Recently we were called by police for help on the encrypted mobile online service in a transnational cyber fraud case. After several day traffic and protocol analysis, we found out that it is protected by the common HTTPS/TLS mechanism.  This is one request we deal with for our LEA clients from time to time. Eventually we recommended an alternative way to solve such problem and help police get the evidence to identify suspects in different places. The above case seems to be more and more frequently.

If we look at the current popular mobile online services, such as Facebook, Gmail, twitter, Line, WhatsApp…etc. We can easily find out there is one common: all these mobile online services are well protected by some sort of encrypted mechanism by mobile platform or their own in order to provide more privacy protection for mobile subscribers in message transmission process. This encryption mechanism is really beneficial for subscribers’ communication, but, on the other hand, it is also used by criminals to perpetuate cyber fraud tricks. It is really hard for investigators to carry out lawful intercept on these suspected cyber fraud encrypted communication and collect evidence.

So, whenever there is such criminal encrypted communication, LEA staff always has nothing to do with it. Is it really difficult for LEA staff to intercept such encrypted criminal communication? We must first understand the operation of mobile services by nature.

Most encryption mechanism on mobile platform cannot be so complicated with more CPU resource consumption demanding, because there is hardware restriction on compact mobile device. The mechanism provided by mobile platform is usually through default HTTPS module built in OS, so this HTTPS function can be shared by many mobile services without more demanding source, whereas there is individual HTTPS function in each encrypted application under OS environment in PC/laptop.  That’s why most of frontend APPs of mobile services adopt HTTPS mechanism in message transmission process with backend servers.

How to carry out lawful intercept on HTTPS communication must be integrated into standard LI system deployment for extensive cyber investigation on both fixed and mobile networks. In other words, the lawful interception on HTTPS service should be deployed into the common deployment with mediation device aligned with telecom network equipment, such as BRAS, Radius, SGSN, MME, PDN Gateway…etc.

On the other hand, there must be some special arrangement by state authorization to have lawful intercept on HTTPS. It is something to do with digital ID infringement for public service, because for lawful interception on HTTPS communication personal digital signature will be impacted by certain level.  Without state authorization, any LEA staff, who carries our lawful intercepts, will definitely violet the law of personal digital data protection.

For telecom operator, deployment of lawful intercept on HTTPS may have sort of impact on network management, but it may not be so significant because its operation is just like an ordinary cache engine inside network infrastructure.  We also have some HTTPS interception deployment in data center of certain telecom operators, and it is working very well.

With more and more online services through mobile broadband services, it is inevitable for LEA staff to have lawful intercept on HTTPS communication. For both LEA staff and telecom service providers, they must recognize that it is a must to have HTTPS intercept deployment in place for effective cybercrime investigation; however, both must be ready for such deployment in terms of legal side and technical side.
Decision Group has helped LEA and telecom operators with such deployment successfully for 2 years, and fully understands the requirement and limitation of such deployment in different network environment.

We also provide free professional training for partners to deliver planning and deployment of network forensic system for corporate customer requirement. The objective of our partner training is to help you understand how to penetrate into the market of network forensics and service Decision Group solutions to customers.
The agenda of this 3-day session will cover the topics of

1. Introduction on the market of network forensics and lawful interception
2. Network Packet Forensic Analysis 
3. Decision Products – E-Detective and HTTPS interceptor
4. Decision Products – Wireless-Detective and NIT
5. Market strategy and planning on network forensic solution
6. Decision Support Resources for you

All courses will be delivered in English in our Taipei training center. Your staff will be free of charge in participation of this training program by certain level of sales and marketing commitment. We can also provide local accommodation facility for you by FIFO request due to limited space available. Partner needs to officially sign NDA and MOU as the partnership recognition.
We look forward to your participation in our partner training program and bringing the new advanced technology to your potential customers.
If you are interested in how to deploy HTTPS intercept on those mobile online services for cybercrime investigation, please just contact with us by decision@decision.com.tw.

About Decision Group Inc.
Decision Group is a company focus on worldwide renowned DPI application of E-Detective.  Decision Group, established in Taipei, Taiwan since 1986, is one of the leaders in manufacturing of PC-Based Multi-Port RS232/422/425 Serial Cards, Data Acquisition & Measurement Products and Industrial Automation and Control Systems.
Decision Group, since the year 2000, started new line of industry involved in designing and development of equipment and software for Internet Content Monitoring and Forensics Analysis Solutions. Now Decision Group positions itself as a solution provider with full spectrum of product portfolio on network forensic and lawful interception.

More Information and Contact by Email: decision@decision.com.tw
URL: www.edecision4u.com (Global), www.internet-recordor.com.tw (Taiwan), www.god-eyes.cn (China), www.decisionjapan.com (Japan) ,
www.e-detective.de (Germany), www.edecision4u.fr (France), www.edecision4u.es (Spain and Latin America)