Tracking Online Trails

No one likes cookies, we all want to keep our privacy sacred, and we certainly hate to be tracked every virtual movement. But, there are times when tracking online trails can be to the public good – when traceability is used to catch criminals.

Traceability is a key to the investigation of the internet criminal and a cornerstone of internet research, according to Mandy Qi of the Department of Computing, at Canterbury Christ Church University, in the UK, and colleagues. Writing in the International Journal of Electronic Security and Digital Forensics, the researchers emphasize that it is impossible to prevent all internet misuse but that traceability means cybercriminals might be caught and appropriate action against them taken.

Qi explains that there are essentially two forms of cybercrime fraud, theft, sexual harassment, pornography, which are “computer-assisted” and then there are the “computer-focused” crimes, such as cracking, hacking, viral attacks, website defacement, trojanization of computers. There is a cybercrime happening at least once every second, but worse is just very few are identified, because about 90% of cybercrime goes unreported.

Of course, online crooks are keen to hide behind the technology they hope to exploit. They use anonymity and falsification and take advantage of the latest methods to obscure their activities and crucially hide their trail. Standard emails can be traced through their headers, but, explain the researchers:

The internet was never designed for tracking and tracing user behaviour and was not designed to resist untrustworthy users. Cyber criminals use technologies to hide or forge their identities and to spoof the sender’s email address. They use proxy servers and anonymizing services, secure websites and vulnerable (often trojanized botnets of zombie computers) third party computers to route their communications through several different countries.

Interestingly, the whole world of cybercrime is becoming increasingly accessible to even petty criminals and criminals working in networks or with networks of computers. There is no need for great technical skill. Anyone with the inclination can quickly master the tools of the trade.

“Advanced technical solutions are urgently needed to track online trails,” says Qi, “. While law enforcement and international cooperation are also very important to fight the internet criminals.”

“There are many ways to detect fake email address by comparing different sections in a header, examining message initiation protocol and identifying message IDs,” explains Qi, “The header is not the only useful source of information. Various software logs can be used. Discussion threads and the body of the messages can also be used for analysis, e.g. the suspect’s contact detail, his/her linguistic style that may be able to determine the motivation behind the criminal behavior. There are measures for identifying the false detail created by the offender. But it is difficult currently to track the source using anonymous services or a Trojanized computer.”

I asked Qi for some additional information on protection. “Some general methods to prevent or protect from attacks include code-level inspection, especially for SQL commands created on the fly, outgoing network traffic monitoring, detection tools as Sandbox can be used to analysis malware behavior, and strict HTTP filtering/application firewall to block sensitive entries,” she told me.

“I always think the best way to fight is to protect/shield well first: Operating System and software vendors should become more active about patching; law enforcement should be allowed to trace the supply chain of criminals; domain name registry authorities should monitor and stop the abuses as ICANN did last year; personal users should add anti-malware tools to their browsers; and the last but the most important is to raise awareness of the various cybercrimes.”

There is no final solution, yet, and may never be, I’d be interested to hear what Sciencetext readers think can be done.

Man Qi, Denis Edgar-Nevill, Yongquan Wang, Rongsheng Xu (2008). Tracking online trails Int. J. Electronic Security and Digital Forensics, 1 (4), 353-361