03 deployment for internet surveillance
TRANSCRIPT
-
7/30/2019 03 Deployment for Internet Surveillance
1/29
Marketing Department
Decision Group
Aug. 2011
-
7/30/2019 03 Deployment for Internet Surveillance
2/29
Internet Surveillance Exists in most developed countries, including US, UK,
Japan
Huge scope with multiple surveillance points
Target on suspects and suspicious contents withnational security, terrorismetc
Maintain certain level of network performance
Focus on several public Internet services, such as email,IM, social networksetc
Strong capability on text mining and secondaryanalysis
-
7/30/2019 03 Deployment for Internet Surveillance
3/29
Objectives Target on cyber space with violence, fraud, extremism,
hatred, cult, threat, racial and sexual harassment andassaultetc, which will causes serious social uprisingand impacts economic activities
Track suspect IPs, account names involving the aboveactivities from intercepted online data
Analyze collected information and forecast thebehavior pattern of the above cyber crimes in order toprevent the future anti-social activities happenedagain
-
7/30/2019 03 Deployment for Internet Surveillance
4/29
Scope Target on specific groups, persons
Mostly on domestic online communication
Track suspected targets by MAC address, account namein the black list
IP address as reference of target
Take mobile or handheld devices into account
Target on keywords in cyber space Online content filtering Analysis on intercepted content information
Management on structured, unstructured and analogdata
-
7/30/2019 03 Deployment for Internet Surveillance
5/29
Data Management Not necessary if only content filtering
Very important with large volume of reconstructed
data Focus on most popular online services, such as emails,
Instant Messengers, social media, SMSetc.
Primary analysis for data scoping, linking and statistics
by effective search engine Secondary analysis for behavior pattern, forecast,
comparison by data mining or business intelligencetools
-
7/30/2019 03 Deployment for Internet Surveillance
6/29
Data Collection Data collection is very important in Internet
surveillance
Target on online protocols and services
No matter encrypted, decrypted, stream, digital, analogdata
Less duplicated data
Reconstructed data for legal evidence Effective data for analysis
-
7/30/2019 03 Deployment for Internet Surveillance
7/29
Network Forensic For reconstructed data from network data packets,
deep packet inspection (DPI) technology behindnetwork forensic tool is the fundamental requirement
Capturing data packet
Protocol recognizing
Data reconstruction based on session, protocol and
service type Formatting and saving reconstructed data
Data presentation
Retention data management
-
7/30/2019 03 Deployment for Internet Surveillance
8/29
1010101010100110011110110111011100011011
E-mail/WebmailIM/Chat
HTTPFacebook
TwitterVoIP
101010101010100101010
Port-mirroring or In-linemonitoring
Work Flow of Network Forensic
StatisticalReports
CapturePackets
Reassemble& Decode
ContentReconstruct
Archive
Work Flow
-
7/30/2019 03 Deployment for Internet Surveillance
9/29
IM/Chat(Yahoo,MSN, ICQ,QQ, IRC,
Google TalkEtc.)
EmailWebmail
HTTP(Link, Content,Reconstruct,
Upload
Download)
File TransferFTP, P2P
OthersSocial MediaTelnet etc.
