ADVANCING JUSTICE THROUGH EDUCATION
Internet Crimes Against Children: Hiding Tracks on the Web WebCast February 23, 2011
PROGRAM MATERIALS
Presented By Professor Donald R. Mason Associate Director & Research Professor The National Center for Justice & the Rule of Law at The University of Mississippi School of Law
THE NATIONAL
E D U C A T I O N • I N N O V A T I O N • A D V A N C I N G J U S T I C E
WEB: INTERNET CRIMES AGAINST CHILDREN: HIDING TRACKS ON THE WEB WEBCAST WB/KZ FEBRUARY 23, 2011
JUDICIAL COLLEGE
INTERNET CRIMES AGAINST CHILDREN: HIDING TRACKS ON THE WEB
DIVIDER 1
Professor Donald R. Mason OBJECTIVES: After this session you will be able to:
1. Define “private browsing” and describe how it can provider computer users a measure of privacy or anonymity regarding their online activities.
2. Describe how anonymizers and proxy servers enable user anonymity beyond a user’s computer and may be used to hide illegal activities.
3. Describe how TLS (transport layer security) and SSL (secure sockets layer) and passwords are used by every Internet user to protect information.
4. Describe ways in which Internet users may give false information and gain a measure of online anonymity.
5. Describe how use of public networks can add a layer of confidentiality for Internet users.
6. Describe ways in which email services can provide users means of encrypting messages and mailing messages anonymously.
7. Describe the impact that encryption or other means of data concealment may have on the discovery or analysis of digital data.
8. Define “firewalls” and describe how they work to either enable or prevent certain network activities.
REQUIRED READING: PAGE Donald R. Mason, Hiding Tracks on the Web (Feb. 2011) [NJC PowerPoint] ...............................1
Hiding Trackson the Web
ICAC Webinar Series NCJRL / NJC
on the Web
Ways one might hide their tracks
Private Browsing
False
SSL / TLSAnonymizers
& Proxy Servers
Public
ICAC Webinar Series NCJRL / NJC
False Information
Passwords
Email Services
Public Networks
Encryption Firewalls
Private Browsing
ICAC Webinar Series NCJRL / NJC
1
• A browser is a computer application that retrieves and displays content from the web
• This content may include web
What is a browser?
ICAC Webinar Series NCJRL / NJC
• This content may include web pages, videos, pictures, and more
• Popular browsers include Firefox, Internet Explorer, Chrome, and Safari
Address BarAddress BarAddress BarAddress BarSearch Search BoxBoxSearch Search BoxBox
TabTabTabTab
ICAC Webinar Series NCJRL / NJC
Status BarStatus BarStatus BarStatus Bar
Browser Functions
• Web browsers also collect a variety of information about a user’s online actions and save this information on the computer
ICAC Webinar Series NCJRL / NJC
computer– History
– Cache / Temporary Internet Files
– Cookies
2
Private Browsing
• Most browsers now have a “private browsing” function that allows the user to prevent cookies, cache, and history from being saved
ICAC Webinar Series NCJRL / NJC
from being saved– Internet Explorer: “InPrivate Browsing”
– Firefox: “Private Browsing”
– Chrome: “Incognito”
– Safari: “Private Browsing”
Private Browsing
ICAC Webinar Series NCJRL / NJC
Private Browsing
ICAC Webinar Series NCJRL / NJC
3
Private Browsing
• This function prevents history, cookies, and cache from being saved on the user’s computer
• However the user’s actions are still
ICAC Webinar Series NCJRL / NJC
• However, the user s actions are still tracked by the ISP AND the server hosting the information
Home ComputerHome Router
1 2
3
Private Browsing
ICAC Webinar Series NCJRL / NJC
Internet Service Provider
Internet Exchange Point
Website Host
45
Private Browsing protects the user from
A. Secret Agents
B. Sharing information with their ISP
QUIZ
ICAC Webinar Series NCJRL / NJC
C. Saving information on their computer
D. Sharing information with websites they visit
4
Anonymizers
ICAC Webinar Series NCJRL / NJC
Anonymizers
• Access the Internet on your behalf– Allow you to be a step removed from the
websites you visit
• Often users get advertisements
ICAC Webinar Series NCJRL / NJC
• Often, users get advertisements corresponding to their location. Anonymizers give the websites someone else’s location
Anonymizers
ICAC Webinar Series NCJRL / NJC
5
Anonymizers
• Networked Anonymizers– A request for a certain webpage goes
through several computers before going to the user who requested the information
ICAC Webinar Series NCJRL / NJC
q
– Makes traffic analysis very difficult
– However, each computer along the chain may be able to compromise the confidentiality
•Encryption may solve this problem if available
Anonymizers
Home Computer inMississippi Internet Service
ProviderInternet
Exchange Point
Home Router
ICAC Webinar Series NCJRL / NJC
Computer CCalifornia
Computer BGermany
Computer AKansas
Website Host
Anonymizers
• Single Point Anonymizers– Information passes through a single website
– Often offers encryption
ICAC Webinar Series NCJRL / NJC
6
Anonymizers
Home Computer Internet Service
Provider
Internet Exchange Point
Home Router
ICAC Webinar Series NCJRL / NJC
Website Host Anonymizer Website
Internet Exchange Point
TOR: The Onion Router
• "Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet."
