eiu femerging uses of cutting edge technologiescutting ... webinar 05... · spyware • collects...
TRANSCRIPT
E i U fEmerging Uses of Cutting Edge TechnologiesCutting Edge Technologies
Priscilla GranthamSr. Research CounselSr. Research Counsel
National Center for Justice and the Rule of Law
Copyright © 2011 National Center for Justice and the Rule of Law 1
WEBINAR TIPS:1 To reduce background noise please:1. To reduce background noise, please:
• Power off cell phones• Turn down (or mute) computer speakers if accessing webcast through telephone
2. The presenter is utilizing VoIP (Voice Over Internet Protocol) technology to deliver the audio portion of the webinar. In the event the audio malfunctions, please stand by; the presenter will quickly re‐join the webinar via telephone and continue the presentation.
3. Attendees will be muted during webinar in an effort to reduce background noise.
4. Questions are typically addressed at the end of the presentation.5. To ask a question, type it in the chat box in the control pane on the right q , yp p g
side of your screen, and then click the “send” button.6. Please include your email and phone number with question. If presenter
does not have time to answer your question during the webcast, he/shedoes not have time to answer your question during the webcast, he/she will contact you following the webcast.
Type Question in this BoxWEBINARWEBINARWEBINARWEBINAR
3
Topics:•• Cloud computingCloud computing•• WebWeb‐‐based Appsbased Apps•• Cell phone spyCell phone spy‐‐ware ware •• Computer monitoring softwareComputer monitoring software•• Hiding filesHiding files•• Hiding filesHiding files•• AnonymizersAnonymizersPP•• Proxy serversProxy servers
•• IP and hidden camerasIP and hidden cameras•• The Private Internet: Private P2P networksThe Private Internet: Private P2P networks
4
Cloud Computing• Workload shift• Hardware & software demands on user’s side decreased
• Users do not download and install programs on their own device
• User’s computer runs cloud computing system’s interface software – i.e., a web y ,browser
• Applications provided & managed by cloudApplications provided & managed by cloud server; Data stored remotely by cloud server
5
Computer Program v. Web AppsComputer Program v. Web Apps::p g ppp g pp
Programs Web AppsPrograms Web Apps
Outlook, Eudora
Gmail, Hotmail
PowerPoint Prezi, Google Presentations
Microsoft Word Google DocsWord,
WordPerfectGoogle Docs
6
Cloud ComputingCloud ComputingCloud ComputingCloud Computing
cloud computing7
Word processing on user’s system…
Create document
Access document
8
Web-based document creation:
New document
9
Accessing Web-based document:g
10
Web-based photo storage
11
Dropboxp• Web based• File synchronization• File synchronization
• Computers• Phones• Dropbox website p
• File backup• File sharing• File sharing
• public• private
12
DropboxDropbox
•• Free webFree web‐‐based servicebased service
h filh fil•• Synchs filesSynchs files
S fil f l tS fil f l t•• Save file from laptop Save file from laptop ––access on desktop, access on desktop, tablet, phone, or tablet, phone, or DropboxDropbox website.website.
13
pp
Be Anywhere!Be Anywhere!Be Anywhere!Be Anywhere!•• Start project on oneStart project on oneStart project on one Start project on one computer, continue computer, continue on anotheron another
•• No need to email No need to email files to yourself /files to yourself /files to yourself / files to yourself / save to thumb drivesave to thumb drive
•• Files are always atFiles are always atFiles are always at Files are always at your fingertipsyour fingertips
14
Simple SharingSimple Sharingp gp g
• Invite others to any folder in your Dropbox same• Invite others to any folder in your Dropbox – same as saving that folder directly to their computer.
• Send people links to specific files in your Dropbox.
