Name: Challenges Facing Law Enforcement and the Intelligence Community

Text: it's v a t - a m y l

SSWor

® Intelligence Support Systems for Lawful

Interception, Criminal Investigations and
Intelligence Gathering

E6 World
Prague. CZ
3-5 June 2014
Washington, DC
6-8 October 201-4
Dubai. UAE
3-5 March 2014

?atiana IL

Kuala Lumpur, PAY
2-4 December 2014

E t 49
Brasilia, BR
8-113 September 2015
Johannesburg, ZA
15-17 July 2014

Top Ten Internet Challenges Facing Law
Enforcement and the Intelligence
Community and Other Challenges/Solutions
Presented By:
Dr. Jerry Lucas

President, TeleStrategies
4 March 2014
Dubai, UAE
Telf.SItg-ptegiest

Top Ten Internet Challenges Facing Law
Enforcement and the Intelligence Community
1. F i b e r Bandwidth Growth
2. Smartphones
3. Encryption
4. Social Media Monitoring
5. Increasing Data Volume
6. Tactical Surveillance
7. A l l IP LTE Mobile
8. D a r k Web
9. D a r k Email
10. Regulatory Shortcomings
3

Telsacel:tegiest

Challenge 1: Fiber Bandwidth Growth
1. N e w Fiber System Deployments
2. Channel Speed: 100 GBPS and Growing
3. M u l t i p l e Layer 2 Protocols: WDM, ATM, Ethernet,
MPLS and more
4. M u l t i p l e Intelligence Agency Access
5. Security Compartmentalization and more

Tol§tircptegiesl•

100%3

International Bandwidth Usage

100

Annual Growth
80c/o

20c/0

0*/0

0
2008

2009

2010

2011

2012

TelleStrategies7
v•wwtekcitaregies cam

5

Country

Landing Site
Country
2

Country
3
3

W

TeleStrategiess7
Wv%do-4,trRif or

Optical Probes and DPI in 10 to 100 GBPS Networks
TODAY'S SESSION ON THIS TOPIC
9:30-10:00
Track 1: True 100G Based — xRy Single Serve Capture, FiberBlaze
Track 5: Interception and Intelligence Gathering I m p a c t of Growing Bandwidth and
New IP Applications, SS8
14:00-14:30
Track 1: Application Level Interception in 100G Networks, Invea-Tech
15:30-16:00
Track 1: Recall IP Intercept — The Next-Generation Interception at 10 Gigabites and

Beyond, iSolv Technologies

TOMORROW'S SESSION ON THIS TOPIC
10:30-11:30
Track 5: Sigint in High Bandwidth Networks, Deep Dive In Solutions Scenarios and Best

Practices, Network Performance Channel

TeleStrategies*
8

Annie.tclestrategkes corn

TRADITIONAL
Landing Site

v

YY Y

Y

1/10Gbps

Agency 1 Agency 2 Agency 3

Agit"' 1

DWOM

Agency 2

Agency 3

6

Agency 1 Agency 2 Agency 3

TeleStrategiesx
„fry,v •ttestra rives corn

#1 DPI and Optical Probe Vendors
Expert-Team
Fiberblaze
Glimmerglass
Inveatech
Narus
NPC
SS8

TeleStrategiesx

Challenge 442: Smartphones
What's Good
• Image capture with geolocation information
• High forensics value
• Useful law enforcement applications
• And more
But: SmartPhone create law enforcement and
Intelligence Gathering Challenges
10 T O t a r f S e g i e s x

Challenge #2: Smartphones
Why?
1) Call set-up not visible to telecoms.
2) Non-regulated third party based
3) Little if no call detail records kept
4) M o s t traffic peer-to-peer
5) T h i r d party servers located out of country
6) Traffic likely to be encrypted
7) Emerging product market for criminals and terrorists
And timely smartphone vendor support!!!
11

TeleStrategies'

Smart Phone Sessions and Exhibitors at
ISS World Middle East
Track 3: Open to All Attendees (11 Sessions)
Track 5: Product Demonstrations
• NeoSoft Product Demonstrations Today (11:30 AM) and Tomorrow (10:30
AM)
• U F O Technologies Demonstration Today (15:30)

