NCJRL-NAGTRI Webinar – Hiding Tracks on the Net November 30, 2011
1
ICAC Webinar Series NCJRL / NJC
Hiding Trackson the Net
ICAC Webinar Series NCJRL / NJC
Ways one might hide their tracks
Private Browsing
False Information
SSL / TLS
Passwords
Anonymizers, Proxy Servers,
and VPNs
Email Services
Public Networks
Encryption Firewalls
ICAC Webinar Series NCJRL / NJC
Private Browsing
NCJRL-NAGTRI Webinar – Hiding Tracks on the Net November 30, 2011
2
ICAC Webinar Series NCJRL / NJC
• A browser is a computer application that retrieves and displays content from the web
• This content may include web pages, videos, pictures, and more
• Popular browsers include Firefox, Internet Explorer, Chrome, and Safari
What is a browser?
ICAC Webinar Series NCJRL / NJC
Address BarAddress BarSearch BoxSearch Box
Status BarStatus Bar
TabTab
ICAC Webinar Series NCJRL / NJC
Browser Functions
• Web browsers also collect a variety of information about a user’s online actions and save this information on the computer– History
– Cache / Temporary Internet Files
– Cookies
NCJRL-NAGTRI Webinar – Hiding Tracks on the Net November 30, 2011
3
ICAC Webinar Series NCJRL / NJC
Private Browsing
• Most browsers now have a “private browsing” function that allows the user to prevent cookies, cache, and history from being saved– Internet Explorer: “InPrivate Browsing”
– Firefox: “Private Browsing”
– Chrome: “Incognito”
– Safari: “Private Browsing”
ICAC Webinar Series NCJRL / NJC
Private Browsing
ICAC Webinar Series NCJRL / NJC
Private Browsing
NCJRL-NAGTRI Webinar – Hiding Tracks on the Net November 30, 2011
4
ICAC Webinar Series NCJRL / NJC
Private Browsing
• This function prevents history, cookies, and cache from being saved on the user’s computer
• However, the user’s actions are still tracked by the ISP AND the server hosting the information
ICAC Webinar Series NCJRL / NJC
Home ComputerHome Router
Internet Service Provider
Internet Exchange Point
Website Host
1 2
3
45
Private Browsing
ICAC Webinar Series NCJRL / NJC
Private Browsing protects the user from
A. Secret Agents
B. Sharing information with their ISP
C. Saving information on their computer
D. Sharing information with websites they visit
QUIZ
NCJRL-NAGTRI Webinar – Hiding Tracks on the Net November 30, 2011
5
ICAC Webinar Series NCJRL / NJC
Anonymizers
ICAC Webinar Series NCJRL / NJC
Anonymizers
• Access the Internet on your behalf– Allow you to be a step removed from the
websites you visit
• Often, users get advertisements corresponding to their location. Anonymizers give the websites someone else’s location
ICAC Webinar Series NCJRL / NJC
Anonymizers
NCJRL-NAGTRI Webinar – Hiding Tracks on the Net November 30, 2011
6
ICAC Webinar Series NCJRL / NJC
Anonymizers
• Networked Anonymizers– A request for a certain webpage goes
through several computers before going to the user who requested the information
– Makes traffic analysis very difficult
– However, each computer along the chain may be able to compromise the confidentiality
•Encryption may solve this problem if available
ICAC Webinar Series NCJRL / NJC
Anonymizers
Home Computer inMississippi
Computer CCalifornia
Computer BGermany
Computer AKansas
Internet Service Provider
Internet Exchange Point
Website Host
Home Router
ICAC Webinar Series NCJRL / NJC
Anonymizers
• Single Point Anonymizers– Information passes through a single website
– Often offers encryption
NCJRL-NAGTRI Webinar – Hiding Tracks on the Net November 30, 2011
7
ICAC Webinar Series NCJRL / NJC
Anonymizers
Home Computer Internet Service
Provider
Internet Exchange Point
Website Host
Home Router
Anonymizer Website
Internet Exchange Point
ICAC Webinar Series NCJRL / NJC
TOR: The Onion Router
• "Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet."
