Skype gives Swiss investigators a headache

Criminals are increasingly using the internet telephone service Skype to prevent their conversations being monitored, Swiss law enforcement officials have warned.

Investigators are currently pursuing dozens of drug-related cases where Skype has been used for communications purposes. But the firm is keeping quiet over the issue.

Skype software lets computer users talk to each other for free and make cheap calls to mobiles and landlines. But unlike other voice-over-internet services, its calls are heavily encrypted using complex mathematical operations that make them very hard to snoop on.

“Criminals know that the police have difficulties monitoring Skype,” said Christoph Winkler, a Zurich prosecutor in charge of drug-related and organised crime in the canton.

The fact that drug dealers use Skype is no accident, he added, as the police frequently have to resort to wiretapping in such cases.

For Bernhard Weder, who heads a federal working group examining how to monitor internet telephone calls, that criminal elements use the service is no great surprise either.

“It’s a problem for law enforcement agencies around the world,” he said.

Skype is not the first application for encrypted communications on the internet. But its system is particularly complex with calls passing through different servers dotted around the globe.

Skype communications zip around the internet encrypted with “keys” – essentially very long numbers. These numbers are 256 bits long – twice as long as the 128-bit keys used to send credit card numbers over the internet.

In theory Skype’s keys would take much longer to crack than 128-bit keys, which are themselves regarded as practically impossible to break.

According to Weder, the programming has resisted every attempt to be deciphered using a so-called “Reverse Engineering” programme.

“The software is extremely cleverly built,” he admitted.

Uncooperative?

Weder believes the company has the possibility of decoding calls and handing them over to the authorities, but claims it is fairly uncooperative. In one particular blackmail case he sought support from Skype, but “never heard back from them”.

The firm, meanwhile, rejects the accusation that it is unhelpful.

“The company is doing everything to cooperate at the legal and technical level with law enforcement agencies,” Skype claimed in a statement by its PR agency.

But cooperation is still difficult, said Stéphane Esposito, a chief examining magistrate in Geneva.

“Skype has good intentions, but they are outweighed by stronger commercial interests,” he added.

The Geneva authorities deal with around a dozen cases a year where criminals do business using the internet service – especially drug deals.

So for now the investigators’ only weapons to monitor the criminals are traditional tried-and-tested techniques to eavesdrop conversations – even if they are not via Skype.

swissinfo with agencies

Call Detail Record

A Call Detail Record (CDR) (also Call Detail Recording) or Station Message Detail Recording (SMDR) in the telecom sector is a file containing information about recent system usage such as the identities of sources (points of origin), the identities of destinations (endpoints), the duration of each call, the amount billed for each call, the total usage time in the billing period, the total free time remaining in the billing period, and the running total charged during the billing period. The format of the CDR varies among telecom providers or programs. Some programs allow CDRs to be configured by the user.

A CDR for a particular account can be downloaded at the request of the subscriber who holds that account. If the telecom provider supplies users with itemized bills, a CDR will show up in each bill, in a format similar to that of an itemized long-distance telephone bill supplied by a conventional telephone company.

In a telephone exchange, a CDR contains information about all the calls passing through the exchange. The CDRs are generated by Automatic Message Accounting (AMA) and processed by the operations support system (OSS).

A CDR File may contain more than one type of call traffic. For example, fixed line voice traffic and fixed line data traffic may be placed in the same file, but will be identified separately for rating purposes.

Call accounting software or communication management software is generally used to retrieve and process CDR data.

EMC and Intec and Sensage Technology to Identify Terrorist Activity in Call Detail Records

EMC Corporation (NYSE: EMC), Intec Telecom Systems (LSE: ITL.L) and SenSage, Inc. have pooled their resources to provide a comprehensive, cost effective solution to answer the mandates of the EU Data Retention Directive. The combined technologies tackle two issues. First, it provides telecommunication and Internet service providers with a lower cost means to manage communication records that support compliance with the Directive. Second, it enables law enforcement agencies to quickly access historical phone and Internet records to pinpoint and prosecute terrorist activity and other serious crime. The Directive states that all service providers must be compliant by August, 2007.