It2 MOBILE LOCATION AND SURVEILLANCE EXHIBITORS AT ISS WORLD MIDDLE EAST
istWAP

E

s

r

i

N

Advanced Systems E X F O
Aglaya

G

a

m

m

t

L

E

e

p

i

d

S

O c t a s t i c

a

C

Covidence M o b i l a r i s
Creativity Software N e o S o f t

I

M

S i n o v a t i o

Group P o l a r i s Wireless S i r i u s

Aqsacom G r o u p 2 0 0 0
BTT

r

R

P r o v i d e n c e
C

S

S 3 t e l

U

U
t

V A

S e m p t i a n

i

K

m
S

a

T e

Speedog
c
c

o
h
12

Challenge #3: Encryption

• Encryption Products are Available at Low Cost $ 5 0 ) or Free with
Easy Installation for Almost any IP Enabled Smart End-Device
Yielding End-To-End Encryption
• M a n y P2P, Social Networks, Webmail and VoIP Services (Skype) are
Encrypted
• Tr a d i t i o n a l Lawful Interception Solutions cannot Provide Content
De-Encryption and Encrypted Content is Useless to LEA/IC
• C a n ' t Block All Encrypted Traffic!
TeleStrategiesx
invw,ekstrategies corn
13

Goo& Gmail Intercept: An Example
/
Sender
A. Sender/Receiver Personal Data
B. S e n d e r Mentions Hawaii!
C. G e t an AD Featuring an
Hawaii Hotel, Air Fare Packages,
/

Receiver

A t
Communications
Encrypted

Encrypted
Underway e t c .

A
N
D

Other
o
Google
a

Servers

t
t
t

Encrypted
a

Lawful Intercept
Success?

14

TeleStrategies®

LEA/IC Methods to Defeat Encryption
1. C r a c k the Encryption Code (256 and 1024 Bit Keys)???
2. C o e r c e the Private Key Holder (Certificate Authority) to Turn
the key over
3. M a n - i n the middle attack:
4. I n t r o d u c e weakness in encryption standards (NISI issue)
5. I n s t a l l Spyware
6. S n a r e the messages before they are encrypted!!!
7. O r just collect the Metadata

15

TeleStrategies®

'SS World Program Addressing Encryption

Track 4: Encrypted Traffic Monitoring and IT Intrusion
Product Training and Demonstrations
(11 Scheduled 1 Hour Sessions)

16

Two,5tcp,:tegies.

!SS World Middle East 2014 I T Intrusion
Exhibitors and Presenters
AGT
ClearTrail
FinFisher
GR Sistemi
Hacking Team
iPS
iSolv
VuPEN
17

TeleStrategiesx

Internet Challenge 444: Social Media Monitoring
Exponential User Growth (Facebook Example)
• 1 . 1 Billion Subscribers (July 2013)
• 9 0 0 Million Subscribers (June 2011)
• 4 0 0 Million Subscribers (January 2010)
• 6 0 0 Million Subscribers (November 2010)
• 7 5 0 Million Subscribers (October 2011)
• 3 0 0 Million Subscribers use Facebook for messaging (November 2010)

Why Monitor Social Networks?
A. Criminals and Terrorists Use Them To:
- Communicate
- P l a n Illegal Activities
- Fundraise
— Training and More

B. Population Shift From Traditional Telecom Services to Social Network Based
Services
C. N o Intercept Infrastructure (in general) to Support Lawful Interception and
Intelligence Gathering
And More
18

TeleStrategiesx

Specific Social Network Monitoring Sessions Today
9:00-10:00 Track 6
Deep Intelligence From Twitter & Facebook — A Live Demo of KIS, Knowlesys
11:30-12:00 Track 2
POMS: An Intelligent Tool to Drill Down on Facebook and Twitter, Semptian
Social Media Intelligence, ISmSC
11:30-12:30 Track 6
War on Social Media and Stealing Intelligence, AGT
14:00-15:00
Safe use of Social Media, Raytheon

