Chapter 4 - Facilitators and relevant factors

4.3 Internet governance - Overview

Internet governance, defined as the development and regulation of the Internet through shared principles, norms and programs, is a continuous and complex process. The Internet is governed in what is called a ‘bottom up multi-stakeholder model’ rather than a purely intergovernmental approach. This multi-stakeholder approach has allowed the Internet to flourish, helping innovation and making the Internet as we know it today. However this approach has brought with it very real challenges for law enforcement.

IPv4 to IPv6

The number of available IPv4 addresses is rapidly diminishing. Migration to the IPv6 protocol – which offers a virtually unlimited number of IP addresses - is in progress but likely to take a considerable amount of time to implement. This means that, during this transition period – which may last several years or more – alternative ways to assign IP addresses are deployed by operators in order to ensure the continuity of Internet traffic in a growing market. The intermediate solution known as a ‘Carrier Grade Network Address Translation Gateway’ (CGNAT), is now being used by Internet service operators in the EU.

The ability to link users to an IP address is crucial in the context of a criminal investigation. Where the CGNAT is used, multiple devices are connected on a local network with only one single IP address. Potentially, this technology enables providers to link thousands of users per IPv4 address and the ability to identify individual users is therefore significantly impaired. The identification of users would require the retention of this data and its provision to LE by Internet operators.

Criminal exploitation

The role of the Domain Name System (DNS) in translating domain names into IP addresses can be exploited by criminals in various ways:

Transmission Control Protocol/Internet Protocol (TCP/IP) is the protocol ruling Internet traffic and can also be abused by cybercriminals in attacks such as Denial of Service (DoS) attacks via SYN flooding, TCP sequence number prediction to generate counterfeit packets in a TCP connection and access the target host using a normal TCP/IP connection, or TCP session hijacking - the exploitation of a valid computer session to gain unauthorised access to information or services in a computer system.

IP addresses, Internet Protocols (IPs)

IP protocols present similar vulnerabilities, even though the IPv6 was conceived to replace the fourth version in a safer way by using Internet Protocol Security (IPsec) technology. Both IPs can be affected by four additional threats [159], briefly summarised below:

The Domain Name System WHOIS lookup allows users to lookup any generic domain, such as .com .org to find out the registered domain owner. Criminals can misuse/abuse WHOIS data in a number of ways: