www.amazon.com/author/paulbabicki
====================================================
January 12, 2017
www.scmagazine.com
Anonymity: cybersecurity's double-edged sword
Anonymity: cybersecurity's double-edged
sword
The ability to
remain undetected while committing computer network intrusions provides the
raison d'ĂȘtre for the IT security professional.
This cat and
mouse game keeps millions of professionals and hackers employed because
attackers successfully cover their tracks on a daily basis, experts tell SC
Media.
It's no wonder
the hacktivist collective called themselves “Anonymous” when in 2003 they started
wreaking havoc on unsuspecting targets.
“Anonymous not
only share their tools, tactics and procedures (TTPs), they study each
other execution how they hack,” says Ondrej Krehel, founder and CEO
of the New York, NY-based forensics firm LIFARS. The best way hackers achieve
anonymity is by gaining credentials typically through social
engineering or website with malware multimedia tactics, he points
out.
“Once they have
the credentials, there's no difference [within the network] than the real users.
The game is over,” Krehel says, adding that most non-amateur hackers are
mindful to not be detected.
“Master hackers
don't get arrested and prosecuted,” Krehel points out, because they are
surreptitious by nature.
How anonymity
hinders the digital forensics process is a major concern to Dr. Ibrahim
Baggili, founder of Cyber Forensics Research Group, University of New Haven in
West Haven, Conn.
“If someone is
killed and the murderer uses bleach to cover up the blood on the floor, the
killer is hiding the trail,” says the computer science professor, who wrote his
dissertation on the psychological aspects of anonymity.
“The same thing
would apply if you're using Tor in order to download illegals videos or child
pornography, or sell guns and drugs on the dark web,” Dr. Bagilli says. “The
question is not whether people should be using privacy-enhancing technologies.
It's really do they hinder the forensics process. Can we find ways of still
finding the digital evidence that could put those bad people using these
technologies behind bars if they need to be behind bars. Can we stop a bomb
from exploding? Should we have access to this data? And is there a way around
that for us to gain access to that data?”
Bagilli
believes the general public has become desensitized from being anonymous
because they're used to being tracked on the Internet for commercial reasons.
But he asks rhetorically, “How do we balance forensics with privacy?”
The leading Web
browser to be anonymous is Tor, used daily by 2 million individuals, although
several million Tor users more could be on Android devices.
Tor remains
unapologetic for the possibility of its technology being usurped for criminal
purposes, and rather emphasizes its benevolent purposes, such as providing
protection for whistleblowers and political dissidents oppressed by
totalitarian regimes.
“The dark web
is really a way of communicating and transporting bytes of the Internet more
safely,” says Roger Dingledine, co-founder of the Tor Project, whose Onion
services since 2004 have allowed Tor users to remain anonymous and difficult to
trace.
“There's
nothing inherently new about the challenge that law enforcement authorities
have,” Dingledine says.
Tor technology
typically is used by systems administrators seeking added protection by setting
up a secure log-in using an Onion service. “Now they can firewall the whole
thing,” he explains. “Now nobody can connect to my computer from the Internet
except if they're going through this Tor line I set up.”
Among Tor
users, 79 percent are outside the U.S., although the most users from one
country are within the U.S., with Russia being No. 2.
“[Hackers] in
Russia don't need Tor to purchase malware. There are places to go to purchase
malware. They're doing it just fine; they don't need Tor,” Dingledine says.
Jihadists go
stealth
How do
terrorist groups, many of whom engage in cyberattack activities, including the
Islamic State (ISIS), remain stealth? That depends on the organizations
themselves or fans who identify with the mission, according to Veryan Khan,
editorial director of Washington, DC-based the Terrorism Research &
Analysis Consortium (TRAC) (http://www.trackingterrorism.org/).
“There are a
million and one handbooks available [online] on how to stay under the radar
with everything from operating VPNs to creating false Google telephone numbers
to getting up a Twitter page,” Kahn says. Manuals exist on how to evade all
kinds of security problems everything from not using browsers, logging onto the
dark web, she notes. TRAC assists counter-terrorism efforts, tracking jihadists
“of every ideology in every region across the globe.”
ISIS used to be
very active on Twitter, but now its favorite way of disseminating information
anonymously is through Telegram, the Berlin, Germany-based messaging service (http://www.telegram.org).
Like Tor,
Telegram, which emerged in 2013, insists its encrypted technology is designed
for good purposes. A Telegram app is available for mobile phones or desktop
computers.
And although
Telegram states on the FAQ portion of its website that it “block/s terrorist
(e.g., ISIS-related) bots and channels,” Khan presently follows 100 dedicated
Telegram channels by ISIS alone, as well as scores of others set up by
extremist organizations such as The Taliban (Afghanistan), Al Shabab (East
Africa) and Hezbollah (Lebanon). Official and quasi-official media arms of such
terrorist organizations espouse constantly propaganda 24/7 via Telegram, as do
their fans.