The EU Data Retention Directive was announced in March 2006. It requires telecommunications operators (Telcos) and Internet Service Providers (ISPs) to securely retain and be able to analyse traffic and location data related to; fixed telephony; mobile telephony; Internet access; Internet e-mail; and Internet telephony for up to two years. The Directive further requires that all service providers must produce answers to law enforcement inquiries without any undue delay. Millions of calls and connections occur each day equating to billions of records and terabytes of transaction data that must be securely stored and rapidly analysed.

EMC, Intec Telecom Systems and SenSage have developed a joint EU Data Retention solution that significantly reduces the cost of compliant data management for service providers. The combined technology completely supports the guidelines set out by the Directive and is able to cost-effectively manage and obtain results in minutes from over 100 billion Call Detail Records (CDR).

“The EU Data Retention Directive puts tremendous pressure and a clear timeline on Telcos and ISPS to meet security and investigation obligations,” said Fernando Elizalde, senior telecommunications analyst at Frost & Sullivan. “The newly developed technology offered by EMC, Intec Telecom Systems and SenSage supports the Directive mandates by providing a progressive, scalable platform, to cost-effectively manage the broad event data integration, storage and analysis requisites.”

“Telcos and ISPs will have to make significant changes to procedure, operations and current technologies if they are to meet the EU Data Retention and Privacy Directives,” said Terje Tondel, managing director of ETIS.org – the largest global IT association for telecommunication providers. “Our constituents have been advised to assess current resources and seek innovative solutions, such as that from EMC, Intec Telecom Systems and SenSage, which can minimise costs and expedite results that address these guidelines”.

The joint solution has been fully tested with sample CDR data from a leading telecommunications provider. The sample data, collected and processed through an Intec mediation platform, was cleansed, then subsequently randomised and replicated to generate the necessary volume. SenSage provides the scalable event data management platform that powers the collection, compression, management and high-speed analysis of the CDR data. Retention and online availability of the stored data is fully managed within an EMC Centeraâ„¢ storage cluster, which provides increased data integrity, protection, and availability capabilities. Intec Telecom Systems provided switch remediation expertise and design guidance. The Proof-of-Concept (POC) contains 100 billion records, representing 13 terabytes of raw compressed data. It is now maintained in an online, referenceable repository where complex analytics can quickly be performed to investigate criminal activity.

“The EU Data Retention directive increases the cost of doing business for Telco’s and ISP,” said Jim Pflaging, president and CEO of SenSage. “This joint solution offers the rapid response law enforcement needs in a highly secure system the public wants, at the lowest cost to the service provider.”

The joint PoC simulated retention of two years of CDR data of 10 million Telco subscribers. The system executed un-indexed queries at more than 27.9 million records per second and obtained answers in less than seven minutes within a three month search range. The combined solution achieved these results at a fraction of the overall cost when compared to that of conventional approaches, which rely on relational database management technologies and data archives. Detailed test results and estimates of cost can be found at http://www.sensage.com/eudrpoc.

Mark Thurmond, general manager of EMC Centera Division commented: “Being able to quickly and efficiently search massive amounts of data is pivotal to compliance with this EU directive. Without the storage capabilities to retain and manage that data, companies simply would not be able to achieve compliance, but working with SenSage means that organisations can choose a complete easy to use solution.”

The EU Data Retention technology is comprised of the SenSage scalable event data management platform, pre-defined reports that support directive guidelines and EMC Centera content addressable storage (CAS) to yield a high-performing, extensible and secure information lifecycle technology. SenSage is an EMC Centera Proven solution that transparently integrates with EMC Centera for fast, easy online data access with assured content authenticity and petabyte scalability. This product can be predictably expanded to meet varying Telco telephony, IP and messaging sources, data volumes and implementation requirements at the lowest cost.

The joint SenSage/EMC/Intec solution POC, housed in the EMC labs in Cork, Ireland, has been made possible by the efforts of a number of EMC Technology partners. The SenSage event data management platform leveraged leading edge technologies from Dell™ with their new range of Dual Core, Dual CPU PowerEdge™ 2950 servers containing the latest Intel® Xeon® 5160 “Woodcrest” processors and the latest 64-Bit version of RedHat® Enterprise Server 4. When coupled with the EMC Centera Content Addressed Storage via Cisco Catalyst 3750 high performance switch, the overall architecture provides the most price-performing solution stack to the issue of collecting, storing and analysing the vast amount of data required by the EU directive.

Peter Deane Managing Director of Intec’s EMEA operation added, “The solution provided by SenSage and EMC complements Intec’s experience in offering mediation and billing system technologies and services. We believe the three pronged combination of cost savings, manageability and scalability provides a compelling value proposition.”

“Telecom operators and ISPs will have to significantly enhance and broaden their data retention policies to adhere to the Directive – assuring adequate protection and guaranteeing that authorities can receive results to their queries in due time,” said Dr. Patrick Van Eecke, counsel and head of the Internet law group at DLA Piper Rudnick Gray Caryk UK LLP, Brussels. “DLA Piper asserts that the functionality offered by storage products, such as EMC Centera, and high performance event analysis solutions, such as SenSage, are indispensable in reaching these goals.”

About SenSage
SenSage Inc., the leading provider of scalable event data management solutions, empowers companies to readily respond to business-critical threats, conduct thorough and precise investigations, and maintain compliant operations. The company offers unparalleled performance and a scalable means for organizations to centrally aggregate, efficiently analyze, dynamically monitor and cost-effectively store massive volumes of event data. Based in San Francisco, CA, SenSage currently protects Global 2000 customers in financial services, government, healthcare, retail, manufacturing, telecommunications and technology. The company markets its product directly and through partners including Cerner, EMC, Hewlett-Packard, IBM, Sendmail, Tokyo Electron and Lockheed Martin. For more information, visit www.sensage.com.

About EMC Corporation
EMC Corporation (NYSE: EMC) is the world leader in products, services and solutions for information management and storage that help organizations extract the maximum value from their information, at the lowest total cost, across every point in the information lifecycle. Information about EMC’s products and services can be found at www.EMC.com.

EMC is a registered trademark and Centera is a trademark of EMC Corporation. All other trademarks are the property of their respective holders.

About Intec Telecom Systems
Intec (LSE: ITL.L) supplies billing software solutions to over 60% of the world’s top 100 telecoms carriers and is one of the world’s fastest growing BSS/OSS (business and operations support systems) vendors. Intec’s 400 customers include BellSouth Telecommunications Inc., Cable & Wireless, The Carphone Warehouse (UK), China Unicom, Deutsche Telekom, Vodafone, Virgin Mobile, Vivo and Verizon. For more information, visit the Intec website at www.intecbilling.com.

All names and marks referenced herein are the property of their respective owners.

Spatial Analysis of GSM Subscriber Call Data Records

Spatial Analysis of GSM Subscriber Call Data Records

By Ireti Ajala , MTN Nigeria Communication Ltd.
March 07, 2006

Classified Ads:

Need OGC® SDI 1.0 for your ArcGIS® desktop? Try CarbonArc PRO from The Carbon Project.

The Experience of MTN Nigeria

The most valuable asset of many companies is not their products or services, but their data. This is particularly true in the communications industry. Trapped inside the customer billing systems is a gold mine of data that holds the key to customer retention, reduced expenses, customer self-service and overall competitive advantage.

In the mobile communications networks, the core business is selling airtime to subscribers. All the information about that airtime is tracked through call data records, or CDRs. CDRs are used to bill customers. Because of the huge amount of data that would need to be processed, they are usually not analyzed to add business value. However, with shrinking margins and increasing pressure to improve revenues, operators now are looking closely at ways to use these data to their advantage.

