DOCSLIB.ORG

Untraceable Links: Technology Tricks Used by Crooks to Cover Their Tracks

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

UNTRACEABLE LINKS: TECHNOLOGY TRICKS USED BY CROOKS TO COVER THEIR TRACKS New mobile apps, underground networks, and crypto-phones are appearing daily. More sophisticated technologies such as mesh networks allow mobile devices to use public Wi-Fi to communicate from one device to another without ever using the cellular network or the Internet. Anonymous and encrypted email services are under development to evade government surveillance. Learn how these new technology capabilities are making anonymous communication easier for fraudsters and helping them cover their tracks. You will learn how to: Define mesh networks. Explain the way underground networks can provide untraceable email. Identify encrypted email services and how they work. WALT MANNING, CFE President Investigations MD Green Cove Springs, FL Walt Manning is the president of Investigations MD, a consulting firm that conducts research related to future crimes while also helping investigators market and develop their businesses. He has 35 years of experience in the fields of criminal justice, investigations, digital forensics, and e-discovery. He retired with the rank of lieutenant after a 20-year career with the Dallas Police Department. Manning is a contributing author to the Fraud Examiners Manual, which is the official training manual of the ACFE, and has articles published in Fraud Magazine, Police Computer Review, The Police Chief, and Information Systems Security, which is a prestigious journal in the computer security field. “Association of Certified Fraud Examiners,” “Certified Fraud Examiner,” “CFE,” “ACFE,” and the ACFE Logo are trademarks owned by the Association of Certified Fraud Examiners, Inc. The contents of this paper may not be transmitted, re-published, modified, reproduced, distributed, copied, or sold without the prior consent of the author. ©2015 UNTRACEABLE LINKS: TECHNOLOGY TRICKS USED BY CROOKS TO COVER THEIR TRACKS NOTES Introduction Technology is making it easier for fraudsters to cover their tracks while avoiding detection. Underground networks, new mobile apps, and encrypted cell phones are appearing daily. More sophisticated technologies such as mesh networks allow mobile devices that use public Wi-Fi to communicate from one device to another without ever using the cellular network or the Internet. Anonymous and encrypted email services are under development to evade government surveillance. Fraud examiners need to be aware of these tools to understand how they could be used to hide evidence of fraud. Underground Networks and Tools The Tor Network In 2003, the U.S. Naval research laboratory launched what came to be called The Onion Router Project, which came to be known by its acronym TOR. The reason the project name contained the name “onion” was that the original concept intended to construct a way to route Internet network traffic through multiple encrypted layers, or nodes, which would effectively hide a user's location and the network through which they were connected. Tor was designed for use by people who had a need for online anonymity. Normally, users on the Internet can be traced by their Internet protocol, or IP, address. When you use the Tor software, your IP address remains hidden. Tor is made up of two different parts. The first is the software that you can download and install on many devices. The second and critical piece is the Tor 26th Annual ACFE Fraud Conference and Exhibition ©2015 1 UNTRACEABLE LINKS: TECHNOLOGY TRICKS USED BY CROOKS TO COVER THEIR TRACKS NOTES network, which is comprised of over 5000 volunteer computers that allow Tor users to route traffic through these network nodes. Tor is not designed to anonymize a user’s identity—it only hides where the user’s Internet traffic originates. The first Tor network node that a user accesses will know where that single transmission came from. However, as the transmission proceeds to the next Tor node, the second node will only know that the transmission came from the previous node—not where the transmission originated. This process continues through at least three Tor nodes, each of which only knows the address of the previous node in the chain. There is no way for the final destination of the transmission to be able to trace the random pathway back through the Tor network to identify the user. There are other applications, such as email clients, chat clients, and instant messaging clients designed to work with the Tor network. Use of the Tor network does not guarantee complete anonymity, because the packets sent across the Tor network are the only parts of the transmission that are modified. The actual contents of the data in these packets are not modified in any way. Users who desire an even higher level of privacy have been known to encrypt their data before transmitting it on the Tor network, and possibly also use a virtual private network, or VPN, to provide even more anonymity and protection. https://www.torproject.org 26th Annual ACFE Fraud Conference