• Facilitates team projects, sharing party photos,
15
p j , g p y p ,recording videos…
“Always Safe”“Always Safe”Always SafeAlways Safe
16
drop box vid
17
… Chromebooks chromebook
• “New model of computing”• Apps, documents and settings are stored in the cloudpp , g• Designed to defend against threat of malware and viruses
• runs millions of web apps – games, spreadsheets, photo editors
• Boots in less than 10 seconds• Boots in less than 10 seconds• Automatically updates itself• Built in wi‐fi and 3GBuilt in wi fi and 3G• Webcam• No one using your chromebook will have access to your data
But this could never take off…. 18
Opas iPad 19
Cell phone spywareCell phone spyware::
• Listen in to an active phone call (Call interception)• Secretly read texts call logs emails cell IDs• Secretly read texts, call logs, emails, cell IDs• Listen to phone’s surroundings• Secret GPS trackingSecret GPS tracking• 100% undetectable in operation
Is your son buying drugs?Is your daughter still talking to that no good deadbeat?y g g gIs your employee stealing company information?
20
Cell phone spyware:
Protect your children:Protect your children:••Remote, unobtrusive monitoringRemote, unobtrusive monitoringT ti & d i i tiT ti & d i i ti••Texting & driving preventionTexting & driving prevention
••Sexting preventionSexting preventiong pg p••CyberbullyCyberbully preventionprevention••Cell trackingCell tracking
cell phone spyware video21
SpyBubbleSpyBubble,, FlexiSpyFlexiSpySpyBubbleSpyBubble, , FlexiSpyFlexiSpy
22
Spyware• Call tracking• Read and text msg sent or received,
if h h ldeven if phone holder erases msg• GPS location tracking – track exact position of phone using Google maps
• Phone book access – see every # stored in phone’s memory
• Email tracking – logs each incomingEmail tracking logs each incoming and outgoing email
• URL tracking – see which web sites h i it duser has visited
• Photo tracking – uploads all photos sent and received on the phone to a web server for your viewing.
spybubble 23
How do they get away with itHow do they get away with it…
24
Malware on ComputersMalware on Computers
Malware is installed on d h llcomputers and then collects
information about usersinformation about users without their knowledge.g
25
SpywareSpyware
•• Collects personal Collects personal information, such as Internet surfing information, such as Internet surfing habits& habits& sites sites visited.visited.
•• Can Interfere with Can Interfere with user control user control of computer installing of computer installing additional additional software, redirecting software, redirecting Web Browser activity. Web Browser activity.
•• Can change Can change computer settings, resulting in slow computer settings, resulting in slow connection speeds, different home pages, and/or loss connection speeds, different home pages, and/or loss f I t t f ti lit f thf I t t f ti lit f thof Internet or functionality of other programs. of Internet or functionality of other programs.
26
27
•• Spyware Spyware or or Computer Computer Monitoring Monitoring SoftwareSoftware is commercially available onis commercially available onSoftware Software is commercially available on is commercially available on internet internet ‐‐ relatively inexpensive, usually relatively inexpensive, usually less than $100 00less than $100 00less than $100.00. less than $100.00.
•• It is important to keep your Anti VirusIt is important to keep your Anti VirusIt is important to keep your Anti Virus It is important to keep your Anti Virus definitions up to date. definitions up to date.
•• Even then, it is not always detected.Even then, it is not always detected.
28
29
Common Functions – Computer Spyware:•• Forwards to you all emails sent and Forwards to you all emails sent and recievedrecieved•• Logs Logs all keystrokes all keystrokes typed. typed. •• Takes screenshots of desktop. Takes screenshots of desktop. •• Produces log of:Produces log of:
passwords entered, etc.passwords entered, etc.emails typedemails typedboth sides of all instant messages, both sides of all instant messages, websites Visitedwebsites Visitedll li ti dll li ti dall applications and programs runall applications and programs runprint jobs print jobs files and folders created and deletedfiles and folders created and deletedfiles and folders created and deleted files and folders created and deleted documents viewed documents viewed
30
Hide files or FoldersHide files or Folders
•• LowLow‐‐techtech•• RenamingRenaming•• Making invisibleMaking invisibleMaking invisibleMaking invisible
•• High techHigh tech•• EncryptionEncryption•• SteganographySteganography
31
Hiding Files or FoldersHiding Files or Foldershiding files and folders vid
• Change folder iconsChange folder icons
My illegal photos MS‐Dos Batch file icon
32
PGP PGP –– Pretty Good PrivacyPretty Good Privacy•• Free downloadable encryption tool (also Free downloadable encryption tool (also inexpensive commercial version)inexpensive commercial version)inexpensive commercial version)inexpensive commercial version)
•• Encrypts data (typically eEncrypts data (typically e‐‐mail) so only the mail) so only the intended recipient can view itintended recipient can view itintended recipient can view it.intended recipient can view it.
