Friday, November 18, 2011

Software to investigate cybercrime's social side

Social networks are the next stop in the search for clues to offline crime such as burglary

THINKING of online crime normally conjures up images of hackers and email scams, but now criminals are also using online social networks to plan offline felonies such as burglary. Teasing clues from the vast networks of interconnected friends, messages and photos involved is a huge task, so researchers have come up with software that can do the job quickly.

Social networks usually comply with police requests for user data, but the information is often supplied in a hard-to-read format. "All they get is a single PDF from Facebook," says Markus Huber, a researcher at Secure Business Austria in Vienna. This is a problem as files can often run to hundreds of pages. Jurisdiction is also an issue - the US-based Facebook may not have to comply with requests from authorities in other countries.

That's why Huber and colleagues have developed software that can take a "social snapshot" of someone's Facebook profile, letting police easily trawl through a suspect's data without Facebook's cooperation. First the police must acquire a copy of the suspect's Facebook authentication token, a file stored on someone's computer when they click "remember my password" that prevents them from having to log in each time they use the site. This is easy if the police have already seized the suspect's hard drive, but it is also possible to grab a copy over an unencrypted Wi-Fi connection. Either action would require a warrant.

Once the police have the token and have installed Huber's custom Facebook app, they can log in to a suspect's account and gain access to all of the data the suspect normally has access to, except contact details for their friends. Huber's software uses an automated web browser to gather this information by simply visiting the user's profile.

Huber's system then presents the information in a variety of useful ways, such as listing a suspect's friends according to the number of messages sent or building a timeline of a suspect's social activity, making it easier to gather evidence. Huber will present the software at the Annual Computer Security Applications conference in Orlando, Florida, next month.

It's not just Facebook that could be used in this way. Norulzahrah Zainudin and colleagues at Liverpool John Moores University, UK, are developing software that aims to comb social networks where information is publicly viewable, such as Twitter or MySpace, in search of suspects. "We can do filtering based on certain criteria such as geographical location or people in a university," she says.

Evidence from social networks can be key to a criminal case. In the trial of a recent burglary in Jackson, Mississippi, for example, prosecutors are using the allegation that the suspect logged in to his Facebook profile at the scene of the crime as a cornerstone of their case.

But Zainudin says it's more likely that tools like the one her team has developed will point police to offline evidence. A suspicious online conversation between two friends, say, could give authorities grounds to search their homes.

Huber also thinks his app could be useful for people who want to learn more about the data Facebook holds on them. To this end he has released a version of the software with the authentication-token hijacking element removed so it can't be used for malicious purposes.

If you would like to reuse any content from New Scientist, either in print or online, please contact the syndication department first for permission. New Scientist does not own rights to photos, but there are a variety of licensing options available for use of articles and graphics we own the copyright to.

Have your say

Only subscribers may leave comments on this article. Please log in.

Only personal subscribers may leave comments on this article

Subscribe now to comment.

All comments should respect the New Scientist House Rules. If you think a particular comment breaks these rules then please use the "Report" link in that comment to report it to us.

If you are having a technical problem posting a comment, please contact technical support.

Source: http://feeds.newscientist.com/c/749/f/10897/s/1a2411c6/l/0L0Snewscientist0N0Carticle0Cmg212283860B20A0A0Esoftware0Eto0Einvestigate0Ecybercrimes0Esocial0Eside0Bhtml0DDCMP0FOTC0Erss0Gnsref0Fonline0Enews/story01.htm

drew brees ashram ashram merce cunningham bcs rankings saints tim hightower

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.