Internet File Transfer and Tracking

views updated

Internet File Transfer and Tracking

The Internet allows data, files, and other information to be carried between computers through various sets of rules. For instance, electronic mail (e-mail) uses the Simple Mail Transfer Protocol (SMTP), the Web uses HyperText Transfer Protocol (HTTP), and file transfer uses the File Transfer Protocol (FTP). However, these transfers are not distinct. For example, files can be transferred within e-mails.

Thus, files can be transferred over the Internet through e-mail messages and through the use of FTP programs. Internet messages (e-mail, instant messages, and similar activities) and file transfers leave an electronic trail that can be traced, or tracked. Tracing (what is also called Internet file tracking and profiling) is a process that follows the Internet activity backwards, from the recipient to the user. As well, a user’s Internet activity on Web sites can also be tracked on the recipient site (i.e., what Web sites are visited and how often, the activity at a particular site).

The process of tracking assembles and analyses events in order to gain information about patterns of activities of the original user. For instance, if a music company wants to know where young adults are going on the Internet to listen and download music, it could track such activities of users. This organization, and others, use the profiling of people’s Web browsing (looking and searching) and collect the identifies of the Web sites visited by their targeted users. The profiling does not always identify individual users but only general characteristics valuable to the organization. Sometimes this tracking and tracing ability is used to generate e-mail to the user promoting a product that is related to the sites visited. User information, however, can also be gathered covertly.

“Phishing” is a computer term that is used to define people who fraudulently try to acquire personal or sensitive information through the Internet, such as credit card information, passwords, and user identifications. Phishers use such information to defraud their victims. They often act as legitimate individuals or organizations that are using emails or instant messages to correct a problem or resolve an issue that requires information be sent back through the Internet. With large amount of phishing occurring in the 2000s, many countries have enacted legislation, or are in the process of enacting legislation, to control phishing. Many public-service organizations have instituted educational programs to help make the public aware of the problem.

Techniques of Internet tracking and tracing can also enable authorities to pursue and identify those responsible for malicious Internet activity. For example, on February 8, 2000, a number of key commercial Internet sites such as Yahoo, Ebay, and Amazon were jammed with incoming information and rendered inoperable. Through tracing and tracking techniques, law enforcement authorities established that the attacks had arisen from the computer of a 15-year-old boy in Montreal, Canada. The youth, whose Internet identity was Mafiaboy, was arrested within months of the incidents. Now, in the 2000s, Internet tracking by law enforcement officials has gained strength in the area of pornography and, especially, in the area of pedophilia (the crime of sex against children). In addition, the war on terrorism has promoted the use of Internet tracking of radical terrorist Web sites. For instance, Aaron Weisburd, founder of Internet Haganah (Carbondale, Illinois), has turned in hundred of Web sites to the United States intelligence community that were perceived fronts for active terrorist cells.

Law enforcement use of Internet tracking is extensive. For example, the U.S. Federal Bureau of Investigation (FBI) has a tracking program designated Carnivore. The software came from a previous FBI project called Omnivore, which began in February 1997. The program is capable of scanning thousands of e-mails to identify those that meet the search criteria. After negative press coverage of Carnivore, the FBI changed its name to DCS1000, (Digital Collection System 1000). DSC1000 consisted of Carnivore, Packeteer, and CoolMiner. However, as of 2005, the FBI had terminated its DSC1000, and began using commercial software instead.

Tracking tools

Cookies

Cookies (sometimes called HTTP [hypertext transfer protocol] cookies or Web cookies) are computer files that are stored on a user’s computer during a visit to a Web site. When the user electronically enters the Web site, the host computer automatically loads the file(s) to the user’s computer.

The cookie originated with Netscape Communications in 1994 when Lou Montulli and John Girnnandrea wrote the first cookie (what they called magic cookie) to check whether visitors to the Netscape Web site were repeat or non-repeat visitors. Cookies were first incorporated into Microsoft’s Internet Explorer in October 1995 with the release of version 2. Users were unaware of cookies until an article was written about them in the February 12, 1996 issue of the Financial Times. The U.S. Federal Trade Commission began investigating cookies in 1996.

The cookie is a tracking device, which records the electronic movements made by the user at the site, as well as identifiers such as a username and password. Commercial Web sites make use of cookies to allow a user to establish an account on the first visit to the site and so to avoid having to enter account information (i.e., address, credit card number, financial activity) on subsequent visits. User information can also be collected unbeknownst to the user, and subsequently used for whatever purpose the host intends.

Cookies are files, and so can be transferred from the host computer to another computer. This can occur legally (i.e., selling of a subscriber mailing list) or illegally (i.e., hacking into a host computer and copying the file). Also, cookies can be acquired as part of a law enforcement investigation. Based on a survey of 1,555,802 sites, 18.1% of servers were found to be sending cookies along with a Web page.

Stealing a cookie requires knowledge of the file name. Unfortunately, this information is not difficult to obtain. A survey conducted by a U.S. Internet security company in 2002 on 109,212 Web sites that used cookies found that almost 55% of them used the same cookie name. The user may disable cookies. However, this activity calls for programming knowledge that many users do not have or do not wish to acquire. Since then, other surveys have found similar results. In 2003, a survey found that of about 1.6 million Web sites, over 18% of servers were found to be sending cookies with Web pages. Three years later, of about 1.1 million Web sites, nearly 25% of the servers were sending cookies along with a Web page.