and Exhibition ©2015 2 UNTRACEABLE LINKS: TECHNOLOGY TRICKS USED BY CROOKS TO COVER THEIR TRACKS NOTES The Invisible Internet Project (I2P) I2P is an open source project that has been in active development since 2003. The I2P network is designed to provide even better anonymity than Tor. Even though it is currently much smaller in scale than Tor, it is quickly gaining in popularity. Tor is good at hiding the identity and location of the user and recipient of transmissions, but I2P carries this to another level. Where a Tor user creates a connection circuit to communicate through the network, I2P users create multiple user-defined tunnels to communicate with each other. These tunnels can be reconfigured or changed by a user at any time. I2P tunnels operate in only one direction—either in- bound or out-bound. Users can configure as many tunnels as they need, and they have the ability to create a single tunnel that is used only one time for one communication. Once that communication has ended, the user can deactivate the tunnel and never use it again. Where the message headers on Tor are encrypted, the message body may not be (unless the user has used another application to do so). On I2P, there are multiple levels of encryption that protect the entire message from end to end. I2P is also a packet-switched network, which means that each message is broken down into different packets, each of which can travel the I2P network by different routes. This packet switching also allows I2P to balance the transmission workload across multiple routers on the network, which can make it much more fast and efficient. 26th Annual ACFE Fraud Conference and Exhibition ©2015 3 UNTRACEABLE LINKS: TECHNOLOGY TRICKS USED BY CROOKS TO COVER THEIR TRACKS NOTES Users of I2P can also customize their configuration of tunnels on the network to require that their communication be forwarded through more network routers, which could enhance a user’s security even more. Since this means that every message would need to go through more “hops,” it could decrease the speed of the transmission. But the user has the flexibility to adjust his network settings according to his perceived risk profile. I2P is considered in many ways to be more secure than Tor, but making effective use of I2P may require significantly more technical knowledge than the easier- to-use Tor network. Cybercriminals and other people for whom additional security is important will not hesitate to migrate to I2P, which may help this network to grow rapidly. https://geti2p.net/en The Amnesiac Incognito Live System (Tails) Tails is a Linux-based operating system designed for anonymity. It can be run from a USB stick, DVD, or SD memory card on any computer. Information from the website states that since Tails is a completely separate operating system, it does not use or depend on the operating system of the computer being used. Tails supposedly leaves no tracks on the host computer and does not use the host computer’s data storage. When shut down, Tails also claims to automatically erase the contents of RAM memory. Tails can be used to access either the Tor or I2P networks, so it provides a portable, independent, and secure operating system, with additional protection added through these underground networks. 26th Annual ACFE Fraud Conference and Exhibition ©2015 4 UNTRACEABLE LINKS: TECHNOLOGY TRICKS USED BY CROOKS TO COVER THEIR TRACKS NOTES The software package also comes with encrypted email and messaging clients, and secure data wiping software. https://tails.boum.org/download/ Freenet Freenet is a peer-to-peer software application that allows anonymous browsing and distributed file storage. All communication with Freenet is encrypted and routed through multiple nodes. It has a Darknet mode that communicates only with people that are trusted by the user. Users contribute some of their bandwidth and even a portion of their hard drive space for use by other users of the network, which could make it problematic to identify the actual storage location of potential electronic evidence. https://freenetproject.org Encrypted Cell Phones Burner cell phones, which are pre-paid and usually low- cost phones capable of being used for short periods of time and then exchanged for a new device, have been around for many years. Burner phones present challenges for fraud examiners and law enforcement, as the devices and airtime cards can be purchased with cash, leaving no links to identify or trace the user. However, growing concerns over both government surveillance and corporate data collection have resulted in companies producing cell phones specifically designed to provide security and privacy. There are also a growing number of mobile device apps that are also designed with these goals in mind. These new technologies can create more challenges for fraud investigators attempting to 26th Annual ACFE Fraud Conference and Exhibition ©2015 5 UNTRACEABLE LINKS: TECHNOLOGY TRICKS USED BY CROOKS TO COVER THEIR TRACKS NOTES identify fraudsters and also in the preservation of electronic evidence.
Recommended publications
  • Course 5 Lesson 2

