The operation of lawful interception or corporate IT security management on daily network communication is a regular task for both law enforcement staff and IT security officer. From such regular task, those who commit cybercrimes or harm IT security inside corporate can be found and prosecuted by clear digital evidence. The task must be carried out under the finite network infrastructure, such as wired network or telecom networks, with specific target.
Traffic interception on wired network or telecom network now has been well defined by the law or de facto mandate in term of technical detail no matter how you carry out for lawful interception or corporate IT management. That’s why most of operations for lawful interception and IT security management are always taken from wired network side.
Wireless network is the one dark frontier for LEA staff or CISO to probe illegal harmful cyber threats because of different data transmission pattern and secured type through the air. On the other hand, communication through wireless network is only taken in the last mile loop. Eventually all communication still goes through wired network for routing. That’s why LI operation is usually taken at core service network.
The demand for LI operation on wireless network is mostly at the Wi-Fi network for tactic evidence collection in public space, such as Café shop, public square, shopping mall…etc. on drug dealers or cyber frauds. In corporate environment, disgruntled employees usually leak internal confidential to outsiders through external AP or hacker intrudes corporate network through unsecured over-spilled APs.
Wi-Fi network, after evolving for more than 30 years, provides a good and secured mean for people to access Internet through air. Especially the cost of internet access via Wi-Fi link is quite low compared to that through mobile telecom networks. That’s why lots of mobile phone owners like to use Wi-Fi link for internet access whenever it is available, especially in corporate environment as BYOD or through public Wi-Fi service. So, interception on Wi-Fi network is always the major scope for tactic lawful interception and corporate IT security management.
The traffic interception on Wi-Fi network is not as simple as that on wired or telecom networks, which is usually carried out in the core service network. The first issue is the signal attenuation from radio frequency wave, i.e. the longer the distance is, the weaker the RF strength is. The second one is the background interference against RF signal, especially those with strong electromagnetic effect, such as power plant, radioactive ray, heavy quick rainfall or RF with the same frequency…etc. The third one is the secured encryption of Wi-Fi data packets by WEP, WPA or WPA2 at data link level. Those above factors always make lots of hard time for LEA staff and CISO to take LI operation.
New Enhancement of Decision Group NIT2
Decision Group has developed 2 different products with interception capability on Wi-Fi network before to fulfill different demands in the market. As mobile access is more and more popular at the current moment, the interception demand for both LEA and corporate IT security on Wi-Fi network is going toward the same direction. Decision Group provides the brand new enhanced Wi-Fi Interception product to the market – Network Investigation Toolkit 2.0 (NIT2) in order to cover both demands.
In the new NIT2 system, there are several significant enhance features as following:
1. Radio Frequency Wave Capture Enhancement by both ways of single system with multiple wireless interfaces by external high gain antenna support and multiple systems at different location with backend central unit - The RF capture is quite critical, because it is the first gate for data input. That’s why DG puts lots of R&D investment to enhance the RF capture rate.
2. Decryption on WEP, WPA password - The second enhancement is to deal with encryption at data link level. For WEP, DG NIT2 can easily take it off and expose internal IP packet; however, for WPA, an external WPA cracking system with multiple GPU support can decode WPA protection to get the key eventually and later on sent this key to NIT2 for decoding WPA encryption.
3. Surveillance on HTTPS Connection - The third enhancement is for surveillance on HTTPS connection through imitation of AP by man-in-the-middle attack mechanism in order to intercept some private communication of drug trading or data breaching.
4. Integration with Standard Lawful Interception Platform - The fourth enhancement is for lawful interception requirement on telecom network. It is the requirement to fulfill it with LI ACT for LEA staff.
5. Integration as Wireless Access Service Portal System - The fifth enhancement is the integration with remote access service portal. It is designed for corporate CISO to combat the internal threats of data leakage, cyber bullying and sexual harassment…etc.