GIS is one powerful tool that can be used to analyze CDRs, allowing the operators to see a precise, up-to-date picture of the entire network and to better understand the calling patterns of their subscribers, with a view to knowing their networks better and offering subscribers customized services, and hence increasing revenue.

This article describes how MTN Nigeria has been using GIS to investigate the relationship between the geographic spread of subscribers, using CDRs and network stipulated key performance indicators (KPIs) like traffic.

A CDR is generated at the switching center of a GSM network each time a successful call goes through. The switching center generates huge volumes of these records, sometimes running into terabytes. It is therefore a serious challenge to analyze these raw data to enhance the making of informed decisions.

CDRs can be analyzed based on the location of subscribers, cells, market share, handset usage, etc. Unlike other network monitoring statistical analyses that attempt to analyze the network purely from radio or engineering points of view, CDRs are analyzed principally from the subscribers’ points of view, and we use GIS to do this. In telecommunications, “where” is everything, which is why GIS is a very useful tool in telecommunication – more than half of all decisions made in telecommunications are geographic in nature.

GIS and CDR Analysis
Using a map to analyze CDR data can provide a dramatic improvement over traditional row-column methods, allowing operators to see a precise, up-to-date picture of the entire network, and visually identify the location of subscribers, or the most profitable cell in the network in terms of the amount of time spent originating calls.

Some time ago at MTN Nigeria, we undertook to understand the geographic spread of our subscribers based on their most used cell during working hours over a period of one month. We knew that the engineering network-monitoring tool could achieve this, but we were interested in looking at this issue strictly from a subscriber’s point of view, and hence we decided to use CDRs for this analysis. By looking at CDRs, we can understand activity per customer.

We were particularly interested in understanding the geographic areas within our network where there exists a correlation between subscribers and traffic generated. This became important to us because it was noted that some places have large numbers of subscribers but generate only relatively smaller amounts of traffic compared to other places. From our previous studies of our network, we have come to understand the fact that the number of subscribers in most places is not necessarily proportional to the amount of traffic generated; however some areas within our network are exceptional. This new study will help us to continue to locate these exceptional places, as they portend huge sources of revenue for us.

To achieve this goal of this study, we decided to produce two maps to do a comparative analysis – one map showed the geographic spread of our subscribers and the other showed the geographic spread of traffic generated across the network for the same area. We believed that overlaying these two maps would give us a tool that would help us better size our network.

The data requirements for this analysis are as follows. Each is described below.

1. Summary CDR data
2. Equal Power Boundary Areas (EQBAs) or predicted coverage arrays
3. Vector map layers

Summary CDR
The CDR server architecture differs from one operator to the other depending on the CDR analyzing application used (see Fig. 1). At MTN, an Oracle 9i database is used for this purpose. It provides a very flexible architecture for data storage and access.

The database can be accessed in real-time using an application server, or queried by customer applications such as a billing system, or accessed by a reporting tool such as FACTS Reports. A listener application (a set of tools that allow the operator to pull data directly from the database) is co-hosted with the database server running on the data layer. It collects the data posted by the probes and then updates the database using the collected data

The raw CDRs generated at the switch are called the Toll Ticket File, or TT File for short, and are processed into summarized CDR tables. These summary tables make it possible to aggregate all activities on the basis of the serving cell. It is therefore possible to give a figure for the total number of subscribers and the hours spent on each cell. We accumulated the summarized CDRs generated over a one month period based on subscribers’ most used cells during the working hours and their most used cells during non-working hours.

These data formed the basis for the attribute table required for the GIS application. Table 1 (below) is a sample of the result of a query to find the number of subscribers making calls using each cell as their most used cell over a period of one month and the amount of time spent originating calls.

EQBAs or predicted coverage arrays
EQBAs are geo-referenced polygons that represent the radial distance of the signal from the serving cell, based on radio’s interaction with the environment. The planning tool combines a number of coverage predictions into a raster surface, which contains the best coverage values for each location, as well as other information regarding the serving cell. The EQBAs formed the spatial layer used for this particular application.

