The internet is now part of almost all investigations, bringing significant new complexity to gathering evidence or conducting covert activity. Consequently, internet-based investigations create a whole new category of risks. Just as detectives work in plain clothes and drive unmarked cars, it is often important to avoid identification as a law enforcement officer when investigating online. This is often called being “non-attributed,” but is more accurately labeled “misattributed” or “anonymous.” A common method for conducting these investigations is to use a dedicated laptop connected to the internet over personal WiFi. Unfortunately, this is an unsafe way to operate, with significant risk of identification, location exposure, content blocking, and infection.
When you are active online, your computer reveals a consistent fingerprint. A website automatically knows your operating system, what browser you are using, any plug-ins you’ve installed, language capabilities, and much more. Websites can use this information to profile and track their visitors. Some investigators will try to provide fake information to disguise their fingerprints, but the underlying information is still discoverable. Inconsistent settings can cause an investigator to look even more suspicious to a target website.
An investigator’s identity or apparent location can affect their ability to gain access to a target site or see the same content as visitors from the site’s host region.
We know that websites can restrict content or serve up entirely different or fraudulent content if the user’s traffic is originating from a certain region or organization. Investigators often try to avoid this by tethering the stand-alone laptop to a WiFi hotspot that is not affiliated with the organization. However, while this method prevents the investigator from being trivially tracked back to the organization’s network, it does not prevent content blockage or misinformation from the target website. Without rigorous care and OPSEC, the WiFi can quickly be associated with the organization anyway.
Gathering online research about criminal organizations often leads investigators to websites that contain malware designed to target and profile the site’s visitors. This is an unavoidable risk. Using a standalone laptop will protect the agency’s network, but consistently using the same, possibly infected, laptop across multiple investigations jeopardizes the investigator’s mission. Disposing or re-imaging the laptop after each use is the only way to ensure that anything malicious picked up during the course of investigation is destroyed. But, this option is not practical and wastes valuable time and money.
To effectively protect their online investigations, law enforcement agents need more robust capabilities and overall protection than any stand-alone solution can provide.
Adversaries are becoming more sophisticated by the day, and remaining cover-consistent is increasingly difficult. Only a properly designed, virtualized, and isolated investigation platform can address these issues, ensuring both safe and effective online activities.
Ntrepid’s Passages and Nfusion provide much more powerful and scalable online investigation and research solutions for law enforcement. These products mitigate against all the risks of using a stand-alone laptop, and negate the need to procure additional hotspot internet services. Additionally, Nfusion can be used by an investigator and then reassigned to a new investigator with no risk of cross contamination of data from prior investigations. Both Passages and Nfusion come with full support from Ntrepid on a 24×7, 365 day basis. Ntrepid also employs a Network Operations Center (NOC) that maintains the uptime of all of our products and Geosites. Ntrepid also provides customers with account managers to train and troubleshoot any issues among users. Our products come with turn-key support and would eliminate the need for law enforcement agencies to augment their staffing to support these solutions.