Technology Flashcards
Briefly describe the following and describe how they are used to propagate Child Sexual Abuse Material:
* The Darknet
* The Deep web
* Usenet
1. The Darknet:
The Darknet refers to a part of the internet that is intentionally hidden and inaccessible through standard web browsers. It operates on overlay networks, such as Tor (The Onion Router), which anonymizes users’ internet traffic by routing it through a series of encrypted nodes. This anonymity makes the Darknet attractive to individuals seeking to engage in illicit activities, including the propagation and distribution of Child Sexual Abuse Material (CSAM).
CSAM offenders utilize the Darknet to access underground forums, marketplaces, and file-sharing platforms specifically dedicated to the exchange of illegal content. These platforms offer a high level of anonymity and security, making it difficult for law enforcement agencies to track and intercept the sharing of CSAM. Offenders may use encrypted communication channels and cryptocurrency transactions to further conceal their identities and activities.
2. The Deep Web:
The Deep Web refers to the portion of the internet that is not indexed by standard search engines and is not easily accessible through conventional web browsing. It includes a vast array of websites, databases, and online services that require authentication, membership, or specific protocols to access.
CSAM offenders may use the Deep Web to host and share illegal content through private or hidden websites, forums, and online communities. These platforms may require users to have specialized software or credentials to access, providing a layer of privacy and security for offenders. The Deep Web also encompasses encrypted communication channels and peer-to-peer networks, where offenders can exchange CSAM without detection.
3. Usenet:
Usenet is a decentralized network of discussion groups, called newsgroups, where users can post and read messages on various topics. It predates the World Wide Web and operates on the Internet Protocol Suite, with messages distributed across multiple servers worldwide.
CSAM offenders may exploit Usenet to distribute and share illegal content through dedicated newsgroups or binaries groups. These groups may cater specifically to individuals interested in CSAM, providing a platform for offenders to upload and download illicit material anonymously. Usenet’s decentralized nature and lack of moderation make it challenging for authorities to monitor and regulate the dissemination of CSAM effectively.
List 3 non port 80 services used by online child sex offenders and briefly explain how they use it.
Internet Relay Chat (IRC):
IRC is a text-based chat protocol that enables real-time communication between users in chat rooms, also known as channels. Child sex offenders may use IRC to connect with like-minded individuals, exchange child sexual abuse material (CSAM), and discuss illegal activities.
Offenders may join private or hidden IRC channels dedicated to CSAM distribution, where they can share links to illicit content, coordinate offline meetings, or provide tips on evading law enforcement detection.
IRC offers a level of anonymity and privacy, making it attractive to offenders seeking to communicate and collaborate without revealing their identities or locations.
Peer-to-Peer (P2P) File Sharing Networks:
P2P file sharing networks allow users to share files directly with each other without relying on centralized servers. Child sex offenders may use P2P networks to distribute CSAM, including images, videos, and other illicit content.
Offenders may join specific P2P networks or communities dedicated to CSAM sharing, where they can upload and download illegal material anonymously. P2P networks often utilize decentralized architectures, making it difficult for law enforcement to track and intercept the distribution of CSAM.
Offenders may employ encryption and obfuscation techniques to conceal the nature of the files they share and evade detection by authorities.
Darknet Marketplaces:
Darknet marketplaces are hidden online platforms that operate on encrypted networks like Tor, allowing users to buy and sell goods and services anonymously. Child sex offenders may use darknet marketplaces to procure and exchange CSAM, as well as access other illegal services.
Offenders may browse darknet marketplaces to purchase illicit content, such as child pornography, live-streamed abuse, or access to private forums and communities dedicated to CSAM distribution.
Darknet marketplaces often facilitate transactions using cryptocurrencies like Bitcoin, which offer a high level of anonymity and privacy. This anonymity makes it challenging for law enforcement to trace financial transactions or identify individuals involved in CSAM trafficking.
Truecrypt. Describe how its use can assist a CAM offender avoid detection.
Encryption of CAM Files:
TrueCrypt allows users to create encrypted volumes, which appear as regular files or folders but are inaccessible without the correct decryption key. CAM offenders can encrypt their illicit files and store them within TrueCrypt volumes, making it difficult for law enforcement agencies to access or identify the content without the appropriate decryption key.