    Course 5 Lesson 2

    This material is based on work supported by the National Science Foundation under Grant No. 0802551 Any opinions, findings, and conclusions or recommendations expressed in this material are those of the author (s) and do not necessarily reflect the views of the National Science Foundation C5L3S1 With the advent of the Internet, social networking, and open communication, a vast amount of information is readily available on the Internet for anyone to access. Despite this trend, computer users need to ensure private or personal communications remain confidential and are viewed only by the intended party. Private information such as a social security numbers, school transcripts, medical histories, tax records, banking, and legal documents should be secure when transmitted online or stored locally. One way to keep data confidential is to encrypt it. Militaries,U the governments, industries, and any organization having a desire to maintain privacy have used encryption techniques to secure information. Encryption helps to boost confidence in the security of online commerce and is necessary for secure transactions. In this lesson, you will review encryption and examine several tools used to encrypt data. You will also learn to encrypt and decrypt data. Anyone who desires to administer computer networks and work with private data must have some familiarity with basic encryption protocols and techniques. C5L3S2 You should know what will be expected of you when you complete this lesson. These expectations are presented as objectives. Objectives are short statements of expectations that tell you what you must be able to do, perform, learn, or adjust after reviewing the lesson.
  • Protecting Location Privacy Fromuntrusted Wireless Service

    Protecting Location Privacy Fromuntrusted Wireless Service

    Protecting Location Privacy from Untrusted Wireless Service Providers Keen Sung Brian Levine Mariya Zheleva University of Massachusetts Amherst University of Massachusetts Amherst University at Albany, SUNY [email protected] [email protected] [email protected] ABSTRACT 1 INTRODUCTION Access to mobile wireless networks has become critical for day- When mobile users connect to the Internet, they authenticate to a to-day life. However, it also inherently requires that a user’s geo- cell tower, allowing service providers such as Verizon and AT&T graphic location is continuously tracked by the service provider. to store a log of the time, radio tower, and user identity [69]. As It is challenging to maintain location privacy, especially from the providers have advanced towards the current fifth generation of provider itself. To do so, a user can switch through a series of iden- cellular networks, the density of towers has grown, allowing these tifiers, and even go offline between each one, though it sacrifices logs to capture users’ location with increasing precision. Many users utility. This strategy can make it difficult for an adversary to per- are persistently connected, apprising providers of their location all form location profiling and trajectory linking attacks that match day. Connecting to a large private Wi-Fi network provides similar observed behavior to a known user. information to its administrators. And some ISPs offer cable, cellular, In this paper, we model and quantify the trade-off between utility and Wi-Fi hotspots as a unified package. and location privacy. We quantify the privacy available to a com- While fixed user identifiers are useful in supporting backend munity of users that are provided wireless service by an untrusted services such as postpaid billing, wireless providers’ misuse of provider.

  • Backbox Penetration Testing Never Looked So Lovely

    DISTROHOPPER DISTROHOPPER Our pick of the latest releases will whet your appetite for new Linux distributions. Picaros Diego Linux for children. here are a few distributions aimed at children: Doudou springs to mind, Tand there’s also Sugar on a Stick. Both of these are based on the idea that you need to protect children from the complexities of the computer (and protect the computer from the children). Picaros Diego is different. There’s nothing stripped- down or shielded from view. Instead, it’s a normal Linux distro with a brighter, more kid-friendly interface. The desktop wallpaper perhaps best We were too busy playing Secret Mario on Picaros Diego to write a witty or interesting caption. exemplifies this. On one hand, it’s a colourful cartoon image designed to interest young file manager. In the programming category, little young for a system like this, but the it children. Some of the images on the we were slightly disappointed to discover it may well work for children on the upper end landscape are icons for games, and this only had Gambas (a Visual Basic-like of that age range. should encourage children to investigate the language), and not more popular teaching Overall, we like the philosophy of wrapping system rather than just relying on menus. languages like Scratch or a Python IDE. Linux is a child-friendly package, but not On the other hand, it still displays technical However, it’s based on Debian, so you do dumbing it down. Picaros Diego won’t work details such as the CPU usage and the RAM have the full range of software available for every child, but if you have a budding and Swap availability.
  • Chapter 12 Pretty Good Privacy (PGP)

    Chapter 12 Pretty Good Privacy (PGP)

    Chapter 12 Pretty Good Privacy (PGP) With the explosively growing reliance on electronic mail for every conceivable pur- pose, there grows a demand for authentication and confidentiality services. Two schemes stand out as approaches that enjoy widespread use: Pretty Good Privacy (PGP) and Secure/Multipurpose Internet Mail Extension (S/MIME). The latter is a security en- hancement to the MIME Internet e-mail format standard, based on technology from RSA Data Security. Although both PGP and S/MIME are on an IETF standards track, it appears likely that S/MIME will emerge as the industry standard for commercial and organisational use, while PGP will remain the choice for personal e-mail security for many users. In this course we will only be looking at PGP. S/MIME is discussed in detail in the recommended text. 12.1 Background PGP is a remarkable phenomenon. Largely the effort of a single person, Phil Zimmer- mann, PGP provides a confidentiality and authentication service that can be used for electronic mail and file storage applications. In essence what Zimmermann has done is the following: 1. Selected the best cryptographic mechanisms (algorithms) as building blocks. 2. Integrated these algorithms into a general purpose application that is independent of operating system and processor and that is based on a small set of easy to use commands. 3. Made the package and its source code freely available via the Internet, bulletin boards, and commercial networks such as America On Line (AOL). 4. Entered into an agreement with a company (Viacrypt, now Network Associates) to provide a fully compatible low cost commercial version of PGP.
  • A Generic Data Exchange System for F2F Networks

