts Image source from: YouTube.com (http://www.youtube.com/watch?v=-rzX0LNply8)
  • 36. Fox News - Steganography Source from: http://www.youtube.com/watch?v=SgxiBIt9siE&feature=related
  • 37. Case study – An Insight Into Child Porn • In 2009 “Mr X” provided an expose on the current child porn industry to Wikileaks. • “Mr X” has 10+ years experience in the industry. • This expose details how the industry currently works and explains why attempts to set up filters will never work. http://mirror.wikileaks.info/wiki/An_insight_into_child_porn/
  • 38. Case study – An Insight Into Child Porn Step 1 – Rent Servers • Rent servers in multiple countries (Germany is a favourite). These servers are paid for with stolen credit cards, prepaid credit cards (i.e. “Prezzy Cards”), PayPal or WebMoney. • Often identification is required; for this there is no shortage of high quality false identification.
  • 39. Case study – An Insight Into Child Porn Step 2 – Configure Servers • Administrators connect to the servers anonymously (i.e. proxy chains and TOR) to configure them. • All operating system logging mechanisms that can be turned off are turned off. • Partitions are encrypted using TrueCrypt; If the server is shut down or some logs in locally these volumes are unmounted. • Servers configured to only accept connections from a limited range of IP addresses.
  • 40. Case study – An Insight Into Child Porn Step 3 – Share Media • One server is the content server; content is uploading anonymously through proxies. • Other servers are “proxy servers” or “forward servers”. • A domain name is handed out that links to one of the forward servers (the server rotates each time) • Custom software on the forward server creates an encrypted tunnel through the other forward servers and then to the content server. • The user then connects through this tunnel to the content server using remote destkop tools like RDP or VNC.
  • 41. Case study – An Insight Into Child Porn Conclusion • The content server attracts very little attention as it’s only talking to a very limited range of other servers. • All traffic from the content servers through the forward servers is encrypted and cannot be monitored. • If a forward server gets raided the TrueCrypt volume is unmounted automatically. If this is somehow defeated then there’s no illegal content on the server to find anyway. • If the user gets raided then it’s often difficult to prosecute. They were viewing a computer in another country remotely; nothing is actually on their computers
  • 42. Conclusions • Criminals are becoming increasingly sophisticated in their attempts to hide crime online. • Investigators are also becoming more sophisticated. However there are still many challenges in tracking online crime. • Anyone who is serious about hiding crime online can probably do so in way that leaves little to no traces.
  • 43. References • Denning, D., & Baugh, W. (1998). Encryption and evolving technologies: Tools of organized crime and terrorism. Trends in Organized Crime, 3(3), 44-75. • Schneider, J. L. (2003). Hiding in Plain Sight: An Exploration of the Illegal(?) Activities of a Drugs Newsgroup. The Howard Journal of Criminal Justice, 42(4), 374-389. doi: 10.1111/1468-2311.00293 • Stallings, W. (2005). Cryptography and Network Security (4th ed.). Upper Saddle River, NJ: Prentice-Hall, Inc. • Wikipedia. (2011). Cryptanalysis. Retrieved 20th March, 2011, from http://en.wikipedia.org/wiki/Cryptanalysis