hiding tracks on the net - university of mississippi tracks on the net...ncjrl-nagtri webinar –...
TRANSCRIPT
NCJRL-NAGTRI Webinar – Hiding Tracks on the Net
1
November 30, 2011
NAGTRI Webinar Series NCJRL / NAAG
Hiding Trackson the Net
NAGTRI Webinar Series NCJRL / NAAG
Ways one might hide their tracks
Private Browsing
False Information
SSL / TLS
Passwords
Anonymizers & Proxy Servers
Email Services
Public Networks
Encryption Firewalls
NAGTRI Webinar Series NCJRL / NAAG
Private Browsing
NCJRL-NAGTRI Webinar – Hiding Tracks on the Net
2
November 30, 2011
NAGTRI Webinar Series NCJRL / NAAG
• A browser is a computer application that retrieves and displays content from the web
• This content may include web pages, videos, pictures, and more
• Popular browsers include Firefox, Internet Explorer, Chrome, and Safari
What is a browser?
NAGTRI Webinar Series NCJRL / NAAG
Address BarAddress BarSearch BoxSearch Box
Status BarStatus Bar
TabTab
NAGTRI Webinar Series NCJRL / NAAG
Browser Functions
• Web browsers also collect a variety of information about a user’s online actions and save this information on the computer– History
– Cache / Temporary Internet Files
– Cookies
NCJRL-NAGTRI Webinar – Hiding Tracks on the Net
3
November 30, 2011
NAGTRI Webinar Series NCJRL / NAAG
Private Browsing
• Most browsers now have a “private browsing” function that allows the user to prevent cookies, cache, and history from being saved– Internet Explorer: “InPrivate Browsing”
– Firefox: “Private Browsing”
– Chrome: “Incognito”
– Safari: “Private Browsing”
NAGTRI Webinar Series NCJRL / NAAG
Private Browsing
NAGTRI Webinar Series NCJRL / NAAG
Private Browsing
NCJRL-NAGTRI Webinar – Hiding Tracks on the Net
4
November 30, 2011
NAGTRI Webinar Series NCJRL / NAAG
Private Browsing
• This function prevents history, cookies, and cache from being saved on the user’s computer
• However, the user’s actions are still tracked by the ISP AND the server hosting the information
NAGTRI Webinar Series NCJRL / NAAG
Home ComputerHome Router
Internet Service Provider
Internet Exchange Point
Website Host
1 2
3
45
Private Browsing
NAGTRI Webinar Series NCJRL / NAAG
Private Browsing protects the user from
A. Secret Agents
B. Sharing information with their ISP
C. Saving information on their computer
D. Sharing information with websites they visit
QUIZ
NCJRL-NAGTRI Webinar – Hiding Tracks on the Net
5
November 30, 2011
NAGTRI Webinar Series NCJRL / NAAG
Anonymizers
NAGTRI Webinar Series NCJRL / NAAG
Anonymizers
• Access the Internet on your behalf– Allow you to be a step removed from the
websites you visit
• Often, users get advertisements corresponding to their location. Anonymizers give the websites someone else’s location
NAGTRI Webinar Series NCJRL / NAAG
Anonymizers
NCJRL-NAGTRI Webinar – Hiding Tracks on the Net
6
November 30, 2011
NAGTRI Webinar Series NCJRL / NAAG
Anonymizers
• Networked Anonymizers– A request for a certain webpage goes
through several computers before going to the user who requested the information
– Makes traffic analysis very difficult
– However, each computer along the chain may be able to compromise the confidentiality
•Encryption may solve this problem if available
NAGTRI Webinar Series NCJRL / NAAG
Anonymizers
Home Computer inMississippi
Computer CCalifornia
Computer BGermany
Computer AKansas
Internet Service Provider
Internet Exchange Point
Website Host
Home Router
NAGTRI Webinar Series NCJRL / NAAG
Anonymizers
• Single Point Anonymizers– Information passes through a single website
– Often offers encryption
NCJRL-NAGTRI Webinar – Hiding Tracks on the Net
7
November 30, 2011
NAGTRI Webinar Series NCJRL / NAAG
Anonymizers
Home Computer Internet Service
Provider
Internet Exchange Point
Website Host
Home Router
Anonymizer Website
Internet Exchange Point
NAGTRI Webinar Series NCJRL / NAAG
TOR: The Onion Router
• "Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet."