    A Generic Data Exchange System for F2F Networks

    The Retroshare project The GXS system Decentralize your app! A Generic Data Exchange System for F2F Networks Cyril Soler C.Soler The GXS System 03 Feb. 2018 1 / 19 The Retroshare project The GXS system Decentralize your app! Outline I Overview of Retroshare I The GXS system I Decentralize your app! C.Soler The GXS System 03 Feb. 2018 2 / 19 The Retroshare project The GXS system Decentralize your app! The Retroshare Project I Mesh computers using signed TLS over TCP/UDP/Tor/I2P; I anonymous end-to-end encrypted FT with swarming; I mail, IRC chat, forums, channels; I available on Mac OS, Linux, Windows, (+ Android). C.Soler The GXS System 03 Feb. 2018 3 / 19 The Retroshare project The GXS system Decentralize your app! The Retroshare Project I Mesh computers using signed TLS over TCP/UDP/Tor/I2P; I anonymous end-to-end encrypted FT with swarming; I mail, IRC chat, forums, channels; I available on Mac OS, Linux, Windows. C.Soler The GXS System 03 Feb. 2018 3 / 19 The Retroshare project The GXS system Decentralize your app! The Retroshare Project I Mesh computers using signed TLS over TCP/UDP/Tor/I2P; I anonymous end-to-end encrypted FT with swarming; I mail, IRC chat, forums, channels; I available on Mac OS, Linux, Windows. C.Soler The GXS System 03 Feb. 2018 3 / 19 The Retroshare project The GXS system Decentralize your app! The Retroshare Project I Mesh computers using signed TLS over TCP/UDP/Tor/I2P; I anonymous end-to-end encrypted FT with swarming; I mail, IRC chat, forums, channels; I available on Mac OS, Linux, Windows.
  • Wifi - Mobile BNG Offload Deployments SP-T07-I

    Wifi - Mobile BNG Offload Deployments SP-T07-I

    Toronto, Canada May 30th, 2013 WiFi - Mobile BNG Offload Deployments SP-T07-I Derick Linegar, [email protected] © 20112012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 1 Agenda vSP Wi-Fi - Key drivers vIntelligent Broadband vSP Wi-Fi Deployments vSP WiFi Evolution with MPC Integration vCall Flow vReferences © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 2 SP-WiFi Key Drivers © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 3 SP-WiFi Solutions © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 4 Why Should I Care About WiFi? The “New Normal” © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 5 Wi-Fi Subscribers, Wireline/Wi-Fi & Mobile Different Motivations Internet Mobile Operator Motivations • Data traffic growing exponentially Mobile Operators • Licensed spectrum limitations Mobile Mobile Operator1 Operator2 • Access – Trusted/Untrusted 3G/4G delivered Wireline / Wi-Fi Operator Gateway Peering via Mobile Motivation Backhaul Wireline Operator with • Increase Service Revenues Wi-Fi Access • Cater to multiple Mobile Operators • Provide a scalable peering model Wireline Wireline Operator 1 Operator 2 • Leverage existing infrastructure Subscriber Motivation • Always connected experience Wi-Fi Access • Seamless Authentication • Mobility/Roaming without Mobile Users disrupting apps © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 6 Terminology Primer Service Provider Wi-Fi Wireline Broadband Session Type IP Based Sessions PPP Based Sessions User type Mobile Users Fixed Residential Session Control Intelligent Services Gateway (ISG) – software component Place in Network Wireless Access Gateway Broadband Network Gateway (PIN) Designation (WAG) (BNG) © 2012 Cisco and/or its affiliates.
  • CCIA Comments in ITU CWG-Internet OTT Open Consultation.Pdf