Vector map layers
Vector layers like city street maps and point location layers were used to further track subscriber behavioral patterns down to the micro level. These helped us to associate geographic areas to the aggregated CDR tables and further helped in understanding what was happening where (see Fig. 3).

Since this analysis used data from a period of one month, it was not necessary to create dynamic maps that showed subscribers’ movement patterns every hour.

The key to joining the EQBAs with the CDR Summary table is the “cell ID.” The cell ID uniquely identifies each EQBA polygon, and is used in the CDR table as well. It was used as the primary key to join the two databases using a simple SQL script. Once this joining had been accomplished, a thematic map, based on realistic range categories, was created that gave insight into the geographic spread of subscribers (see Fig. 3)

The map below (Fig. 4) was produced in September 2005 to show the geographic spread of our subscribers across the Lagos metropolis during working hours. The darker the patch, the more concentrated the subscribers around that particular area.

A similar map (see Fig. 5) was produced for the same area based on call traffic generated. When this traffic was compared with the subscriber thematic map, it was interesting to note that in some cases, the number of subscribers was directly proportional to the amount of traffic generated; examples of such places are Alaba International Market and Victoria Island. This makes sense, because Victoria Island is the economic capital of corporate Lagos, while Alaba is one of the most important commercial centers in West Africa, where people come from different parts of Africa to buy both household and industrial electrical appliances. We also noticed a common patch at Ajah, which is becoming one of the fastest growing suburbs in Nigeria. It is estimated that a new house is occupied in Ajah every four hours, and this has been going on for the past three years. We were really excited by this result as it showed that for certain areas in Lagos, a high concentration of subscribes did indeed yield high traffic. However, we wondered if we could assume this condition applied everywhere in Lagos. From the study, we further discovered that in most places, this rule of thumb was not applicable. We thus learned that we couldn’t assume this general rule – many subscribers equals high traffic – applies to the entire network; we would have to take each area on an individual basis.

We were really excited by the result of this analysis and thought it would be interesting to compare the map of calling congestion with the geographic spread of subscribers to see if a large concentration of subscribers had lead to congestion. The result of this second analysis was quite interesting because a large chunk of signaling network resource is usually wasted on a phenomenon called “flash.” A flash, as commonly used in Nigeria, describes a situation whereby a subscriber initiates a call and quickly cuts it before the called party can actually pick it up. People use “flashing” to tell the person they’re calling, “Hey, I am trying to call you but I do not have enough credit to call, so could you please call me?” Most times, the called party will usually respond by calling. So flashing does not last for more than a few seconds but it does rob subscribers who want to make legitimate use of network resources. We discovered that incidents of congestion usually happened where there was a large subscriber base. However, we also discovered that, as simple as this analysis was, we still could not assume it applied everywhere in the network – like the first analysis, we learned we need to take each geographic location on an individual basis.

The above are just two examples in which we have been using GIS to analyze CDRs to our advantage. We have also used the combination of GIS and CDRs as a marketing tool (gathering business intelligence about competitors), network resource dimensioning tool, revenue assurance tool, handset performance and penetration analysis tool, a site selection tool (siting customer care centers), and a routing tool, to mention just a few applications. Comparing the analysis from CDR with other Engineering network monitoring statistics can provide a dramatic assistance to the operator in understanding the network better, with a view to providing unprecedented quality service to the subscribers. This can constitute the leading edge in a highly competitive industry such as the telecommunication industry.

Caveat
The views contained in this article are not those of MTN Nigeria Communications Limited or those of its Management or Board of Directors.

Reference
Ernest C.A. Ndukwe (Nigeria Communication Commission’s Executive Vice Chairman -2004) Welcome Address at the commissioning of the Digital Bridge Institute, Utako.

Sue Marek (2004) Plugging Revenue Leaks.

A Communication Data Storage (Intellectual Property Digital Library)

Surveyor Product Overview (CDR Analyzer –from GL Communication Inc.

