That feature has been particularly useful for hackers, many of whom have developed a sense of invulnerability and even boast that they will never be captured.
However, as seen this year with the arrest of several hackers, authorities are not as powerless as many have believed.
The bluster of hackers is increasingly followed by a surprise visit from local police. How do researchers capture the criminals of the new era?
Internet addresses
To begin, you need to step back and understand how people can hide your identity online.
Many assume, correctly, that if you connect to the Internet is given a unique address (its IP, which stands for Internet Provider) and that can be used to track any activity that comes from that direction until you reach an individual. But not so simple, and certainly not as fast, for several reasons.
First, many years ago the number of devices on the Internet requesting IP address exceeded the number of possible directions.
Therefore, when any of us ask our Internet service provider (ISP, for its acronym in English) that we connect, we only IP is leased.
These IP addresses typically expire and are renewed very quickly if you want to stay connected, or given to someone else if we have become disconnected. His next connection gives a completely different direction.
When looking for an address, usually just say who the ISP, not who was the tenant of the address in a specific time.
So even if an investigator detect illegal activities linked to a specific address is unlikely to easily identify the user with information publicly available.
The authorities have to go to the service provider and ask for records that show exactly who was using that address when the illegal activity.
But police agencies must obey the law that usually requires a court order, which requires researchers to show that the illegal activity was taking place and that seemed to come from a particular ISP. They can not simply go on a “fishing trip”.
However, researchers have become increasingly efficient in this process so that hackers (at least those that have not been caught yet) have long ceased to rely on that, although rightly know, that authorities will be slower than the hackers.
Coordination complications
All this assumes that service providers keep records of who had a leased address particular.
In the UK do, but not all countries are so diligent, and not necessarily at a level of detail to locate physically perpetrating illegality.
But the amount of information is enormous and can not be preserved indefinitely. In the United Kingdom are creating legislation that requires ISPs to keep records but not required to be preserved forever.
The third is that, being a global network, the Internet is covered by multiple jurisdictions. If it takes time for an investigator to obtain a court order in own country, imagine how difficult it would get in a foreign one.
Not surprisingly, many hackers tend to attack sites that are outside their country. In addition, hackers from different jurisdictions cooperate with each other, adding additional complexity to a situation in itself complicated.
However, in the case of arrests of members of Lulzsec highlighted the role of cross-border cooperation with arrests made in the UK, Ireland and USA
Increasingly, international bodies such as Interpol and Europol are taking the lead in facilitating collaboration between agencies in several countries simultaneously.
The server “proxy”
So assuming you can navigate the complexities described above, may find the Internet address and capture the perpetrator.
Well, not necessarily so because, as always, technology is way ahead of the legislative and judicial systems.
There are a couple of additional tricks that allow you to cover their tracks on the web. The most widely used is called the server “proxy” or proxy.
By using a proxy server anyone can turn their activity to a system that is in a distant country or one in which no records are kept of where the activity was generated, or worse, both.
The agents gained popularity among those who perform illegal downloads because they can not be tracked.
Proxy servers are widely available, often for free. They have developed a very important role in allowing the citizens of regimes hostile to express their views anonymously.
Of course they can be used in illegal purposes, such as copyright theft, hackers quickly realized the potential.
But all is not lost. Researchers can do what they call “traffic analysis” based on the use of a combination of several ISP records, which manage to pull the proxy server of the cycle.
Not surprisingly, this takes even longer and that the added complexity inevitably implies less reliable results when setting up the legal case.
However, one of the great advantages of the authorities is that they are patient: they do not boast about what they are doing quite the opposite, and are willing to grind the details until they reach their man or woman.
A dark red
Of course, hackers know this and so the fight has continued. Most hackers today, as well as rely on everything described above, use what is called “onion routing”.
This practice began as an investigation to protect the communications system of the U.S. Navy, but since it was published in a workshop on information hiding made in 1996 (Data Hiding Workshop), people have seen it as a way to keep anonymity on the Internet.
The most used is called Tor, which has many valid ways to be used. But hackers love to use it too; Tor type projects are those that represent the front line of researchers today.
Currently has few answers to the “onion routing” and when combined with other complex systems, authorities face significant challenges. But do not give up yet.
Some global service providers are working with researchers on projects such as the Saturn of British Telecom (BT), which was originally developed to identify threats to critical infrastructure in the UK.
Origin and destination activities of hackers
The illustration shows the sources of intrusion attempts (in red) and the fate of such attempts (in green). The size of the circles indicates the number of events.
Dominos
Parallel to all this technological development is good police work to the old and the already mentioned patience.
The principle is simple: everyone makes mistakes. Take for example the case of the hacker known as Sabu.
Sabu talked regularly with others using an Internet chat room. In reading the purported messages from Sabu, apparently leaked by disgruntled fellow hackers, you can see it was very boastful about what he had attacked his invulnerability and their technical skills.
This would put itself as an obvious target to be monitored.
Apparently only once, Sabu joined the chat service without using Tor. Your IP address was revealed and the FBI managed to track it. That led to charges against other suspected hackers.
We’ll see more of this tactic: the beheading by arresting the big fish and then attempts to wipe out the smaller pieces based on what is learned in the process.
In summary, the lack of news does not mean that hackers are getting away with it, although that is what they want you to think.
As the battle continues in cyberspace, what is clear is that it is a work which combines the old and the vuevo.