    CCIA Comments in ITU CWG-Internet OTT Open Consultation.Pdf

    CCIA Response to the Open Consultation of the ITU Council Working Group on International Internet-related Public Policy Issues (CWG-Internet) on the “Public Policy considerations for OTTs” Summary. The Computer & Communications Industry Association welcomes this opportunity to present the views of the tech sector to the ITU’s Open Consultation of the CWG-Internet on the “Public Policy considerations for OTTs”.1 CCIA acknowledges the ITU’s expertise in the areas of international, technical standards development and spectrum coordination and its ambition to help improve access to ICTs to underserved communities worldwide. We remain supporters of the ITU’s important work within its current mandate and remit; however, we strongly oppose expanding the ITU’s work program to include Internet and content-related issues and Internet-enabled applications that are well beyond its mandate and core competencies. Furthermore, such an expansion would regrettably divert the ITU’s resources away from its globally-recognized core competencies. The Internet is an unparalleled engine of economic growth enabling commerce, social development and freedom of expression. Recent research notes the vast economic and societal benefits from Rich Interaction Applications (RIAs), a term that refers to applications that facilitate “rich interaction” such as photo/video sharing, money transferring, in-app gaming, location sharing, translation, and chat among individuals, groups and enterprises.2 Global GDP has increased US$5.6 trillion for every ten percent increase in the usage of RIAs across 164 countries over 16 years (2000 to 2015).3 However, these economic and societal benefits are at risk if RIAs are subjected to sweeping regulations.
  • SGP Technologies Et INNOV8 Annoncent Le Lancement En Avant-Première Mondiale Du Smartphone BLACKPHONE Dans Les Boutiques LICK

    SGP Technologies Et INNOV8 Annoncent Le Lancement En Avant-Première Mondiale Du Smartphone BLACKPHONE Dans Les Boutiques LICK

    PRESS RELEASE SGP Technologies et INNOV8 annoncent le lancement en avant-première mondiale du smartphone BLACKPHONE dans les boutiques LICK Paris (France) / Geneva (Suisse), 5 Juin 2014. Blackphone, le premier smartphone qui permet la sécurité de la vie privée des utilisateurs, sera lancé en avant-première cet été en France chez LICK, 1er réseau de boutiques 2.0 dédié aux objets connectés. SGP Technologies (Joint-Venture entre Silent Circle et Geeksphone) créateur du BLACKPHONE a choisi le groupe INNOV8, pour dévoiler le premier smartphone qui respecte la vie privée, à l’occasion de l’ouverture de LICK (Groupe INNOV8), le premier réseau de boutiques 2.0 dédié aux objets connectés, le 5 juin au Concept Store des 4 Temps à la Défense. Dès cet été, LICK sera le premier réseau de magasins autorisé à distribuer cette innovation technologique. La distribution sera ensuite ouverte à d’autres canaux en France via Extenso Telecom (Leader de la distribution de smartphones, accessoires et objets connectés en France) afin de proposer au plus grand nombre cette innovation technologique en phase avec les attentes des clients soucieux du respect de leur vie privée et de leur sécurité. "La France est connue pour être très ouverte à l’innovation. Nous sommes heureux de travailler avec le groupe INNOV8 pour lancer le Blackphone sur ce marché important en Europe et d'offrir aux utilisateurs de smartphones une solution inégalée pour la protection de leur vie privée et de leur sécurité», a déclaré Tony Bryant, VP Sales de SGP Technologies. « Nous sommes convaincus que la technologie devient un véritable style de vie.
  • Pollinator Week Event Registration 2019 5 28 19.Xlsx

    Pollinator Week Event Registration 2019 5 28 19.Xlsx

    POLLINATOR WEEK EVENTS 2019 Event Name Description Date Time Address City State Zip More Info Join Crescent Heights Community Garden and cath-earth-sis in the celebration of Pollinator Week! Wear your fave ‘bee friendly’ costumes to enjoy pollinator learning activities in the park! This family friendly event is open to all, with a suggested donation of $5 to Bee City Canada, Tree Canada or a conservation group of your For more information, please choice. contact Catherine Dowdell at garden (at) crescentheightsyyc Meet outside the Crescent Heights Community Association Hall by the (dot) ca or catherine.dowdell Building Bee Houses Community Garden from 1pm to 3pm. 6/22/2019 1:00 PM 1101 2 St NW Calgary AB T2M 2V7 (at) gmail (dot) com On June 19th, 2019, we plan to celebrate Pollinator Week by having a Pollinator Celebration at the University of Calgary community garden. The intention of this event is to educate attendees about the importance of pollinators and how to support and protect pollinators in our community. This event includes a campus BioBlitz, a bee box Registration Page: making workshop, and planting of native pollinator plants in the garden. https://www.eventbrite.ca/e/poll In addition, we will have experts provide information to attendees about inator-celebration-june-19th- bees and other pollinators through interactive displays following the 230pm-to-730pm-tickets- Pollinator Celebration above activities. 6/19/2019 2:30 PM Calgary AB T2N 4V5 60195492338 Employees at Arkansas Electric Cooperative Corporation will bring pollinator-dependent dishes to share at a potluck and learn about the AECC Pollinator Potluck importance of pollinators.
  • How the Rise of Big Data and Predictive Analytics Are Changing the Attorney's Duty of Competence Peter Segrist