•• Used to unambiguously electronically sign Used to unambiguously electronically sign d t id tit f th t / i i t fd t id tit f th t / i i t fdocuments so identity of the creator/originator of documents so identity of the creator/originator of the document can be proven. the document can be proven.
•• Useful for sending eUseful for sending e‐‐mails which should only be mails which should only be read by the addressee, and/or which should be read by the addressee, and/or which should be l l b h i i i d fl l b h i i i d fclearly be proven as having originated from you. clearly be proven as having originated from you.
33
PGP: How it worksPGP: How it works::PGP: How it worksPGP: How it works::
34
““TrueCryptTrueCrypt” file & drive encryption” file & drive encryptionypyp ypyp•• Open source software (free)Open source software (free)
•• “On“On‐‐thethe‐‐fly” encryption: fly” encryption: data automatically data automatically encrypted right before it’s saved & decrypted encrypted right before it’s saved & decrypted right after it’s loaded, without any user right after it’s loaded, without any user intervention.intervention.
•• Entire file system is encrypted (e.g., file names, Entire file system is encrypted (e.g., file names, folder names, contents of every file, free space, folder names, contents of every file, free space, meta data, etc). meta data, etc).
•• TrueCryptTrueCrypt never saves any decrypted data to a never saves any decrypted data to a ypyp y ypy ypdisk disk –– it only stores them temporarily in RAM it only stores them temporarily in RAM
35www.truecrypt.orgwww.truecrypt.org
TrueCryptTrueCrypt & Investigations& InvestigationsTrueCryptTrueCrypt & Investigations& Investigations
•• If hidden encrypted volume is already mounted on computerIf hidden encrypted volume is already mounted on computerIf hidden, encrypted volume is already mounted on computer, If hidden, encrypted volume is already mounted on computer, files may be accessible on the scene.files may be accessible on the scene.
•• Once computer is shutdown, Once computer is shutdown, only only bebe accessibleaccessible with password. with password. p ,p , yy pp
•• Whether password disclosure can be compelled is ongoing Whether password disclosure can be compelled is ongoing debate. debate.
In re Grand Jury Subpoena (Boucher)In re Grand Jury Subpoena (Boucher), , 2009 U.S. Dist. LEXIS 13006 (D. Ver. 2009)2009 U.S. Dist. LEXIS 13006 (D. Ver. 2009)
United States v. United States v. KirschnerKirschner, , 2010 U.S. Dist. LEXIS 30603 (E.D. Mich. 2010).2010 U.S. Dist. LEXIS 30603 (E.D. Mich. 2010).
•• TrueCryptTrueCrypt website claims cracking the password "could takewebsite claims cracking the password "could take
36
•• TrueCryptTrueCrypt website claims cracking the password "could take website claims cracking the password "could take thousands or millions of years."thousands or millions of years."
Password Cracking Calculator(www mandylionlabs com)(www.mandylionlabs.com)
Password: California*Dreaming1966Password: California*Dreaming1966Password: California Dreaming1966Password: California Dreaming1966
Time needed to crack password:Time needed to crack password:
Hours: 274,549,333,378,802,400,000Days: 11,439,555,557,450,100,000
37
Days: 11,439,555,557,450,100,000Years: 31,341,248,102,603,013
Check your password! Check your password! (4 l tt 4 b )(4 l tt 4 b )(4 letters, 4 numbers)(4 letters, 4 numbers)
38
SteganographySteganographyg g p yg g p y
C li d i hi dC li d i hi d•• Concealing data within dataConcealing data within data
•• Steganography lets users insert andSteganography lets users insert and•• Steganography lets users insert and Steganography lets users insert and extract hidden data into and from extract hidden data into and from
i fili filcarrier files.carrier files.
