You are here: Resources > FIDIS Deliverables > Forensic Implications > D5.2b: ID-related Crime: Towards a Common Ground for Interdisciplinary Research > 

D5.2b: ID-related Crime: Towards a Common Ground for Interdisciplinary Research

phishing  Title:
SNIFFING
 Legal Aspects

 

sniffing

Sniffing is a general IT-term related to the analysis of network traffic. Using a “sniffer” program, all or part of the network traffic passing through a given node of that network is captured for later analysis. As an example, the author ran a network analysis program while logging on to the internal FIDIS website (http://internal.fidis.net). One of the http-packets intercepted contained (among more technical data) the following information ():

Source:

Destination:

 

Additionally, the HTTP packet contained 74 bytes of data, which decoded as: 

"user=HGraux&pass=xxxxxx&submit=Login&logintype=login&pid=2&redirect_url=" 

            (string decoded from its hexadecimal form, password has been masked)

 

 

 

Figure . Sniffing example.

 

As shown above, the intercepted package contained both the author’s IP address, his FIDIS username and his password (for obvious reasons masked in the text above). Although the example provided is fairly innocent, it is clear that a small, hidden sniffer could be extremely useful for an aspiring identity thief.

Similar to the phishing example above, using sniffing software as a tool for ID crime is in clear violation of a number of European regulations, including: 

  • a number of offences in the European Council’s Cybercrime convention, such as illegal interception (of the data transmitted by the victim’s computer) and computer-related fraud (by using the stolen data to assume the victim’s identity). 

  • the data protection directives, to the extent that harvesting and abusing the victim’s personal data constitutes illegal processing.

Again, sniffing will also violate national transpositions and related regulations in the national law systems of the Member States. 

Sniffing presents one other interesting aspect that demonstrates that this activity is fundamentally different from phishing: sniffing has demonstrable beneficial uses. In fact, the pejorative connotation of the terminology is somewhat confusing. Sniffing is really nothing more than a slang term for network monitoring, which in itself is an essential aspect of computer network management. Indeed, system administrators rely on network monitoring software to trace network activity, locate bottlenecks and monitor network functionality (not necessarily by monitoring an individual user’s activities).  

As such, network monitoring software (or sniffers, depending on one’s personal preference) is one of many applications that walk a fine line: even when designed for benevolent and perfectly legal purposes, it is very easy to abuse to achieve criminal goals. Regulation of such software remains a thorny issue to this day, as legislators struggle to find adequate criteria that would render sniffers illegal, yet permit network monitoring software. As indicated above, we believe that the difference between sniffing and network monitoring is largely semantic, and that any attempts to restrict the production and use of this software can have only a marginal practical impact. 

This has not stopped regulators from trying, though. On a European level, e.g. the Cybercrime Convention forbids even the production of “a device, including a computer program, designed or adapted primarily for the purpose of committing any of the offences established in accordance with Article 2-5 […] with intent that it be used for the purpose of [such offences].” Its flaws are obvious: the production of such software is only illegal if the programmer had the intention of using it for criminal purposes, and if (s)he has primarily designed the software for this purpose. Both criteria are highly subjective, and will only allow the elimination of the clearest cases of abuse.

From a conceptual point of view, one may raise the question why specific tools should be outlawed, in addition to certain undesirable behaviours. Shouldn’t a ban of criminal behaviour itself suffice without targeting the manufacturing of certain tools, when those tools can only rarely be shown to be intended for illegal purposes? The question is of a legal-philosophical nature, and falls outside of the scope of this paper. Nonetheless, it is worth bearing in mind. 

 

phishing  fidis-wp5-del5.2b.ID-related_crime_03.sxw  Legal Aspects
Denis Royer 8 / 44