ICAC Webinar Series NCJRL / NJC
Internet.
• Onion routing uses multiple layers of security that are removed (like onion skin) as a message is routed through the TOR network
TOR
ICAC Webinar Series NCJRL / NJC
7
TOR
ICAC Webinar Series NCJRL / NJC
TOR
ICAC Webinar Series NCJRL / NJC
TOR
ICAC Webinar Series NCJRL / NJC
8
Anonymizers
• Other popular anonymizers include:– Anonymizer (anonymizer.com)
– Freenet (freenetproject.org)
I2P
ICAC Webinar Series NCJRL / NJC
– I2P
An anonymizer helps prevent sharing which of the following with a website the user visits:
A Location
QUIZ
ICAC Webinar Series NCJRL / NJC
A. Location
B. IP address
C. ISP
D. all of the above
Proxy Servers
ICAC Webinar Series NCJRL / NJC
9
Proxy Servers
• A server that acts as an intermediary to a client seeking information from another server
• Browsers are set up to allow people to
ICAC Webinar Series NCJRL / NJC
• Browsers are set up to allow people to send all information through a proxy server
• Unlike anonymizers, no additional software is required
Proxy Servers
ICAC Webinar Series NCJRL / NJC
Proxy Servers
• There are legitimate uses for proxy servers– To audit Internet usage
• However they can also be used to:
ICAC Webinar Series NCJRL / NJC
• However, they can also be used to:– Bypass work/parental controls
•Facebook at work, for example
– Anonymize access
10
Proxy Servers
• A few popular proxy servers can be found at:– Browser9.com
– Youhide com
ICAC Webinar Series NCJRL / NJC
– Youhide.com
– Proxify.com
– Fastproxynetwork.com
Proxy Servers
ICAC Webinar Series NCJRL / NJC
TLS / SSL
ICAC Webinar Series NCJRL / NJC
11
TLS / SSL
• TLS (Transport Layer Security) is the successor to Secure Sockets Layer (SSL)
• Enables encrypted network communications for activities like:
ICAC Webinar Series NCJRL / NJC
communications for activities like:– Credit card payments
– Healthcare data
– Financial information
TLS / SSL
• In order to use TLS, a website you visit must be subscribed to it. Usually, the cost is rather minimal (about $10 per month)
• Encryption methods are very secure
ICAC Webinar Series NCJRL / NJC
• Encryption methods are very secure
TLS / SSL
ICAC Webinar Series NCJRL / NJC
12
Passwords
ICAC Webinar Series NCJRL / NJC
Passwords
ICAC Webinar Series NCJRL / NJC
Passwords
• Vary greatly in security. Long passwords with mix of numbers, letters, and symbols are much stronger.
• Should be changed often
ICAC Webinar Series NCJRL / NJC
• Should be changed often
• Many logins are protected by TLS, which helps prevent unauthorized interception– If not protected by TLS, anyone along the
chain can obtain your password
13
Passwords
• Passwords can be used to restrict access to:– An online blog
– A photo album (Flickr or Picasa)
ICAC Webinar Series NCJRL / NJC
– A photo album (Flickr or Picasa)
– Video accounts (YouTube)
Which of the following is false:
A. Passwords are always protected by TLS
B. Proxy servers allow a user to bypass l l
QUIZ
ICAC Webinar Series NCJRL / NJC
parental controls
C. TLS usually protects online payments
D. Proxy servers usually do not require extra software
False Information
ICAC Webinar Series NCJRL / NJC
14
False Information
ICAC Webinar Series NCJRL / NJC
False Information
• Accounts rarely require information to be accurate. Doing so might require:– Credit card authorization
– Verification by sending in copy of driver’s
ICAC Webinar Series NCJRL / NJC
– Verification by sending in copy of driver s license / Social Security card
• Thus, users can create false identities online
False Information
• Might encourage someone to share pictures, video, etc., under an alias, providing them with some protection
• However this doesn’t prevent the ability
ICAC Webinar Series NCJRL / NJC
• However, this doesn t prevent the ability to track it back to the user’s computer– Just requires an additional step in
authenticating the actions of a specific user
15
Public Networks
ICAC Webinar Series NCJRL / NJC
Public Networks
• Where do public networks exist?– McDonalds
– Starbucks
Public Libraries
ICAC Webinar Series NCJRL / NJC
– Public Libraries
– Hotels
– Apartment Buildings
• Often allow users to connect without providing any information that reveals their identity
Public Networks
• How safe are they?– Not very!
