Techno-Crime Institute

Driving and Inspiring The Evolution of Investigations

  • Home
  • About
  • Speaking
    • Meet Walt Manning
    • Speaking Topics
  • For Investigators
  • Blog
  • Free Content Library
  • Contact
  • Home
  • About
  • Speaking
    • Meet Walt Manning
    • Speaking Topics
  • For Investigators
  • Blog
  • Free Content Library
  • Contact
You are here: Home / The Techno-Crime Blog

How to Stay Safe on Public Wi-Fi

April 25, 2019 by Walt Manning Leave a Comment

Free Wi-Fi Zone

Protecting yourself when using public Wi-Fi is important. I talked about this in a previous blog, but I felt that it is such an important topic that I’m giving you more information. Thanks to my friends at TurnOnVPN, who wrote this guest post. After reading this post, I would also encourage you to visit their website for even more information…

Now for their post——————

Corporate professionals who are frequent travelers must be well-acquainted with free public Wi-Fi at airports and stations, but many might not be aware of the cybersecurity risks of free Wi-Fi on both the individual and the company’s confidential communication.

Cybersecurity risks you’ve repeatedly overlooked

Before connecting to most public Wi-Fi networks, you are usually required to agree to some terms and conditions. That is the only hurdle to overcome before connecting, so most people tend to ignore them out of eagerness to get online.

But if you take the time to glance through a couple of sentences, you will understand why your data might not be secure once you’re logged in. In fact, the owners themselves know that their connections may be wildly unsafe and try to warn you so that they are not held responsible for whatever happens after.

You don’t have to take my word for it. We can pick a few examples of businesses offering free Wi-Fi to the public and see what their policies are.
Starting with Suddenlink, they state of their Wi-Fi zones in the US that “You acknowledge that the [Wi-Fi] service is inherently not secure and that wireless communications can be intercepted by equipment and software designed for that purpose.”

If that is not explicit enough, consider what Tim Hortons – a revered coffee chain from Canada – has to say. I It’s stated in their privacy policy highlights that they collect user data through available sources such as their in-restaurant Wi-Fi, and data includes your IP address, your interaction with content through their internet service, your location information and more.

Matters are not even helped when we move on to the likes of Arqiva. You should note that this is a company dedicated to fitting the lounges of airports with a Wi-Fi network and would be expected to have the best tech in the game. Surprisingly, they admit “the transmission of information via the internet and via the service is not secure.”

I can go on and on, but I believe you get the idea. Even if every other data I provide might not convince you, hearing it from the providers should set some bells ringing.

Network operators want to strip you bare

As if all of the above were no reason for worry, another threat comes in the form of the network operators. Apparently, you could still be susceptible to internet privacy breaches even if the network were tightened against external attacks.

Again, the companies who give their customers free Wi-Fi don’t hide this. It is yet another common feature in their terms and agreements.

The Puerto Rico District Court says of its own Wi-Fi network that “all communications over the [Wi-Fi] service may be subject to monitoring and should not be considered either private or protected.” Coming from a court of law, isn’t that rather ironic?

Little wonder then that other firms can do the same. After all, Virgin Media holds the right “to monitor and control data volume,” while the guys over at the Oscars can also “monitor and collect information while you are connected to the [Wi-Fi] service.”

Possible attacks on public Wi-Fi

If you have not already started picking up on it, the biggest problem with using free public Wi-Fi connections is in the way of data leak. How does this happen?

  • Man in the middle attacks
    • Experienced hackers can place themselves between two sides of a conversation. This allows them to intercept the messages being sent and received. They will also be able to hijack the conversation at any point, pose as either side, and extract sensitive information from either of the sides.
  • Rogue networks
    • Hackers may also set up rogue networks that will look legit and offer free connection to interested users. Once those users connect, they will be at the mercy of the hacker who will now be able to access all of their activity.
    • This grants the hacker access to bank logins, forum passwords, sensitive data, emails, and so much more.
  • Malware attacks
    • Due to a lack of encryption on public Wi-Fi networks, hackers can freely upload malware to the server.
    • Everyone who connects to such a network faces the risk of downloading the malware to their computer units. This holds so much more significance since the hacker would still be able to maintain remote access to the computer – through the malware – even after the user disconnects from the network.