• Onion routing uses multiple layers of security that are removed (like onion skin) as a message is routed through the TOR network
NAGTRI Webinar Series NCJRL / NAAG
TOR
NCJRL-NAGTRI Webinar – Hiding Tracks on the Net
8
November 30, 2011
NAGTRI Webinar Series NCJRL / NAAG
TOR
NAGTRI Webinar Series NCJRL / NAAG
TOR
NAGTRI Webinar Series NCJRL / NAAG
TOR
NCJRL-NAGTRI Webinar – Hiding Tracks on the Net
9
November 30, 2011
NAGTRI Webinar Series NCJRL / NAAG
TOR
• TOR, while the most popular anonymizeris not flawless– In October, TOR was hacked by Anonymous
in order to find visitors to a popular child pornography website. Anonymous then posted the IP addresses of those users online
NAGTRI Webinar Series NCJRL / NAAG
Anonymizers
• Other popular anonymizers include:– Anonymizer (anonymizer.com)
– Freenet (freenetproject.org)
– I2P
NAGTRI Webinar Series NCJRL / NAAG
An anonymizer helps prevent sharing which of the following with a website the user visits:
A. Location
B. IP address
C. ISP
D. all of the above
QUIZ
NCJRL-NAGTRI Webinar – Hiding Tracks on the Net
10
November 30, 2011
NAGTRI Webinar Series NCJRL / NAAG
Proxy Servers
NAGTRI Webinar Series NCJRL / NAAG
Proxy Servers
• A server that acts as an intermediary to a client seeking information from another server
• Browsers are set up to allow people to send all information through a proxy server
• Unlike anonymizers, no additional software is required
NAGTRI Webinar Series NCJRL / NAAG
Proxy Servers
NCJRL-NAGTRI Webinar – Hiding Tracks on the Net
11
November 30, 2011
NAGTRI Webinar Series NCJRL / NAAG
Proxy Servers
• There are legitimate uses for proxy servers– To audit Internet usage
• However, they can also be used to:– Bypass work/parental controls
•Facebook at work, for example
– Anonymize access
NAGTRI Webinar Series NCJRL / NAAG
Proxy Servers
• A few popular proxy servers can be found at:– Browser9.com
– Youhide.com
– Proxify.com
– Fastproxynetwork.com
NAGTRI Webinar Series NCJRL / NAAG
Proxy Servers
NCJRL-NAGTRI Webinar – Hiding Tracks on the Net
12
November 30, 2011
NAGTRI Webinar Series NCJRL / NAAG
TLS / SSL
NAGTRI Webinar Series NCJRL / NAAG
TLS / SSL
• TLS (Transport Layer Security) is the successor to Secure Sockets Layer (SSL)
• Enables encrypted network communications for activities like:– Credit card payments
– Healthcare data
– Financial information
NAGTRI Webinar Series NCJRL / NAAG
TLS / SSL
• In order to use TLS, a website you visit must be subscribed to it. Usually, the cost is rather minimal (about $10 per month)
• Encryption methods are very secure
NCJRL-NAGTRI Webinar – Hiding Tracks on the Net
13
November 30, 2011
NAGTRI Webinar Series NCJRL / NAAG
TLS / SSL
NAGTRI Webinar Series NCJRL / NAAG
Passwords
NAGTRI Webinar Series NCJRL / NAAG
Passwords
NCJRL-NAGTRI Webinar – Hiding Tracks on the Net
14
November 30, 2011
NAGTRI Webinar Series NCJRL / NAAG
Passwords
• Vary greatly in security. Long passwords with mix of numbers, letters, and symbols are much stronger.
