Dark Nets and Why They Are a Challenge for Police

Based on the BBC News article “Dark net used by tens of thousands of paedophiles” (2014), one might wonder what “Dark Net” is, and why Police are having such a hard time catching criminals.

<div class="separator" style="clear: both; text-align: center;"></div>To understand “Dark Net” you first need to understand a little bit about how the Internet works. As an example, think about how you are connecting to this blog. Your computer has to have an IP address, that is used as a unique indicator to identify you online. This IP address is normally assigned by your Internet Service Provider. When you want to connect to this blog, you are sending information back-and-fourth from your IP address to the IP address of the server.

This is good, however, whenever I get an IP address to connect to the Internet, everyone else can also connect back to me. It is similar to having a phone number. You need a phone if you want to call someone else’s phone, but that means that anyone who finds your number can also call you whether you want them to or not.

The result of this is that when we send information on the Internet, it is possible for other people on the Internet to copy our information. For this reason, many services use different types of encryption to hide the information going from one point to another. Many critical services use (or should use) encryption (like Banks) to protect your information. Because people need to protect their legitimate information - like banking transactions, credit cards, emails, etc. - the Internet has to support mechanisms to protect this information.

Dark Nets
Dark Nets like Tor and FreeNet take advantage of two things that also make the Internet work. First, it uses Public IP addresses to connect other computers that are also running the program. This means that a computer is connected to several other computers on the network.

Once connected with a public IP address, the computers encrypt the connections between all computers. In this way, no one can see what information is being sent between the two computers, this is what we call an encrypted “tunnel”.

Then Dark Net usually does two things. First, if there are a lot of computers connected to the network, then they each connect to a few other computers. They use these encrypted tunnels to route traffic through other computers before coming to the final destination.

For example, if I am computer A, and I want to access a resource at computer D, normally I would try to make a direct connection A->D. If police investigate computer D, they can normally find information about computer A directly connecting. Dark Nets (or Onion Routing) would instead use other computers to hide my request. If I am computer A, and want to reach a resource at computer D, a Dark Net may send my request through C, then B, then to D [A->C->B->D]. The next time I make a request, it may change its path [A->B->C->D]. What’s more, other computers requests will be coming through MY computer. In this way, it is very difficult to determine if MY computer is making a request, or if it was someone else. And since all this traffic is encrypted, to investigate the traffic you must be in the network. So routing traffic through different computers over encrypted networks can be used to hide information and make it very difficult to determine which computer actually sent the request. These cannot be blocked, otherwise you would also block all the good uses of encryption.

But many Deep Net clients go a step further. When you install a client like FreeNet, it will allocate a part of your hard drive to store data (also encrypted). If every computer on the network gives a small part of their hard drive space, then the network has a lot of distributed storage. This storage can only be accessed if you are inside the encrypted network. This means that people can host blogs, web pages… basically any service they want on this encrypted space. The data will be spread across many computers in many different countries, none of which will know exactly what information they are sharing on this allocated space (since they cannot access it themselves).

What Can Police Do About It?
Now that you know some of the things that Dark Nets do (different networks do different things), why is it such a challenge for Police?

First, consider that cybercrime investigation is a relatively new field. Except for officers that enjoy self-study, most Police update knowledge only when the amount of cases requiring new knowledge get past a certain threshold. Granted, there is just too much to learn - too many types of cybercrime to focus on one area. And Dark Nets (until now) are too difficult a problem with too little return to seriously invest much time in. That being said, people are working on the problem, and other government organizations are also throwing a lot of resources at the problem of crime on Dark Nets.

Another problem is jurisdiction. Police, at most, have jurisdiction only at a national level. Since all governments have budgets, they don’t usually investigate other countries’ criminals (unless there is some benefit). Since it is difficult to establish where a criminal on a dark net is located, they take a risk of investigating thousands of people that are not in their country, not a citizen, etc, etc (investigation dead-end). This implies not only a waste of time, but a waste of resources - including taxpayer money. Since taxpayers usually want a visible ‘return on investment’, many forces think it is better to go after the easy cases that can make quick headlines and better statistics.

Establishing reliable information takes time. In most countries that I have worked with, they do not have the ability (or desire) to consistently conduct cyber operations. Working on dark nets requires long term operations and planning that many countries would not be capable of executing.