How you can protect yourself better

There isn’t supposed to be any harm in just being able to enjoy your free Wi-Fi connection in peace. With a number of unscrupulous individuals hunting your sensitive data though, that is not the case.

The ideal thing to do would be to stick to your own data plans and do away with the free Wi-Fi in the first place. If that is not an option, downloading a quality VPN on your iPhone is highly recommended.

A VPN will allow you to connect like always. The difference is just that you would be using a different server to send hackers on the wrong trail. That is not to mention being able to better mask data you send over the otherwise insecure network, since the transmitted data between your device and the VPN server is encrypted.

In addition to that, you also get to access content that might have been blocked on the Wi-Fi network.

With such procedures in place, you can keep enjoying your coffee shop freebie without having to worry about losing your bank login details – or some other important data – to some snooper.

Thanks again to TurnOnVPN for the great information, and if you use public Wi-Fi, be aware of and minimize the risks before you connect!

Filed Under: Uncategorized

When Everything Is Digital and Virtual, Will Every Investigation Also Become Virtual?

March 27, 2019 by Walt Manning Leave a Comment

Virtual Reality

We live in an exciting time, where new technologies are providing us with fascinating capabilities that have never been possible.

We’ve previously talked about how some of these technologies can be used by criminals to help commit crimes or to make it more difficult for us to find them. If you haven’t read these previous posts, we’ve discussed the darknets, the Internet of Things, the risk from unsecured Wi-Fi, and cosmos computing.

I also talked about the need for a new vision in the world of investigations. It seems that the models we’re using aren’t making progress fast enough. Instead of gradual, incremental change, we need to evolve into the professions that will be needed for the future.

But today, instead of talking about how technology is making it easier for the techno-criminals, I want to talk about how we might leverage technologies that could potentially revolutionize investigations and our legal systems.

Two of these technologies are augmented reality and virtual reality.

Augmented reality will basically add layers of information on top of the real world that we see (I recommend starting this YouTube video at about the 27-minute mark, and you can watch as long as you’re interested). This may be in the form of some type of headset or specially-designed glasses that will work like a “heads up display.” It might be using the camera of your mobile device with artificial intelligence to provide more details about what you see. So this technology will augment, or add to, our perception of the world.

Virtual reality can also amplify the real world, but it can go even deeper to provide more immersive experiences. Companies are already designing virtual worlds where you can live, work, and play. In these worlds you can be anything or anyone you want to be.

You may think that virtual reality will only be like enhanced video games, but let me assure you that it will be much more sophisticated than that. Many of the virtual worlds will create entirely new environments that will be limited only by your imagination.

Who wouldn’t want to visit or live in a virtual world that could provide an experience that isn’t possible in the real world? In these worlds, if you could feel beautiful/handsome, stronger, more intelligent, or have super powers, would you at least be curious to give it a try?

The positive psychological and emotional feedback that these experiences can provide is why these worlds have the potential to be very attractive and massively addictive.

I’ve read many articles that use the term “metaverse” for these various new layers of reality that will soon be available to everyone.

With this technology you’ll be able to choose how many layers you use, and the deeper you want to go, the more immersive the experience can be. Some experts are afraid that these virtual worlds will be so addictive that some people may prefer to stay in those worlds and not function at all in our physical real world.

It’s interesting to think about the possibilities of having multiple personas in different virtual worlds, and how that could change our lives, but that’s not the focus of this post.

I want to think about how these technologies could be used to help us with some of the challenges that we’re facing with the future of investigations.

We’re already falling farther and farther behind the techno-criminals. We have limitations they don’t have, and we have to play by rules they aren’t bound by.

This situation can get much worse if we don’t start thinking about new and innovative ways to take advantage of technologies to give us faster progress.

There are predictions that by 2021 there will be 3.5 million openings for cyber security professionals that we won’t be able to fill.

