51% of respondents conduct internet investigations on the same computer and browser as they use for everyday work, increasing the risk of tipping off suspects, cyberattacks and more.
Whether working on a local drug bust or preparing to indict the leaders of a multinational financial scam network, investigators need to go online. In addition to “typical” cybercrimes like hacking, ransomware attacks, email fraud or credit card data theft, almost every type of crime these days involves some level of cyber presence. Assorted contraband is bought and sold freely on the dark web, forum participants discuss creative ways to infiltrate secure corporate networks, and you can even find posts advertising criminal acts for hire — from smuggling to assault.
Naturally, the online universe, with its vast expanse and many unexplored dark corners, is an excellent source of information for law enforcement agents. They can easily search for intelligence on their persons of interest; establish possible connections between businesses and criminal organizations; find affiliates of known criminals; and even build a pretty accurate profile of someone’s behaviors, habits and lifestyle — all from openly available online sources. And then there’s the dark web, where undercover agents can pose as buyers and sellers, infiltrate criminal networks and intercept important information about impending crimes.
A recent survey of more than 100 state and local law enforcement agents from around the country reveals that going online has become an integral part of most detectives’, investigators’ and analysts’ jobs. Nearly every respondent (98 percent) said that they conduct online research, such as looking into social media posts and profiles, as part of their investigations. But as much as the online resources can assist with tracking down criminals, browsing the web is also an inherently dangerous activity. An investigator may inadvertently trip a malware trap or accidentally reveal their identity to an adversary, forcing them to move their operation even deeper underground, or even retaliate against the law enforcement agency.
See more survey results in our infographic.
How do criminals get alerted that you might be looking at them? The same way investigators keep tabs on the criminal activity: the browser. The browser collects information — every site you visit, every search term you use, every location you take your phone or computer to — everything gets logged, cataloged, stored, analyzed and ultimately sold to advertisers to help them serve you with more personalized ads. Most people are generally aware of this, but believe that a regular browser is the only tool available to search the web. This is even true for law enforcement professionals; in our survey, half of participants (51 percent) said that they use the same computer and browser to do internet investigations without any additional protections that would limit what tracking mechanisms — and suspects — can glean about them.
In an attempt to throw off their scent, three quarters (73 percent) of surveyed investigators said they use their regular devices and browsers with a VPN. While using a VPN is definitely better than nothing, it doesn’t completely conceal one’s identity online or prevent malware from reaching the device or the agency’s network.
Similar misconceptions exist around the effectiveness of private browsing, like Google’s Incognito Mode, in limiting tracking. Some agents believe that using private browsing mode will help keep their investigations anonymous, because it doesn’t track most cookies (“most” being the operative word in that belief). But the majority of respondents (82 percent) only seldomly (or sometimes never!) checked the privacy settings and policies on the websites they visited, leaving their intentions, identities and agency affiliations exposed and open to potential exploits.
Another area of internet investigations lacking in awareness and usage is the dark web. As many as 64 percent of investigators in our survey admitted that they didn’t have much knowledge about the dark web, and didn’t see how it could help them in their research; while the remaining 36 percent thought the dark web was a valuable source of information, but only half of this group were able to access it. With many criminals calling the dark web home, this is a huge gap in the investigators’ ability to keep up with them.
It’s clear that an ordinary browser is not the right tool for internet investigations — even with the added bells and whistles of private browsing or VPN. State and local agencies need to consider specialized solutions that provide anonymity through managed attribution and location spoofing, and keep devices and networks completely separated from any web activity. Only with these capabilities can law enforcement conduct investigations without fear of dead ends or retaliation.
To learn more about Authentic8’s managed attribution solution, Silo for Research, visit our website or schedule a demo. Silo for Research was created to help law enforcement, government agencies and major enterprises conduct internet investigations without giving away their identity or intent and completely neutralize web-borne threats — once and for all.