• Onion routing uses multiple layers of security that are removed (like onion skin) as a message is routed through the TOR network
ICAC Webinar Series NCJRL / NJC
TOR
NCJRL-NAGTRI Webinar – Hiding Tracks on the Net November 30, 2011
8
ICAC Webinar Series NCJRL / NJC
TOR
ICAC Webinar Series NCJRL / NJC
TOR
ICAC Webinar Series NCJRL / NJC
TOR
NCJRL-NAGTRI Webinar – Hiding Tracks on the Net November 30, 2011
9
ICAC Webinar Series NCJRL / NJC
TOR
• TOR, while the most popular anonymizeris not flawless– In October, TOR was hacked by Anonymous
in order to find visitors to a popular child pornography website. Anonymous then posted the IP addresses of those users online
ICAC Webinar Series NCJRL / NJC
Anonymizers
• Other popular anonymizers include:– Anonymizer (anonymizer.com)
– Freenet (freenetproject.org)
– I2P
ICAC Webinar Series NCJRL / NJC
An anonymizer helps prevent sharing which of the following with a website the user visits:
A. Location
B. IP address
C. ISP
D. all of the above
QUIZ
NCJRL-NAGTRI Webinar – Hiding Tracks on the Net November 30, 2011
10
ICAC Webinar Series NCJRL / NJC
Proxy Servers
ICAC Webinar Series NCJRL / NJC
Proxy Servers
• A server that acts as an intermediary to a client seeking information from another server
• Browsers are set up to allow people to send all information through a proxy server
• Unlike anonymizers, no additional software is required
ICAC Webinar Series NCJRL / NJC
Proxy Servers
NCJRL-NAGTRI Webinar – Hiding Tracks on the Net November 30, 2011
11
ICAC Webinar Series NCJRL / NJC
Proxy Servers
• There are legitimate uses for proxy servers– To audit Internet usage
• However, they can also be used to:– Bypass work/parental controls
•Facebook at work, for example
– Anonymize access
ICAC Webinar Series NCJRL / NJC
Proxy Servers
• A few popular proxy servers can be found at:– Browser9.com
– Youhide.com
– Proxify.com
– Fastproxynetwork.com
ICAC Webinar Series NCJRL / NJC
Proxy Servers
NCJRL-NAGTRI Webinar – Hiding Tracks on the Net November 30, 2011
12
ICAC Webinar Series NCJRL / NJC
Virtual Private Network
• Paid service that allows user to create secure connection from their computer to the VPN’s server– Once the data reaches the VPN, it is
decrypted
• Can be used to protect data on public wireless networks
ICAC Webinar Series NCJRL / NJC
TLS / SSL
ICAC Webinar Series NCJRL / NJC
TLS / SSL
• TLS (Transport Layer Security) is the successor to Secure Sockets Layer (SSL)
• Enables encrypted network communications for activities like:– Credit card payments
– Healthcare data
– Financial information
NCJRL-NAGTRI Webinar – Hiding Tracks on the Net November 30, 2011
13
ICAC Webinar Series NCJRL / NJC
TLS / SSL
• In order to use TLS, a website you visit must be subscribed to it. Usually, the cost is rather minimal (about $10 per month)
• Encryption methods are very secure
ICAC Webinar Series NCJRL / NJC
TLS / SSL
ICAC Webinar Series NCJRL / NJC
Passwords
NCJRL-NAGTRI Webinar – Hiding Tracks on the Net November 30, 2011
14
ICAC Webinar Series NCJRL / NJC
Passwords
ICAC Webinar Series NCJRL / NJC
Passwords
• Vary greatly in security. Long passwords with mix of numbers, letters, and symbols are much stronger.
• Should be changed often
• Many logins are protected by TLS, which helps prevent unauthorized interception– If not protected by TLS, anyone along the
chain can obtain your password
ICAC Webinar Series NCJRL / NJC
Passwords
• Passwords can be used to restrict access to:– An online blog
– A photo album (Flickr or Picasa)
– Video accounts (YouTube)
NCJRL-NAGTRI Webinar – Hiding Tracks on the Net November 30, 2011
15
ICAC Webinar Series NCJRL / NJC
Which of the following is false:
A. Passwords are always protected by TLS
B. Proxy servers allow a user to bypass parental controls
C. TLS usually protects online payments
D. VPNs allow users to encrypt data over public wireless networks
QUIZ
ICAC Webinar Series NCJRL / NJC
False Information
ICAC Webinar Series NCJRL / NJC
False Information
NCJRL-NAGTRI Webinar – Hiding Tracks on the Net November 30, 2011
16
ICAC Webinar Series NCJRL / NJC
False Information
• Accounts rarely require information to be accurate. Doing so might require:– Credit card authorization
– Verification by sending in copy of driver’s license / Social Security card
• Thus, users can create false identities online
ICAC Webinar Series NCJRL / NJC
False Information
• Might encourage someone to share pictures, video, etc., under an alias, providing them with some protection
• However, this doesn’t prevent the ability to track it back to the user’s computer– Just requires an additional step in
authenticating the actions of a specific user
ICAC Webinar Series NCJRL / NJC
Public Networks
NCJRL-NAGTRI Webinar – Hiding Tracks on the Net November 30, 2011
17
ICAC Webinar Series NCJRL / NJC
Public Networks
• Where do public networks exist?– McDonalds
– Starbucks
– Public Libraries
– Hotels
– Apartment Buildings
• Often allow users to connect without providing any information that reveals their identity
ICAC Webinar Series NCJRL / NJC
Public Networks
• How safe are they?– Not very!
– Easy-to-find tools allow other users to obtain all of your account information and browsing history
– The provider may even track it intentionally for research purposes
ICAC Webinar Series NCJRL / NJC
Public Networks
NCJRL-NAGTRI Webinar – Hiding Tracks on the Net November 30, 2011
18
ICAC Webinar Series NCJRL / NJC
Public Networks
ICAC Webinar Series NCJRL / NJC
Public Networks
• More than anything, it makes someone feel like their actions are anonymous
• Beyond tracking from others on the network at the time, use of public networks does make it difficult to track actions back to the user
ICAC Webinar Series NCJRL / NJC
Public networks allow a user to browse the Internet with full anonymity.