Most law enforcement professionals will certainly agree that today we can’t hire enough digital forensics professionals. Most agencies with any type of digital forensics capability are overwhelmed with the demand for those services, and are either severely backlogged or are limited to providing digital forensics analysis for only high-priority cases.

This doesn’t include the significant demand for digital forensics experts in the private sector as well. Will the public sector be able to recruit and maintain the digital forensics professionals needed, while competing with the higher salaries and benefits that the private sector can offer?

In addition to these problems, as technology becomes more sophisticated, professionals in both security and digital forensics will be forced to specialize. It will critical to make sure they have the training, experience and the tools for their areas of technical specialization.

That could mean that for many cases involving technology and electronic evidence, you’ll need to assemble a team of these expert specialists to conduct your investigations.

If this assumption is valid, the person, agency, or company with the responsibility of conducting an investigation will need to know who these specialists are, how to contact them to determine if their expertise is what is needed for the case, and then find out whether they’re available to help.

I’ve called this the “Hollywood model of investigations” because it is similar to the process used to create a feature film. The producers choose a director, and then work together to identify the various specialists they want to work on the film, to include casting, video, special effects, costumes, set design, editing, and more. These specialists come together to work on the project, and when the film is completed they move onto the next job.

This may very well be the type of model that we’ll need for future investigations involving technology, because we can’t expect any single company or agency to have this wide range of specialized technical investigations expertise on staff.

So what possible solutions can we develop to help solve some of these challenges?

Could we use augmented reality or virtual reality to overcome some of the limitations we face?

Both of these technologies plus artificial intelligence could be used to develop training programs for digital forensics practitioners, demonstrating how to collect and preserve digital information from multiple devices. Step-by-step guidance through an established investigative strategy using best practices could also make sure that nothing is missed or completed out of order.

From a training perspective, being able to put investigators through simulated situations that appear to be more real will help them to learn and remember the information compared to traditional classroom teaching methods.

As more and more of our applications and data migrate to the cloud, will the physical presence of an investigator be required at a crime scene more…or less?

Consider the possibility of using virtual reality to give a tour of a crime scene by the best expert in the world investigating a specific type of crime. Could this be a more efficient use of their expertise, or would we lose the “sixth sense” perception from them being physically present?

We’ve already talked about how we will need more specialized technical investigators. Can these technologies allow investigative specialists from other countries to help from anywhere they happen to be, without the need for travel time and costs?

What about data collection and preservation from a cloud environment? Could augmented/virtual reality technology help to minimize the time and costs of this data acquisition?

Using augmented or virtual technologies will make authenticating the integrity of digital evidence even more critical, since there may be cases where a person from the investigative team never actually touches a device containing digital evidence.

This scenario could also create a need for universal expert specialist investigative certifications that would be recognized and accepted all over the world.

Could we also see a transformation to digital courts, where most or even all the participants are present virtually, but not physically?

There are already organizations virtually transporting jurors to crime scenes.

Think about the possibility of virtual courts. Could virtual reality testimony be more efficient? Or once again, do we lose a critical dynamic in a court setting when all of the participants are physically present?

Could this environment overcome the limitations of geographically based legal jurisdictions?

Technology continues to evolve.

The techno-criminals are already taking advantage of advancing technology. Why can’t we?

We should start thinking about how we can evolve…before we are left behind.

Filed Under: Uncategorized

Are You Fed Up With Data Breaches?

December 11, 2018 by Walt Manning Leave a Comment

Data Breaches

Introduction

Are you tired of hearing about yet another significant data breach? As I was reading about the most recent breach of Marriott and how the attackers were probably inside the Marriott system for four years (or longer), I got mad.

You should be mad too.

There’s no reason we should accept a lack of security from organizations (both corporate and government) that have collected our personal information. Many of these breaches were due to either pure negligence or management deciding to not spend the money to upgrade their network security to an acceptable level.

It’s frustrating that we’re still talking about many of the same problems with computer security that have existed for decades, even as the volume of data has exploded.

