The challenge for law enforcement and intelligence agencies investigating Internet crimes are those users who hide themselves using various “anonymization” techniques. Internet anonymization techniques allow targets of criminal and terrorist investigations to hide themselves from other Internet users. In normal circumstances, this can be a privacy concept employed to prevent others from identifying a user in legitimate situations. The issue for law enforcement investigators and the intelligence community becomes when criminals and terrorists use this same technology to prevent their victims or government from identifying who they are and hiding their location.
The misuse of Internet anonymization poses unique investigative challenges. However, criminals and terrorist can be identified given certain circumstances and the appropriate application of social engineering skills and investigative tools and techniques. The challenge is; 1) knowing that there are methods to employ; and, 2) obtaining training regarding employing those methods.
In recent years, a new category of computer coding for government agencies has developed and are referred to as “policeware” or “govware”. The recent exposure of one of the companies involved in this industry “HackingTeam”, from Italy, has shed light on these tools’ use by law enforcement and the intelligence community. HackingTeam’s company servers were broken into by as yet unknown hackers and their company and client information exposed to the world. Retaliatory strikes by the hacking community, purportedly as supporters of freedom and protecting the innocent, is nothing new. Just a few years ago Gamma Group from Germany, another large company in the Policeware industry, also was hacked and had internal material and code exposed.
What both of these incidents revealed to the world the extent to which the law enforcement community (mainly at an involved county’s National level) and the intelligence community’s efforts are to identify investigative targets. It also shows that there are a series of tools available that can further investigations into anonymous users. Generally, most investigators are unaware that there are several categories of tools to assist in the investigation of anonymous users. These can include: Server side scripting, Target side scripting, and Total device compromise (complete takeover of a machine). Other traditional methods of evidence collection against targets can include general Network surveillance (sniffing your network for clues), Physical access compromise and Lawful interception techniques like a traditional wiretap but of a computer). These varied investigative techniques require additional training and education for the law enforcement community. This training and education not only includes the technical aspects of the tool deployment but also the legal implications of employing these techniques against a criminal target. Unfortunately, this information is currently not generally available. Law enforcement should look to a broader acceptance of these more offensive techniques to continue their efforts in protecting their communities. Certainly, the U.S. federal law enforcement agencies are using these techniques. In his recent comments to the House Intelligence Committee hearing on cybersecurity, FBI Director James Comey said about criminals using the Darknet that if they “use the onion router to hide their communications.. They think that if they go to the dark web… that they can hide from us.” But, he says: “They’re kidding themselves, because of the effort that’s been put in by all of us in the government over the last five years or so, that they are out of our view.” The methods and techniques to reveal criminals online is diverse. Law enforcement investigators are beginning to employ a variety of methods that will further their investigations and catch criminals who thought they were untouchable.