ICAC Hiding Tracks on the Web - revised.pptx [Read-Only]€¦ · · 2012-05-10Steganography ICAC...

ADVANCING JUSTICE THROUGH EDUCATION

Internet Crimes Against Children: Hiding Tracks on the Web WebCast February 23, 2011

PROGRAM MATERIALS

Presented By Professor Donald R. Mason Associate Director & Research Professor The National Center for Justice & the Rule of Law at The University of Mississippi School of Law

THE NATIONAL

E D U C A T I O N • I N N O V A T I O N • A D V A N C I N G J U S T I C E

WEB: INTERNET CRIMES AGAINST CHILDREN: HIDING TRACKS ON THE WEB WEBCAST WB/KZ FEBRUARY 23, 2011

JUDICIAL COLLEGE

INTERNET CRIMES AGAINST CHILDREN: HIDING TRACKS ON THE WEB

DIVIDER 1

Professor Donald R. Mason OBJECTIVES: After this session you will be able to:

1. Define “private browsing” and describe how it can provider computer users a measure of privacy or anonymity regarding their online activities.

2. Describe how anonymizers and proxy servers enable user anonymity beyond a user’s computer and may be used to hide illegal activities.

3. Describe how TLS (transport layer security) and SSL (secure sockets layer) and passwords are used by every Internet user to protect information.

4. Describe ways in which Internet users may give false information and gain a measure of online anonymity.

5. Describe how use of public networks can add a layer of confidentiality for Internet users.

6. Describe ways in which email services can provide users means of encrypting messages and mailing messages anonymously.

7. Describe the impact that encryption or other means of data concealment may have on the discovery or analysis of digital data.

8. Define “firewalls” and describe how they work to either enable or prevent certain network activities.

REQUIRED READING: PAGE Donald R. Mason, Hiding Tracks on the Web (Feb. 2011) [NJC PowerPoint] ...............................1

Hiding Trackson the Web

ICAC Webinar Series NCJRL / NJC

on the Web

Ways one might hide their tracks

Private Browsing

False

SSL / TLSAnonymizers

& Proxy Servers

Public


False Information

Passwords

Email Services

Public Networks

Encryption Firewalls

Private Browsing


1

• A browser is a computer application that retrieves and displays content from the web

• This content may include web

What is a browser?


• This content may include web pages, videos, pictures, and more

• Popular browsers include Firefox, Internet Explorer, Chrome, and Safari

Address BarAddress BarAddress BarAddress BarSearch Search BoxBoxSearch Search BoxBox

TabTabTabTab


Status BarStatus BarStatus BarStatus Bar

Browser Functions

• Web browsers also collect a variety of information about a user’s online actions and save this information on the computer


computer– History

– Cache / Temporary Internet Files

– Cookies

2

Private Browsing

• Most browsers now have a “private browsing” function that allows the user to prevent cookies, cache, and history from being saved


from being saved– Internet Explorer: “InPrivate Browsing”

– Firefox: “Private Browsing”

– Chrome: “Incognito”

– Safari: “Private Browsing”

Private Browsing


Private Browsing


3

Private Browsing

• This function prevents history, cookies, and cache from being saved on the user’s computer

• However the user’s actions are still


• However, the user s actions are still tracked by the ISP AND the server hosting the information

Home ComputerHome Router

1 2

3

Private Browsing


Internet Service Provider

Internet Exchange Point

Website Host

45

Private Browsing protects the user from

A. Secret Agents

B. Sharing information with their ISP

QUIZ


C. Saving information on their computer

D. Sharing information with websites they visit

4

Anonymizers


Anonymizers

• Access the Internet on your behalf– Allow you to be a step removed from the

websites you visit

• Often users get advertisements


• Often, users get advertisements corresponding to their location. Anonymizers give the websites someone else’s location

Anonymizers


5

Anonymizers

• Networked Anonymizers– A request for a certain webpage goes

through several computers before going to the user who requested the information


q

– Makes traffic analysis very difficult

– However, each computer along the chain may be able to compromise the confidentiality

•Encryption may solve this problem if available

Anonymizers

Home Computer inMississippi Internet Service

ProviderInternet

Exchange Point

Home Router


Computer CCalifornia

Computer BGermany

Computer AKansas

Website Host

Anonymizers

• Single Point Anonymizers– Information passes through a single website

– Often offers encryption


6

Anonymizers

Home Computer Internet Service

Provider


Home Router


Website Host Anonymizer Website


TOR: The Onion Router

• "Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet."


Internet.

• Onion routing uses multiple layers of security that are removed (like onion skin) as a message is routed through the TOR network

TOR


7

TOR


TOR


TOR


8

Anonymizers

• Other popular anonymizers include:– Anonymizer (anonymizer.com)

– Freenet (freenetproject.org)

I2P


– I2P

An anonymizer helps prevent sharing which of the following with a website the user visits:

A Location

QUIZ


A. Location

B. IP address

C. ISP

D. all of the above

Proxy Servers


9

Proxy Servers

• A server that acts as an intermediary to a client seeking information from another server

• Browsers are set up to allow people to


• Browsers are set up to allow people to send all information through a proxy server

• Unlike anonymizers, no additional software is required

Proxy Servers


Proxy Servers

• There are legitimate uses for proxy servers– To audit Internet usage

• However they can also be used to:


• However, they can also be used to:– Bypass work/parental controls

•Facebook at work, for example

– Anonymize access

10

Proxy Servers

• A few popular proxy servers can be found at:– Browser9.com

– Youhide com


– Youhide.com

– Proxify.com

– Fastproxynetwork.com

Proxy Servers


TLS / SSL


11

TLS / SSL

• TLS (Transport Layer Security) is the successor to Secure Sockets Layer (SSL)

• Enables encrypted network communications for activities like:


communications for activities like:– Credit card payments

– Healthcare data

– Email

– Financial information

TLS / SSL

• In order to use TLS, a website you visit must be subscribed to it. Usually, the cost is rather minimal (about $10 per month)

• Encryption methods are very secure


• Encryption methods are very secure

TLS / SSL


12

Passwords


Passwords


Passwords

• Vary greatly in security. Long passwords with mix of numbers, letters, and symbols are much stronger.