These attitudes about digital security are no longer acceptable.

It’s time for us to hold these people and organizations accountable. When I say “accountable,” I mean both criminally and civilly.

Instead of the United States continuing to be almost the only developed country without federal protection for personal data, we need to pass new legislation requiring this protection. The law should make the penalties and punishments severe enough to make organizations think seriously about their efforts and the resources to provide for security.

The problem won’t go away unless the probable consequences of failure to protect this data are real and substantial.

Senior executives and boards of directors who were aware of security problems (or should have been) and took no action to protect our data should face the risk of criminal prosecution as well as individual civil liability.

Situations like this have historically been considered to be “white collar” crime and have not been a high priority in our legal system.

This needs to change.

There’s too much fraud and other crimes involving digital technologies.

Yet there still doesn’t seem to be much interest in protecting people’s financial and personal information.

Too many organizations still consider the risk of a data breach as a “cost of doing business.”

After the Marriott breach was made public, several people have suggested that these breaches will not go away unless someone is prosecuted criminally and goes to prison.

https://gizmodo.com/only-jail-time-and-stiff-fines-will-stop-this-say-sena-1830779327

http://www.govtech.com/security/Senators-Call-for-Stricter-Data-Protections-Post-Marriott-Hack.html

I agree.

It’s time to change the mindset and to force responsibility and accountability. If we don’t change the approach to security as technology continues to grow exponentially, we’ll see more techno-crimes of all types.

Let’s send a message that we won’t accept this attitude anymore.

In the meantime, what can you do?

The first thing I would recommend is to freeze your credit reports.

I understand that this is not convenient for every person, but think about the convenience compared to the risks of your personal information, financial data, and medical records being stolen in a data breach.

You’ll need to make that decision depending on your individual circumstances, but that’s what I strongly recommend.

For more detailed information about freezing your credit report:

Equifax
Experian
TransUnion
Innovis

Another aspect of this problem is to check to see if the children in your family have a credit history. For a child under 16, in most cases there is no reason for a credit record to exist. But if a child’s identity has been stolen, the theft might not be discovered for many years. That could make the problem much harder to clean up years later when it comes to light. It can be a bit more difficult to check a child’s credit history, but it can certainly be done.

For more information:

Credicards.com

Consumer Financial Protection Bureau

Final thoughts:

We need more security and digital investigations professionals.

Did you know that some projections say that by 2021 there will be over 3 million cyber security positions that we won’t be able to fill?

3.5 million!

This number doesn’t even include digital forensics investigators who will also be needed to investigate the exploding number of techno-crimes.

We’ll need more of these experts to provide better security for our data, and to investigate crimes that will still occur.

Finally, there are too many organizations — both public and government based– that are collecting an ever-increasing amount of data about every person.

It’s time to hold them all accountable, and to demand that they take action to secure our data…or pay the consequences.

The days of ignoring security and facilitating the theft of our data need to end.

Perhaps the only solution will be when those responsible have an individual or corporate price to pay for their negligence or lack of responsibility.

Enough is enough.

Filed Under: Uncategorized

Complications For Your Investigations: Cosmos Computing & Distributed Networks

November 26, 2018 by Walt Manning Leave a Comment

Satellite Networks

Introduction

In our previous post, we described a hypothetical network where your digital evidence will be anonymous and encrypted.

All of the data on this network is shredded into fragments, with each piece individually encrypted using a different code.

Several copies of all fragments are dispersed to be stored on different land-based devices or satellites.

I call this “Cosmos Computing,” and believe it could be the next version of the Internet.

If you read the entire post, near the end I told you that networks like this already exist or are under development.

If you missed the other post, feel free to read it at https://technocrime.com/will-evidence-located-cosmos-computing/.

Now let me give you some examples.

The SAFE Network

The first example is called The Safe Network (Safe Access For Everyone) and is being created by MaidSafe, a Scottish company. For more information, you can go to their website at https://www.maidsafe.net).

The SAFE Network is designed to work exactly like the hypothetical network described in our earlier post (but currently without satellites).

