Create Jira Ticket
This idea cannot be sent to Jira.
Votes
Web Platform for Cyber Forensic Investigation Tools and Corporate Network Integration
A web platform to provide access to AI enabled tools for cyber forensic investigations. Currently, AI enabled forensic tools are quite expensive, if you exclude the open source ones, and cyber forensic professionals have to buy these for large sums of money.
The platform aims to provide a wide range AI enabled forensic tools for cheaper prices.
These tools would be developed with the aim of prevention of cyber crime and investigation as well.
These tools would be able to integrate with any corporate security infrastructure, with effective monitoring of the employees’ online activity while connected to corporate network, these tools would be able to warn them against spam emails, malicious links, malwares etc.
Some of the solutions embedded within the planned platform and their descriptions:
- Fake news has been a hot topic in the last few years in the form of Troll Farms and these Hoax News attempt to create public unrest like Lynching, Cyber Mobbing, Subvert and influence the public perceptions using social media platforms. The solution will detect Fake news like Offensive Text – (Comment, Post, Feeds). Offensive Images (Original or Morphed Pictures) and Offensive Multimedia Videos (Original or Fake Videos) across the Social Media websites using keywords crawling, APIs, Reverse Image and AI/ML/Data Mining techniques and original source of posting and nearer/proximate profiles.
- Malicious links are used to lure a victim into clicking through a payload that is hosted on third party sites rather than the malicious content being directly available from the social media platform. One-click exploits such as those used for account takeover could easily be distributed via social media and, when clicked, could exploit the victim in terms of profile takeover or misguiding users for fake advertisements. The solution will detect malicious links and its origin signature (first uploaded person-profile URL, name, email, number etc.) on a real time basis and provide advisory report to the public and corresponding agencies about those links source credibility.
- Malicious links are used to lure a victim into malicious bots used by cybercriminals for their personal motives. The solution will detect malicious SPAM and SPIM bots/Zombie Bots/Malicious File sharing Bots/Fraud Bots on cyberspace and provide advisory scanning or detection solutions to public/LEAs.
- Online predators try to gradually seduce their targets through attention, affection, kindness and even gifts, and often devote considerable time, money and energy to this effort. They are aware of the latest music and hobbies likely to interest kids. They listen to and sympathize with kids’ problems. They also try to ease young people’s inhibitions by gradually introducing sexual content into their conversations or by showing them sexually explicit material. The solution will detect suspect profiles based on child grooming behavior patterns followers, hate speech provokers, stalking, bullying mentality profiles and explicit content explorers (postings, comments) on social media platforms and other websites.
- Cyber Offenders are masking themselves with Proxy and VPN services. The solution would scan and detect whether the given IP address (IPv4/IPv6) is Original IP or Proxy/VPN enabled IP address and also the application would fetch the details of Whois Records of respective IP or Website input.
- Cyber Offenders’ related CDR/IPDRs are very important for Law Enforcement Agencies, the given CDR/IPDR data is in a spreadsheet/Excel//CSV/Notepad (Rows and Column Structure) file format. The solution would take different input file formats like .XLSX, .CSV, .TXT and it shall convert into Info Graphical and Data Visualizer forms with connected Roots, Nodes and Edges Relationships.
- Cyber Criminals are using Internet (Both Surface, Deep and Dark Network) as mean and target for executing their crimes. In this regard, Cyber Criminals tracing and tracking of their digital footprints are very important to Law Enforcement Agencies. The solution would focus on tracking, tracing of cyber criminals with their digital footprints like Name, Email, Phone Number, User IDs etc. And the solution will scan and search other associated data from publicly available records from internet and create summary report against the target suspect.
The tools mentioned above are currently under development along with the platform and two of them will soon be available within a couple of months.
We plan to introduce more such tools, but they probably won’t be web based unlike the ones mentioned above.
Define three specific objectives that you would like to achieve with your proposal.
- The first goal of this initiative is to make these tools accessible to the vast community of cyber forensic professionals from anywhere in the world.
- The second goal is prevention of proliferation of cyber criminal activities and the profiling of suspected cyber offenders.
- The third goal is to make the internet (surface web, deep web or dark web) a safer place by enhancing capabilities of the current law enforcement agencies and securing corporate networks via integration of their current security infrastructure with these tools.
What problems (particularly in value chain competitiveness and global disruption) are your community’s stakeholders facing due to the Covid-19 pandemic?
After the COVID-19 pandemic outbreak, increases in coronavirus-related spam and impersonation attack campaigns are exploiting the vulnerability of users working at home, taking advantage of their desire for information about the coronavirus pandemic to entice them to click on unsafe links. Traditional fraudsters are also using spam to offer fake or non-existent goods such as protective masks or COVID-19 cures.
To provide a clear picture of how malicious actors are exploiting those opportunities, the Mimecast Threat Intelligence team analyzed key trends in activity over the first 100 days.
The monthly volume of all the detection categories reviewed increased significantly – by 33% –between January and the end of March 2020.