• Should be changed often
• Many logins are protected by TLS, which helps prevent unauthorized interception– If not protected by TLS, anyone along the
chain can obtain your password
NAGTRI Webinar Series NCJRL / NAAG
Passwords
• Passwords can be used to restrict access to:– An online blog
– A photo album (Flickr or Picasa)
– Video accounts (YouTube)
NAGTRI Webinar Series NCJRL / NAAG
Which of the following is false:
A. Passwords are always protected by TLS
B. Proxy servers allow a user to bypass parental controls
C. TLS usually protects online payments
D. Proxy servers usually do not require extra software
QUIZ
NCJRL-NAGTRI Webinar – Hiding Tracks on the Net
15
November 30, 2011
NAGTRI Webinar Series NCJRL / NAAG
False Information
NAGTRI Webinar Series NCJRL / NAAG
False Information
NAGTRI Webinar Series NCJRL / NAAG
False Information
• Accounts rarely require information to be accurate. Doing so might require:– Credit card authorization
– Verification by sending in copy of driver’s license / Social Security card
• Thus, users can create false identities online
NCJRL-NAGTRI Webinar – Hiding Tracks on the Net
16
November 30, 2011
NAGTRI Webinar Series NCJRL / NAAG
False Information
• Might encourage someone to share pictures, video, etc., under an alias, providing them with some protection
• However, this doesn’t prevent the ability to track it back to the user’s computer– Just requires an additional step in
authenticating the actions of a specific user
NAGTRI Webinar Series NCJRL / NAAG
Public Networks
NAGTRI Webinar Series NCJRL / NAAG
Public Networks
• Where do public networks exist?– McDonalds
– Starbucks
– Public Libraries
– Hotels
– Apartment Buildings
• Often allow users to connect without providing any information that reveals their identity
NCJRL-NAGTRI Webinar – Hiding Tracks on the Net
17
November 30, 2011
NAGTRI Webinar Series NCJRL / NAAG
Public Networks
• How safe are they?– Not very!
– Easy-to-find tools allow other users to obtain all of your account information and browsing history
– The provider may even track it intentionally for research purposes
NAGTRI Webinar Series NCJRL / NAAG
Public Networks
NAGTRI Webinar Series NCJRL / NAAG
Public Networks
NCJRL-NAGTRI Webinar – Hiding Tracks on the Net
18
November 30, 2011
NAGTRI Webinar Series NCJRL / NAAG
Public Networks
• More than anything, it makes someone feel like their actions are anonymous
• Beyond tracking from others on the network at the time, use of public networks does make it difficult to track actions back to the user
NAGTRI Webinar Series NCJRL / NAAG
Public networks allow a user to browse the Internet with full anonymity.
