Hiding Tracks on the Net

NCJRL-NAGTRI Webinar – Hiding Tracks on the Net November 30, 2011

1

ICAC Webinar Series NCJRL / NJC

Hiding Trackson the Net


Ways one might hide their tracks

Private Browsing

False Information

SSL / TLS

Passwords

Anonymizers, Proxy Servers,

and VPNs

Email Services

Public Networks

Encryption Firewalls


Private Browsing


2


• A browser is a computer application that retrieves and displays content from the web

• This content may include web pages, videos, pictures, and more

• Popular browsers include Firefox, Internet Explorer, Chrome, and Safari

What is a browser?


Address BarAddress BarSearch BoxSearch Box

Status BarStatus Bar

TabTab


Browser Functions

• Web browsers also collect a variety of information about a user’s online actions and save this information on the computer– History

– Cache / Temporary Internet Files

– Cookies


3


Private Browsing

• Most browsers now have a “private browsing” function that allows the user to prevent cookies, cache, and history from being saved– Internet Explorer: “InPrivate Browsing”

– Firefox: “Private Browsing”

– Chrome: “Incognito”

– Safari: “Private Browsing”


Private Browsing


Private Browsing


4


Private Browsing

• This function prevents history, cookies, and cache from being saved on the user’s computer

• However, the user’s actions are still tracked by the ISP AND the server hosting the information


Home ComputerHome Router

Internet Service Provider

Internet Exchange Point

Website Host

1 2

3

45

Private Browsing


Private Browsing protects the user from

A. Secret Agents

B. Sharing information with their ISP

C. Saving information on their computer

D. Sharing information with websites they visit

QUIZ


5


Anonymizers


Anonymizers

• Access the Internet on your behalf– Allow you to be a step removed from the

websites you visit

• Often, users get advertisements corresponding to their location. Anonymizers give the websites someone else’s location


Anonymizers


6


Anonymizers

• Networked Anonymizers– A request for a certain webpage goes

through several computers before going to the user who requested the information

– Makes traffic analysis very difficult

– However, each computer along the chain may be able to compromise the confidentiality

•Encryption may solve this problem if available


Anonymizers

Home Computer inMississippi

Computer CCalifornia

Computer BGermany

Computer AKansas

Internet Service Provider


Website Host

Home Router


Anonymizers

• Single Point Anonymizers– Information passes through a single website

– Often offers encryption


7


Anonymizers

Home Computer Internet Service

Provider


Website Host

Home Router

Anonymizer Website



TOR: The Onion Router

• "Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet."

• Onion routing uses multiple layers of security that are removed (like onion skin) as a message is routed through the TOR network


TOR


8


TOR


TOR


TOR


9


TOR

• TOR, while the most popular anonymizeris not flawless– In October, TOR was hacked by Anonymous

in order to find visitors to a popular child pornography website. Anonymous then posted the IP addresses of those users online


Anonymizers

• Other popular anonymizers include:– Anonymizer (anonymizer.com)

– Freenet (freenetproject.org)

– I2P


An anonymizer helps prevent sharing which of the following with a website the user visits:

A. Location

B. IP address

C. ISP

D. all of the above

QUIZ


10


Proxy Servers


Proxy Servers

• A server that acts as an intermediary to a client seeking information from another server

• Browsers are set up to allow people to send all information through a proxy server

• Unlike anonymizers, no additional software is required


Proxy Servers


11


Proxy Servers

• There are legitimate uses for proxy servers– To audit Internet usage

• However, they can also be used to:– Bypass work/parental controls

•Facebook at work, for example

– Anonymize access


Proxy Servers

• A few popular proxy servers can be found at:– Browser9.com

– Youhide.com

– Proxify.com

– Fastproxynetwork.com


Proxy Servers


12


Virtual Private Network

• Paid service that allows user to create secure connection from their computer to the VPN’s server– Once the data reaches the VPN, it is

decrypted

• Can be used to protect data on public wireless networks


TLS / SSL


TLS / SSL

• TLS (Transport Layer Security) is the successor to Secure Sockets Layer (SSL)

• Enables encrypted network communications for activities like:– Credit card payments

– Healthcare data

– Email

– Financial information


13


TLS / SSL

• In order to use TLS, a website you visit must be subscribed to it. Usually, the cost is rather minimal (about $10 per month)

• Encryption methods are very secure


TLS / SSL


Passwords


14


Passwords


Passwords

• Vary greatly in security. Long passwords with mix of numbers, letters, and symbols are much stronger.