19 T e l e S t r a t e g i e s *

Specific Social Network Monitoring Sessions Tomorrow

8:30-9:30 Track 6
"10 Network Monitoring" — Social Media Monitoring Solutions, GsmSoft
10:30-11:30 Track 2
Social Media and LI Technology Perspective, C2Tech
Integrated Intelligent Profiling with OSINT, Tasheel
12:00-13:00 Track 6
Social Network Monitoring Session, ClearTrail Technologies

20

TeleStrategiesx

!SS World Middle East 2014 Intelligence
Center AnaInks Vendors
Advanced ME Systems
AGT
ATIS
BAE Systems
C2TECH
ClearTrail
Cyberpoint
GR Sistemi
Group2000
GsmSoft
ISnSC
Knowlesys
Narus
Nuance
PGI
Phonexia
Raytheon
Semptian
Tasheel
Trovicor
Xalted
21

TeleStrategies®

Challenge tt5: Increasing Data Volume
Each Minute*:
• 4 7 , 0 0 0 People Download an Apple App.
• 1 0 0 , 0 0 0 Tweets hit Twitter
• 3 0 0 , 0 0 0 People Log on to Face book
Plus New, Volumeous Data Sources
• L i c e n s e Plate Readers
• Surveillance Cameras
• B i o m e t r i c Data
• A n d More
*Source: Investment Business Daily (April 4, 2012)
22

TeleStrategiesx
1414W Minratere c a m

Solution: Big Data Analytics
What is it?

• A b o u t the process of examining a large amount of data
• D a t a of different types
• U s e d to uncover different patterns, unknown correlations and
other useful information
Key Advantages: Can use web analytics to manage and monitor
large amounts of data

23

TeleStrategies®

Big Data Analyrics Sessions
Today, Track 6:
9:00-10:00 A n Overview of Data Clarity: Using Visual Analytics to Investigate Desparate Content,
Raytheon
11:30-12:30 Klarios Analytics: Finding the Truth, ATIS Systems
Today, Track 2:
12:00-12:30 SIGINT, OSINT, Humins: Massive Data Fusion, Search and Analytics in 3 clicks,
Advanced Systems
12:00-12:30 IP Deep Investigation Analytics, trovicor
14:30-15:00 Engineering a Safer World — Oceans of Data, Xalted
15:30-16:00 Gain Situational Awareness with Big Data Analytics, NARUS
16:00-16:30 Speech Intelligence Platform — How to Mine Data from Speech Records, Phonexia
16:30-17:30 IntelliCenter — Real Time Insight to make informed decisions, Xalted

24

TeleStrategies®

ISS World Middle East 2014 — Social Network
Monitoring and Big Data Analytics Exhibitors
Advanced ME Systems
AGT
ATIS
BAE Systems
C2TECH
ClearTrail
Cyberpoint
GR Sistemi
Group2000
GsmSoft
ISnSC
Knowlesys
Narus
Nuance
PGI
Phonexia
Raytheon
Semptian
Tasheel
Trovicor
Xalted

25

TeleStrategies®

Challenge #6: Tactical Surveillance
1. Processing and Analyzing "Geolensed" Call Detail
Records
2. Inbuilding Locations
3. 3 G and 4G Antenna Coverage
• First Omni Directional (3601 and Large Cell Site Coverage Area
• Second Development: Sectorized Antenna (1201 and Microcell
Coverage
• Today 3G & 4G: MIMO Antenna and In Building Coverage

MIMO = Multiple-Input and Multiple Output
26

TeleStrategies®

Challenge #6 : Tactical Surveillance
Tracks 3 and 7 Sessions Today and Tomorrow
Track 3: 11 Sessions
Track 7: 11 Sessions
Location Exhibitors
istWAP
Advanced Systems
Aglaya
Aqsacom

BIT
Covidence
Creativity Software
Esri
EXEC)

Gamma Group
Group2000
LEC
Mobilaris
NeoSoft
Ntrepid
Octastic
Polaris Wireless
Providence