Protocols Required for Internet Surveillance
More than 160+
Protocols/Services
-
7/30/2019 03 Deployment for Internet Surveillance
10/29
Consideration of Deployment Deployment for International Cyber Space
Cyber message surveillance on contents of emails, http,video stream, VoIP services
Target on specific targets and groups tracking
Deployment for Domestic Cyber Space
Cyber message surveillance on IM, emails, social
networks, video stream and VoIP services Target on information collection, and specific target
tracking
-
7/30/2019 03 Deployment for Internet Surveillance
11/29
Deployment for International System deployment in National Exchange Gateway
Centers
Submarine Cable Station
Land Optic Fiber Station
Satellite Station
National backbone network service operator(s)
Take national ARD configuration into account
-
7/30/2019 03 Deployment for Internet Surveillance
12/29
Basics of Deployment
-
7/30/2019 03 Deployment for Internet Surveillance
13/29
Deployment for Domestic Deployment of network forensic tool is an important
step to collect data
Tactic deployment
Temporary deployment
Direct wired connection with network infrastructure in ISPPoP sites
Wireless interception on specific target or penetration into
VPN Lawful interception deployment
Permanent deployment by country LI law
Following standard of ETSI or CALEA
-
7/30/2019 03 Deployment for Internet Surveillance
14/29
Basics of Deployment
-
7/30/2019 03 Deployment for Internet Surveillance
15/29
Tactic Deployment For the device deployed inside area nodes (PoP sites)
in ISP network
Direct connection inside infrastructure of bordernetwork or access network
2 types of deployment
Mirror mode
Bridge mode
-
7/30/2019 03 Deployment for Internet Surveillance
16/29
Mirror Mode Implementation
Mirror Mode Deployment
In Border Network of ISP
-
7/30/2019 03 Deployment for Internet Surveillance
17/29
Bridge Mode Implementation
Bridge Mode Deployment
In Border Network of ISP
-
7/30/2019 03 Deployment for Internet Surveillance
18/29
Distributed Deployment For centralized management on multiple E-Detectives For bandwidth management For protocol management
-
7/30/2019 03 Deployment for Internet Surveillance
19/29
Lawful Interception Deployment Following ETSI or CALEA Standards
As a lawful interception system for parsing raw packetdata stream from ISPs
Decoding all data packets associated with protocolbased on service port number and session
Saving un-decoded data into specified directory in
pcap format Primary data analysis management system
-
7/30/2019 03 Deployment for Internet Surveillance
20/29
Lawful Interception Deployment
Mediation
Platform
E-Detective/LEMFData PacketReconstructionSystem
Analysis Server (DataMining, BI or KB)
1
3
2
ISPCommunicationCenters
2. Connection :- FTP- pcap Files upload
4. Connection :-FTP
3. System:-download pcap files frommediation platform-Case ID Management-Web based LawfulEnforcement Management
Utilities
T1/T3connection
Data RetentionManagement System
ETL downloading
ArchiveUploading
Lawful InterceptionCenter in Police orNational Security
1. Send pcap data toLI Center
4
-
7/30/2019 03 Deployment for Internet Surveillance
21/29
Gmail Interception Gmail service protected by HTTPS/SSL
Deployment only by Tactic way
Warning message of certificate appeared in thebrowser of intercepted subscribers
National Certificate introduced
CA control mechanism customization by case
-
7/30/2019 03 Deployment for Internet Surveillance
22/29
Deployment for Gmail Interception
-
7/30/2019 03 Deployment for Internet Surveillance
23/29
VPN Penetration Most VPN protected by IPSec
Hard to intercept VPN connection directly
Find the ends of VPN connection Try to penetrate with Wireless Interception into
private LAN
-
7/30/2019 03 Deployment for Internet Surveillance
24/29
Distributed Wireless Interception Target on private
LAN
Get privateidentity
IntrusionInvestigation Acquire VPN
access
Collect syslogs
Collect loginrecord
Follow LI Law
-
7/30/2019 03 Deployment for Internet Surveillance
25/29
Network Forensic on Internet
Censorship It is the critical step in the procedure of Internet censorship
Focus on target IP(s), MAC(s) or account name(s) andrelated all Internet activities
Keep record on all related Internet activities for law suiteand text mining against terrorists , cyber criminals andconspirators
Intercept as much Internet protocols/services as better
Only focus on highly suspicious objects and persons
Keep minimal or no impact on network performance
Hide identity of network forensic equipments in Internet
-
7/30/2019 03 Deployment for Internet Surveillance
26/29
What We have Network forensic equipments for Internet censorship
at national level e-Detective,Wireless-Detective,Data Retention Management System and CentralManagement System
Complete cyber crime investigation training programwith experienced cyber investigators from Taiwancyber crime investigation units
Consulting service on investigation and legalprocedures
-
7/30/2019 03 Deployment for Internet Surveillance
27/29
What We Provide Solid consulting and
delivery services to takeInternet surveillance by
Clear objectives Appropriate surveillance
systems
Vulnerability assessment
Deployment plan Legal procedure
Data analysis/text mining
Full training programs for
Train-the-trainer
National security officials
Administrators
Future development plan
Technology update andupgrade
Technical skill shift
Integration with backendLI system
-
7/30/2019 03 Deployment for Internet Surveillance
28/29
Reference Confidential information upon request
-
7/30/2019 03 Deployment for Internet Surveillance
29/29
Thank you for your attention