A. True
B. False
QUIZ
NCJRL-NAGTRI Webinar – Hiding Tracks on the Net November 30, 2011
19
ICAC Webinar Series NCJRL / NJC
Email Services
ICAC Webinar Series NCJRL / NJC
Email Services
• Many websites allow users to send anonymous emails that prevent tracing to the sender– anonymouse.org (reroutes through other
countries and delays sending up to 12 hours)
– AnonymousSpeech.com (constantly moves servers in Asia and South America to prevent subpoena, provides legal insurance concerning protected information)
ICAC Webinar Series NCJRL / NJC
Email Services
• Other services allow spoofing of another’s email address (pretending to be someone else)
• Many email providers now allow all email to be sent and received through TLS
NCJRL-NAGTRI Webinar – Hiding Tracks on the Net November 30, 2011
20
ICAC Webinar Series NCJRL / NJC
Encryption
ICAC Webinar Series NCJRL / NJC
Encryption
• Makes data unreadable without a key
• To properly protect data, it needs to be encrypted before leaving the sender’s computer and decrypted once it reaches the recipient’s computer
ICAC Webinar Series NCJRL / NJC
Encryption
NCJRL-NAGTRI Webinar – Hiding Tracks on the Net November 30, 2011
21
ICAC Webinar Series NCJRL / NJC
Encryption
• Other data can be encrypted:– Entire hard drives
•Or Individual folders or files
– CDs / DVDs
– USB Flash drives•U3 software
ICAC Webinar Series NCJRL / NJC
Firewalls
ICAC Webinar Series NCJRL / NJC
Firewalls
• May be hardware or software– Computers often have firewall software
– Routers may have either
• Prevents unauthorized access– May be used to prevent the user from
certain actions (like using P2P software)
– Prevent hackers
NCJRL-NAGTRI Webinar – Hiding Tracks on the Net November 30, 2011
22
ICAC Webinar Series NCJRL / NJC
Firewalls
ICAC Webinar Series NCJRL / NJC
Firewalls
• Malware or Spyware operating on the computer may be able to bypass the computer’s firewall
• Main function is not anonymity, but if the computer is on a network, the firewall may make it difficult to distinguish activities from each computer
ICAC Webinar Series NCJRL / NJC
Miscellaneous Issues
NCJRL-NAGTRI Webinar – Hiding Tracks on the Net November 30, 2011
23
ICAC Webinar Series NCJRL / NJC
Steganography
StenographyRecovered.png (200 × 200 pixels, file size: 19 KB)
StenographyOriginal.png (200 × 200 pixels, file size: 88 KB)
ICAC Webinar Series NCJRL / NJC
Changing File Extensions
Each file on a Windows computer has an extension that connects it to a program on the computer
• .doc or .docx = Microsoft Word
• .jpg, .gif, .tif, .jpeg, .png = Image files that can be opened by many programs
• .exe = an Application
• .zip = archive of compressed files
ICAC Webinar Series NCJRL / NJC
Changing File Extensions
NCJRL-NAGTRI Webinar – Hiding Tracks on the Net November 30, 2011
24
ICAC Webinar Series NCJRL / NJC
Zip Files
• Allow users to compress files into small sizes for faster transmission on the Internet
• Some compression applications allow the user to password protect and encrypt the files, preventing unauthorized use
ICAC Webinar Series NCJRL / NJC
SecretHelper
• Firefox extension that allows user to create encrypted and password-protected drive on computer
• Only accessible through the Firefox tool
• Re-encrypted and inaccessible once browser is closed
ICAC Webinar Series NCJRL / NJC
Good Reasons to Hide Tracks
• Private Browsing provides some protection while on public computers
• Encryption protects credit card numbers and important account passwords
• Proxy servers were used recently in Egypt to allow access to social networking when the government tried to block these sites
NCJRL-NAGTRI Webinar – Hiding Tracks on the Net November 30, 2011
25
ICAC Webinar Series NCJRL / NJC
Which is not a function of a firewall:
A. Encryption of files
B. Control of a user’s action
C. Protection from hackers
D. Anonymity
QUIZ
ICAC Webinar Series NCJRL / NJC
Which of the following are legitimate ways to hide your privacy?
A. Private Browsing
B. Proxy Servers
C. Passwords
D. Encryption
E. All of the above
QUIZ
ICAC Webinar Series NCJRL / NJC
Ways one might hide their tracks
Private Browsing
False Information
SSL / TLS
Passwords
Anonymizers, Proxy Servers,
and VPNs
Email Services
Public Networks
Encryption Firewalls
NCJRL-NAGTRI Webinar – Hiding Tracks on the Net November 30, 2011
26
ICAC Webinar Series NCJRL / NJC
Presented by
Don MasonAssociate Director, NCJRL