As you read about the SAFE Network and how it is being designed, think about how this technology will affect your search for digital evidence.

The following are quotes from “The SAFE Network Primer” to give you an idea about the philosophy behind the project (the entire document is available on their website):

“For all its glories, the Internet is broken. It has strayed from its original vision. It is now a machine for censorship, propaganda, and central control that feeds on our personal data. It could and should have been much better than this.

MaidSafe’s solution is to create a secure, autonomous, data-centric, peer-to-peer network as an alternative to the current server-centric model. Rather than residing on a central server or data center, individual files are split up into pieces, encrypted and spread out over the network. Individuals retain full control of the data they create. It is resistant to DDoS, malware, and hacking and it cannot be centrally co-opted and controlled by monopolistic corporate and government interests. As a platform, such a network could usher in whole new business models, just as the original Internet did at the turn of the century.”

“The Internet giants of today would no longer be able to harvest our data without our say so, nor could government spooks eavesdrop over their shoulders. There would be a rebalancing of power from the data haves to the data have-nots. Censorship would be impossible, and data could be not be erased.”

Volunteers can choose to dedicate part of their computer’s hardware and data storage for use by the SAFE Network. In return, these owners are compensated for the use of their machines in a digital currency called “Safecoin.”

Safecoin will be convertible to many other types of digital currencies, such as Bitcoin.

People could also use the network’s custom browser to securely navigate the Internet, store their data files, or create websites.

Users who want to store data on the SAFE Network will pay Safecoin to the network for the service, and these funds are used to pay the volunteers hosting the data and the company managing the network.

Data stored on the volunteer network nodes will be secured inside an encrypted “vault,” and even the machine’s owner will not have access to it.

If anyone could break into the vault, he would only see scattered encrypted fragments of data that would not be readable. Only the original user who generated the data can recall and reconstruct it.

The network makes sure that no complete file is ever stored in a single vault.

When a volunteer host machine is shut down, the network software first makes multiple copies of all data fragments stored in that vault and disperses them to other working nodes on the network.

This means that your evidence may be stored on a different physical device in another location from one day to the next.

The SAFE Network never sees a user’s password. The only place the password is used is when the person logs onto the network to retrieve data he previously stored there.

The decryption keys are never transmitted on the network.

When a SAFE Network user logs out and shuts down the software, all traces of her activity are wiped from the host device.

We already discussed some of the potential benefits, but should we review them again?

  • A user’s personal data would be secure, and the user would control every aspect of how that data was shared with another party.
  • The data breach problem might be solved since there would be no single point of attack to steal proprietary or personal information.
  • Hackers wouldn’t be able to access any useful data, as it would all be encrypted and stored on multiple devices.
  • Distributed Denial of Service (DDoS) attacks will no longer work. The network would re-route the traffic around any targeted servers.
  • The impact of malware would be limited due to the fragmentation and encryption of the data stored and transmitted on the network.
  • Ransomware attacks and crypto-jacking would be almost impossible.

The SAFE Network is still in test mode, but imagine how this technology will change your investigations when it goes live!

Freenet

Freenet is a self-contained distributed network that was designed to provide “censorship-resistant communication.” The Freenet Project’s primary goal is to protect freedom of speech without censorship.

“Distributed networks” or “peer-to-peer networks” merely mean that there are no centralized servers, and that every computer that joins the network becomes one of the nodes on the net.

As with the SAFE Network, users contribute some of their bandwidth and even a portion of their hard drive for data storage for other users of the network.

Freenet provides websites, forums, chat sites, and file storage.

All communication is encrypted and routed through multiple nodes.

Only websites and resources created and stored on Freenet can be accessed on the network. Regular Internet sites such as https://technocrime.com are not a part of this network.

The network now has a “darknet” mode that communicates only with people that are trusted by the user.

Storj

Storj Labs is developing a commercial version of this type of network for data storage only.

As with the other examples, computer owners can join the network to allow their machines to be used, and are paid based on the amount of storage and bandwidth used by the network.