6. Consolidated Data Life Management - The sixth enhancement is for consolidation management of data retention and life cycle management by distributed deployment demand, especially for data retention requirement of ISO 27003 under corporate IT governance guide.
7. Target on Wi-Fi Point-to-Point Services - The seventh enhancement is the focus on interception on Wi-Fi point-to-point communication, which is similar with that of push-talk service. These online services, such as FireChat, Serval Mesh, Wi-Fi Talking, are usually popular in the significant mass riot events worldwide while authority terminates regular network links. Now it is required by LEA in many countries.
8. Data Analysis - The eighth enhancement is the analysis on the intercepted data. There are 2 steps for the data analysis by NIT2: one is for data scoping, and the other is for link analysis. Through both ways, LEA or CISO can easily identify suspects based on collected digital evidence.
The above are the new enhancement in Decision Group NIT2 by 2015. In the future, there are still lots of enhancement rolled out, especially on new online services and popular mobile services.
The Value Proposition of Decision Group NIT2 and Service
In order to provide better service along with NIT2, Decision Group also provides several different levels of training programs based on customer requirement. These programs are usually delivered by qualified local instructors, senior cybercrime investigators or scholars in university. These programs are listed below:
1. Network Packet Forensic Analysis Training (NPFAT) - Network Packet Forensics Analysis Training is designed for operators, who uses our NIT2 system for daily task of cybercrime investigation and IT security management. Through this training program, he or she can easily understand the data presented in NIT2 system and use the analysis tools to find out more facts behind cybercrimes or IT security risk.
2. Lawful Interception Training (LIT) – it is designed for IT experts and LEA technical staff on lawful interception planning, deployment and delivery.
3. Cyber Intelligence Training (CIT) – It is designed for senior management staff to learn cyber intelligence deployment and delivery for national security.
4. Cybercrime Investigation Training (CCIT) – Decision Group co-works with staff of National Taiwan Central Police University and Taiwan CIB to deliver this training program of cybercrime investigation skill and theory to LEA staff from different country. The purpose is to have LEA staff fully understand how to conduct LI operation under state mandate and global standard.
Besides the above products and training programs, Decision Group also provides consulting service on planning of lawful interception and cyber intelligence to our partners and customer. With lots of deployment experience in different countries, DG consultants will provide streamline lawful interception process from warrant authorization to data collection on telecom networks, and fully meet global and state mandates and regulation.
About Decision Group
Head Quarter office of Decision Group is now in Taipei, Taiwan with 45 engineers in developing network forensic solutions and consulting service in network forensics division for more than 15 years.
There are several sales and service offices around the world for direct service coverage to our partners and clients in Asia, Europe, North and Latin America, African and Middle East. All product service requests will be sent to Service Department in Decision Group Head Quarter for ensuring high standard of customer satisfaction.
Please also check out our website: http://www.edecision4u.com for more product sales, technical and service information. Wherever you are, if you need more information about our products and services, please contact with decision@decision.com.tw. We’ll be glad to give you our utmost support service.
About Decision Group, Inc.
Decision Group is a company focused on worldwide renowned DPI application of E-Detective. Decision Group, established in Taipei, Taiwan since 1986, is one of the leaders in manufacturing of PC-Based Multi-Port RS232/422/425 Serial Cards, Data Acquisition & Measurement Products and Industrial Automation and Control Systems.
Decision Group, in the year 2000, started a new line involved in designing and developing equipment and software for Internet Content Monitoring and Network Forensics Analysis Solutions. Now, Decision Group has positioned itself as a total-solution provider with a full-spectrum of products in its portfolio for network forensic and lawful interception.
More Information and Contact by Email: decision@decision.com.tw
URL: www.edecision4u.com (Global), www.internet-recordor.com.tw (Taiwan), www.god-eyes.cn (China), www.decisionjapan.com (Japan) ,
www.e-detective.de (Germany), www.edecision4u.fr (France), www.edecision4u.es (Spain and Latin America) |