CDRLive Product Overview (A CDR Analysis and Warehousing application from LGR Telecoms)

P.A. Burrough (1993) Principles of Geographical Information Systems for Land Resources Assessment

Ireti Ajala (2005) GIS and GSM Network Quality Monitoring: A Nigerian Case Study

Ireti Ajala (2003) The role of GIS in business decision making process of locating Customer Care Centers using GSM subscriber distribution analysis

Ireti Ajala (2003) GIS – A decision making tool – The Experience of MTN Nigeria

Your Comments Post a comment All comments provided in this section are those of the individual who has created the post. These are not the opinions of Directions Media, its editors, staff or owners unless otherwise noted. Directions Media retains the right to edit or delete any comments posted herein.

Apprciation (#1) by Adetunji Adebayo, Spatial Decision Solutions Ltd     Date: March 17, 2006 19:25 PM

I found this article quite interesting. I never thought even for a second that your company uses GIS this much. This is great. However, i was just wondering, what role population density analysis plays in further analysis of CDRs. Again, how does MTN use demographic data in your roll out initatives? I will be interested in finding out other ways you have been using GIS in a GSM environment. Thanks for sharing this article.

outside the technical details (#2) by temitope osho, apbe trade& logistics     Date: March 22, 2006 01:44 AM

I have read with interest this beautiful piece of analysis. But i am less convinced about MTN and its social responsibities to the Nigerian commmunity. It is Sad daily that MTN which is an Advance technological endowed company would profit from sales carried out by kids hawking, obstructive traffic sun beaten youth, and the desguised unemployment umbrella shades. where a nigerian proudly holds a phone he cannot make a call with. Using a strange number for GSM link with another with his phone in his pocket.

Spatial Analysis (#3) by Onyewuchi Obirieze, GeoHealth & Solutions Consultants     Date: April 19, 2006 11:57 AM

Ireti, I welcome your emphasis that core business is underpinned by data. I am equally impressed that you and your team have mobilised resources to capture and format data for both legacy and reusable delivery. Map is a powerful tool for decision at all levels especially for users. GIS/geospatial analysis is one way of bringing expectation, decision and implementation together. You have sold data and knowledge excellently. This is an interesting news!

Responding to Onyewuchi Obirieze’s mail (#4) by Ireti Ajala, MTN Nig     Date: May 5, 2006 03:22 AM

Thanks. We will continue to research into how GIS can be used in other areas to help us make informed technical and business decisions especially in our field. Thanks so much once again

Responding to Temitope Osho’s mail (#5) by Ireti Ajala, MTN Nig.     Date: May 5, 2006 03:37 AM

I am glad that you read the article with interest. I am not in position to answer some of the issues you raised regarding MTN’s social resposibiltes since i am just a technical specialist, but i was just wondering what those kids were doing before MTN came to Nigeria

Nice Work (#6) by Kole Adeleye, MTN Nigeria     Date: May 6, 2006 12:12 PM

Hi, I have gone through some of your publications and I must commend your ingenuity. Your publication has provided an insight of how importance GIS is to the GSM industry. Keep us informed always. Cheers

Courts Cast Wary Eye on Evidence Gleaned From Cell Phones

Annalee Newitz 05.10.07 | 2:00 AM

The afternoon of Sept. 18, 1993, someone set fire to a notorious Los Angeles drug house near the University of Southern California, killing an addict. Four years later, R&B singer Waymond Anderson was convicted of the murder, based on the shaky testimony of two eyewitnesses, and on a third, silent witness whose implacable digital testimony the defense didn’t dare challenge: Anderson’s cell phone.A police forensics expert told the jury that call logs proved Anderson was in the neighborhood at the time of the murder, and that he even made a phone call through a cell tower located just a quarter-mile from the blaze. Anderson’s lawyer didn’t attempt to question what was then bleeding-edge scientific evidence. “Nobody challenged the officer in the investigation,” says David Bernstein, Anderson’s new attorney. “Probably because cell phones were such a new technology.”

