Law enforcement agencies around the world are tasked with identifying and reporting illegal activity related to child exploitation and terrorism. Netsweeper provides solutions that enable agencies to monitor and audit internet traffic through telecom providers to identify potential threats.
One of the top three telecommunication companies in the world (based on subscribers) with over 300 million users, allowed Netsweeper to carry out an audit of network traffic. This case study highlights the outcome of the audit period of just six hours.
Methodology
The goal was to start by logging all user traffic going out of the telco network. The categories or lists of particular interest were: CTIRU, IWF, phishing, malware, adware, terrorism-related content.
Netsweeper software was able to generate reports on user internet traffic pertaining to various categories of content. Netsweeper then analyzed reports on categories of interest to cybersecurity, intelligence agencies, and law enforcement agencies. The goal was then to share such findings with the telco to demonstrate the potential value of the intelligence that can be used by various government departments and agencies.
Results
- Over 10 million hits on sites with malware content.
- Over six thousand sites attempted connections to sites tied to phishing attacks.
- There were several users that tried to access content that has been categorized as “terrorism-related” by the CTIRU.
- There were a significant number of users that tried to access CSAM websites.
Value Offered
- Telecommunication companies can reduce infections on their users’ devices by using Netsweeper.
- Subscribers can benefit from an additional layer of security.
- Intelligence agencies get access to an additional source of online surveillance.
- Law enforcement agencies can use data provided by Netsweeper to identify and in case of repeated usage, even prosecute offenders accessing CSAM online.
Actions Taken
Netsweeper informed the telco about the cybersecurity risks and exposure facing subscribers due to infected computers visiting phishing websites and sites with viruses. The recommendation was given to filter access to such categories as an additional layer of IT security.
As well, with the permission of the telco, authorities were informed about users that were flagged for accessing potential terrorism-related content.
Follow Up
An inter-ministerial meeting will be arranged to understand how Netsweeper can help telecommunication subscribers reduce computer infections.
Law enforcement agencies can access data from the telco to find repeat offenders that access CSAM online allowing intelligence agencies to track users.