A. True
B. False
QUIZ
NAGTRI Webinar Series NCJRL / NAAG
Email Services
NCJRL-NAGTRI Webinar – Hiding Tracks on the Net
19
November 30, 2011
NAGTRI Webinar Series NCJRL / NAAG
Email Services
• Many websites allow users to send anonymous emails that prevent tracing to the sender– anonymouse.org (reroutes through other
countries and delays sending up to 12 hours)
– AnonymousSpeech.com (constantly moves servers in Asia and South America to prevent subpoena, provides legal insurance concerning protected information)
NAGTRI Webinar Series NCJRL / NAAG
Email Services
• Other services allow spoofing of another’s email address (pretending to be someone else)
• Many email providers now allow all email to be sent and received through TLS
NAGTRI Webinar Series NCJRL / NAAG
Encryption
NCJRL-NAGTRI Webinar – Hiding Tracks on the Net
20
November 30, 2011
NAGTRI Webinar Series NCJRL / NAAG
Encryption
• Makes data unreadable without a key
• To properly protect data, it needs to be encrypted before leaving the sender’s computer and decrypted once it reaches the recipient’s computer
NAGTRI Webinar Series NCJRL / NAAG
Encryption
NAGTRI Webinar Series NCJRL / NAAG
Encryption
• Other data can be encrypted:– Entire hard drives
•Or Individual folders or files
– CDs / DVDs
– USB Flash drives•U3 software
NCJRL-NAGTRI Webinar – Hiding Tracks on the Net
21
November 30, 2011
NAGTRI Webinar Series NCJRL / NAAG
Firewalls
NAGTRI Webinar Series NCJRL / NAAG
Firewalls
• May be hardware or software– Computers often have firewall software
– Routers may have either
• Prevents unauthorized access– May be used to prevent the user from
certain actions (like using P2P software)
– Prevent hackers
NAGTRI Webinar Series NCJRL / NAAG
Firewalls
NCJRL-NAGTRI Webinar – Hiding Tracks on the Net
22
November 30, 2011
NAGTRI Webinar Series NCJRL / NAAG
Firewalls
• Malware or Spyware operating on the computer may be able to bypass the computer’s firewall
• Main function is not anonymity, but if the computer is on a network, the firewall may make it difficult to distinguish activities from each computer
NAGTRI Webinar Series NCJRL / NAAG
Miscellaneous Issues
NAGTRI Webinar Series NCJRL / NAAG
Steganography
StenographyRecovered.png (200 × 200 pixels, file size: 19 KB)
StenographyOriginal.png (200 × 200 pixels, file size: 88 KB)
NCJRL-NAGTRI Webinar – Hiding Tracks on the Net
23
November 30, 2011
NAGTRI Webinar Series NCJRL / NAAG
Changing File Extensions
Each file on a Windows computer has an extension that connects it to a program on the computer
• .doc or .docx = Microsoft Word
• .jpg, .gif, .tif, .jpeg, .png = Image files that can be opened by many programs
• .exe = an Application
• .zip = archive of compressed files
NAGTRI Webinar Series NCJRL / NAAG
Changing File Extensions
NAGTRI Webinar Series NCJRL / NAAG
Zip Files
• Allow users to compress files into small sizes for faster transmission on the Internet
• Some compression applications allow the user to password protect and encrypt the files, preventing unauthorized use
NCJRL-NAGTRI Webinar – Hiding Tracks on the Net
24
November 30, 2011
NAGTRI Webinar Series NCJRL / NAAG
SecretHelper
• Firefox extension that allows user to create encrypted and password-protected drive on computer
• Only accessible through the Firefox tool
• Re-encrypted and inaccessible once browser is closed
NAGTRI Webinar Series NCJRL / NAAG
Good Reasons to Hide Tracks
• Private Browsing provides some protection while on public computers
• Encryption protects credit card numbers and important account passwords
• Proxy servers were used recently in Egypt to allow access to social networking when the government tried to block these sites
NAGTRI Webinar Series NCJRL / NAAG
Which is not a function of a firewall:
A. Encryption of files
B. Control of a user’s action
C. Protection from hackers
D. Anonymity
QUIZ
NCJRL-NAGTRI Webinar – Hiding Tracks on the Net
25
November 30, 2011
NAGTRI Webinar Series NCJRL / NAAG
Which of the following are legitimate ways to hide your privacy?
A. Private Browsing
B. Proxy Servers
C. Passwords
D. Encryption
E. All of the above
QUIZ
NAGTRI Webinar Series NCJRL / NAAG
Ways one might hide their tracks
Private Browsing
False Information
SSL / TLS
Passwords
Anonymizers & Proxy Servers
Email Services
Public Networks
Encryption Firewalls
NAGTRI Webinar Series NCJRL / NAAG
Presented by
Don MasonAssociate Director, NCJRL