By encrypting CAM files, offenders can mitigate the risk of detection during routine file scans or investigations. Even if law enforcement gains access to the offender’s device, the encrypted nature of the files makes it challenging to determine their contents without the decryption key.
Concealment of CAM Distribution Networks:
CAM offenders may use TrueCrypt to encrypt and securely transfer CAM files across networks or platforms without detection. By storing CAM files within encrypted containers, offenders can avoid detection by network monitoring tools or surveillance systems that may flag the transmission of illicit content.
TrueCrypt’s encryption capabilities can be utilized to conceal the existence of CAM distribution networks or online communities, making it difficult for law enforcement to identify and dismantle these illicit operations. Offenders can share decryption keys selectively with trusted individuals, limiting the risk of exposure or interception by authorities.
Plausible Deniability:
One of TrueCrypt’s notable features is its support for hidden volumes, which allows users to create a secondary encrypted volume within an existing one. CAM offenders can leverage this feature to create a plausible deniability mechanism, where the presence of sensitive content within the encrypted volume remains concealed even if authorities compel them to disclose the decryption key.
By maintaining a decoy or innocuous set of files in the visible portion of the encrypted volume, offenders can claim ignorance or innocence if questioned by law enforcement. This plausible deniability complicates investigative efforts and may hinder prosecution efforts against offenders.
What is the difference between ccTLD and gTLD?
ccTLD (Country Code Top-Level Domain):
* ccTLDs are two-letter domain extensions assigned to specific countries or territories based on the ISO 3166-1 alpha-2 country codes. Examples include “.us” for the United States, “.uk” for the United Kingdom, and “.jp” for Japan.
* Each ccTLD corresponds to a particular country or territory and is managed and regulated by the respective national or territorial registry designated by the Internet Assigned Numbers Authority (IANA).
* ccTLDs are commonly used by entities within the corresponding country or territory to establish a local online presence and target users within that geographic region.
* Some ccTLDs have specific eligibility requirements or restrictions imposed by the respective registry, such as residency or citizenship requirements, to register domain names under those extensions.
gTLD (Generic Top-Level Domain):
* gTLDs are broader categories of domain extensions that are not tied to specific countries or territories. They consist of three or more characters and represent generic or thematic classifications. Examples include “.com” (commercial), “.org” (organization), “.net” (network), and newer extensions like “.app,” “.blog,” and “.xyz.”
* gTLDs are managed and regulated by various domain registries and registrars accredited by the Internet Corporation for Assigned Names and Numbers (ICANN), the global governing body for domain names.
* gTLDs are widely used by individuals, businesses, organizations, and entities worldwide to establish their online presence, irrespective of geographic location or affiliation.
* Unlike ccTLDs, which are associated with specific countries or territories, gTLDs have a more generic and versatile nature, making them suitable for a wide range of purposes and applications.
What is the difference between a Registrant, Registry, and Registrar.
Registrant:
* The Registrant is an individual, organization, or entity that registers a domain name for use on the internet. This entity is the owner or holder of the domain name and is responsible for providing accurate registration information, including contact details, during the registration process.
* The Registrant has the authority to control and manage the registered domain name, including making updates to registration information, configuring DNS settings, and renewing the domain registration.
Registry:
* The Registry is the authoritative database or central repository that manages and maintains the registration records for a specific top-level domain (TLD). It is responsible for the operation, administration, and technical management of the TLD’s domain name system.
* The Registry operates at the top level of the domain name hierarchy and is responsible for the integrity, security, and availability of domain names within its TLD. It ensures that registered domain names comply with technical standards and policies established for the TLD.
Registrar:
* The Registrar is an accredited entity authorized to facilitate the registration of domain names on behalf of Registrants. Registrars act as intermediaries between Registrants and Registries, offering domain registration services to individuals, businesses, and organizations.
* Registrars interact directly with Registrants, assisting them in selecting, registering, and managing domain names. They provide domain registration services, DNS management tools, and customer support to Registrants.
* Registrars are accredited by domain name governing bodies, such as the Internet Corporation for Assigned Names and Numbers (ICANN) for generic top-level domains (gTLDs) and country-code top-level domains (ccTLDs). They must comply with accreditation requirements and adhere to domain registration policies and guidelines.