Countries like the U.S. and U.K. are quite obsessed with the investigation of child exploitation material (rightly so, IMO), but for many other countries it is hardly a consideration. Even if the talk is of protecting children, the resources and planning dedicated to the task reflects how low-priority it actually is.

And finally, hundreds of thousands of pedophiles on news groups, websites, peer to peer networks, chat programs, etc. Indeed, Dark Net is a problem, but it is just one (more) problem. Police have no shortage of pedophile-related cases, and they won’t until we take a look at the social problems are causing them. Focusing on one network wont solve the problem, and until that network becomes the primary sharing method it wont be a major focus.

5 min read

DFRWS 2015 EU - Call for Forensic Challenge

Digital Forensic Research Workshop 2015 EU is currently calling for Forensic Challenge proposals.
See the CFC
Deadline: January 31st, 2015


The DFRWS Conference is soliciting proposals from individuals or teams interested in creating the next DFRWS Forensics Challenge.
<div class="separator" style="clear: both; text-align: center;"></div>
The goal of this and past annual challenges is to spur advances in the state of the art in research into forensic tools and techniques. Past challenges have resulted in meaningful progress in memory analysis for Windows and Linux systems, novel approaches to carving files out of unallocated disk space, and techniques for reconstructing data dumped directly from NAND flash chips. By design, DFRWS challenges have resulted in the creation of software that has enriched the analytical arsenal available to the forensic community.

We are seeking 2015 challenge proposals of equal ambition and impact. At the same time, challenges must be multifaceted, consisting of component problems at various levels of difficulty to encourage broader participation and permit their reuse in a variety of settings. Please review prior challenges and solutions singleed at http://www.dfrws.org/archives.shtml for examples. A modest budget is available to meet direct expenses associated with the creation of the challenge.

By creating the challenge, you get to help steer digital forensics research. If you encounter problems that are not solved by the currently available tools, then make it into a challenge. We will give your team full credit on the website and in all challenge promotional efforts.

1 min read

Korea’s Fight Against Cyber Crime

We are at a turning point in human history. Artificial intelligence has – for the first time – fooled a group of humans into thinking that it too was humani. While this achievement opens up a number of opportunities for science, technology and even a better understanding of what it is to ‘be human’, it also allows for more sophisticated types online crime and attacks against citizens, businesses and governments alike.

<div class="separator" style="clear: both; text-align: center;"></div>For many technologies, Korea leads the world in adoption and development. This is made possible by some of the fastest, least expensive and widely-available Internet infrastructure. Technology is now an everyday part of the average Korean’s life; in business and leisure. However, this makes Korea both a growing target and host for all types of global digital crime.

Much like technology adoption, Korea has also been ahead of most countries in attempting to combat cybercrime. Starting with a single cyber crime unit in 1997, protecting Korea’s citizens from online crime quickly became an obvious need. This led to the creation of a “Cyber Crime Squad”, and eventually the Cyber Terror Response Center with more than 1000 investigators specially recruited for their technical knowledge and abilities. At this point, Korea had the most cyber investigators per capita of any country, and because of the forward-thinking “Special Recruitment Program”, also some of the most knowledgeable cyber-investigators in the world. However, cyber crime continues to grow rapidly, an even with knowledgeable investigators it is impossible to keep up. In 2014, Korea needs to again expand its cyber crime investigation capabilities if it wants to continue to effectively fight digital crime, investigate new and more sophisticated attacks, and prevent the digital crimes of the future.

On June 11th, 2014 Korea is again attempting to meet the challenges of the future by creating the new “Cyber Bureau”. This Bureau will have a Cyber Safety division, a Cyber Crime Response Division and a Digital Forensics Center.

With the growing amount and sophistication of cyber attacks, there is no doubt that Korea needs a Cyber Bureau. It needs more dedicated, knowledgeable people looking at the problem of cyber crime both nationally and internationally. Unfortunately, Human Resources within the Korean Police are completely corrupt. Further, the Korean Police are too busy dividing themselves by schools or regions rather than remembering that they are all Police, all Korean. And finally, most Korean Police – much like the rest of Korean society – put their own life, their own career, their own promotions first. The result of these things, and much more, is that most people in the Bureau should not be there. Korea has lost years of cyber crime management experience by promoting those who have none, and is now completely under utilizing Police from the Special Recruitment program. Korea needs a Cyber Bureau. But the primary purpose of the Cyber Bureau that was created is to create more promotion opportunities, not to fight cyber crime. The creation of the Cyber Bureau could have launched Korea’s cyber investigation capabilities several years ahead. Instead, it is now five to ten years behind where it was.