Surveillance Exhibitors
RCS
S3tel

Covidence

Semptian

Semptian
SIM

Gamma Group

Sinovatio

Providence

UK Speedog

Sinovabo
Sirius
UK Speedog
Ubmaco
VASTech

27

TeleStrategiesx
moneksrtareges com

Challenge #7: An All IP LIE Infrastructure
Long Term Evolution (LTE) and Voice Service Options
1. U s e 2G/3G Circuit Switching for Voice
(So Called LTE-CSFB)
2. S e n d Voice as VolP over Data Broadband Service
(So Called Over The Top)
3. Replace Circuit Switching and Move to an All IP
Infrastructure
(So Called LIE — With IP Multimedia System (IMS)
28

T,Itaccia,ctegiesx

LIE and Voice Network Options
1. LTE and Circuit Switched Fall Back (CSFB)
GPRS/HSPA

IP



>

1,P77
Voice
SMS
Smartphone

Voice
S MS
SNMS

Service

GSM
MS0

SMSC

Gateway

2. LTE and IP Multimedia Subsystem (IMS)

All Traffic

Smartphone

Service
Gateway
29

TeleStrategies®

LTE Evolution and Lawful Interception
Session
Track 1 Today: 15:30-16:00
Lawful Interception of LTE, VoLIE and RCS, Utimaco Software AG
Track 7 Today: 11:30-12:30
CDMA Catcher and GSM/3G/LIE Catcher with Public Number
Detection, NeoSoft AG

TeleStrategies®

Mediation, Data Retention and Monitoring Center
Vendors at ISS World Middle East 2014
Advanced Systems
AGT
Aqsacom
AREA
ATIS
BTT
ClearTrail
COM-SUR
Global Security Network
GR Sistemi
Group2000
INNOVA
iPS
iSolv
RCS
Sinovatio
SS8
Trovicor
Utimaco

31 T e l e S t r a t e g i e s ®

Challenge U8: Dark Web

Dark Web Example: Silk Road
• T h e eBay of Illegal Drugs
• U S FBI Says $1.2 Billion Transactions Until Shut Down
• To o k The FBI Two And A Half Years to Shut It Down and Just Four Weeks
for Another to Pop Up As Ill
What Enables Dark Web?
1) T O R (Suite of Software and Routers Enabling Anonymity)
2) B i t c o i n (Crypto Currency That Is Virtual, Anonymous and Virtually
Untraceable Currency)

32 T e l e S t r a t e g i e s ®

How TOR Works
Encrypted

TOR Nodes

Alice
TOR
Directory
Service

I

---->
11-11;

04agitt

Alice's TOR
Client picks
a random
path to
destination
server

_


Not Encrypted

iragq-l-g;

liCm#41—FL),

I
gnhv414

tatita—ia\

* _
,g

— —›

I
A4134

Bob
Clear Path
Encrypted Path

* Destination Identifies Message Sender as Last TOR
33

T e l e S t r a t e g i e s ®

Today's Dark Web

TOR
Network
Silk
Road
Server

Buyer

>
Seller
A

Encryption

Encryption

Buyer
To
Bitcoin

Bitcoin
Server

14

Seller
To
Bit Coin

TeleStrategies®

Defeating Dark Web Operations
(Source: Bloggers and the Press)
1. I d e n t i f y TOR Users
2. S h i f t Traffic to "Government Man-in-the-Middle" Router
3. A t t a c k the Targets Installed TOR Web Browser
4. C r e a t e a TOR Users Database
5. I n f e c t The Targets with Intrusion Software
But, you need the assistance of Telecom Operators to identify
TOR users and routing traffic to MITM infrastructure
Who has solutions at ISS World Middle East 2014?
Ask the IT Intrusion Vendors!

TeleStrategies®

Challenge #9: Dark Email
Today's Email
• 9 5 % Non-Encrypted
• B u t , You Have Free Encryption Called Pretty Good Privacy and
Public-Key Cryptography
• Privacy Advocates Problem with P.G.P. -- Metadata Sent in the
Clear

Two Initiatives to An All Encrypted Email World
1. IETF's Prism-Proof Email Protocols or HTIP 2.0
2. D a r k Mail Alliance

36

T e l e S t r a t e g i e s ®

How does HTTP work?
Request/response protocol
crini
Phone, laptop,
tablet,

WI?
Headers

www.telestrategies.com

HTTP Request
HTTP Response
Status Line
HIP
Headers

Content
lits••••••••••••••.

