Should We be Allowed to be Invisible on the Net?
Online Anonymity: A Controversial Technique for Anti-computer Forensics
As Internet users, it is certain that we want all our data input to the net systems safe and secure. By “data”, we most likely mean private details such as phone numbers, house address, and perhaps ID card numbers when you buy things online, for example. But for some other purposes — mainly bad intentions — , those people responsible want not only their data and actions on the net safe and secure, but they also want them to be completely non-identifiable, unreachable, untrackable, or simply anonymous. One of many reasons of those attempts is what we call anti-computer forensics.
Anti-computer Forensics
As Wikipedia says,
Anti-computer forensics or counter-forensics are techniques used to obstruct forensic analysis.
In short, digital forensic analysis attempts to examine any sorts of digital media to find, identify, preserve, recover, analyse, and present evidence, facts, or opinions regarding the digital information, most, if not all, are related to cybercrime. On the other hand, anti-computer forensics is one or another way to halt the forensic analysis process.
There are several methods and techniques used in anti-computer forensics, some of these are:
- Data Hiding, Obfuscation and Encryption
- Data Forgery
- Data Deletion and Physical Destruction
- Analysis Prevention
- Attacks against computer forensics, and
- Online Anonymity
This blog will mainly focus on the 6th method, online anonymity, which has sparked controversy from time to time.
Online Anonymity: Pros and Cons
For certain level, being “invisible” on the net can be used to deliver good purposes. One of them is exposing serious misuses of criminals by using anonymous labels that can be used as an information source by newspapers, or even by police departments. Other purposes, although not linked to legal cases, can be used to maintain users’ privacy and comfort while being vocal on online discussions, thus preserving their human rights; freedom of speech.
However, it is evident that some people use this method to perform illegal acts. Some criminals protect their moves such as illegal threats, fraud, racial agitation, distribution of computer viruses, or even child abuse/pornography. Another twist is these criminals can pay for another criminals through online platform to perform those illegal acts.
It is clear for those criminals that being “invisible” tends to act as a preventive move, compared to other methods such as data hiding, data deletion, or physical destruction. Before and while doing those illegal acts, they will try to hide every single identity regarding “who” and “where” they are. Typically, the first thing they tend to do is masking the IP address of the device used to perform the action, although most of the times, it sparks the same old question:
Is it really possible to be completely invisible on the net?
The answer is still debatable, although it seems impossible to achieve that level of anonymity. But it is possible to achieve a decent level of anonymity on the Internet, backed by good situation awareness, advanced technical skills, and extensive experience.
The Techniques
To be anonymous, at least until we reach certain level of invisibility, we may have heard — or even used — some of these well-known methods.
VPN
We all know this one, don’t we? A Virtual Private Network service allows remote connection to a network with a secure encrypted communication channel and lets the VPN server becomes the source of our data. This will make our data and actions online won’t be seen at least by the Internet Service Provider (ISP) and other third parties.
Browser Tuning
Some browsers supports certain levels of privacy. By customizing them, criminals can avoid sending HTTP Referrer to the websites they are going to visit, or “attack”. For example, by customizing Firefox, they can reach a certain level of invisbility on the web, making it hard to track. In Firefox bar address type about:config. In the “Search Preference Name” input form, enter network.http.sendRefererHeader, change its value from “2” to “0”.
Some of additional steps includes installing some add-on to improve privacy, such as BetterPrivacy, Ghostery, HTTPS-Everywhere, and Adblock Plus, followed by disabling the third-party cookies.
The Onion Router (TOR)
TOR is a freeware used for anonymous network communication that supports users’ privacy and anonymity protection while browsing online, including identifiable details such as name, IP address, location, the browser visit actions, account details, etc.
Every session, a new virtual circuit of nodes is created and in every step, the communications are encrypted multitimes using the Diffie-Hellman protocol. These nodes don’t keep the logs of communications. Furthermore, the TOR browser changes its destination node path every 10 minutes, making it extremely difficult to track in such a short time.
Is It Possible to Track Them Down?
Technologically speaking, especially after combining those methods altogether, it is extremely difficult, but it is still possible. IP Traceback is a method to walk through until the origin of a packet on the Internet. This provides the authority to access the log of the crime and then ask the ISP for the original credentials of the address. But it certainly requires an exceptionally expensive and time consuming effort, as the techniques used to falsify the actual IP address making it look like the acts come from another different part of the entire world, thanks to VPN. The logs of every single node have to be checked, which proves to be exhausting.
For the TOR method, research using Volatility Framework has shown that it is possible to recover artefacts — including profiles, email address, node information — from devices that use TOR, by collecting the registry, memory, and storage from the devices. It is followed by attempts to retrieve other valuables such as browser history, email text, IP addresses, ports, and bandwith information. But this means the device has to belong to the suspects, while it seems impossible to accuse someone with the main cause of only “using the TOR browser”. Another approach is to ban TOR in some countries, namely Iran, China, and presumably French. But still, this sparks some controversies regarding people’s human rights to be vocal.
Conclusion
As being anonymous has always sparked arguments, one related to human rights and freedom of speech, while the others related to the provision for criminals to perform untrackable illegal acts, it is important for the authority to set strict boundaries which parts are legal and illegal to do anonymously, as well as readiness for the governmental security team to mitigate such crimes whenever and wherever they happen, as it turns out criminals can achieve certain decent level of being anonymous on the Internet.
Although the explanation of this blog is still very brief and shallow, I hope we all can learn about the use of online anonymity techniques for doing anti-forensics approaches as well as the attempts to break them down.
Christovito Hidajat
18218043
II4033 Digital Forensics
References
ResearchGate: Overview of Anti-Forensics Online Anonymity in Western Countries