• Should be changed often

• Many logins are protected by TLS, which helps prevent unauthorized interception– If not protected by TLS, anyone along the

chain can obtain your password


Passwords

• Passwords can be used to restrict access to:– An online blog

– A photo album (Flickr or Picasa)

– Video accounts (YouTube)


15


Which of the following is false:

A. Passwords are always protected by TLS

B. Proxy servers allow a user to bypass parental controls

C. TLS usually protects online payments

D. VPNs allow users to encrypt data over public wireless networks

QUIZ


False Information


False Information


16


False Information

• Accounts rarely require information to be accurate. Doing so might require:– Credit card authorization

– Verification by sending in copy of driver’s license / Social Security card

• Thus, users can create false identities online


False Information

• Might encourage someone to share pictures, video, etc., under an alias, providing them with some protection

• However, this doesn’t prevent the ability to track it back to the user’s computer– Just requires an additional step in

authenticating the actions of a specific user


Public Networks


17


Public Networks

• Where do public networks exist?– McDonalds

– Starbucks

– Public Libraries

– Hotels

– Apartment Buildings

• Often allow users to connect without providing any information that reveals their identity


Public Networks

• How safe are they?– Not very!

– Easy-to-find tools allow other users to obtain all of your account information and browsing history

– The provider may even track it intentionally for research purposes


Public Networks


18


Public Networks


Public Networks

• More than anything, it makes someone feel like their actions are anonymous

• Beyond tracking from others on the network at the time, use of public networks does make it difficult to track actions back to the user


Public networks allow a user to browse the Internet with full anonymity.

A. True

B. False

QUIZ


19


Email Services


Email Services

• Many websites allow users to send anonymous emails that prevent tracing to the sender– anonymouse.org (reroutes through other

countries and delays sending up to 12 hours)

– AnonymousSpeech.com (constantly moves servers in Asia and South America to prevent subpoena, provides legal insurance concerning protected information)


Email Services

• Other services allow spoofing of another’s email address (pretending to be someone else)

• Many email providers now allow all email to be sent and received through TLS


20


Encryption


Encryption

• Makes data unreadable without a key

• To properly protect data, it needs to be encrypted before leaving the sender’s computer and decrypted once it reaches the recipient’s computer


Encryption


21


Encryption

• Other data can be encrypted:– Entire hard drives

•Or Individual folders or files

– CDs / DVDs

– USB Flash drives•U3 software


Firewalls


Firewalls

• May be hardware or software– Computers often have firewall software

– Routers may have either

• Prevents unauthorized access– May be used to prevent the user from

certain actions (like using P2P software)

– Prevent hackers


22


Firewalls


Firewalls

• Malware or Spyware operating on the computer may be able to bypass the computer’s firewall

• Main function is not anonymity, but if the computer is on a network, the firewall may make it difficult to distinguish activities from each computer


Miscellaneous Issues


23


Steganography

StenographyRecovered.png (200 × 200 pixels, file size: 19 KB)

StenographyOriginal.png (200 × 200 pixels, file size: 88 KB)


Changing File Extensions

Each file on a Windows computer has an extension that connects it to a program on the computer

• .doc or .docx = Microsoft Word

• .jpg, .gif, .tif, .jpeg, .png = Image files that can be opened by many programs

• .exe = an Application

• .zip = archive of compressed files


Changing File Extensions


24


Zip Files

• Allow users to compress files into small sizes for faster transmission on the Internet

• Some compression applications allow the user to password protect and encrypt the files, preventing unauthorized use


SecretHelper

• Firefox extension that allows user to create encrypted and password-protected drive on computer

• Only accessible through the Firefox tool

• Re-encrypted and inaccessible once browser is closed


Good Reasons to Hide Tracks

• Private Browsing provides some protection while on public computers

• Encryption protects credit card numbers and important account passwords

• Proxy servers were used recently in Egypt to allow access to social networking when the government tried to block these sites


25


Which is not a function of a firewall:

A. Encryption of files

B. Control of a user’s action

C. Protection from hackers

D. Anonymity

QUIZ


Which of the following are legitimate ways to hide your privacy?

A. Private Browsing

B. Proxy Servers

C. Passwords

D. Encryption

E. All of the above

QUIZ


Ways one might hide their tracks

Private Browsing

False Information

SSL / TLS

Passwords

Anonymizers, Proxy Servers,

and VPNs

Email Services

Public Networks

Encryption Firewalls


26


Presented by

Don MasonAssociate Director, NCJRL

[email protected]

Date post:	12-Sep-2021
Category:	Documents
Upload:	others
View:	2 times
Download:	0 times

Hiding Tracks on the Net

Documents