Cyber Intelligence is to cyberspace what espionage and counter intelligence is to the real world. It can help combat viruses, worms and trojan horses as well as protect secure networks from the threats poised by hackers, criminal elements, and terrorists. An important part of cyber intelligence is to monitor these threats and take whatever action is required to protect the interests of clients. —Dr. Gert R. Polli
In less than two decades, advances in information and communications technologies have revolutionized government, scientific, educational, and commercial infrastructures. Powerful personal computers, high-bandwidth and wireless networking technologies, and the widespread use of the Internet have transformed stand-alone systems and predominantly closed networks into a virtually seamless fabric of interconnectivity. The types of devices that can connect to this vast information technology (IT) infrastructure have multiplied to include not only fixed wired devices but mobile wireless ones. A growing percentage of access is through always-on connections, and, users and organizations are increasingly interconnected across physical and logical networks, organizational boundaries, and national borders.
As communications have shifted from one-to-one connections to a world of limitless internet applications; law enforcement agencies (LEAs) and national government agencies need to be able to collect and monitor high volumes of data and have systems capable of extracting intelligence from this data in time frames permitting counteractions to protect national assets.
This article is addressing the needs of LEAs and Lawful Interception agencies (LIAs) working within the ambit of national and local state government laws and standards.
Technology Trends Assisting Anti-National and Terrorist Elements
Digital communication has changed criminal behavior by removing time zone and geographical barriers and increasing opportunity for anonymity. The ability to lawfully intercept, visually reconstruct and analyze digital communications is now a critical capability a LEA should posses. Key areas of concern include:
- The increasing complexity of IT systems and networks, which present mounting security challenges for both the providers and consumers.
- The evolving nature of the telecommunications infrastructure, as the traditional phone system and IT networks converge into a more unified architecture.
- The expanding wireless connectivity to individual computers and networks has evolved into hybrid or all-wireless network environments.
- The increasing interconnectivity and accessibility of (and consequently, risk to) computer-based systems that are critical to the country's economy, including supply chain management systems, financial sector networks, and distributed control systems of Defense establishments.
The breadth and increasingly global nature of the IT supply chain, which will increase opportunities for subversion from attackers within and outside the country.
Lawful Intercept Solution
A desirable intercept solution should be capable to meet the test of time, rising to meet the challenges of each new communications technology as it emerges. It should be designed for real time communication intercepts, and its portfolio of supported technologies should include VoIP, wireless data, WiFi, Wi-Max, broadband, satellite and 4G/LTE wireless. Bulleted below is the must haves of intercept technology requirements for LIAs:-
- Designed to interoperate with multiple technologies simultaneously.
- Scalable to easily meet additional intercept requirements.
- Extensive list of global delivery standards.
- Capable to support license based upgrades to prevent need to swap out equipment.
- Operate on COTS equipment.
- Support for advanced VoIP call flows.
- Monitoring, Data Discovery and Communication Analysis.
In today's cyber world, lawful interception and data discovery is critical to a LEA's or intelligence agency's ability to detect, prevent and prosecute terrorist and criminal activity. Regardless of what device, application, or network type today's terrorist or criminal use, the solution should be capable of supporting a wide range of protocols, applications and communication methods from voice and ip data, 2G to 4G/LTE mobile networks, traditional voice to VoIP.
Law enforcement agencies require a monitoring and analysis solution that leaves "no packet unturned", storing standards-based intercept traffic, building relationships between targets and associates, charting target activities, mapping locations and generating evidentiary reports and media. Provide law enforcement the capabilities to correlate relevant communications intelligence from call detail records to IP data records, webmail, and web search to social media use - all designed specifically for law enforcement.
- Cyber Monitoring: Enable proactive monitoring of specific behavior within cyber communications which match LEA or intelligence-directed collection requirements. These capabilities can serve the needs of the Monitoring Center or the broader needs of advanced IP data intelligence and law enforcement analysis teams;
- Visualization and Reconstruction: Provide the accurate reconstruction of intercepted voice, text and Internet activity such as micro blogging, social networking, webmail and chat exactly as they were created in real time;
- Analysis: Enable the correlation of intelligence from Internet Protocol Data Records (IPDR) and Call Detail Records (CDR) to full communications' content. Use analysis capabilities from advanced link analysis to correlated location (Call Detail Record, ping, IRI location) analysis to expose hidden relationships, associate suspicious communication behaviors to specific identities, and help identify new suspects. This enables cutting-edge analysts to correlate actors, time, and location, to find associates in, preparations for, and the commitment of a multitude of crimes;
- Threat discovery: Provide high-capacity access, mediation, data storage, retention, and extraction of country-wide metadata - particularly IP data records (IPDR) as well as CDR - at speeds necessary for national level analysis to uncover unknown threats.
Today's IP based communication systems have enabled many new services for users and this shift has created tremendous challenges for LEAs to follow their suspects and for service providers to continuously comply with national security laws.
The rapid growth of IP communications like webmail, chat social media along with emergence of voice-over-Internet-protocols (VoIP) telephony and ipv6 necessitates solutions that can evolve as network evolve. Today's solutions must enable telecom service providers to maintain their return on investment for compliance and also enable LEAs and national government organizations to be effective when tracking criminals and criminal actions facilitated or perpetrated on line.