The cost of online anonymity

2008-10-01

Abhilash Sonwane

Cyberoam, India
Editor: Helen Martin

Abstract

'We are left with the alarming question as to whether privacy should be put before global security.’ Abhilash Sonwane, Cyberoam.


Minutes before the deadly bomb blasts that took place in Ahmedabad, India on 26 July 2008, an email claiming responsibility for the attacks was received by Indian authorities. The anonymous email was traced to the IP address of an American national living in Mumbai. The authorities now believe that the American’s unsecured wi-fi network was used by the terrorists to send the email. The American citizen became a suspect just because he unintentionally left his wi-fi network open and unsecured.

In August, another email about the blasts was received. Investigations revealed that a proxy server was used to send the email. With some help from the service provider that hosted the server, investigators were able to determine that the email originated from an educational institute in the city of Vadodara. Analysis of the logs of the institute’s unified threat management appliance enabled the investigators to trace the email to an internal IP address belonging to the institute’s computer lab. Innocent students and faculty members were questioned as suspected terrorists.

More recently, Internet activist group ‘Anonymous’ was responsible for hacking into the Yahoo! email account of These days, a large number of public places (airports, restaurants, cafes, hospitals and so on) offer free wireless networks. Home networks are often left open and unsecured by their users, because the average home user doesn’t understand the technology and either leaves the wi-fi device in its default configuration or else does not configure it securely.

Criminals can simply sit in their cars outside a house, an office or a hotspot, and use the unprotected wireless network to carry out their sinister activities anonymously. The online activities of ‘war-driving’ criminals can be traced only to the IP address of the house, office or hotspot, putting the innocent home owner/office/hotspot manager under suspicion because of an insecure network configuration.

In the past, intelligence agencies could catch criminals based on the IP addresses of the emails they sent. The hard drives of the computers suspected of having been used for illegal activities provided the physical evidence needed to link the action to the criminal. However, new technologies are making it difficult to gather evidence.

Anonymous proxies enable criminals to conduct their online activities without revealing their real IP addresses. If the authorities want to trace the IP address of someone who has used the anonymous proxy they need the logs of the proxy server. The jurisdiction in which the proxy server is physically located plays an important role here. If it is located outside the jurisdiction of the investigating authorities, they have to rely on the cooperation of the local authorities at the other end, which can result in a dead end for the investigation.

Privacy is a basic human need and should be respected for every Internet user. However, as the movement for online privacy gathers pace, we are left with the alarming question as to whether privacy should be put before global security. The abuse of anonymity on the Internet is affecting many innocent lives, and victimizing Internet users.

Technology and the law need to keep pace with one another and with the changing times. The need of the hour is to engineer better technologies and frame better laws that allow users to enjoy their privacy while at the same time enabling authorities to trace criminal activities. But until that happens, there are several measures that can be taken by responsible citizens and corporations. For example, the hospitality industry should desist from providing Internet access without valid identity checks (mechanisms are available that allow this). The ISPs and vendors should undertake campaigns to educate home users as to how to configure wi-fi access points securely.

Cyberspace will continue to evolve and criminals will continue to look for new ways to abuse the loopholes left by technology and the law. However, proactive and responsible engineering and legislation can help prevent the misuse of technology.

twitter.png
fb.png
linkedin.png
hackernews.png
reddit.png

 

Latest articles:

Nexus Android banking botnet – compromising C&C panels and dissecting mobile AppInjects

Aditya Sood & Rohit Bansal provide details of a security vulnerability in the Nexus Android botnet C&C panel that was exploited to compromise the C&C panel in order to gather threat intelligence, and present a model of mobile AppInjects.

Cryptojacking on the fly: TeamTNT using NVIDIA drivers to mine cryptocurrency

TeamTNT is known for attacking insecure and vulnerable Kubernetes deployments in order to infiltrate organizations’ dedicated environments and transform them into attack launchpads. In this article Aditya Sood presents a new module introduced by…

Collector-stealer: a Russian origin credential and information extractor

Collector-stealer, a piece of malware of Russian origin, is heavily used on the Internet to exfiltrate sensitive data from end-user systems and store it in its C&C panels. In this article, researchers Aditya K Sood and Rohit Chaturvedi present a 360…

Fighting Fire with Fire

In 1989, Joe Wells encountered his first virus: Jerusalem. He disassembled the virus, and from that moment onward, was intrigued by the properties of these small pieces of self-replicating code. Joe Wells was an expert on computer viruses, was partly…

Run your malicious VBA macros anywhere!

Kurt Natvig wanted to understand whether it’s possible to recompile VBA macros to another language, which could then easily be ‘run’ on any gateway, thus revealing a sample’s true nature in a safe manner. In this article he explains how he recompiled…


Bulletin Archive

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.