•• Over 800 digital steganographyOver 800 digital steganography•• Over 800 digital steganography Over 800 digital steganography applicationsapplications
39
SteganographySteganographyg g p yg g p y
• original image: 200 x 200 pixels, file size 88kb
• Remove all but the 2 least
• Recovered image• 200x200 pixels,
significant bits of each color component
file size 19kb40
IP addressesIP addressesIP addressesIP addresses• www.whatismyipaddress.com• Unique number assigned to each computer assigned to the
Internet• May be static or dynamic• May be static or dynamic
change my IP 41
Keepin’ it on the Down Low….Keepin’ it on the Down Low….Maintaining privacy on line
•• AnonymizersAnonymizers•• Proxy serversProxy serversProxy serversProxy servers•• Private online file sharingPrivate online file sharing
42
Anonymous Surfing: Anonymous Surfing: strips your p.i.i.strips your p.i.i.
• Block organization’s URLBlock organization s URL filter that blocks certain sites
• Allows one to surf through anonymous proxy
• Some services, i.e. Tor, require user to install
lapplication on computer, others, i.e. Roxprox, do not.
43
anonymizer.com anonymizer.com “Y IP dd i ID ”“Your IP address is your ID.”
• Anonymous surfingAnonymous surfing• Protected Wi‐Fi• Untraceable IP rotationUntraceable IP rotation• Internet activities—Web browsing‚ email‚ chat‚ webcam are kept private and anonymous.
• anonymous com• anonymous.comhidemyass.comshadowsurf comshadowsurf.com
44
•• Conceal IP addressConceal IP address•• Surf web anonymouslySurf web anonymously•• Protect your identity & stop hackersProtect your identity & stop hackers•• Send anonymous emailsSend anonymous emails
45
yy•• UnUn‐‐ban your IP address from forums, blogs, and other websitesban your IP address from forums, blogs, and other websites
Hiding your IP address:Hiding your IP address:g yg y•• Most common method is via proxy serverMost common method is via proxy server•• web based proxy servers or Installed software proxy serversweb based proxy servers or Installed software proxy servers•• web based proxy servers or Installed software proxy serversweb based proxy servers or Installed software proxy servers•• Access websites from behind restrictive corporate firewall. Access websites from behind restrictive corporate firewall. •• Website based proxy server (Proxify.com): enter URL of websiteWebsite based proxy server (Proxify.com): enter URL of websiteWebsite based proxy server (Proxify.com): enter URL of website Website based proxy server (Proxify.com): enter URL of website
that you wish to visitthat you wish to visit•• Proxy server makes request for pageProxy server makes request for page•• Usually does not identify itself as a proxy server and does not Usually does not identify itself as a proxy server and does not
pass along your IP address in the requestpass along your IP address in the request•• Websites visited cannot uniquely identify or track youWebsites visited cannot uniquely identify or track you•• Websites visited cannot uniquely identify or track you. Websites visited cannot uniquely identify or track you. •• Hides IP addressHides IP address•• Encrypted connection prevents monitoring of your networkEncrypted connection prevents monitoring of your networkEncrypted connection prevents monitoring of your network Encrypted connection prevents monitoring of your network
traffic. traffic. 46
Proxy ServersProxy Servers::Proxy ServersProxy Servers::• Server is an intermediary to clientServer is an intermediary to client seeking info from another server.
• Bypass work, parental controls
• Proxify.com, Youhide.com
47
IP and Hidden CamerasIP and Hidden Cameras
Just a few years ago the “Pinhole” Just a few years ago the “Pinhole” surveillance camera was the at the cutting surveillance camera was the at the cutting edge of stealth and concealmentedge of stealth and concealment..gg
They are small and easily hidden in just They are small and easily hidden in just about anything. about anything.
48
Easy as 1, 2, 3…Easy as 1, 2, 3…
49
Pinhole Camera
50
Pinhole Camera in a pack of Cigarettes
51
Many Digital cameras and Cell Phone Cameras Many Digital cameras and Cell Phone Cameras today record Exif data and Geo tagging today record Exif data and Geo tagging information that can be viewed with free information that can be viewed with free readily available software from the internet.readily available software from the internet.