Users can provide part of their data storage and be paid with Storj token, which works the same as other cryptocurrencies like Bitcoin.

Files are shredded and encrypted, and every data fragment is stored in a different location across the network on at least three redundant nodes.

Users maintain the encryption keys for their data, and every file is encrypted with a different key.

Storj is a for-profit company, and currently charges users the following rates:

  • $0.015 per gigabyte for data stored per month
  • $0.05 per gigabyte of data downloaded from the network

Conclusion

These are only three examples to give you an idea of how this technology is developing.

Now imagine that the suspects in your investigation use several of these networks for their communication, websites, or data storage.

Because of the explosion of new technologies being developed, we are going to need specialist investigators who know how they work, what evidence may exist, and the best methods to obtain it.

We also need to start thinking about new ways to identify these specialists, and how to find them when they’re needed.

You now know about three examples, but there are others…

Are you ready for Cosmos Computing?

Filed Under: Uncategorized

Where Will Your Evidence Be Located with “Cosmos Computing”?

July 31, 2018 by Walt Manning Leave a Comment

Internet of Things

Introduction

Imagine working a case where your digital evidence is all anonymous and encrypted.

Plus any data — files, documents, email, and all evidence of Internet use — is shredded into several pieces, with each piece individually encrypted using a different key.

To complicate matters even further, each piece of the encrypted and shredded data is then stored on different devices scattered all over the world.

What if we expand all of this to include data storage on satellites in space?

This scenario is what I call “Cosmos Computing,” and it could be the next version of the Internet.

What impact would this have on your investigations?

Let me explain one way this could happen…

Is It Even Possible?

Most of you are already familiar with cloud computing, where any type of data can be stored on a server in the Internet “cloud.”

Cloud computing has already created some big challenges for investigators. Before cloud technology existed, we could go to the IT department to obtain data from the network or collect data directly from user devices.

Now the data we need could be stored in several places, and we might not even know where the data is physically located or who controls access.

In this post, we won’t talk about the complexities related to cloud computing, such as managing security, malware, legal holds, and digital forensics data collection and preservation.

We’ll save those for another day.

What I want to describe for you is what I believe the Internet of the future might look like, and point out some issues that we need to be thinking about now.

“Cosmos”: The Next Step Beyond The Cloud…

There are several companies actively working on systems to provide broadband Internet signals from satellite networks or (believe it or not) balloons.

These include Google, OneWeb, and SpaceX.

The goal is to provide Internet access to everyone in the world, especially the people who currently have no way to connect.

One expert estimates that in the next six years, four billion new users will be connected to the Internet.

New earth-based 5G wireless networks will be 10-100 times faster than those we have today.
With all these new connections and the additional billions of Internet of Things devices that will be added, these new technologies will change the world in ways we can’t even imagine.

If we are going to have Internet signals from satellites in space, how much harder could it be to also have solar-powered satellites that store data?

Think about the possibilities of multiple networks of low, intermediate, and higher-altitude orbiting satellites, giving every individual on earth multiple sources of Internet connections…and new places to store their data.

Now Add Distributed and Decentralized Computing

With all this additional traffic, along with growing concerns related to privacy and security, I believe we might see a completely different and more sophisticated type of Internet.

Here’s one idea.

  • Imagine a network where every device is capable of connecting directly to every other device. Remember, we must now think in terms of devices…not just computers. Tablets, smart phones, and connected Internet of Things devices can also be part of these networks.
  • This network will need no centralized servers. Whoever owns any device they want to connect to our network can share part of that device’s processing power and data storage with other users of the network.
  • When someone offers to share some of a device’s resources, first they’ll download special software to connect the device to the network.
  • This software will create an encrypted “vault” on their device for use by others.
  • For their contribution, the device owners are paid with an untraceable digital currency, depending on the amount of resources shared.
  • For example, someone who shares 50 gigabytes of their data storage would be paid more than a person only sharing 25 gigabytes.
  • Any user who wants to store data on the network will first download different software to connect.
  • Users are charged a small fee, also paid with the same untraceable digital currency, but only for the amount of data storage or service they actually need.
  • Data stored or transmitted on this network will always be secure, because everything will be encrypted.
  • But we’ll go even further. Before it is sent, every file or other type of data will be broken into small pieces that are individually encrypted.
  • Then, each piece of data will be encrypted again, just to add even more security.
  • The network’s software will then make several copies of each piece of data for backup and redundancy.
  • When the data is sent for storage to the network, each of our encrypted data pieces (including the copies) are sent to be stored on different devices all over the world.
  • The network will be designed so that owners of those devices won’t have access to the data other users have stored with them.