– Easy-to-find tools allow other users to obtain all of your account information and
ICAC Webinar Series NCJRL / NJC
all of your account information and browsing history
– The provider may even track it intentionally for research purposes
16
Public Networks
ICAC Webinar Series NCJRL / NJC
Public Networks
ICAC Webinar Series NCJRL / NJC
Public Networks
• More than anything, it makes someone feel like their actions are anonymous
• Beyond tracking from others on the network at the time use of public
ICAC Webinar Series NCJRL / NJC
network at the time, use of public networks does make it difficult to track actions back to the user
17
Public networks allow a user to browse the Internet with full anonymity.
A. True
B F l
QUIZ
ICAC Webinar Series NCJRL / NJC
B. False
Email Services
ICAC Webinar Series NCJRL / NJC
Email Services
• Many websites allow users to send anonymous emails that prevent tracing to the sender– anonymouse org (reroutes through other
ICAC Webinar Series NCJRL / NJC
anonymouse.org (reroutes through other countries and delays sending up to 12 hours)
– AnonymousSpeech.com (constantly moves servers in Asia and South America to prevent subpoena, provides legal insurance concerning protected information)
18
Email Services
• Other services allow spoofing of another’s email address (pretending to be someone else)
• Many email providers now allow all
ICAC Webinar Series NCJRL / NJC
• Many email providers now allow all email to be sent and received through TLS
Encryption
ICAC Webinar Series NCJRL / NJC
Encryption
• Makes data unreadable without a key
• To properly protect data, it needs to be encrypted before leaving the sender’s computer and decrypted once it reaches
ICAC Webinar Series NCJRL / NJC
computer and decrypted once it reaches the recipient’s computer
19
Encryption
ICAC Webinar Series NCJRL / NJC
Encryption
• Other data can be encrypted:– Entire hard drives
•Or Individual folders or files
– CDs / DVDs
ICAC Webinar Series NCJRL / NJC
CDs / DVDs
– USB Flash drives•U3 software
Firewalls
ICAC Webinar Series NCJRL / NJC
20
Firewalls
• May be hardware or software– Computers often have firewall software
– Routers may have either
• Prevents unauthorized access
ICAC Webinar Series NCJRL / NJC
• Prevents unauthorized access– May be used to prevent the user from
certain actions (like using P2P software)
– Prevent hackers
Firewalls
ICAC Webinar Series NCJRL / NJC
Firewalls
• Malware or Spyware operating on the computer may be able to bypass the computer’s firewall
• Main function is not anonymity but if
ICAC Webinar Series NCJRL / NJC
• Main function is not anonymity, but if the computer is on a network, the firewall may make it difficult to distinguish activities from each computer
21
Miscellaneous Issues
ICAC Webinar Series NCJRL / NJC
Steganography
ICAC Webinar Series NCJRL / NJC
StenographyRecovered.png (200 × 200 pixels, file size: 19 KB)
StenographyOriginal.png (200 × 200 pixels, file size: 88 KB)
Changing File Extensions
Each file on a Windows computer has an extension that connects it to a program on the computer
• doc or docx = Microsoft Word
ICAC Webinar Series NCJRL / NJC
• .doc or .docx = Microsoft Word
• .jpg, .gif, .tif, .jpeg, .png = Image files that can be opened by many programs
• .exe = an Application
• .zip = archive of compressed files
22
Changing File Extensions
ICAC Webinar Series NCJRL / NJC
Zip Files
• Allow users to compress files into small sizes for faster transmission on the Internet
• Some compression applications allow the
ICAC Webinar Series NCJRL / NJC
• Some compression applications allow the user to password protect and encrypt the files, preventing unauthorized use
SecretHelper
• Firefox extension that allows user to create encrypted and password-protected drive on computer
• Only accessible through the Firefox tool
ICAC Webinar Series NCJRL / NJC
• Only accessible through the Firefox tool
• Re-encrypted and inaccessible once browser is closed
23
Good Reasons to Hide Tracks
• Private Browsing provides some protection while on public computers
• Encryption protects credit card numbers and important account passwords
ICAC Webinar Series NCJRL / NJC
and important account passwords
• Proxy servers were used recently in Egypt to allow access to social networking when the government tried to block these sites
Which is not a function of a firewall:
A. Encryption of files
B. Control of a user’s action
QUIZ
ICAC Webinar Series NCJRL / NJC
C. Protection from hackers
D. Anonymity
Which of the following are legitimate ways to hide your privacy?
A. Private Browsing
B P S
QUIZ
ICAC Webinar Series NCJRL / NJC
B. Proxy Servers
C. Passwords
D. Encryption
E. All of the above
24
Ways one might hide their tracks
Private Browsing
False
SSL / TLSAnonymizers
& Proxy Servers
Public
ICAC Webinar Series NCJRL / NJC
False Information
Passwords
Email Services
Public Networks
Encryption Firewalls
Presented by
Don MasonAssociate Director, NCJRL
ICAC Webinar Series NCJRL / NJC
Associate Director, NCJRL
[email protected]@olemiss.edu
25