Victims who post these images in a public Victims who post these images in a public f h blf h blforum on the internet are susceptible to forum on the internet are susceptible to revealing to stalkers dates/ times and even revealing to stalkers dates/ times and even
f l f h h h bf l f h h h bspecific locations of where they have been.specific locations of where they have been.
52
• Man installed GPS in estranged wife’s carSt t t lki t t t t i d l• State stalking statute contained language: “under surveillance.”
• Ct. ruled surveillance included electronic surveillance;
• Husband’s act constituted stalking.
State v. Sullivan, 53 P.3d 1181 (Colo. Ct. App. 2002)
53
• Man & estranged wife living in same home
• Husband installed tiny video camera in ywall of her bedroom.
• Ct held that use of this technologyCt. held that use of this technology constituted stalking under state law.
H.E.S. v. J.C.S., 815 A.2d 405 (N.J. 2003)
54
•• Can Can be hardwired be hardwired & & plugged into plugged into outlet outlet for for p ggp ggcontinuous and uninterrupted recordingcontinuous and uninterrupted recording..
•• Limited byLimited by the size of the storage device whichthe size of the storage device which•• Limited by Limited by the size of the storage device which the size of the storage device which was usually a VHS tapewas usually a VHS tape..
ff•• Innovations saw Innovations saw advent advent of wireless of wireless transmissions to remote storage transmissions to remote storage w/ w/ battery battery
ddpowered cameraspowered cameras..
•• Limited by distance radio Limited by distance radio signal could transmit signal could transmit yy ggsignal signal to the storage device. to the storage device. (Usually not (Usually not very very far far —— limited limited by walls, by walls, buildings, other buildings, other yy ggphysical obstacles.physical obstacles.
55
IP CamerasIP CamerasIP CamerasIP Cameras
•• Draw backs Draw backs of of older older camera systems camera systems corrected corrected yyw/ w/ the blending of Pinhole surveillance cameras the blending of Pinhole surveillance cameras and the and the Internet.Internet.
•• IP Cameras (Internet Protocol Cameras) allowed IP Cameras (Internet Protocol Cameras) allowed viewingviewing of cameras in live time from anywhereof cameras in live time from anywhereviewing viewing of cameras in live time from anywhere of cameras in live time from anywhere in the WORLD that had in the WORLD that had Internet Internet connection.connection.
56
Setting up your IP Camera:•• High speed Internet High speed Internet serviceservice
•• CCTVCCTV Camera orCamera or ““Network ReadyNetwork Ready” camera” cameraCCTV CCTV Camera or Camera or Network ReadyNetwork Ready camera camera
•• A Video A Video ServerServer
•• Either the Video Server or the "Network Ready" Either the Video Server or the "Network Ready" Camera will provide a unique computer "address" Camera will provide a unique computer "address" k I P Addk I P Addknown as an I.P. Address. known as an I.P. Address.
•• ANY Computer can search and FIND the IP ANY Computer can search and FIND the IP address, and connect to it. Depending on how address, and connect to it. Depending on how you've configured the network, that computer can you've configured the network, that computer can b t t th illi il itb t t th illi il itbe next to the camera, or a million miles away, it be next to the camera, or a million miles away, it really doesn't matter.really doesn't matter.
57
Private Online File SharingPrivate Online File SharingggPrivate P2P NetworksPrivate P2P Networks
•• Network of trusted sourcesNetwork of trusted sources•• Share files only with those you know and Share files only with those you know and trusttrust GigaTribeGigaTribe2P2P 2Peer2Peer
QNextQNext
58
“The term Private Internet describes an“The term Private Internet describes anThe term Private Internet describes an The term Private Internet describes an enabling technology that moves your enabling technology that moves your I t t ti iti f bliI t t ti iti f bliInternet activities from a public, unsecure Internet activities from a public, unsecure environment to one that is private and environment to one that is private and secure. The Private Internet allows one to secure. The Private Internet allows one to move from feeling outnumbered in a move from feeling outnumbered in a possibly hostile crowd to relaxing in a possibly hostile crowd to relaxing in a comfortable space filled only with familiarcomfortable space filled only with familiarcomfortable space filled only with familiar comfortable space filled only with familiar faces.”faces.”