Web Content
Displayed in
Browser

HTIP 1.1 vs. HTTP 2.0
HITP 1.1 is slow
— Request one at a time, text then image & next image
Each request is acknowledged and processing goes on

HTIP 2.0: Fast, complex and will be an LEA/IC challenge
— Multiple requests, multiple HTML elements per connection
— HTTP headers are compressed
— Encryption mandatory
— IETE determined to Prism-Proof the Internet with HTTP 2.0
— And more

38

TeleStrategies®

Dark Mail Alliance
1. P r i v a c y advocate short comings of third party encryption services like
Lava Bit and Silent Circle:
They store your encryption key and are subject to court orders to
release the crypto keys.
2. D a r k mail alliance started up by Lava Bit, Silent Circle and outside
investors
3. W h a t is the Goal:
— A l l content, subject line and metadata sent encrypted
— Generated keys are only held shortly and never on a server
— Device generated keys and a new one for each email

39

T

e

l

e

Strategies®

Solutions to Dark Mail?

Ask The IT Intrusion Vendors at ISS World Middle East
But Both HTTP 2.0 and Dark Mail Alliance Are Works in
Progress

Challenge U10: Regulation Shortcomings
1. M o s t Lawful Intercept Laws are Outdated and It's Voice Circuit
Switched Based
2. G P S Tracking and Conflicting Court Decisions
3. N o "Lawful Intercept Type" Mandates for Portals and Social media
4. N o Inter-Service Provider User Authentication
5. I E T F and Its "Prism-Proof" Internet Goal
And more!
Recommended Session Tomorrow:
8:30-9:00
New LI/RD Standards Initiatives

Tony Rutkowski, VP, Yaana Technologies
41

TeleStrategies®

Top Ten Internet Challenges Facing Law
Enforcement and the Intelligence Community
1. F i b e r Bandwidth Growth
2. Smartphones
3. Encryption
4. Social Media Monitoring
5. Increasing Data Volume
6. Tactical Surveillance
7. A l l IP LTE Mobile
8. D a r k Web
9. D a r k Email
10. Regulatory Shortcomings
42

1.095tig7aegies*

ISS Product Segmentation
1. Ta r g e t Terminals (Spyware & Forensic Vendors)
2. L o c a t i o n & Surveillance Vendors
3. O p t i c a l Probe/DPI Vendors
4. M e d i a t i o n and Mediation/DPI Vendors
5. D a t a Retention and Mediation/Data Retention Vendors
6. M o n i t o r i n g Center: Front End
7. M o n i t o r i n g Center: Back End (or Office)
8. S e c u r e Networks
9. I n t e l l i g e n c e Center Analytics

43

TeleStrategies®

Lawful Interception, Intelligence Gathering, Telecom
Networks and ISS Vendors
Telecom M e d i a t i o n
Networks P l a t f o r m s

Customer
Premises
Equipment

ti
LI
coo
coo
CDC

1
1
1
1
1
1
1
1
1

Wireline

Data
Retention
Storage

1
1

HI2, HI3

1

Monitoring
Center

Handover
Network
Services

Intelligence
Center

Internal
Network

Analysts:
Data






Mobile
Data

LEA
Interior
Defense
Others

1
1
1

r t g a
Data

11 A f t • f ±

f

i

f i

44

T

e

l

1

Secure
Communications
Vendors

Monitor
Center
Vendors

Telecom
Operators

IT Intrusion L o c a t i o n / O p t i c a l M e d i a t i o n D a t a
and S u r v e i l l a n c e Probe/ V e n d o r s R e t e n t i o n
Forensics V e n d o r s D P I Vendors
V e n d o r s
Vendors

1

e

Visualization/
OSINT/
Big Data
Ana lytics
and other
Vendors

Strategies®

TeleStrategiese'

S S World'He

Eaa

Intelligence s u p p o r t S y s t e m s f o r Lawful I n t e r c e p t i o n ,
Criminal I n v e s t i g a t i o n s a n d I n t e l l i g e n c e G a t h e r i n g

