Modern Utilities and Techniques for Detecting Cyber Crimes

[Online_Sword]

Hi, I need your help here.

Recently, I participate a volunteer research project (everyone in my institute should participate at least one of such projects). In the project, the task assigned to me is to list some (the more, the better) modern techniques and utilities (network utilities, security softwares, etc) that can be used by the police and/or government to detect/prevent the crimes in the cyber space. For each technique/utility, we only need to provide a short introduction of 1~2 sentences (I do not need to write a long article).

I should say I am not familiar with this area, but I believe some members here should be experts in this field. I would appreciate it if you could provide me any materials (research papers/new reports/blogs/forum posts) on this topic. Thanks.

P.S. As mentioned in What is Cyber Crime? , cyber crimes have the following three forms:

1. The computer as a target - attacking the computers of others (spreading viruses is an example).
2. The computer as a weapon - using a computer to commit "traditional crime" that we see in the physical world (such as fraud or illegal gambling).
3. The computer as an accessory - using a computer as a "fancy filing cabinet" to store illegal or stolen information.

Please note that here we mainly consider the first two kinds of crimes, not all these three.

Furthermore, I need to find some detailed techniques/utilities, not general concepts. For example, Instruction Detection System (IDS) is more like a "general concept", while using the program "tcpdump" to classify packets is more like a "detailed" technique that can be used by IDS (described in wiki).

Both proactive tools and passive tools would be acceptable.

Thanks!

 

[DracusNarcrym]

Take a look here, for starters:
List of digital forensics tools - Wikipedia, the free encyclopedia

What you are looking for, generally, is software utilities that facilitate the methodology of computer-assisted cyber-forensics, so looking up software related to "cybersecurity forensics" or simply "forensics" in Google or in your search engine of preference, should generate many relevant results which you can research.

I am currently away from my PC but I will attempt to enumerate a good number of such tools in a later post of mine in this thread, once I get back to my computer.

Very interesting topic for a thread, by the way.

 

[Online_Sword]

Thank you @DracusNarcrym for the materials.

Some tools listed in the wiki page, such as EnCase, FTK, and TcpDump, are also mentioned in the introduction of the task assigned to me, so I think you have helped me to find the right information! So, what I need to find includes "digital forensics tools" (I do not know this before), instruction detection tools (IDS), packet analysis tools, etc. I think wiki can help a lot here. Thanks!

 

[Deleted member 178]

Computers as targets

You dont have much ways, since government can't monitors and protect every computers on the net.

The best way is to set up "Honeypots", those are traps disseminated across a network that will lure the attackers to believe the system they try to penetrate is a legit one which is not. Then the attackers actions are logged for further investigations.

Computers as weapons

Now this is different story, since the best weapons to rapidly take down a system is a DDoS attack fomented by botnets, since when the attack is perpetrated by multiple computers at same time sending a flood of packets that use lot of bandwidth; the government would be able to detect them via their own monitoring tools.

Those 2 methods are large scales techniques; of course smaller attack forms and counter-measures exist, but i think you know them already.

 

[Online_Sword]

Thank you for the information @Umbra .

However, personally, I prefer to find some tools that can be "named", to complete my report.

I think that some powerful tools used by strong government departments, like NSA, will not have widely-known names. But if you know some counter-measures that are used by smaller departments (smaller than NSA), please list some. I would appreciate it.

 

[DracusNarcrym]

@Online_Sword

The NSA are either using major proprietary forensics software such as Forensics Toolkit (FTK), as you mentioned above, or software that was specifically developed by the agency itself, or as a contract (comission) by other companies for the agency, but in this case that software is most probably confidential and withheld from the public (for apparent reasons).

Anyway, here are some additional, thorough resource pages for forensics tools:

• Free IT forensic software | Free computer forensic software tools | Forensic Control
• 21 Popular Computer Forensics Tools - InfoSec Resources
• Computer Forensics Software

I believe that these resources, combined with the wiki page above, should be sufficient to help you with your assignment.

Good luck!

 

[Online_Sword]

Thank you very much @DracusNarcrym !

 

[DracusNarcrym]

Thank you very much @DracusNarcrym !

You're welcome! Good luck with your assignment!

P.S. Edited my previous message with two additional resource pages.

 

[Deleted member 178]

I think that some powerful tools used by strong government departments, like NSA, will not have widely-known names.

Echelon ? sound familiar to you
Prism (more for spying than protecting users)

In fact governemnet are no much interested by monitoring the net to protect users but more to spy on them.

If your project were "how government spy in us?" i would give you many links and you will finish with a dictionary size report ^^

 

[DracusNarcrym]

Here's another interesting application:
PortExpert by KC Softwares

There's also a thread for it right here on MalwareTips.

 

[Deleted member 178]

in fact, all the tools mentioned by @DracusNarcrym are common forensic/monitoring tools to watch networks; and there is plenty of them; now finding policewares/govwares is more difficult.