59
2Peer 2Peer –– Features:Features:Feature 2PeerDesktop 2PeerWeb
Browse Friends' Content ✔ ✔Keyword search for filesDownload filesInvite Users to your Private Internet
✔✔✔
✔✔✔Invite Users to your Private Internet
Organize users into groupsChange your profile informationUpdate your preference settings
✔✔✔✔
✔✔✔✔Update your preference settings
View AlbumsDownload folders
✔✔✔
✔✔
Share folders and filesShare albumsChat
✔✔✔
Chat
View transfer historyCreate Albums
✔✔✔
60
GigaTribe GigaTribe -- Features:Features:gg
• All data transfers are encrypted• All data transfers are encrypted• No limitation on quantity or file size
No wasting time uploading files:• No wasting time uploading files: Select folders to share Contents of selected folders instantly accessible Contents of selected folders instantly accessible
to friends Friends browse and download files they want
• Data remains under your control; not saved on another company’s equipment
• Includes personal chat and private blog61
BBITCOINSITCOINSBBITCOINSITCOINS
•• Decentralized digital currencyDecentralized digital currency
•• Allows buyers and sellers to exchange moneyAllows buyers and sellers to exchange money•• Allows buyers and sellers to exchange money Allows buyers and sellers to exchange money anonymouslyanonymously
d l i f f b li ild l i f f b li il•• Used as legit form of payment by online retailersUsed as legit form of payment by online retailers
•• Also used by underground sites, such as Silk Also used by underground sites, such as Silk Road for sale of illegal drugsRoad for sale of illegal drugs
•• Fluctuating conversion valueFluctuating conversion value –– between $4 00between $4 0062
Fluctuating conversion value Fluctuating conversion value between $4.00 between $4.00 and $5.00 per and $5.00 per BitcoinBitcoin
Acquiring Acquiring BitcoinsBitcoinsq gq g
•• Download & install free Download & install free BitcoinBitcoin software clientsoftware client•• Accept as payment for goods or servicesAccept as payment for goods or services•• Accept as payment for goods or servicesAccept as payment for goods or services•• Several services allow you to trade them for Several services allow you to trade them for t diti lt diti ltraditional currencytraditional currency
•• Find local Find local bitcoinbitcoin traders in your area traders in your area (tradebitcoin.com) and trade with him in cash(tradebitcoin.com) and trade with him in cash
•• Currency stored on user’s computer in virtual Currency stored on user’s computer in virtual walletwallet
63
How How BitcoinBitcoin worksworks (simplified version)(simplified version)
•• Utilizes publicUtilizes public‐‐key cryptography. key cryptography.
•• Each coin contains the owner's public key. Each coin contains the owner's public key.
•• When a coin is transferred from user A to user B, A adds When a coin is transferred from user A to user B, A adds ,,B’s public key to the coin, and the coin is signed using A's B’s public key to the coin, and the coin is signed using A's private key. private key.
•• B now owns the coin and can transfer it further. B now owns the coin and can transfer it further.
•• A is prevented from transferring the already spent coin A is prevented from transferring the already spent coin to other users because a public list of all previous to other users because a public list of all previous transactions is collectively maintained by the network. transactions is collectively maintained by the network.
•• Before each transaction the coin’s validity will be Before each transaction the coin’s validity will be checked. checked. 64
2Peer 65
Topics:•• Cloud computingCloud computing•• WebWeb‐‐based Appsbased Apps•• Cell phone spyCell phone spy‐‐ware ware •• Computer monitoring softwareComputer monitoring software•• Hiding filesHiding files•• Hiding filesHiding files•• AnonymizersAnonymizersPP•• Proxy serversProxy servers
•• IP and hidden camerasIP and hidden cameras•• The Private Internet: Private P2P networksThe Private Internet: Private P2P networks
66