-Exhibitors and-Se: • sors
istWAP

Fin Fisher

Advanced Systems
Aglaya
AGT

Gamma Group
Glimmerglass

Octastic
PGI
Phonexia

Aqsacom
AREA
ATIS

Global Security Network
GR Sistemi

Polaris Wireless
Providence

Group2000
GsmSoft

Raytheon
RCS

BAE Systems
BTT

Hacking Team
INNOVA

S3tel

C2TECH

Inveatech
iPS

ClearTrall
Cobham
COM-SUR
Covidence
Creativity Software
cyberpoint
Data Direct
Esri

Semptian
SIM

ISnSC
iSoly

Sinovatio
Sirius
SS8

Knowlesys
LEC

Tasheel
trovicor

Mobilaris
Narus

UK Speedog
Utimaco
VASTech

EXFO

NeoSoft
NPC

Expert-Team
Fiberblaze

Ntrepid
Nuance

VUPEN
Xalted

Lawful Interception and Intelligence Gathering Exhibitors
at !SS World Middle East
Customer
Premises
Equipment

IT Intrusion
AGT
AREA
ClearTrail
Fin Fisher

r i
cmo
ono
coo

GR Sistemi

Telecom
Networks

1
1
1
1
1
1
1
1
1
1

Data

Mediation
Platforms

Retention
Storage

HI2, HI3
Data
Private
Lines

Mobile

ISP

N

iSolv
VUPEN
UP

IT Intrusion L o c a t i o n /
and S u r v e i l l a n c e
Forensics V e n d o r s

Data

optical
Probe/
DPI Vendors

Mediation
Vendors

Data
Retention
Vendors

ft
Telecom
Operators

Location and surveillance Vendors

Creativity Software
Esri
EXEC'
Gamma Group
Group2000
LEC
Mobilaris
N I n n C n f t

UK Speedog
Utimaco
VASTech

Analysts:
• LEA
• interior
• Defense
• Others

ft
Monitor
Center
Vendors

ft

ft
visualization/

Secure
Communications
Vendors

OSINT/
Big Data Anolytics
and other vendor

Intelligence Center

Ve n d o r s . 0 0 s o . A r

Advanced Systems
Aglaya
Aqsacom
BTT
Covidence

1
1
1
1
1

Intelligence
Center

1

ft
Ntrepid
Octastic
Polaris Wireless
Providence
RCS
S3tel
Sempban
SIM
Sinovato
Sirius

Internal
Network

Data

Hacking Team
iPS

irstWAP

Monitoring
Center

Hand over
Network
Services

Optical Probe & DPI Vendors
Expert-Team
Fiberblaze
Glimmerglass
Inveatech
Narus
NPC
SS8

Mediation Data Retention And
Monitoring Center Vendors
Advanced Systems I N N O V A
AGT
i
P
S
Aqsacom i S o l v
AREA
R
C
S
ATIS S i n o v a t i o
BTT
S
S
8
ClearTrail T r o v i c o r
COM-SUR U b m a c o
Global Security Network
GR Sistemi
Group2000

Advancd Systems S e m p t i a n
AGT T a s h e e l
ATIS t r o v i c o r
BAE Systems X a l t e d
C2TECH
ClearTrall
Cyberpoint
GR Sistemi
Group2000
GsmSoft
ISnSC
KDOWIeSyS

Narus
Nuance
PGI
Phonexia
Raytheon

Thank You for Joining us at
ISS World Middle East 2014
Sessions Now Beginning at 9:00 AM
Exhibits Open at 10:00 AM with Refreshments
Lunch Served in the Exhibit Hall at 12:30 PM
NOTE: Drop Off Your Business Card or Fill Out Presentation
and/or Training Certificate Request Form at the Registration Desk
47 I T h a r l : t e g i e s *

Document Path: ["1299-telestrategies-presentation-challenges.pdf"]

e-Highlighter

Click to send permalink to address bar, or right-click to copy permalink.

Un-highlight all Un-highlight selectionu Highlight selectionh