•Spam/opportunistic detections (increased by 26.3%)
•Impersonation detections (increased by 30.3%)
•Malware detections (increased by 35.16%)
•Blocking of URL clicks (increased by 55.8%)
Cyber offenders often use VPNs and proxies to hide their identity. It allows them to attack corporate VPNs used for Work from Home, which has increased exponentially during COVID-19 period. Since Work from Home expands the attack surface of a corporate network greatly, corporate networks are at exponentially high risk of being compromised. An attacker almost always would be using VPN to cover up his device’s identity.
The tools mentioned above in the Description of Solution can be integrated with various technologies used in corporate networks such as firewalls and internet activity monitors to prevent a user from connecting to corporate VPN if they are already using another VPN at present.
Similarly, when an employee searches the web for something, it is possible to warn them against a malicious link that pops up on the page they are visiting or against a suspected spam email that somehow entered the mail server using evasion. All this can be done via integration with the aforementioned tools, thus securing the employees and the corporates as a whole.
What minimum viable solution(s) are you proposing to address the challenge(s) in your community?
My overall solution is this platform itself.
Cybersecurity professionals and law enforcement agencies will have tools handy for any situation and from any place.
Corporate networks can be secured by effectively monitoring online activities of employees, warning them of malicious links and malwares on the page they are surfing, detection of intrusion in corporate network and blocking a potential intruder.
This platform’s tools would be vendor independent, that is, they would be able to integrate with security infrastructure provided by all vendors.
Share your story (your narrative)
Let us look at two scenarios here, first of a group of employees of a law enforcement agency and second of a CISO of a big corporate.
- A group of employees of a law enforcement agency have been tasked with identifying offensive comments and posts against a person on social media. They head to our solution, look for an appropriate tool and enter details such as the social media platform to be scanned, the URL of profile of the victim and the date of posts and comments from which to begin scanning. The tool begins to gather information on all posts and comments, filters out the offensive ones based on a list of words and phrases deemed as offensive in its database. After filtering the posts, it begins to look for those who posted it and acquires information like their platform ID, email, phone number and any other information available on the social media platform. Using the data collected form the tools, the law enforcement agency can take further action in the case.
- A CISO has been tasked with securing the VPNs being used for Work from Home. The CISO plans to integrate the current corporate firewall with a system to warn the employees against a malicious link on the web page they are visiting. Also, in order to protect against unauthorized access, the CISO has decided to block users chaining proxies in order to access the corporate network via VPN. Since, a common employee will only be using a single VPN which would be provided by the company, most probably only an attacker would be chaining his own proxy with the corporate VPN in order to avoid detection. Our tools prevent this by real time detection of the IP address trying to connect to corporate network and determine whether it belongs to a VPN service by using whois records, a quick scan of well known VPN ports on the IP address and other information freely available on the web.
Please provide any additional relevant information that you would like to share.
Some of these services would be freely available, although with limited functionality. We will make sure to keep updating the tools' performance and accuracy.
This platform will also enable free information sharing on malicious links, pages, malwares etc among the corporates that the tools had found and ensure a healthy and safe web for everyone.
An online open source cheaper cyber forensic tool will be viable where any client can sign up and customise according their needs and deploy, with provision of updates for client from time to time. What's the target audience? What's the business model? Nice concept !
Hi Swapneel,
How will you address certain fake news spreading about COVID-19 influencing the public perceptions using social media platform? How will your platform assist in tracking cyber/human trafficking victims?
Hi Swapneel,
I trust you are well.
Let me congratulate you on your idea. Cybersecurity is the most important form of security today and the cheaper the tools get the more accessible they will become.
I wish to share a few considerations.
1. In your description you mentioned that AI enabled forensic tools are expensive; perhaps you can consider detailing what makes them expensive and how you plan to make your platform more affordable and accessible.
2. Consider amending your objectives into SMART objectives to reflect how you intend to convert your idea to a prototype in the years to come. Visit https://thedigitalprojectmanager.com/project-objectives/ for a detailed explanation
How do you do a forensic analysis?
Dear Swapneel,
Your tool seems to be very complex and incorporate functionality to tackle a wide number of issues.
Based on the idea description I have several questions as follows:
- After the scandal with Cambridge Analytica, the data collection procedures have been significantly tightened up by the social networks. Currently, it is more the competence of the social networks themselves to stop the spread of fake-news than of the law enforcement agency. So, have you already managed to obtain the access to data held by the social networks? How do you ensure that in case the law enforcement authorities have control on filtering the content and information will not infringe the citizens’ rights to information?
- If you plan to make your tools accessible to the vast community and ensure the prevention of proliferation of cyber-criminal activities, then I might assume the cost for the tool will be the competitive one. Following this idea, as well as taking into account the functionality you’re planning to offer to your users, how are you planning to make sure your tool is not going to be used for committing the cybercrimes?
- How would your tool differentiate yourself? For example, you have the malware analytics component which is widely covered by multiple solutions already existing on the market like the basic ones as browsers and antivirus software as well as the advanced ones as NG Firewall, IDS/IPS.
Status label added: Mentor feedback received
Hi Swapneel,
This project is needed but my advice is to start small with functionalities. Go in an agile model.
All in all, if it is anything cybersecurity, I will always support it.. Go for it!!
How do you achieve this cheaper price?
Wow this is a fantastic idea that can solve a lot of cyber fraud and identity theft.
Kudo to you. I hope you are collaborating with regulatory authorities to achieve your goal