UN Publishes Law Enforcement Techniques 12-09-2012, 07:09 AM
#1
http://www.hacker10.com/other-computing/...echniques/
(The below I got from an .onion forum, the guy has the same username as me, but it isn't me.)
Summary:
Terrorists have adapted to use the internet to their advantage. They commit acts of online fraud, such as carding, to fund their ventures. Terrorists also use the internet as an attack vector, using it to lever attacks on their enemies using denial of service attacks to disrupt commerce, and more complex hacks to disable infrastructure.(NOTE FROM W00t: See the similarities between Anonymous and a terrorist? That's because they are pretty much the same these days) The internet also offers counter-terrorism operations to be more effective in dissuading potential terrorists from joining the militant groups, by increasing the geographic range a message can reach.
The United Nations has the following tips for any agency attempting to gather intelligence on a target employing computers in their operation:
1. Wiretaps. If you can intercept, or, in a more offensive counter-terrorism operation, disrupt, the target's communication, any communications are now either readable by you, or the target has lost ability to communicate.
(NOTE FROM W00t: If it isn't breaking any laws, disrupting the communication would be more effective, especially in cases of encrypted communications, because the target will likely be sloppy in trying to get comms back up.)
2. Because of the differences between VOIP and classic telephony(land-line style telephony), the provider will not likely be able to produce concrete evidence. It can still be used to corroborate other evidence, or track down a target.
3. E-mail is just as important to most targets as most people. Unencrypted, sent e-mails provide easily traced information about both parties. A technique more common now, after successfully employed in the 2004 Madrid attacks, is to use an e-mail account as a dead drop, sharing the password between members of an organization, and leaving messages in the "Drafts" folder.
Encryption is also a common tool. If it is a weak or misimplemented encryption scheme, a professional in the field can retrieve the plain-text from it. Otherwise, traditional interrogation must be used to retrieve the passwords required to decrypt.
4. Chat rooms have died out recently, but terrorists still love them. Fortunately for the counter-terrorist networks, they're also fairly easy to obtain solid evidence from. The chat room provider, and in some cases the ISP, can be subpoenaed for relevant logs. In some localities, covert officers may also be inserted to collect intelligence.
5. Encryption is used by most organizations to protect data these days. Terrorists use the same methods to protect their information as [the UN] does, and thus it cannot be broken, with today's technology. Timing raids to coincide with when the target will be accessing incriminating data is paramount, unless you live in a country with penalties for failing to provide passwords for decryption.
(NOTE FROM W00t: Even if it's illegal for a target to withhold a password, you should still try to time your raid, because the target may elect to accept the sentence for withholding the password over the sentence for whatever they are being pursued for.)
6. TrueCrypt, a common tool for full-disk encryption, has touted its ability to have a hidden drive, enabling the target to only give an officer access to a partition not containing actionable intelligence. If what you see isn't what you expected, have a professional analyze the entire disk, looking for gaps in what is available.(For example, if the disk holds 1TB, but the OS that boots only has 500GB available to it, a hidden drive is likely.)
(NOTE FROM W00t: There is no precedent on this, but a lack of data allocated is unlikely to be accepted as concrete proof of a hidden drive, so I wouldn't mention in interrogation how you know there is a hidden drive.)
7. A new method of internet has been used recently, fortunately not among terrorists. People wishing to be untraceable to the companies that own traditional networks have shifted to using HF radio, on shifting frequencies. Because no terror organizations have picked up on this, the current threat is limited, and so there are few methods to track and trace such signals.
(NOTE FROM W00t: This is certainly the most interesting. Shifting frequencies means that law enforcement would have difficulty finding the signal initially, even if the communication is always done at the same time of day. Because of the nature of radio, physical location of the transmitter would also be harder to pin down(the receivers would be practically impossible to trace), since 3 points are needed for triangulation, and the transmitter could be moving. It would be relatively simple for an agency to disrupt communications, however.)
8. Use viruses to gather actionable intel. Not legal in most localities, so this would really only be used in offensive operations.
9. When a computer(including a phone) is seized, strive to keep it in a powered, unlocked state as much as possible. Certain actionable intelligence will be lost when the computer is left unpowered. Make copies of all storage devices, and when analysis of the computer is plausible, keep it as it was seized as much as possible.
(NOTE FROM W00t: If keeping the computer on is not possible, attempt to take a picture of the list of currently running applications, and the active view for each application. Instructions on how to do so should have been included in the operation briefing.)
10. Do each other favours. If a friendly nation asks for you to help with an operation, pursue the operation as if it were your own. As a union, everyone is stronger.
11. The private sector is a valuable resource. They are not bound to respect the rights set forth by your nation's constitution, and, when hired as a contractor, international law does not hold you responsible for how intelligence is acquired, just the resulting intelligence.
