Disappearing Messages: Privacy or Piracy?

Disappearing messages is an optional feature available in popular applications for more privacy. The Telegram instant messenger application is a rival and alternative to the popular messaging application WhatsApp, with both applications citing end-to-end encryption for both messages and calls as a key offering. While Telegram doesn’t officially have a ‘disappearing message’ feature like WhatsApp it still is possible to send disappearing messages using the secret chat functionality. In this paper, we analyse and evaluate ‘disappearing messages’ across Telegram and Snapchat to see whether they can be forensically preserved and/or recovered across Apple and Android operating systems. As these messages could be vital to investigations, with potential evidence and intelligence stored on them, not to mention the limited timeframe in which they are ‘viewable’ to the user, it is a great opportunity for digital forensic analysts to understand how they are stored, managed, and ‘deleted’ compared to traditional messages on the same platforms/applications

A GPU-based Machine Learning Approach for Detection of Botnet Attacks

Rapid development and adaptation of the Internet of Things (IoT) has created new problems for securing these interconnected devices and networks. There are hundreds of thousands of IoT devices with underlying security vulnerabilities, such as insufficient device authentication/authorisation making them vulnerable to malware infection. IoT botnets are designed to grow and compete with one another over unsecure devices and networks. Once infected, the device will monitor a Command-and-Control (C&C) server indicating the target of an attack via Distributed Denial of Service (DDoS) attack. These security issues, coupled with the continued growth of IoT, presents a much larger attack surface for attackers to exploit in their attempts to disrupt or gain unauthorized access to networks, systems, and data. Large datasets available online provide good benchmarks for the development of accurate solutions for botnet detection, however model training is often a time-consuming process. Interestingly, significant advancement of GPU technology allows shortening the time required to train such large and complex models. This paper presents a methodology for the pre-processing of the IoT-Bot dataset and classification of various attack types included. We include descriptions of pre-processing actions conducted to prepare data for training and a comparison of results achieved with GPU accelerated versions of Random Forest, k-Nearest Neighbour, Support Vector Machine (SVM) and Logistic Regression classifiers from the cuML library. Using our methodology, the best-trained models achieved at least 0.99 scores for accuracy, precision, recall and f1-score. Moreover, the application of feature selection and training models on GPU significantly reduced the training and estimation times

Virtual reality forensics: forensic analysis of Meta Quest 2

The Meta Quest 2 is one of the most popular Virtual Reality (VR) entertainment headsets to date. The headset, developed by Meta Platforms Inc., immerses the user in a completely simulated environment. Some VR environments can be shared over the Internet to allow users to communicate and interact with one another and share their experiences. Unfortunately, the safety of these VR environments cannot always be guaranteed, generating a risk that users may be exposed to illicit online behaviour in the form of online harassment, grooming, and cyberbullying. Therefore, forensic examiners must be able to conduct sound forensic analysis of VR headsets to investigate these criminal investigations. In this study, we conduct digital forensic acquisition and analysis of the Meta Quest 2 VR headset. Analysis of the forensic image exemplified that there were several digital artefacts relating to user activities, device information and stored digital artefacts that can be extracted in a forensically sound manner. The main contributions of this study include a detailed description of the forensic acquisition process, identification of internal file storage locations, and recovery and analysis of digital artefacts that can be used to aid VR forensic investigations

The internet of things: Challenges and considerations for cybercrime investigations and digital forensics

Copyright © 2020, IGI Global. The Internet of Things (IoT) represents the seamless merging of the real and digital world, with new devices created that store and pass around data. Processing large quantities of IoT data will proportionately increase workloads of data centres, leaving providers with new security, capacity, and analytics challenges. Handling this data conveniently is a critical challenge, as the overall application performance is highly dependent on the properties of the data management service. This article explores the challenges posed by cybercrime investigations and digital forensics concerning the shifting landscape of crime – the IoT and the evident investigative complexity – moving to the Internet of Anything (IoA)/Internet of Everything (IoE) era. IoT forensics requires a multi-faceted approach where evidence may be collected from a variety of sources such as sensor devices, communication devices, fridges, cars and drones, to smart swarms and intelligent buildings

Forensic analysis of ephemeral messaging applications: disappearing messages or evidential data?

Ephemeral messaging or ‘disappearing messages’ is the mobile-to-mobile transmission of multimedia messages that automatically disappear from the recipient's screen after the message has been viewed. This new feature can be enabled by users for more privacy when using instant messaging apps. A user can set messages to disappear within a certain timeframe: 24 hours, 7 days, or 90 days, after the time they are sent. While disappearing messages provide additional privacy to users, its anti-forensics capability creates challenges for investigators in the recovery of evidential artefacts that could be crucial to an investigation. In this paper, we conduct a comprehensive forensic analysis of ‘disappearing messages’ across different digital platforms (mobile, desktop, and cloud) and instant messaging apps (WhatsApp, Snapchat, and Telegram) to determine whether they can be recovered within a limited timeframe. The results from this study provide valuable information to investigators dealing with instant messaging apps that have this feature enabled and provides detailed understanding of how disappearing messages are stored, managed, and deleted compared to messages sent without this feature enabled

A systematic literature review of blockchain-based Internet of Things (IoT) forensic investigation process models

