02 Method of National Security

7/30/2019 02 Method of National Security

1/24

Marketing Department

Decision Group


2/24

Internet Surveillance Most Common Features -

Can be deployed at the exchange gateway in government orISP sites

Filter content or block specific IPs

In Reality, the most Important Features

Can be lawful intercepted for investigation?

Can track Internet activities with specific IP or account name?

No impact on network performance?

Prevent from being circumvented by proxies abroad


3/24

Internet Surveillance at National

Level Exists in most developed countries, including US, UK,

Japan

Huge scope with multiple surveillance points Target on suspects and suspicious contents with

national security, terrorismetc

Maintain certain level of network performance

Focus on several public Internet services, such as email,IM, social networksetc

Strong capability on text mining and analysis


4/24

National Internet Surveillance

Worldwide

No censorship

Some censorship

Under surveillance

Heavy surveillance

No data


5/24

Concerns Clear Objectives

Surveillance, Block, Tracking or Filter?

Multiple Systems adopted and integrated for differentfunctions and demands

National network infrastructure How many autonomous routing domains

International gateways through marine cables, satellitesand fiber optics

Issue on encrypted connection, like VPN, SSH

Formal legal lawful interception procedure


6/24

Common Methods IP Blocking

DNS Redirection and Filtering

Connection Reset

URL Filtering

Data packet filtering

Just-in-time blocking of websites

Reverse surveillance

Only passive filtering and blocking!!!


7/24

Active Investigation It is the active way to break conspirator group against

national security

Content reconstruction with email, IM and socialnetworks, VoIP

Full transaction record of activities with time stamp,IP address of sender and receiver(s), account names,

Internet service typeetcAlso get account name and password, if possible, for

intrusion investigation


8/24

Case Study on China Great Firewall project

subprogram of ChineseGolden Shield ()to prevent any online

damage of nationalsecurity in November, 2003

All official internationalgateways are in the handsof 6 backbone network

operators The Internet surveillance

systems are deployed inthese backbone networkoperators

Maintain a national singleAutonomous RoutingDomain (ARD)

Cyber Police in InternetSurveillance Division ofMinistry of Public Security

3000 security officialsinvolved in Internetsurveillance tasknationwide


9/24

Great Firewall() through website blocking and key word filtering

block certain IP addresses using firewalls and proxy

servers operating at the government controlledconnections to networks outside of China

DNS poisoning when particular sites are requested


10/24

Case Study in US* 2 systems of national surveillance on telecommunication

National Security Agency

CIA

Echelon program conducted by NSA with different telecomand Internet service providers

tap directly into the major communications switches, routing stations, or accesspoints of the telecommunications system

Hugh scale of data mining systems behind for data analysis International cooperation program of UKUSA system

among NSA, GCHQ, DSD, GCSB and CSE

*Source from http://www.nsawatch.org/eaves101.html


11/24

Deployment of US Octopus


12/24

Deployment of Echelon


13/24

Case Study in Iran* Both Internet content filter system and network

forensic system implemented to monitor onlineactivities of 32 M Iran netizens nation-wide

Network forensic system deployed by Nokia-SiemensNetworks in 2008, but not widely used.

Major Internet surveillance done by content filter

system with heavy impact on network performanceAll international link is through one Infrastructure

service provider Telecommunication InfrastructureCo., a state owned company

*Source: http://online.wsj.com/article/SB124562668777335653.html


14/24

Case Study in Turkey* National Internet Content Filtering System

Executed with 4 opt-in layers of content filter system

family, children, domestic, and standard Regulated by Law No. 5651 issued by

Telecommunications Communication Presidency(TIB), which was enacted in 2007

ISPs must implement content filter system bygovernment request

*Source: 2009 Report from Organization for Security and Cooperation in Europe


15/24

Skype Surveillance Through the joint venture of Tom.com and Skype

Skype software download only from skype.tom.com for

Chinese users filter function and surveillance record tracking built in

Chinese version of Skype agent

All transaction and user registration records are in 6

servers in Tom.com sites for national investigation Tom.com is a Hong Kong based content service

provider, which is under Hutchison Whampoa group


16/24

Drawbacks of Content Filter System Slow down network performance

Because content filter operation in proxy servers

Cannot block all illegal contents Thats why Green Dam introduced in PC is in need

Surveillance tool in Internet Cafes

No effective way against circumvention tools

Risk of high availability with few national ARDs No direct digital forensic way to keep reconstructed

record contained illegal contents


17/24

Circumvention Software Tools provided by Internet Freedom Group for

breaking through national Internet censorship

Back up by US Congress against internet censorship inChina, Iran and North Korea

Reference on: http://www.internetfreedom.org/

Ultrasurf Gpass Tor


18/24

How they work


19/24

Follow-up

DeepInvestigation& LinkAnalysis

Primary datascreening &

collection

Primary dataanalysis &

scoping

Suspectinterrogation &evidence

collection

Effective Internet Censorship and

Investigation Cycle


20/24

Network Forensic in Internet

Censorship It is the critical step in the procedure of Internet censorship

Focus on target IP(s), MAC(s) or account name(s) andrelated all Internet activities

Keep record on all related Internet activities for law suiteand text mining against terrorists , cyber criminals andconspirators

Intercept as much Internet protocols/services as better

Only focus on highly suspicious objects and persons

Keep minimal or no impact on network performance

Hide identity of network forensic equipments in Internet


21/24

What we have Network forensic equipments for Internet censorship

at national level e-Detective,Wireless-Detectiveand Data Retention Management System

Complete cyber crime investigation training programwith experienced cyber investigators from Taiwancyber crime investigation units

Consulting service on investigation and legalprocedures

Team up with Institute for Information Industry,Taiwan


22/24

What we provide Solid consulting and

delivery services to takeInternet surveillance by

Clear objectives Appropriate surveillance

systems

Vulnerability assessment

Deployment plan Legal procedure

Data analysis/text mining

Full training programs for

Train-the-trainer

National security officials

Administrators

Future development plan

Technology update andupgrade

Technical skill shift

Integration with backendLI system


23/24

Reference Confidential information upon on request


24/24

Thank you for your attention

Documents

02 Method of National Security