(The below I got from an .onion forum, the guy has the same username as me, but it isn't me.)
Summary:
Terrorists have adapted to use the internet to their advantage. They commit acts of online fraud, such as carding, to fund their ventures. Terrorists also use the internet as an attack vector, using it to lever attacks on their enemies using denial of service attacks to disrupt commerce, and more complex hacks to disable infrastructure.(NOTE FROM W00t: See the similarities between Anonymous and a terrorist? That's because they are pretty much the same these days) The internet also offers counter-terrorism operations to be more effective in dissuading potential terrorists from joining the militant groups, by increasing the geographic range a message can reach.
The United Nations has the following tips for any agency attempting to gather intelligence on a target employing computers in their operation:
1. Wiretaps. If you can intercept, or, in a more offensive counter-terrorism operation, disrupt, the target's communication, any communications are now either readable by you, or the target has lost ability to communicate.
(NOTE FROM W00t: If it isn't breaking any laws, disrupting the communication would be more effective, especially in cases of encrypted communications, because the target will likely be sloppy in trying to get comms back up.)
2. Because of the differences between VOIP and classic telephony(land-line style telephony), the provider will not likely be able to produce concrete evidence. It can still be used to corroborate other evidence, or track down a target.
3. E-mail is just as important to most targets as most people. Unencrypted, sent e-mails provide easily traced information about both parties. A technique more common now, after successfully employed in the 2004 Madrid attacks, is to use an e-mail account as a dead drop, sharing the password between members of an organization, and leaving messages in the "Drafts" folder.
Encryption is also a common tool. If it is a weak or misimplemented encryption scheme, a professional in the field can retrieve the plain-text from it. Otherwise, traditional interrogation must be used to retrieve the passwords required to decrypt.
4. Chat rooms have died out recently, but terrorists still love them. Fortunately for the counter-terrorist networks, they're also fairly easy to obtain solid evidence from. The chat room provider, and in some cases the ISP, can be subpoenaed for relevant logs. In some localities, covert officers may also be inserted to collect intelligence.
5. Encryption is used by most organizations to protect data these days. Terrorists use the same methods to protect their information as [the UN] does, and thus it cannot be broken, with today's technology. Timing raids to coincide with when the target will be accessing incriminating data is paramount, unless you live in a country with penalties for failing to provide passwords for decryption.
(NOTE FROM W00t: Even if it's illegal for a target to withhold a password, you should still try to time your raid, because the target may elect to accept the sentence for withholding the password over the sentence for whatever they are being pursued for.)
6. TrueCrypt, a common tool for full-disk encryption, has touted its ability to have a hidden drive, enabling the target to only give an officer access to a partition not containing actionable intelligence. If what you see isn't what you expected, have a professional analyze the entire disk, looking for gaps in what is available.(For example, if the disk holds 1TB, but the OS that boots only has 500GB available to it, a hidden drive is likely.)
(NOTE FROM W00t: There is no precedent on this, but a lack of data allocated is unlikely to be accepted as concrete proof of a hidden drive, so I wouldn't mention in interrogation how you know there is a hidden drive.)
7. A new method of internet has been used recently, fortunately not among terrorists. People wishing to be untraceable to the companies that own traditional networks have shifted to using HF radio, on shifting frequencies. Because no terror organizations have picked up on this, the current threat is limited, and so there are few methods to track and trace such signals.
(NOTE FROM W00t: This is certainly the most interesting. Shifting frequencies means that law enforcement would have difficulty finding the signal initially, even if the communication is always done at the same time of day. Because of the nature of radio, physical location of the transmitter would also be harder to pin down(the receivers would be practically impossible to trace), since 3 points are needed for triangulation, and the transmitter could be moving. It would be relatively simple for an agency to disrupt communications, however.)
8. Use viruses to gather actionable intel. Not legal in most localities, so this would really only be used in offensive operations.
9. When a computer(including a phone) is seized, strive to keep it in a powered, unlocked state as much as possible. Certain actionable intelligence will be lost when the computer is left unpowered. Make copies of all storage devices, and when analysis of the computer is plausible, keep it as it was seized as much as possible.
(NOTE FROM W00t: If keeping the computer on is not possible, attempt to take a picture of the list of currently running applications, and the active view for each application. Instructions on how to do so should have been included in the operation briefing.)
10. Do each other favours. If a friendly nation asks for you to help with an operation, pursue the operation as if it were your own. As a union, everyone is stronger.
11. The private sector is a valuable resource. They are not bound to respect the rights set forth by your nation's constitution, and, when hired as a contractor, international law does not hold you responsible for how intelligence is acquired, just the resulting intelligence.
![[+]](https://sinister.ly/images/modern/collapse_collapsed.png)
