The encryption of nearly all digital communications today advances individual privacy protections, but it also obscures payloads and endpoints from lawful interception. Accordingly, law enforcement agencies (LEAs) have shifted their investigative focus from message payloads to traffic flows and distributed data sources. This class of evidence increasingly depends on locating, assembling, and drawing insights from digital breadcrumbs, rather than from directly intercepted communications. The breadcrumbs themselves typically require a degree of forensics to locate and identify, followed by additional analysis to reveal their significance and investigative value.
SS8 lawful intelligence tools provide superior traffic analysis based on deep packet inspection (DPI) to identify and aggregate digital markers that advance investigations. These measures illuminate application- and sub-application layer information about who is communicating, when, and across what platform, then enrich that session-specific metadata by associating it with other information. These connected breadcrumbs can reveal insights that help identify individuals, build patterns of life, and expand the network of subjects of interest in an investigation.
Building a Picture from Breadcrumbs
One way that lawful intelligence commonly advances investigations is by building a network of relationships outward from known provisioning targets being investigated under a warrant. For example, a provisioning target may exchange messages with any number of other individuals, some of whom may be known to investigators as subjects of interest. In most cases, however, at least some of these other parties are unknown, and learning their identities can be valuable.
SS8’s Enhanced Protocol Extraction Engine (EPXE) analyzes communication application protocols and ports, including encrypted flows, to reveal digital breadcrumbs such as an IP address or phone number. Data from a communications service provider (CSP) or existing evidence can then be used to reveal who the B-party is – if a warrant can be obtained. Often, however, those measures are not sufficient, such as if a subject of interest is using a burner phone, and the B-party remains hidden. In such cases, investigators must use other measures to build a case to provision the B-party as a lawful interception target. The SS8 platform provides mechanisms to help compile information about such individuals using publicly available data.
Data fusion solutions like SS8’s MetaHub can automatically investigate connections between known breadcrumbs and additional details, largely using open source intelligence (OSINT) feeds. As a simple example, the B-party’s phone number may show connections to social media accounts or email addresses. Each such connection expands the potential avenues to discover more about the subject of interest. Lawful intelligence collects, evaluates, and analyzes this information from sources that range from ad-targeting, gaming, and blog platforms to tax and land-ownership records.
OSINT-driven investigation is adept at revealing associations between a single person’s multiple online identities. Different social media accounts may reflect various aspects of an individual’s personal, political, and professional selves. Discovering an associated Skype account may reveal an alternate phone number, location, and profile picture. Vehicle records may provide access to toll records and automated number plate recognition (ANPR) systems.
Collecting and collating these breadcrumbs to identify an unknown individual may be referred to as recursive identity lookup. It can help provide a richer understanding of those subjects of interest, including potential connections to the larger investigation, and justify provisioning additional interception targets. EXPE can further refine a target’s pattern of life by identifying which apps they use most and whether they communicate using voice, video, or chat, and MetaHub can be configured to automatically scan OSINT feeds and other available sources to discover new breadcrumbs. In this way, recursive identity lookup supports a rich investigative narrative populated by recognized actors.
Assembling and Applying Target Profiles
Combining multiple internet identities into a single, enriched profile of a subject of interest, rather than analyzing disconnected threads of a digital presence, is critical to investigating an individual. It gives investigators a more complete understanding of the subject and his or her relationships with other people, places, and events. To formalize that model and extend its benefits throughout the lawful intelligence practice, SS8’s Intellego XT includes the iDossier module, which collects important details about a person or organization of interest and flexibly includes those that may or may not be under investigation or provisioned as interception targets.
Details contained within profiles may come from recursive identity lookup, case or investigative records, analyst entries, or any other source. A comprehensive iDossier profile can include a wealth of diverse data such as pictures, online identities, residence and work addresses, physical attributes, voice samples, and other details. They can also be linked to external data sources such as criminal records, passports, and driver licenses. This information can be continually updated to facilitate building rich patterns of life in real-time, with connections among associated individuals and organizations.
Within the broader context of lawful intelligence, the SS8 platform can make iDossier profiles available to analysts with automatic name-number lookup to identify and give context to parties of interest that are communicating with each other. Integrated with the rest of the SS8 platform for capabilities such as analytics, data fusion, and location intelligence, such insights into subject identities help move investigations toward successful outcomes.
About David Anstiss
David Anstiss is Director of Solution Engineering at SS8 Networks. He has been with SS8 since 2015 and has significant experience in critical network architecture technology and advanced data analytics. He currently works as part of the Technical CTO Group under the leadership of Dr. Cemal Dikmen and is responsible for leading engagement with both intelligence agencies and Communication Service Providers (CSPs) around the world. He has been instrumental in helping them transition to 5G, defining system requirements to meet regulatory compliance. As a member of ETSI, he represents SS8 to ensure the adoption of cloud-native infrastructure is met with industry best practices and to guarantee that compliance of lawful interception is maintained. Learn more about David here on his LinkedIn profile.
About Rory Quann
Rory Quann is Head of International Sales at SS8 Networks and brings with him over 10 years of experience in the Lawful Interception and Data Analysis industry. Prior to joining SS8 in 2013, Rory worked for BAE System Applied Intelligence where he was focused on large scale Government deployments of Intelligence Solutions. Rory has held multiple positions in the Lawful Intelligence space ranging from Deployment Engineer, System Consultant, and Sales Engineer focusing on Country-wide Passive deployments. Rory is a Certified Microsoft MCSA Engineer and EMC Certified deployment Engineer. You can learn more about Rory on his LinkedIn profile by clicking here.
About SS8 Networks
As a leader in Lawful and Location Intelligence, SS8 helps make societies safer. Our commitment is to extract, analyze, and visualize the critical intelligence that gives law enforcement, intelligence agencies, and emergency services the real-time insights that help save lives. Our high performance, flexible, and future-proof solutions also enable mobile network operators to achieve regulatory compliance with minimum disruption, time, and cost. SS8 is trusted by the largest government agencies, communications providers, and systems integrators globally.
Intellego® XT monitoring and data analytics portfolio is optimized for Law Enforcement Agencies to capture, analyze, and visualize complex data sets for real-time investigative intelligence.
LocationWise delivers the highest audited network location accuracy worldwide, providing active and passive location intelligence for emergency services, law enforcement, and mobile network operators.
Xcipio® mediation platform meets the demands of lawful intercept in any network type and provides the ability to transcode (convert) between lawful intercept handover versions and standard families.
To learn more, contact us at info@ss8.com.