Cryptome, social networks and the inconvenient truth

Cryptome, known as Wikileaks’s competitor site  has published  online several reserved documents revealing that the police have access to information of social networks.  The documents describe how the police is able to access to Facebook user information or to the services provided by companies such as AOL and Microsoft.

On Cryptome site are also available some guides that explains to cops how to investigate on a person who has used the Yahoo! Messenger. The manual describe how to recover from the computer all the past conversations, even when the function is disabled which provides for the creation of a chat log.  The Cryptome is a true mine that offer in a single place many forensics analysis guide to explain how retrieve all the information from a smartphone like the iPhone bypassing any protection to access to content like sms and photos and other file stored in its memory even if deleted by the user.

For this analysis Cryptome has used the latest documents provided by the activists of “Anonymous” group and related to AOL, Microsoft. The information regarding Facebook have been provided by PublicIntelligence.net web site.

Really interesting are the authorization procedures implemented to access to this data. Usually the police may need a search warrant or an instance of the court but sometimes the access is more simple.  When there is an emergency related to a concrete risk for human life or for National security issues, the information can be obtained in real time, even making a phone call to the supplier of services.

Some documents report for example how to retrieve Facebook user’s personal data under investigation. This document are directed to the police officer.  To access to the date it is necessary to provide to the offices of Facebook, via email or fax, user id and all the available information regarding the investigated profile. The user id is reported in the url of the profile. The Facebook company will reply within six weeks providing logs that include IP addresses of the user observed during their sessions. All this date are stored for a period with a duration of 90 days.  Of course Facebook is able to provide  … addition info like e-mail and phone of the person under investigation, its account creation date, last access date.

After the online publication of these guidelines, Facebook has decided to upload – visible to everyone – a version of this document, updated to 2011 (but without explaining how long you retain log files with the IP, a company spokesman , asked the Cnet site, declined to answer the question).

AOL, however, claims to preserve the logs with the IP messenger for 90 days, Internet users are kept up to 6 months and e-mail for a variable time. Periods of time that is specified in the document, “may be subject to change without notice.” For emergencies, there is a dedicated phone line from AOL to the police, who need to obtain information as quickly as possible.
Cryptome have published some information regarding Microsoft and how the company manage profile of its users. Some files with IP addresses of Hotmail accounts are held on the servers for 60 days, no logs are stored for all the conversations in the chat on MSN. The policy is dated to 2005 and maybe it has been changed.

I have always been a profound advocate of freedom of expression and thought, however, can not deny that the disclosure of information such as this topic has left me very interdict. The information disclosed are not new for us but to make this information public can cause several problems. How many investigators will improvise, how many will decide that just reading few pages is the shortest path to become security experts, and with what consequences?
I find it proper to inform the users of a social network on the way in which their data are managed. How many and which information are managed for each user profile and for how long they will be available on corporate servers? Would not it be correct to inform users of the availability of such information so they can access them every time they desire?
I have a doubt … and if these files were the result of a campaign of disinformation?

And if the user data were stored on a permanent basis to allow for future investigation and analysis by government agencies?

… I fear that this might be the inconvenient truth.

Pierluigi Paganini

References

http://publicintelligence.net/facebook-law-enforcement-subpoena-guides/

http://cryptome.org/isp-spy/aol-spy3.pdf

http://cryptome.org/isp-spy/cellular-spy3.pdf

http://cryptome.org/isp-spy/facebook-spy3.pdf