Upload
tachi
View
217
Download
0
Embed Size (px)
Citation preview
7/30/2019 02 Method of National Security
1/24
Marketing Department
Decision Group
7/30/2019 02 Method of National Security
2/24
Internet Surveillance Most Common Features -
Can be deployed at the exchange gateway in government orISP sites
Filter content or block specific IPs
In Reality, the most Important Features
Can be lawful intercepted for investigation?
Can track Internet activities with specific IP or account name?
No impact on network performance?
Prevent from being circumvented by proxies abroad
7/30/2019 02 Method of National Security
3/24
Internet Surveillance at National
Level Exists in most developed countries, including US, UK,
Japan
Huge scope with multiple surveillance points Target on suspects and suspicious contents with
national security, terrorismetc
Maintain certain level of network performance
Focus on several public Internet services, such as email,IM, social networksetc
Strong capability on text mining and analysis
7/30/2019 02 Method of National Security
4/24
National Internet Surveillance
Worldwide
No censorship
Some censorship
Under surveillance
Heavy surveillance
No data
7/30/2019 02 Method of National Security
5/24
Concerns Clear Objectives
Surveillance, Block, Tracking or Filter?
Multiple Systems adopted and integrated for differentfunctions and demands
National network infrastructure How many autonomous routing domains
International gateways through marine cables, satellitesand fiber optics
Issue on encrypted connection, like VPN, SSH
Formal legal lawful interception procedure
7/30/2019 02 Method of National Security
6/24
Common Methods IP Blocking
DNS Redirection and Filtering
Connection Reset
URL Filtering
Data packet filtering
Just-in-time blocking of websites
Reverse surveillance
Only passive filtering and blocking!!!
7/30/2019 02 Method of National Security
7/24
Active Investigation It is the active way to break conspirator group against
national security
Content reconstruction with email, IM and socialnetworks, VoIP
Full transaction record of activities with time stamp,IP address of sender and receiver(s), account names,
Internet service typeetcAlso get account name and password, if possible, for
intrusion investigation
7/30/2019 02 Method of National Security
8/24
Case Study on China Great Firewall project
subprogram of ChineseGolden Shield ()to prevent any online
damage of nationalsecurity in November, 2003
All official internationalgateways are in the handsof 6 backbone network
operators The Internet surveillance
systems are deployed inthese backbone networkoperators
Maintain a national singleAutonomous RoutingDomain (ARD)
Cyber Police in InternetSurveillance Division ofMinistry of Public Security
3000 security officialsinvolved in Internetsurveillance tasknationwide
7/30/2019 02 Method of National Security
9/24
Great Firewall() through website blocking and key word filtering
block certain IP addresses using firewalls and proxy
servers operating at the government controlledconnections to networks outside of China
DNS poisoning when particular sites are requested
7/30/2019 02 Method of National Security
10/24
Case Study in US* 2 systems of national surveillance on telecommunication
National Security Agency
CIA
Echelon program conducted by NSA with different telecomand Internet service providers
tap directly into the major communications switches, routing stations, or accesspoints of the telecommunications system
Hugh scale of data mining systems behind for data analysis International cooperation program of UKUSA system
among NSA, GCHQ, DSD, GCSB and CSE
*Source from http://www.nsawatch.org/eaves101.html
7/30/2019 02 Method of National Security
11/24
Deployment of US Octopus
7/30/2019 02 Method of National Security
12/24
Deployment of Echelon
7/30/2019 02 Method of National Security
13/24
Case Study in Iran* Both Internet content filter system and network
forensic system implemented to monitor onlineactivities of 32 M Iran netizens nation-wide
Network forensic system deployed by Nokia-SiemensNetworks in 2008, but not widely used.
Major Internet surveillance done by content filter
system with heavy impact on network performanceAll international link is through one Infrastructure
service provider Telecommunication InfrastructureCo., a state owned company
*Source: http://online.wsj.com/article/SB124562668777335653.html
7/30/2019 02 Method of National Security
14/24
Case Study in Turkey* National Internet Content Filtering System
Executed with 4 opt-in layers of content filter system
family, children, domestic, and standard Regulated by Law No. 5651 issued by
Telecommunications Communication Presidency(TIB), which was enacted in 2007
ISPs must implement content filter system bygovernment request
*Source: 2009 Report from Organization for Security and Cooperation in Europe
7/30/2019 02 Method of National Security
15/24
Skype Surveillance Through the joint venture of Tom.com and Skype
Skype software download only from skype.tom.com for
Chinese users filter function and surveillance record tracking built in
Chinese version of Skype agent
All transaction and user registration records are in 6
servers in Tom.com sites for national investigation Tom.com is a Hong Kong based content service
provider, which is under Hutchison Whampoa group
7/30/2019 02 Method of National Security
16/24
Drawbacks of Content Filter System Slow down network performance
Because content filter operation in proxy servers
Cannot block all illegal contents Thats why Green Dam introduced in PC is in need
Surveillance tool in Internet Cafes
No effective way against circumvention tools
Risk of high availability with few national ARDs No direct digital forensic way to keep reconstructed
record contained illegal contents
7/30/2019 02 Method of National Security
17/24
Circumvention Software Tools provided by Internet Freedom Group for
breaking through national Internet censorship
Back up by US Congress against internet censorship inChina, Iran and North Korea
Reference on: http://www.internetfreedom.org/
Ultrasurf Gpass Tor
7/30/2019 02 Method of National Security
18/24
How they work
7/30/2019 02 Method of National Security
19/24
Follow-up
DeepInvestigation& LinkAnalysis
Primary datascreening &
collection
Primary dataanalysis &
scoping
Suspectinterrogation &evidence
collection
Effective Internet Censorship and
Investigation Cycle
7/30/2019 02 Method of National Security
20/24
Network Forensic in Internet
Censorship It is the critical step in the procedure of Internet censorship
Focus on target IP(s), MAC(s) or account name(s) andrelated all Internet activities
Keep record on all related Internet activities for law suiteand text mining against terrorists , cyber criminals andconspirators
Intercept as much Internet protocols/services as better
Only focus on highly suspicious objects and persons
Keep minimal or no impact on network performance
Hide identity of network forensic equipments in Internet
7/30/2019 02 Method of National Security
21/24
What we have Network forensic equipments for Internet censorship
at national level e-Detective,Wireless-Detectiveand Data Retention Management System
Complete cyber crime investigation training programwith experienced cyber investigators from Taiwancyber crime investigation units
Consulting service on investigation and legalprocedures
Team up with Institute for Information Industry,Taiwan
7/30/2019 02 Method of National Security
22/24
What we provide Solid consulting and
delivery services to takeInternet surveillance by
Clear objectives Appropriate surveillance
systems
Vulnerability assessment
Deployment plan Legal procedure
Data analysis/text mining
Full training programs for
Train-the-trainer
National security officials
Administrators
Future development plan
Technology update andupgrade
Technical skill shift
Integration with backendLI system
7/30/2019 02 Method of National Security
23/24
Reference Confidential information upon on request
7/30/2019 02 Method of National Security
24/24
Thank you for your attention