Now down 13 years on a life sentence, Anderson has his first shot at freedom. The two eyewitnesses have recanted. And using information about cell-phone tower locations with some sleuthing on MapQuest, Bernstein recently showed an appeals court that Anderson’s cell phone was in a car driving away from the site of the crime at the time the arsonist was splashing gasoline around the converted garage. The closest transmitter the phone passed was a mile away from the crime, not a quarter-mile as the police claimed; and by the time the fire was hurling black smoke into the south Los Angeles sky, Anderson’s phone was linking with a different transmitter six miles away, in Chinatown.

Based on this new information, a three-judge panel of the California 2nd District Court of Appeal ordered the case reopened last month, and gave the Los Angeles court that convicted Anderson until August to hold hearings on the new evidence, or release Anderson.

The Anderson appeal may be the first chink in the formerly invincible armor of cell-phone forensics at trial. Over the past decade, law enforcement at all levels has been turning to mobile gear for crucial evidence in criminal and civil investigations. “One of the first things that’s looked at is a cell phone now,” explained National Institute of Standards and Technology researcher Wayne Jansen. But with unclear forensic standards for gathering such evidence, and investigators often resorting to ad hoc tools and procedures, cell data seems likely to face new hurdles in the courtroom.

It’s easy to see the appeal of cell-phone evidence. The memory cards in the phones are packed with useful information: everything from contact lists and SMS messages — including deleted text — to call logs, and data about locations where the phone has been, all of which can be readily accessed with the right software and a court order. And with the advent of camera phones capable of snapping photos and saving short video snippets, the cell phone is morphing into a one-stop multimedia evidence kit.

“People seem to take joy in recording their crimes to their mobiles,” said Lester Wilson, managing director of Crownhill, a company that makes a forensic tool for snarfing evidence off SIM cards in cell phones. “Anything you can think of — street robbery, kidnapping, sex crimes — they’re taking pictures,” said Wilson, whose work for the London police has required him to extract data from SIM cards “covered in blood, or bitten.”

In 2005, two high-profile murder cases were solved with cell evidence. Piper Roundtree was convicted of killing her ex-husband after examination of her phone placed her in his vicinity at the time of the murder; and Daryl Littlejohn, a New York City bouncer, is charged with murdering student Imette St. Guillen after his cell showed that he’d made a call on the night of the murder near the spot where police later located the body. And it’s not always the perp whose phone holds the evidence, said Wilson. “Say you find a dead body in a river. Using forensic techniques on their mobile, you can locate where they were thrown in the water, because that’s probably the moment the phone stopped working.”

According to the GfK Group, an international market-research organization, 1 billion cell phones were sold worldwide in 2006 — up from 812 million in 2005. Shadowing that growth is a niche industry specializing in selling mobile-forensics tools to police and others. Amber Schroader, CEO and chief architect at Utah-based Paraben said her company’s most popular product is such a tool, called Device Seizure. “We sell hundreds of units per month, mostly to law enforcement,” she said. Using Device Seizure, or dozens of other software packages like it, law enforcement officers can instantly drag and drop data from phones into tamper-proof evidence files.

But many of the tools that investigators use to extract evidence are not designed to be forensically sound; put simply, they don’t always have built-in features to prevent evidence tampering. Oxygen’s Mobile Phone Manager is a phone-syncing tool that was used for at least two years by law enforcement to gather evidence. But it wasn’t until April that the company released a tamper-resistant “forensic” version of the software that saves a cryptographic hash of the data it sucks from a cell phone, allowing investigators to later verify that nothing’s changed.

How did Oxygen’s law enforcement users secure the chain of custody in data before Oxygen Forensic? Company spokesman Oleg Fedorov wrote in e-mail, “I can’t say precisely how they protected data from tampering. I can only suggest they didn’t change any information and didn’t press the ‘Write’ button.”

Another problem is that the market is glutted with so many different types of cell phones, so there will always be some models for which no existing forensic tools work. In that case, “Sometimes the best tools are hacker tools, as long as they’ve been thoroughly examined and reverse-engineered,” said Jansen, who helped write NIST’s official recommendations (.pdf) for documenting the chain of evidence and creating tamper-proof files when searching a cell phone.