I urge the Cyber Bureau to prove me wrong. Prove to me that the Cyber Bureau will more effectively investigate cyber crime in Korea; prove that it will begin to focus more on the prevention of cybercrime while still respecting basic Human Rights; prove that it will actually lead the World in cyber investigation best practices and international cooperation; prove that Police can introduce intelligence and planning into their decision-making processes; prove to me that the Police care about Korea. Because if the Bureau does not do these things, then it is willing to put people at risk for selfish gain – just like 유병언 cared more about himself than who he might hurt.

1. http://www.independent.co.uk/life-style/gadgets-and-tech/computer-becomes-first-to-pass-turing-test-in-artificial-intelligence-milestone-but-academics-warn-of-dangerous-future-9508370.html

3 min read

[CFP] ICDF2C 2014 Submissions Due

Just a quick reminder that submissions for the 6th International Conference on Digital Forensics & Cyber Crime are due THIS FRIDAY (May 16, 2014). See submission details here: http://d-forensics.org

ICDF2C 2014, 6th International Conference on Digital Forensics & Cyber Crime, will take place in New Haven, Connecticut, United States, September 18–20, 2014.

<div class="separator" style="clear: both; text-align: center;"></div>

~1 min read

Ubuntu 14.04 (Trusty Tahr) Long Term Support Released

Ubuntu 14.04 LTS has been released.
This version includes a number of “under the hood” updates. Some of the most notable are:
<ul><li>Linux Kernel 3.13</li><li>Python 3.4</li><li>AppArmor Updates</li><li>Oxide</li></ul><div>Ubuntu Desktop and Ubuntu Server also received a number of updates. See the release notes for full documentation.</div><div>
</div><div>If you are interested in upgrading or trying out Ubuntu, you can download the official ISOs using their torrents:</div><div>
<ul><li>Ubuntu 14.04 LTS Desktop (32-bit)›</li><li>Ubuntu 14.04 LTS Desktop (64-bit)›</li><li>Ubuntu 14.04 LTS Server (32-bit)›</li><li>Ubuntu 14.04 LTS Server (64-bit)›</li></ul>
<div>Alternatively, you can head on over to the downloads page to get the latest ISO from one of the Ubuntu mirrors.

<div class="separator" style="clear: both; text-align: center;">Ubuntu 14.04 Turst Tahr Screen Shot of Unity on Startup</div>

This update also means approximately 1 month until Linux Mint 17 is released!</div></div>

~1 min read

[CFP] World Forensic Festival 2014

World Forensic Festival, Oct. 12 - 18, 2014 in Seoul, South Korea.
Abstract submission due: May 31, 2014
Program site: http://wff2014korea.org/

World Forensic Festival 2014 at Seoul, South Korea

Scholarships and various other awards are available. Please see: http://wff2014korea.org/abstract/award.php

Abstract Topics - IAFS

<ul><li>Clinical Forensic Medicine</li><li>Forensic Pathology</li><li>Cyber Forensic</li><li>Forensic Psychiatry / Behavioral Science</li><li>Digital and Multimedia Science</li><li>Trace Evidence / Forensic Chemistry</li><li>Ethics / Law / Education / QAQC</li><li>Gun / Firearms</li><li>Fingerprint</li><li>Marine Forensic</li><li>Forensic Anthropology</li><li>Mass Disaster</li><li>Forensic Engineering Science</li><li>Questioned Document</li><li>Forensic Genetics & Biology</li><li>Scene Investigation</li><li>Forensic Odontology</li><li>Toxicology / Illicit Drugs</li></ul>

Abstract Topics - AFSN

<ul><li>Crime Scene Investigation</li><li>Toxicology</li><li>DNA</li><li>Trace Evidence</li><li>Illicit Drugs</li><li>Quality Assurance & Standards</li></ul>

~1 min read