    How the Rise of Big Data and Predictive Analytics Are Changing the Attorney's Duty of Competence Peter Segrist

    NORTH CAROLINA JOURNAL OF LAW & TECHNOLOGY Volume 16 | Issue 3 Article 6 3-1-2015 How the Rise of Big Data and Predictive Analytics Are Changing the Attorney's Duty of Competence Peter Segrist Follow this and additional works at: http://scholarship.law.unc.edu/ncjolt Part of the Law Commons Recommended Citation Peter Segrist, How the Rise of Big Data and Predictive Analytics Are Changing the Attorney's Duty of Competence, 16 N.C. J.L. & Tech. 527 (2015). Available at: http://scholarship.law.unc.edu/ncjolt/vol16/iss3/6 This Article is brought to you for free and open access by Carolina Law Scholarship Repository. It has been accepted for inclusion in North Carolina Journal of Law & Technology by an authorized administrator of Carolina Law Scholarship Repository. For more information, please contact [email protected]. NORTH CAROLINA JOURNAL OF LAW & TECHNOLOGY VOLUME 16, ISSUE 3: MARCH 2015 HOW THE RISE OF BIG DATA AND PREDICTIVE ANALYTICS ARE CHANGING THE ATTORNEY’S DUTY OF COMPETENCE Peter Segrist* If the legal profession had been able to foresee in the late 1990s and early 2000s, prior to the meteoric rise and ensuing cultural ubiquity of social media, that every tagged spring break photo, 2:00 a.m. status update, and furious wall post would one day be vulnerable to potential exposure in the cold, unforgiving light of civil and criminal litigation, attorneys would have been well-advised to discuss the ramifications of such actions, statements, and disclosures with their clients. Today, a similar phenomenon is looming in the form of the collection, aggregation, analysis and sale of personal data, and it will be the prudent attorney who competently advises his clients to stay ahead of the curve.
  • Security Guide for Cisco Unified Communications Manager, Release 11.0(1) First Published: 2015-06-08

    Security Guide for Cisco Unified Communications Manager, Release 11.0(1) First Published: 2015-06-08

    Security Guide for Cisco Unified Communications Manager, Release 11.0(1) First Published: 2015-06-08 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883 THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS. THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY. The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB's public domain version of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California. NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS" WITH ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE. IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
  • How to Use Encryption and Privacy Tools to Evade Corporate Espionage

    How to Use Encryption and Privacy Tools to Evade Corporate Espionage

    How to use Encryption and Privacy Tools to Evade Corporate Espionage An ICIT White Paper Institute for Critical Infrastructure Technology August 2015 NOTICE: The recommendations contained in this white paper are not intended as standards for federal agencies or the legislative community, nor as replacements for enterprise-wide security strategies, frameworks and technologies. This white paper is written primarily for individuals (i.e. lawyers, CEOs, investment bankers, etc.) who are high risk targets of corporate espionage attacks. The information contained within this briefing is to be used for legal purposes only. ICIT does not condone the application of these strategies for illegal activity. Before using any of these strategies the reader is advised to consult an encryption professional. ICIT shall not be liable for the outcomes of any of the applications used by the reader that are mentioned in this brief. This document is for information purposes only. It is imperative that the reader hires skilled professionals for their cybersecurity needs. The Institute is available to provide encryption and privacy training to protect your organization’s sensitive data. To learn more about this offering, contact information can be found on page 41 of this brief. Not long ago it was speculated that the leading world economic and political powers were engaged in a cyber arms race; that the world is witnessing a cyber resource buildup of Cold War proportions. The implied threat in that assessment is close, but it misses the mark by at least half. The threat is much greater than you can imagine. We have passed the escalation phase and have engaged directly into full confrontation in the cyberwar.