Digital forensic examiners and stakeholders face increasing challenges during the investigation of Internet of Things (IoT) environments due to the heterogeneous nature of the IoT infrastructure. These challenges include guaranteeing the integrity of forensic evidence collected and stored during the investigation process. Similarly, they also encounter challenges in ensuring the transparency of the investigation process which includes the chain-of-custody and evidence chain. In recent years, some blockchain-based secure evidence models have been proposed especially for IoT forensic investigations. These proof-of-concept models apply the inherent properties of blockchain to secure the evidence chain of custody, maintain privacy, integrity, provenance, traceability, and verification of evidence collected and stored during the investigation process. Although there have been few prototypes to demonstrate the practical implementation of some of these proposed models, there is a lack of descriptive review of these blockchain-based IoT forensic models. In this paper, we report a comprehensive Systematic Literature Review (SLR) of the latest blockchain-based IoT forensic investigation process models. Particularly, we systematically review how blockchain is being used to securely improve the forensic investigation process and discuss the efficiency of these proposed models. Finally, the paper highlights challenges, open issues, and future research directions of blockchain technology in the field of IoT forensic investigations

Using deep learning to detect social media ‘trolls’

Detecting criminal activity online is not a new concept but how it can occur is changing. Technology and the influx of social media applications and platforms has a vital part to play in this changing landscape. As such, we observe an increasing problem with cyber abuse and ‘trolling’/toxicity amongst social media platforms sharing stories, posts, memes sharing content. In this paper we present our work into the application of deep learning techniques for the detection of ‘trolls’ and toxic content shared on social media platforms. We propose a machine learning solution for the detection of toxic images based on embedded text content. The project utilizes GloVe word embeddings for data augmentation for improved prediction capabilities. Our methodology details the implementation of Long Short-term memory Gated recurrent unit models and their Bidirectional variants, comparing our approach to related works, and highlighting evident improvements. Our experiments revealed that the best performing model, Bidirectional LSTM, achieved 0.92 testing accuracy and 0.88 inference accuracy with 0.92 and 0.88 F1-score accordingly

A secure fog-based platform for SCADA-based IoT critical infrastructure

© 2019 John Wiley & Sons, Ltd. The rapid proliferation of Internet of things (IoT) devices, such as smart meters and water valves, into industrial critical infrastructures and control systems has put stringent performance and scalability requirements on modern Supervisory Control and Data Acquisition (SCADA) systems. While cloud computing has enabled modern SCADA systems to cope with the increasing amount of data generated by sensors, actuators, and control devices, there has been a growing interest recently to deploy edge data centers in fog architectures to secure low-latency and enhanced security for mission-critical data. However, fog security and privacy for SCADA-based IoT critical infrastructures remains an under-researched area. To address this challenge, this contribution proposes a novel security “toolbox” to reinforce the integrity, security, and privacy of SCADA-based IoT critical infrastructure at the fog layer. The toolbox incorporates a key feature: a cryptographic-based access approach to the cloud services using identity-based cryptography and signature schemes at the fog layer. We present the implementation details of a prototype for our proposed secure fog-based platform and provide performance evaluation results to demonstrate the appropriateness of the proposed platform in a real-world scenario. These results can pave the way toward the development of a more secure and trusted SCADA-based IoT critical infrastructure, which is essential to counter cyber threats against next-generation critical infrastructure and industrial control systems. The results from the experiments demonstrate a superior performance of the secure fog-based platform, which is around 2.8 seconds when adding five virtual machines (VMs), 3.2 seconds when adding 10 VMs, and 112 seconds when adding 1000 VMs, compared to the multilevel user access control platform

When ChatGPT goes rogue: exploring the potential cybersecurity threats of AI-powered conversational chatbots

ChatGPT has garnered significant interest since its release in November 2022 and it has showcased a strong versatility in terms of potential applications across various industries and domains. Defensive cybersecurity is a particular area where ChatGPT has demonstrated considerable potential thanks to its ability to provide customized cybersecurity awareness training and its capability to assess security vulnerabilities and provide concrete recommendations to remediate them. However, the offensive use of ChatGPT (and AI-powered conversational agents, in general) remains an underexplored research topic. This preliminary study aims to shed light on the potential weaponization of ChatGPT to facilitate and initiate cyberattacks. We briefly review the defensive usage of ChatGPT in cybersecurity, then, through practical examples and use-case scenarios, we illustrate the potential misuse of ChatGPT to launch hacking and cybercrime activities. We discuss the practical implications of our study and provide some recommendations for future research

Evaluating the effects of cascading failures in a network of critical infrastructures

Networks of interconnected critical infrastructures are the supporting mechanisms of every industrialised nation. Mutually reliant on each other, their service provisions cross borders. This reliance is also a great weakness. The level of dependence each infrastructure has on another means that a failure has the potential to cascade, resulting in devastating impact on the economy, e-government, defence and society as a whole. Predicting the effects of a cascading failure is a challenge. In this paper, an approach for identifying the effects of a cascading failure is portrayed. A simulation depicting a virtual city is presented, in order to assess the spread of faults originating from a telecommunications infrastructure. Subtle behaviour changes have the potential to spread, with both significant and minor impacts. These variations can be mitigated for using data classification techniques to assess behaviour changes, with an overall accuracy of 85.61% using the TreeC classifier