 

[DracusNarcrym]

Amnesty International has enumerated software deployed primarily by the NSA which can be considered to be used in the context of "cybersecurity" (theoretically, of course ):
https://www.amnesty.org/en/latest/c...es-with-silly-codenames-used-by-gchq-and-nsa/

Here is a Wikipedia article on computer and network surveillance which also outlines several tools used by governments and/or police authorities:
Computer and network surveillance - Wikipedia, the free encyclopedia

 

[Deleted member 178]

Amnesty International has enumerated software deployed primarily by the NSA which can be considered to be used in the context of "cybersecurity" (theoretically, of course ):

"Theoretically" is the keyword here

i don't believe one second the NSA being "ethical" , if it does , it couldn't do its job anymore , and would put the key under the door.

 

[hjlbx]

@Online_Sword

I suggest you communicate with @Klipsh and Nico@FMA on this one.

When it comes to forensic utilities, they are a whole world unto themselves.

There's a bunch of freeware stuff out there - but very, very few here at MT use them...

 

[DracusNarcrym]

i don't believe one second the NSA being "ethical" , if it does , it couldn't do its job anymore , and would put the key under the door.

I think we can be straightforward about NSA, I don't think they will get offended...
They are just instruments of power.

Now whether there is an underlying ethical code as to their operation, it might as well exist, but it's definitely not enforced.

 

[hjlbx]

I think we can be straightforward about NSA, I don't think they will get offended...
They are just instruments of power.

Now whether there is an underlying ethical code as to their operation, it might as well exist, but it's definitely not enforced.

I am American. NSA are paranoid idiots. Average Americans are paranoid idiots. It is my right to say so...

 

[DracusNarcrym]

I am American. NSA are paranoid idiots. Average Americans are paranoid idiots. It is my right to say so...

The NSA, specifically, like every governmental "agency" in the world, are also profiteers.

I think we just derailed this thread into the river... lol

 

[hjlbx]

I think we just derailed this thread into the river... lol

S* happens...

 

[LabZero]

@Online_Sword

Time ago in my school we have done a similar project, I will post here my job (part of my work-test) about this, hoping that it will be useful for your purpose.

We consider the main phases of an attack exploited by a hacker to be able to understand how it works generally this attack and the tools often used.
I used the open source distribution BackBox an operating system dedicated to penetration testing. Using a Pen Testing oriented distribution we have a flexible system and optimized to conduct various safety tests!

The Information Gathering aims to collect information on the target as a list of domain names, the platform architecture, demarcation of IP addresses, systems and active ports, services offered, and finally a list of contacts and emails in case of social engineering attack. The data collected at this stage will allow us to choose the line of attack to follow in the next step.

The activity of Vulnerability Assessment to identify each vulnerability by creating a complete list of the state of network analysis to show all known vulnerabilities, but it cannot accurately assess the actual exploitability. This task involves habitually used automated tools which, thanks to their scanning speed to analyse in a short time a large number of services.

The next stage of Exploitation allows you to search within a software vulnerability can cause an unexpected target system for our attack. This technique often allows you to gain control of a computer system, elevation of privilege or a Denial of Service. There are several methods of classifying exploits, in general we have a remote exploit if made through the network or a local exploit if we work directly on your system.

During the Privilege Escalation exploit us access proceeds through the exploit to increase their privileges. This can be done using additional system vulnerabilities, sniffing packets in transit on the network or simply trying to get a user's passwords.

The first phase is only collecting information base of the structure under review but then we go to Port Scanning using Nmap, a free software able to detect open ports and network services available on the target system, or even on a range of IP addresses. Nmap is certainly an indispensable tool for an Auditor, the software is available on the command line, but for those who want to take advantage of a practical graphic interface you can use Zenmap.
You have this information we will use Maltego to help organize the data collected by drawing a complete and detailed scheme on the nature of the network that we are examining.

Collected the most important data we can carry out an automated analysis of the services running on the system using Openvas a free framework released under the GPL for automatic scanning for vulnerabilities.
Openvas uses a convenient WEB interface to interact with the user and a software preinstalled on BackBox available within the menu "Auditing" > "Vulnerability Assessment" but it is essential to launch the associated services "Services" menu of BackBox.

Openvas allows us to obtain in a short time an automated scan of all services running on the system and detect any known vulnerabilities, it's up to us to choose between the possible outcomes the exploit suitable to our purpose.

To exploit this vulnerability will use Metasploit, a tool for developing or running exploits, it gathers several utilities and hundreds of exploits. Metasloit is available inside BackBox within the menu "Exploitation".

Got root access to the system you can leverage a backdoor to access more easily to the system later.
But I have to stop here for obvious reasons...

Good work!

 

[DracusNarcrym]

@Klipsh

That's an extensive read, right there... Simply impressive!

If I might add, an equally versatile alternative pentesting Linux distribution to BackBox is Kali Linux.

In fact, here's a list of the most popular ones:
Linux Penetration Testing Distributions