Even the best forensic practices will face a daunting challenge as more complex mobiles become vulnerable to tampering before they’re seized as evidence. It’s relatively easy for an adversary with a bluetooth device to plant new addresses in a bluetooth-enabled phone’s contact list, or even place bogus calls from the phone. Keith Thomas, a cell-phone forensics expert with First Advantage Litigation-Consulting, said this is where the real problem for investigators will begin — when courts start to realize that evidence from cell phones isn’t any more foolproof than what’s found on computers.

“There is always a question about who put stuff on your computer,” Thomas said. “But on a cell, it’s nothing but personalized — you can get the telephone numbers the person called and verify when that person was on the phone. For right now there are less questions about who had access to the phone.” But, he acknowledged, there will be more, “as soon as people realize there are other means of putting data on the phone.”

IPhone Tantalizes, Frustrates Forensics Experts

By Cathy B. Almeida 08.23.07 | 2:00 AM

Connecting the iPhone to a laptop through a USB write-blocker is one way to forensically examine the device.
Photo: Derrick Donnelly, Blackbag Technologies

Technophiles may love the iPhone, but you criminals? Watch out. The iPhone may reveal more about your misdeeds than you realize.

Derrick Donnelly, chief technology officer of Blackbag Technologies, a Silicon Valley-based company specializing in Apple forensic solutions, is tempted by the rich array of potential evidence an iPhone might contain.

Will its data favor the defense or the prosecution? “There is more information in there than your average cell phone,” explains Donnelly. “The ease of use lends itself to more use … and more use creates more artifacts.”

The iPhone’s web, e-mail and phone functionality — combined with its 4- or 8-GB storage capacity — means it can serve as a window into the personality, lifestyle, social circle and actions of the user. “Even though there might not be a smoking gun right in there,” explains Donnelly, “a lot of these smaller pieces could add up to a bigger piece that could lead you to further evidence.”

But not every forensics expert is convinced. “The iPhone is evil,” says Amber Schroader, CEO of Utah-based Paraben, a leader in digital-forensics software development. “It’s Mac OS X, and it’s a completely closed system.”

In other words, it’s not easy for a forensics team to guarantee that the data extracted from an iPhone has not been tampered with. The result is that juries may find reasonable doubt in how that data was extracted.

The digital-forensics industry is dominated by PC experts, mirroring the larger percentage of PC users in the marketplace. Mac forensic analysis is considered a highly specialized service. “To know the iPhone is to know the Mac or vice versa,” explains Donnelly. “Because it’s a different file system and a different operating system, right off the bat the things you’re usually looking for are not in the same places and they are in a very, very different format.”

But even Mac experts like Donnelly are struggling with how to get the data off the iPhone’s closed system without altering the data by turning on the device. Currently, the iPhone is not compatible with existing forensic software and data-extraction systems. Forensic experts may be left with old-school techniques like photographing data as it is displayed on the screen itself — as if it were a yellow-taped crime scene.

Finding a laptop or desktop computer on the scene could help significantly. “You might not be able to get the information off the iPhone,” says Donnelly, “but you may be able to get other devices that the iPhone was connected to.” If the user had uploaded their phone’s data, analysts may find copies on the linked computer.

The vast amount of personal data the iPhone can store and personal habits it can track means it has the potential to say a lot about the user. But the first challenge may be getting this closed-mouthed phone to talk.

Cómo sobrevivir a la SGAE

 Leo el libreo de Arturo Quirantes. Es totalmente gratuito y recomiendo su lectura.

Aquí tines el enlace: Cómo sobrevivir a la SGAE

Ver estos enlaces:

 http://cripto.es/foro/index.php

http://www.comosobreviviralasgae.es:80/

http://www.cripto.es/informes.htm

http://www.cripto.es/informes/info016.htm

http://www.cripto.es/informes/info018.htm

http://cryptome.org/dst-2.htm