“They're not as
easily identifiable [by language or name] as they were before,” explains Khan,
of the invite-only Telegram groups. “Now the names are like long strings of
numbers or something that doesn't make any sense at all.”
Not only can no
one other than the Telegram two parties see the conversation, there are also
features such as setting up parameters to self-delete text, which helps with
money laundering or child pornography, for example, and other nefarious
activity, points out Khan. Accounts can be scheduled at specific times to
self-destruct.
In September
2015, Telegram introduced a feature that is “essentially a Twitter feed on
steroids,” Khan says, noting Twitter messages are limited by 160 characters.
Telegram
“supergroups” can host 25,000 people at a time, each whom can download files up
to 1.5 GB. One such terrorist group channel Khan followed within a few days had
25,000 unidentified followers, and offering versions in 13 different languages.
“You can tell how much propaganda is reaching people and at what times.”
Telegram set up
an infrastructure that was easy to follow, according to Khan, whose article
about the operation in December 2015, she says, resulted in the service taking
down 80 channels in one day. “That was just a tip of the iceberg; they didn't
take down any of the Russian channel,” she says.
Telegram's
creators also created VK, the largest European online social networking
service, known as the Russian Facebook. “The Russian government forced out the
creators and took over VK,” Khan explains.
Telegram
relocated from Russia to Germany, incidentally the European country with the
strictest consumer privacy laws.
Khan notes fans
of terrorist groups put up Telegram channels in private chat rooms that can
hold up to a thousand people. You can see who's in there but everybody operates
with an alias.”
Invitation
links typically get passed along around Telegram and are only usable for a few
hours, and passwords are texted to a real mobile phone that often is stolen.
Both administrators and members operate completely anonymously within Telegram
channels, on which official organizations sometimes claim responsibility for
particular terrorist actions.
“I found
out about the [Bastille Day] terrorist attack on Telegram before I could see
even a single news article or tweet about it yet,” says Khan, of the July 2016
attack that a single truck run over and killed 80 people in Nice, France. She
first saw “citizen-journalism” selfies on Islamic State-affiliated Telegram
accounts. “They knew about it. They knew it was coming,” she says, although
ISIS never claimed responsibility for the attack.
“I've seen
jihadists who don't get along with each other operating on Telegram,” Khan
says, adding that they do a lot less to hide themselves on Facebook and
Twitter.
Terrorist
organizations' recruiters often find potential members on social media and then
move communication onto private platforms such as Telegram.
================================================================== Good Netiquette And A Green Internet To All! =====================================================================Tabula Rosa Systems - Tabula Rosa Systems (TRS) is dedicated to providing Best of Breed Technology and Best of Class Professional Services to our Clients. We have a portfolio of products which we have selected for their capabilities, viability and value. TRS provides product, design, implementation and support services on all products that we represent. Additionally, TRS provides expertise in Network Analysis, eBusiness Application Profiling, ePolicy and eBusiness Troubleshooting. We can be contacted at:
===============================================================
In addition to this blog, Netiquette IQ has a website with great assets which are being added to on a regular basis. I have authored the premiere book on Netiquette, “Netiquette IQ - A Comprehensive Guide to Improve, Enhance and Add Power to Your Email". My new book, “You’re Hired! Super Charge Your Email Skills in 60 Minutes. . . And Get That Job!” has just been published and will be followed by a trilogy of books on Netiquette for young people. You can view my profile, reviews of the book and content excerpts at:
www.amazon.com/author/paulbabicki
Anyone who would like to review the book and have it posted on my blog or website, please contact me paul@netiquetteiq.com.
In addition to this blog, I maintain a radio show on BlogtalkRadio and an online newsletter via paper.li.I have established Netiquette discussion groups with Linkedin and Yahoo. I am also a member of the International Business Etiquette and Protocol Group and Minding Manners among others. I regularly consult for the Gerson Lehrman Group, a worldwide network of subject matter experts and I have been contributing to the blogs Everything Email and emailmonday . My work has appeared in numerous publications and I have presented to groups such as The Breakfast Club of NJ and PSG of Mercer County, NJ.
Additionally, I am the president of Tabula Rosa Systems,
a “best of breed” reseller of products for communications, email,
network management software, security products and professional
services. Also, I am the president of Netiquette IQ. We are currently developing an email IQ rating system, Netiquette IQ, which promotes the fundamentals outlined in my book.
Over the past twenty-five years, I have enjoyed a dynamic and successful career and have attained an extensive background in IT and electronic communications by selling and marketing within the information technology market.