In cybercrime investigations, there are several general and unique challenges. The ability of users of information and communication technologies to remain anonymous is one such barrier. People can participate in events while anonymous, keeping their identities and acts hidden from others. Cybercriminals use a variety of anonymization techniques. The usage of proxy servers is one such method. An anonymizer, or anonymous proxy server, conceals users’ identification information by masking their IP address and replacing it with a different IP address (UNODC, n.d). A proxy server is an intermediary server that connects a client with a server from which the client is requesting resources. To disguise their online activities and locations, cybercriminals can also utilize anonymity networks to encrypt traffic and mask Internet Protocol addresses, which are allocated to computers and other digital devices when they connect to the Internet. Investigations are severely hampered, particularly when trying to identify criminals.
Another challenge investigators run into when looking into cybercrime is attribution. Determining who and what is accountable for the cybercrime is known as attribution. This technique aims to link the cybercrime to a specific digital device, the user of the device, and other perpetrators, such as if the cybercrime was directed or sponsored by a state (UNODC, n.d). Using methods that increase anonymity can make it challenging to find the computers and people behind the criminality. The use of zombie computers or digital devices controlled by malware-infected remote access tools further complicates attribution. Unbeknownst to the user whose device is infected, these gadgets can be utilized to perform cybercrimes; thus, pinpointing the actual perpetrator can be challenging.
Finally, cyber-crime investigations undergo a significant challenge, especially in back-tracing. Tracking criminal activity back to its origins in cybercrime is known as back-tracing or traceback. Traceback occurs when cybercrime is discovered or after it has already happened. A preliminary inquiry is carried out to examine log files, which can give information about cybercrime, to learn more about it. For instance, event logs automatically record computer-related events to create an audit trail that may be used to track, comprehend, and identify system activity and issues (UNODC, n.d). These event logs may reveal the IP address utilized in the cybercrime. However, it can be time-consuming. The preparators’ knowledge, talents, and abilities, as well as the steps they have taken to disguise their identities and actions, will determine how long it takes to finish this process. Tracing may not result in the discovery of a single identifiable source, depending on the strategies employed by cybercriminals to carry out the illegal activity. This can be seen, for instance, when numerous attackers concurrently carry out a distributed denial of service attack or when malware-infected zombie computers are used to commit cybercrime.
Tracking methods used by law enforcement to investigate internet crimes.
Law enforcement can use various tracking methods in internet crimes, including bugs and beacons. A picture that can be added to a web page or email is referred to as a bug or a beacon. Information is sent to the host computer when a user clicks on a visual to view or close it (Hoyle, 2016). The user’s IP address, email address, the operating system of the user’s computer, the URL or address, the web page that the user was browsing when the bug or beacon was triggered, and the browser that was used are all pieces of information that bugs or beacons can collect.
Secondly, they can trace emails. Due to several features, it is possible to track email transfers from the sender to the destination computers. For instance, the header is a chunk of data that appears in every email. The message’s origin time, date, location, and the sender’s computer’s Internet address are all included. The IP address could determine the message’s true origin if an alias was used to send it. This tracing frequently results in a direct path to the sender when the message source is a personally owned computer. However, identifying senders can be difficult if the sending machine serves a big community, like a university, through which harmful messages are frequently routed (Hoyle, 2016). The message’s path from the sending computer to the receiving computer is also described in the header information. Finding out who sent the message can be achieved through this.
Additionally, chat rooms are online discussion forums where users can visit and share their thoughts on various topics. Enforcement officials can identify the source of malicious activity by piecing together the electronic transcripts of the chat room chats.
Finally, they can employ Java Script and Active X, whereby several computer scripting languages are immediately activated when a webpage is visited. The smaller programs might function inside the leading software to generate the pop-up advertising windows that are becoming more and more common on websites (Hoyle, 2016). User information like that mentioned in the previous sections may be acquired when the pop-up visual is accessed.
Several crucial commercial Internet sites, including Yahoo, eBay, and Amazon, were overwhelmed with incoming data on February 8, 2000, and became inaccessible as a result (Hoyle, 2016). Law enforcement officials discovered through tracking emails that the attacks originated from a 15-year-old boy’s computer in Montreal, Canada. Within months of the incidents, the young person, whose online alias was “Mafiaboy,” was taken into custody. Examining the communications in the case of Mafiaboy revealed a computer at the University of California, Santa Barbara, which had been commandeered for the prank. Authorities were able to track the transmission line back to the sender’s computer by looking at the log files (Hoyle, 2016). Overall, tracking emails was an effective method of investigation and tracking in this case because it allowed investigators to identify the suspect and the exact location of the computer he used.
United Nations Office on Drugs and Crime (UNODC). (n.d). Obstacles to cybercrime investigations. Retrieved From: https://www.unodc.org/e4j/en/cybercrime/module-5/key-issues/obstacles-to-cybercrime-investigations.html
Hoyle, B. (2016). Internet Tracking and Tracing. Cengage. Retrieved From: https://www.encyclopedia.com/social-sciences-and-law/law/crime-and-law-enforcement/internet-tracking-and-tracing