• Should be changed often


• Should be changed often

• Many logins are protected by TLS, which helps prevent unauthorized interception– If not protected by TLS, anyone along the

chain can obtain your password

13

Passwords

• Passwords can be used to restrict access to:– An online blog

– A photo album (Flickr or Picasa)


– A photo album (Flickr or Picasa)

– Video accounts (YouTube)

Which of the following is false:

A. Passwords are always protected by TLS

B. Proxy servers allow a user to bypass l l

QUIZ


parental controls

C. TLS usually protects online payments

D. Proxy servers usually do not require extra software

False Information


14

False Information


False Information

• Accounts rarely require information to be accurate. Doing so might require:– Credit card authorization

– Verification by sending in copy of driver’s


– Verification by sending in copy of driver s license / Social Security card

• Thus, users can create false identities online

False Information

• Might encourage someone to share pictures, video, etc., under an alias, providing them with some protection

• However this doesn’t prevent the ability


• However, this doesn t prevent the ability to track it back to the user’s computer– Just requires an additional step in

authenticating the actions of a specific user

15

Public Networks


Public Networks

• Where do public networks exist?– McDonalds

– Starbucks

Public Libraries


– Public Libraries

– Hotels

– Apartment Buildings

• Often allow users to connect without providing any information that reveals their identity

Public Networks

• How safe are they?– Not very!

– Easy-to-find tools allow other users to obtain all of your account information and


all of your account information and browsing history

– The provider may even track it intentionally for research purposes

16

Public Networks


Public Networks


Public Networks

• More than anything, it makes someone feel like their actions are anonymous

• Beyond tracking from others on the network at the time use of public


network at the time, use of public networks does make it difficult to track actions back to the user

17

Public networks allow a user to browse the Internet with full anonymity.

A. True

B F l

QUIZ


B. False

Email Services


Email Services

• Many websites allow users to send anonymous emails that prevent tracing to the sender– anonymouse org (reroutes through other


anonymouse.org (reroutes through other countries and delays sending up to 12 hours)

– AnonymousSpeech.com (constantly moves servers in Asia and South America to prevent subpoena, provides legal insurance concerning protected information)

18

Email Services

• Other services allow spoofing of another’s email address (pretending to be someone else)

• Many email providers now allow all


• Many email providers now allow all email to be sent and received through TLS

Encryption


Encryption

• Makes data unreadable without a key

• To properly protect data, it needs to be encrypted before leaving the sender’s computer and decrypted once it reaches


computer and decrypted once it reaches the recipient’s computer

19

Encryption


Encryption

• Other data can be encrypted:– Entire hard drives

•Or Individual folders or files

– CDs / DVDs


CDs / DVDs

– USB Flash drives•U3 software

Firewalls


20

Firewalls

• May be hardware or software– Computers often have firewall software

– Routers may have either

• Prevents unauthorized access


• Prevents unauthorized access– May be used to prevent the user from

certain actions (like using P2P software)

– Prevent hackers

Firewalls


Firewalls

• Malware or Spyware operating on the computer may be able to bypass the computer’s firewall

• Main function is not anonymity but if


• Main function is not anonymity, but if the computer is on a network, the firewall may make it difficult to distinguish activities from each computer

21

Miscellaneous Issues


Steganography


StenographyRecovered.png (200 × 200 pixels, file size: 19 KB)

StenographyOriginal.png (200 × 200 pixels, file size: 88 KB)

Changing File Extensions

Each file on a Windows computer has an extension that connects it to a program on the computer

• doc or docx = Microsoft Word


• .doc or .docx = Microsoft Word

• .jpg, .gif, .tif, .jpeg, .png = Image files that can be opened by many programs

• .exe = an Application

• .zip = archive of compressed files

22

Changing File Extensions


Zip Files

• Allow users to compress files into small sizes for faster transmission on the Internet

• Some compression applications allow the


• Some compression applications allow the user to password protect and encrypt the files, preventing unauthorized use

SecretHelper

• Firefox extension that allows user to create encrypted and password-protected drive on computer

• Only accessible through the Firefox tool


• Only accessible through the Firefox tool

• Re-encrypted and inaccessible once browser is closed

23

Good Reasons to Hide Tracks

• Private Browsing provides some protection while on public computers

• Encryption protects credit card numbers and important account passwords


and important account passwords

• Proxy servers were used recently in Egypt to allow access to social networking when the government tried to block these sites

Which is not a function of a firewall:

A. Encryption of files

B. Control of a user’s action

QUIZ


C. Protection from hackers

D. Anonymity

Which of the following are legitimate ways to hide your privacy?

A. Private Browsing

B P S

QUIZ


B. Proxy Servers

C. Passwords

D. Encryption

E. All of the above

24

Ways one might hide their tracks

Private Browsing

False

SSL / TLSAnonymizers

& Proxy Servers

Public


False Information

Passwords

Email Services

Public Networks

Encryption Firewalls

Presented by

Don MasonAssociate Director, NCJRL


Associate Director, NCJRL

[email protected]@olemiss.edu

25

Date post:	26-Apr-2018
Category:	Documents
Upload:	vanxuyen
View:	216 times
Download:	3 times

ICAC Hiding Tracks on the Web - revised.pptx [Read-Only]€¦ · · 2012-05-10Steganography ICAC...

Documents