Lawful Intercepts

System Deployment from Requirement, Designing and Planning to Delivery and Operation

Lawful intercept is widely used for cybercrime investigation, but few people know that it is also consisted of telecommunication engineering, statistical data analysis, IT infrastructure, sociopsychology, concepts of management …etc. These innovations totally change the landscape and face of lawful intercept into a new cross-discipline science.

Ted Chao

Minimum price

$7.99

$9.99

You pay

$9.99

Author earns

$7.99

PDF

About

About the Book

For a long time, there is a veil covering lawful intercept. Most of people are thinking it as a tool by police and national security staff to carry on surveillance on ordinary civil people. In reality, lawful interception is an important mean to prevent crimes and terrorism spreading in cyber world now. In order to better present lawful interception at different angles for different readers, like technical staff and LEA planning officers with different working agendas, the organization of this book is divided in to 5 parts:

· The first part is the basic introduction on lawful interception operation with its restriction and boundaries in terms of network surveillance, difference from cyber intelligence, LI readiness with support of legal background, ETSI framework with compliant LI systems for practical deployment.

· The second part is the LI process in LEA side in terms of crime investigation process, cyber evidence acquisition, warrant management for auditing, and network forensic basics for data analysis and presentation.

· The third part is the review of LI systems in terms of law enforcement monitoring management (LEMF) system with warrant management, mediation device, protocol analyzer for content reconstruction, and media gateway for conversion between signaling and media. In this part, IT system planning of some common requirement, such as system sizing, information security, system resilience and business continuity…etc., will be also addressed. Though I worked for LI solution vendor for more than 7 years, I will not particularly specify the brand and model of any solution vendor. What I try to do is to provide the explanation on the de facto functions and feature those LI system should be. This can be reference for those solution vendors and LEA planning officers for the off the shelf products in market.

· The fourth part is the data access at different telecom networks in terms of network infrastructure with both user data plane and control plane of TDM, GSM, GPRS, IMS, Fixed Network, and 4G/5G networks. This part is quite important for LEA and system integrator to negotiate with telecom network administration team to deploy, manage and operate LI systems.

· The fifth part is the project management in terms of project planning, labor planning, budget/cost planning, customer acceptance test, training planning and maintenance planning. Though the focus of this part is at LI system delivery, most of content can be also applied to LI system customization during negotiation between LEA users and solution developers.

· The last part is case study with six true investigation cases handled by LEA through LI process in different countries. I have tried my best to omit the confidential part and present it with the best usage of LI systems in crime investigation.

Expected Readers in the Market

For my job, I have met lot of IT planning staff from LEA department and judicial staff of prosecutor and judge offices in many different countries. From my conversation with them, I understand even those work with crime investigation and legal proceeding everyday still have lots of misunderstanding and regard LI as black box processing, it is quite nature for ordinary civilians to have great fears and prejudice on lawful interception.

Due to some background knowledge needed for understanding LI, this book is written for those who want to know more details about LI operation for their works, such as:

— Officers of LEA in charge of planning, purchase, and deployment of LI systems, and front-end field investigator and lab analysts.

— Telecom network administrators in charge of network management involved with LI process.

— System integrator in charge of LI system deployment and maintenance.

— Solution providers in charge of LI system development and customization.

— Judicial officials in charge of crime legal proceeding.

— People who work with civil right and speech freedom on internet want to know more about LI to eliminate the necessary fearsome and fantasy.

Though some of confidential and sensitive information related to cyber crime detail process in designated cases, LI deployment in some designated TSP data centers, or specific investigation tools used in target telecom networks, I have carefully reviewed it and tried my best to hide these confidential details. Some of my LEA friends also give me advice on it to modify those details.

Share this book

Feedback

Email the Author

Author

About the Author

Ted Chao

Ted Chao is an IT consultant working on lawful interception and cyber intelligence projects worldwide. He has worked in a Taiwan LI solution company - Decision Group Inc. as technical consultant and chief project leader for more than 8 years since 2010. For the past 30 years, he worked as system integration manager, SAP basis consultant, project manager, technical product manager, product development team leader and technical consultant at Acer, Compaq, HP, Lucent Technologies, and Institute of Information Industry in Taiwan, Singapore, ASEAN and Middle East countries. During his profession period, he was also involved in many large deployment projects of SAP, cross border enterprise and municipal networks, lawful interception and cyber intelligence in many different countries.