Bugs or beacons

A bug or a beacon is an image that can be installed on a Web page or in an e-mail. Unlike cookies, bugs cannot be disabled. They can be prominent or surreptitious. As examples of the latter, graphics that are transparent to the user can be present, as can graphics that are only 1x1 pixels in size (corresponding to a dot on a computer monitor). When a user clicks onto the graphic in an attempt to view, or even to close the image, information is relayed to the host computer.

Information that can be gathered by bugs or beacons includes:

User’s IP address (the Internet address of the computer),
E-mail address of the user,
User computer’s operating system (which can be used to target viruses to specific operating systems),
URL (Uniform Record Locator), or address, of the Web page that the user was visiting when the bug or beacon was activated, and
Browser that was used (i.e., Netscape, Explorer).

When used as a marketing tool or means for an entrepreneur to acquire information about the consumer, bugs or beacons can be merely an annoyance. However, the acquisition of IP addresses and other user information can be used maliciously. For example, information on active e-mail addresses can be used to send spam e-mail or virus-laden e-mail to the user. And, like cookies, the information provided by the bug or beacon can be useful to law enforcement officers who are tracking down the source of an Internet intrusion.

Active X, JavaScript

These computer-scripting languages are automatically activated when a site is visited. The mini-programs can operate within the larger program, to create the pop-up advertiser windows that appear with increasing frequency on Web sites. When the pop-up graphic is visited, user information such as described in the above sections can be gathered.

Tracing e-mail

E-mail transmissions have several features that make it possible to trace their passage from the sender to the recipient computers. For example, every e-mail contains a section of information that is dubbed the header. Information concerning the origin time, date, and location of the message is present, as is the Internet address (IP) of the sender’s computer.

If an alias has been used to send the message, the IP number can be used to trace the true origin of the transmission. When the originating computer is that of a personally owned computer, this tracing can often lead directly to the sender. However, if the sending computer serves a large community—such as a university, and through which malicious transmissions are often routed—then identifying the sender can remain daunting.

Depending on the e-mail program in use, even a communal facility can have information concerning the account of the sender.

The information in the header also details the route that the message took from the sending computer to the recipient computer. This can be useful in unearthing the identity of the sender. For example, in the case of Mafiaboy, examination of the transmissions led to a computer at the University of California at Santa Barbara that had been commandeered for the prank. Examination of the log files allowed authorities to trace the transmission path back to the sender’s personal computer.

Chat rooms are electronic forums where users can visit and exchange views and opinions about a variety of issues. By piecing together the electronic transcripts of the chat room conversations enforcement officers can track down the source of malicious activity.

Returning to the example of Mafiaboy, enforcement officers were able to find transmissions at certain chat rooms where the upcoming malicious activity was described. The source of the transmissions was determined to by the youth’s personal computer. Matching the times of the chat room transmissions to the malicious events provided strong evidence of the youth’s involvement.

While Internet tracking serves a useful purpose in law enforcement, its commercial use is increasingly being examined from the standpoint of personal privacy. The 1984 Cable Act in the United States permits the collection of such information if the information is deemed to aid future commercial developments. User consent is required. However, the information that is capable of being collected can exceed that needed for commerce.

Countermeasures

Several countermeasures are offered to protect oneself from Internet tracking measures. A firewall is a software system that permits only approved information into a computer. In essence, it blocks access to traffic that is suspicious on the Internet. Anti-virus programs are programs that protect against such things as viruses, Trojan horses, and worms. Anti-spyware is a program that specifically eliminates spy-ware (programs that collect personal information) from running on a computer.

In the United States, the federal government has set up Internet security (cyber-security) directives within several branches of the government in order to regulate, safeguard, and control computer systems and information technology. Two of these acts passed by the U.S. Congress are the 1999 Gramm-Leach-Bliley Act and the 2002 Homeland Security Act. Within the Homeland Security Act, the Federal Information Security Management Act helps to strengthen computer and network security within the federal government and its contractors. However, as of 2005, most government agencies are ill prepared for cyber-security, as stated by watchdog organizations who track the status of such governmental organizations.

Resources

BOOKS

Bosworth, Seymour, ed. and Michel E. Kabay. Computer Security Handbook. New York: John Wiley & Sons, 2002.

Bradley, Tony. Computer Security 101: What You Need to Know to Secure Your Computer or Network. San Francisco, CA: No Starch Press, 2005.

Himma, Kenneth Einar, ed. Internet Security: Hacking, Counterhacking, and Society. Sudbury, MA: Jones and Bartlett Publishers, 2007.

National Research Council, Computer Science and Telecommunications Board. Cyber Security Today and Tomorrow : Pay Now or Pay Later. Washington, DC: The National Academies Press, 2002.

Northcutt, Stephen, Lenny Zeltser, Scott Winters, et al. Inside Network Perimeter Security: The Definitive Guide to Firewalls, Virtual Private Networks (VPNs) Routers, and Intrusion Detection Systems. Indianapolis: New Riders Publishing, 2002.

McNamara, Joel. Secrets of Computer Espionage: Tactics and Countermeasures. Indianapolis, IN: Wiley, 2003.

OTHER

CNN. “Cyber-spies tracking terror on Web.” September 29, 2006. <http://www.cnn.com/2006/WORLD/europe/09/28/internet.spying/index.html> (accessed

November 15, 2006). The Society for Internet Research. “Internet Haganah.” <http://www.haganah.org.il/haganah/index.html> (accessed November 15, 2006).

Brian Hoyle

The Gale Encyclopedia of Science