Cyberspace, Data Analytics, and Policing
David Skillicorn
- 258 pages
- English
- ePUB (mobile friendly)
- Available on iOS & Android
Cyberspace, Data Analytics, and Policing
David Skillicorn
About This Book
Cyberspace is changing the face of crime. For criminals it has become a place for rich collaboration and learning, not just within one country; and a place where new kinds of crimes can be carried out, and a vehicle for committing conventional crimes with unprecedented range, scale, and speed. Law enforcement faces a challenge in keeping up and dealing with this new environment. The news is not all bad ā collecting and analyzing data about criminals and their activities can provide new levels of insight into what they are doing and how they are doing it. However, using data analytics requires a change of process and new skills that (so far) many law enforcement organizations have had difficulty leveraging. Cyberspace, Data Analytics, and Policing surveys the changes that cyberspace has brought to criminality and to policing with enough technical content to expose the issues and suggest ways in which law enforcement organizations can adapt.
Key Features:
- Provides a non-technical but robust overview of how cyberspace enables new kinds of crime and changes existing crimes.
- Describes how criminals exploit the ability to communicate globally to learn, form groups, and acquire cybertools.
- Describes how law enforcement can use the ability to collect data and apply analytics to better protect society and to discover and prosecute criminals.
- Provides examples from open-source data of how hot spot and intelligence-led policing can benefit law enforcement.
- Describes how law enforcement can exploit the ability to communicate globally to collaborate in dealing with trans-national crime.
Frequently asked questions
Information
Chapter 1
Introduction
Chapter 2
Cyberspace
2.1What is cyberspace?
- personal computers and workstations;
- phones1, devices that are so closely tied to us that they act almost as human surrogates;
- Internet of Things devices such as CCTV cameras, smart light bulbs, thermostats, fitness trackers, door locks, and door bells;
- cyberphysical systems that operate factories, pipelines, water supplies, and electricity grids;
- web servers that power our World Wide Web interactions;
- compute servers that carry out substantial computations for organizations that need them;
- clouds, which carry out substantial computations or store large volumes of data, and which are shared between many different users who can use them on demand.
- Many militaries have their own networks which use the same kinds of devices and network technologies as the rest of the Internet but are not directly connected to it. These networks are often āair gappedā from the Internet, so that they have no direct connections. In practice, this separation is not as strong as it seems because there are multiple channels that allow information to cross the gaps (although they mostly require sophistication to exploit).For example, software on these air-gapped networks must be updated somehow, so there is necessarily information flow into them. The Stuxnet malware was inserted into an air-gapped network that ran Iranian uranium centrifuges using USB keys. These had been loaded with software updates on systems that were attached to the Internet. When these USB keys were attached to computers on the air-gapped network, they installed malware on the centrifuge controllers.There have been several experiments in which USB keys were dropped in the parking lots of secure installations, and non-trivial numbers of them were taken inside and plugged into secure computers by unthinking Good Samaritans.Computers on the air-gapped network can also leak information that can be detected because their operations necessarily cause changes in the physical environment around them. Information leakage has been detected in physical mechanisms such as the sound they emit, their disk operation, their screen display, and fluctuations in their power use.
- Cyberspace contains content that only exists transiently, and so cannot be found using search engines. For example, when you authenticate to your bank, the bank displays a page showing your account balances. This page is created on the fly, and can only be seen by you. As a result, it is never indexed, and so cannot be found other than via the bank's front page and then authentication. Such content is stored in back end systems, such as databases, but it only is assembled and comes into existence as an entity on demand, and only for a short time.Cyberspace also contains content that is always present but is not indexed by search engines and so cannot be easily found. Anyone can create such a page with some care.This collection of pages with limited accessibility is called the deep web.
- Cyberspace also contains a subspace called the dark web2. This consists of data that is explicitly hidden in two different ways.The first kind of content is hidden because it requires access via a particular mechanism. The most well-known of these mechanisms is based on the Tor router. Anyone using a specialized browser or plugin can have their web access requests directed to the Tor router. The router uses a set of volunteer nodes to move the traffic around randomly. When the traffic exits the Tor router, it can go to a special set of websites whose URLs end in ā.onionā. These websites cannot be connected to directly; only from a Tor router node. Thus this part of the dark web is a separate world wide web that is not directly searchable, and can only be accessed, as it were, from one particular direction.The Tor router framework makes it difficult (but not, in fact, impossible) to know which browser is talking to which web site. Although originally designed for privacy, it provides an opportunity for illicit activity that is hard to track and so has become popular with criminals. Dark-web web sites can sell illegal products and disseminate information without attribution.The second part of the dark web consists of nodes which, as it were, only speak their own private language. Ordinary Internet traffic that reaches them is simply discarded. In order to convey data encoded in their own private way, totally new mechanisms are required for communication. For example, to reach such a dark-web web site, a totally different kind of browser is required. This kind of dark web activity is much harder to track since it is close to impossible to tell what observed data movement means ā it is like listening to a conversation in a foreign language. Fortunately, considerable skill is required to use such a specialized subnetwork and it is beyond the capability of many criminals.