Blue Chi’s

As I mentioned in my previous post, I am attending a workshop on Cybercrime this week. The event is organised by the American Bar Association (ABA) in association with the Ministry of Justice in Oman. The background of the attendants was very diverse, the group of 40 included judges, people from the Public Prosecution, the Ministry of Legal Affairs (Us!), the Royal Office, OmanTel, the Telecommunication Regulation Authority, and some other people that I did not recognise. The speakers were members of various American State Police divisions and the US Secret Services.

The event started slow, we had a general introduction on the global perspective of cybercrime and the impact of Internet on our daily lives, the web explosion upon the creation of the first Internet browser, the opportunities opened by web enabled technologies on consumers and businesses worldwide. The massive amount of spam received by American Internet users and the substantial increase in percentage of porn spam over the years. The fact that the US is the biggest consumer of child porn and that it is the biggest fighter of it as well. The solution taken by some countries to block and filter all child porn websites and that it is fine temporarily, but will prove ineffective on a long term.

The main subject of the session for day one was a description of the technical aspects of electronic investigation, it was delivered by Rich Brown from the New Jersey State Police. The session described in detail the process used to extract information from the Internet regarding the source of a website, its owner and the information regarding the service provider. The largest chunk of the session covered the use of whois services to retrieve IP and ISP details, using DNS search services and traceroute services to track down the location of an IP address. Dissection of a standard HTML page was also tapped upon, accessing the HTML source code, using the page metadata, disabling JavaScript for better access of the page contents. Examples were displayed for both Internet Explorer and Firefox. (Though clearly all the screenshots were taken using Firefox.) Email investigation was also covered, accessing the full header and acquiring the fully qualified domain name to track the source of a message. The session also covered the procedure at which evidence should be collected from a suspect’s location of operation, tools and programs used to extract data from hard drives without altering their content and other specific of how evidence should be packed, etc.

The session also described the method at which P2P and BitTorrent applications work and the difficulties BitTorrent introduced at various aspects of the investigation as a person could contribute to
the distribution of an illegal file without having the full file himself.

The session was clearly directed for those interested in the process of investigation and the police process in taking action, it had almost no legal point to make, though it did attempt to explain the various Internet technologies presented, their function, and who does what while the service is provided which was helpful to many of those that would rule in internet related cases and would contribute to the drafting of e-legislation. I thought that the session was too technical for those that had no background on how the Internet works and at the same time was too basic for those that already knew what a whois service is. The whole event was about the investigation of criminals of child pornography, the speaker did not seem to realise that there is no distinction in Oman between adult and child pornography as they are all prohibited to the same extent. I think that he had no idea that the only ISP provider here is partially owned by government, and that almost only government websites are actually
hosted ‘in’ the country.

A major problem that we faced was the fact that he gave the opportunity to people to ask random questions all through out the lecture, not only that they did not wait to hear the whole thing before asking questions which they might’ve heard the answer for if they just let him finish off, but because of those questions, we did not have time to finish the whole subject and ended up skipping a great part of the content we were supposed to cover.

That is not to say that the session was not interesting, but I still cannot deny the fact that I personally did not learn much as everything I heard was things I already knew or had a very good idea about. The food was really good as well, so that’s a great plus for them for sure!

Looking forward to day two.