To give you a physical analogy, let’s use an example of a one-page printed document that we want to save, but secure it so nobody else can ever see it.

  • First, you’ll encrypt the document with a code that only you know.
  • Then, you cut the page into 50 pieces.
  • You make five copies of each piece of data, for a total of 250.
  • Next, you seal each of the 250 pieces in 250 tamper-proof containers that require yet another code to open that only you know.
  • Each of the 250 sealed containers is sent to a different trusted person to store until you need it back.
  • Those 250 people can’t open the container. Even if they could they would see only one of the 50 coded pieces of the original document, and they wouldn’t be able to read any content.

Some Possible Results of This Network…

  • A user’s medical records, financial records, and personal data would be secure, and the user would control every aspect of how that data were shared with another party.
  • We might solve the data breach problem, since there would be no single point of attack to steal proprietary or personal information.
  • Hackers wouldn’t be able to access any useful data, as it would all be encrypted.
  • Distributed Denial of Service (DDoS) attacks will no longer work (if you want to learn more about DDOS attacks, here is a good place to start). The network would simply re-route the traffic around any targeted devices.
  • The impact of malware would be limited due to the fragmentation and encryption of the data stored and transmitted on the network.
  • Ransomware attacks and crypto-jacking would be almost impossible.

What Does This Mean For Investigators?

Since the network is completely decentralized, there is no central point of management that would have access to any of the data transmitted by or stored on the network.

No single device will store any of the encryption/decryption keys used on the network.

Court orders or subpoenas would not be effective, since no single entity or group could provide any useful data related to the activities of the network users.

The device where encrypted pieces of your evidence are stored today may be in a different location tomorrow and a different one the day after that.

In many ways, these types of networks could bring tremendous improvements to security and privacy compared to systems we all use today.

Do you still think the investigative scenario described in the introduction is impossible?

I think it’s much closer than you realize, and it raises many new questions:

  • Where will your digital evidence be when these types of networks are deployed?
  • How will legal jurisdiction be determined?
  • Will we need new international laws?
  • How will you collect and preserve digital data related to your investigation?
  • What new types of technical expertise will be needed to investigate techno-crimes in this environment?

Conclusions

I think we’ve reached a point where our dependence on technology is so great that we need to make a choice.

We can choose to design new networks and systems that focus on security and privacy on the one side, but make it harder for law enforcement and/or intelligence agencies.

Or we can choose networks and devices that may not be as secure and private, but still allow access to evidence.

I’m not sure that you can have both, but that is a very complicated debate that we can have another time.

Finally…I have a confession to make.

Companies are already working on the “fictional” network I described above. I’ll tell you who they are in my next post.

Are you ready for Cosmos Computing?

 

If you are interested in being part of our mailing list to find out more information about techno-crimes and investigations, it’s easy to sign at the bottom of this page.

 

Filed Under: Uncategorized

  • « Previous Page
  • 1
  • 2
  • 3
  • 4
  • 5
  • Next Page »

Evolve With Us to Fight Techno-Crimes!

Join our mailing list and you will receive:

  • Immediate access to our mini-course!
  • Updates about new types of techno-crimes
  • Information about security tools and techniques to protect your data
  • Ways to increase your personal privacy
  • Information about our live and virtual keynote speeches and training opportunities

 

Click here to subscribe!

  • Home
  • About
  • Speaking
  • For Investigators
  • Blog
  • Free Content Library
  • Contact

2020 Techno-Crime Institute

Privacy Policy