Table of Contents

Table of Contents

Preface

Chapter 1. Introduction

Section I. Lawful Interception as One of Cyber Intelligence Methods

Chapter 2. A Glance at Network Surveillance

2.1. History of Intercept on telecom facility

2.2. Difference between Lawful Interception and Cyber Intelligence

Chapter 3. National LI Mandates

3.1. LI Acts in Different Countries

3.2. General LI Process Flow in LEA side

3.3. Type of Lawful Intercept

3.4. Admissibility of evidence from LI by Court

Chapter 4. LI Framework

4.1. Data Access / Intercept Access Point (IAP)

4.2. Data Delivery

4.3. Data Collection

4.4. Law Enforcement Monitoring Facility

4.5. LI Standard in Different Countries

Chapter 5. Practical Deployment for Lawful Interception

5.1. LI Intercept at TSP side

5.2. HI1 Interface under ETSI

5.3. HI2 Interface under ETSI

5.4. HI3 Interface under ETSI

5.5. File Transferring between Mediation Device and LEMF

5.6. Technical Document with Definition of LI Protocols

5.7. Function of Mediation Device

5.8. HTTPS Traffic under ETSI

5.9. Common LI Systems in the Set of LEMF

5.10. Systems for LI Process

Section II. Lawful Interception for Cyber Investigation Process and e-Evidence Collection

Chapter 6. Nature and Model of Cybercrimes

6.1. Type of Cybercrimes

6.2. Model of Cybercrime

Chapter 7. Cyber Investigation with Evidence Management and Analysis

7.1. International Guidelines of Common Standards

7.2. Requirement of Digital Evidence Collection from LI Systems

7.3. Compliance of LI Systems with Guidelines of Digital Evidence Management

Chapter 8. LI Case Establishment and Final Report Format

8.1. Items for Approval of Lawful Intercept

8.2. Investigation Report

Chapter 9. Network Forensics for Investigation and Data Analysis

9.1. Data Transmission through Network

9.2. Deep Packet Inspection Tool

9.3. Link Analysis

9.4. Time Line Chart

9.5. Content Analysis

9.6. Structure Analysis

Section III. LI Systems

Chapter 10. Law Enforcement Monitor Facility (LEMF): LI Monitor

10.1. LI Monitor

10.2. Subsystem components of LI monitor

10.3. Data Processing with HI2 and H3 files

10.4. General Product Specification of LI Monitor

Chapter 11. Mediation Device

11.1. Mediation device

11.2. Subsystems of mediation device

11.3. Data Flow of mediation device

11.4. Product Specification of mediation device

Chapter 12. Media Gateway

12.1. Function of Mediation Device

12.2. The position of media gateway in LI process

12.3. Media Gateway Products in Market

Chapter 13. Protocol Analyzer and Content Reconstruction System

13.1. Position of Protocol Analyzer in LI Process

13.2. Protocol Analyzer System

13.3. Data Flow of Protocol Analyzer

13.4. General Specification of Protocol Analyzer

Chapter 14. Tactic Wi-Fi Interceptor

14.1. Position of Tactic Wi-Fi Interceptor in LI process

14.2. General Specification of Tactic Wi-Fi Interceptor

Chapter 15. System Capacity and Sizing Planning

15.1. Choices of Hardware, Network and Middleware for LI platform

15.2. Mediation System

15.3. Media Gateway System

15.4. Protocol Analyzer system

15.5. LI Monitor system

15.6. Data Center Planning for LI system

Chapter 16. Business Resilience

16.1. Viewpoints at Hardware Platform and OS Level

16.2. Shared Storage within Cluster

16.2. Network level

16.3. Link level

16.4. Disaster Recovery

16.5. Backup/Archive

16.6. Vulnerability Assessment

16.8. Prevention from External Probing

Chapter 17. Virtual Machine for LI Deployment on VMware vSphere

17.1. The Mechanism of Virtualization Platform

17.2. Functionalities of Virtualization Platform by Hypervisor of VMware vSphere

17.3. Clustering Mechanism of VMware vSphere

17.4. Virtualization Planning for LI Deployment

17.5. Suggested Specification of LI Systems on vSphere Platform

17.6. Conclusion

Section IV. Telecom Network Infrastructure for LI

Chapter 18. Starting Point of LI Process at Telecom Network

18.1. The Network Environment and Concerns in TSP Site

18.2. LI Requirements in LEA side

18.3. Evolution of Telecom Network Technologies

18.4. Choice of Intercept Access Point

18.5. Subscriber ID

18.6. Type of Intercepted Data

18.7. Role of Mediation Device

Chapter 19. LI at Terrestrial Telecom Networks

19.1. Circuit Switch and Softswitch Network

19.2. IP Media Subsystem Network (IMS)

19.3. Fixed Data Network

Chapter 20. LI at Wireless Telecom Networks

20.1. GSM Network

20.2. GPRS Network

20.3. LTE network

20.4. Proposed LI Deployment at 5G Network

Chapter 21. LI on HTTPS Traffic

21.1. HTTPS Mechanism

21.2. Global Governance on Certificates

21.3. The Need of Intermediate PKI Certificate for Lawful Interception

21.4. Deployment of LI System on HTTPS for Cybercrime Investigation

21.5. The Proposed Availability of PKI Certificate for LI

Section V. Plans for LI Deployment Project

Chapter 22. LI Project Preparation

22.1. Objective for LI Deployment and Development

22.2. LI Project Preparation Task List

22.1. Work Scope Definition

22.2. Cost Estimation

22.3. Scheduling

22.4. Cost of Labor Planning for Project

Chapter 23. Management for Project Delivery

23.1. Management Functions

23.2. System Test

23.3. Customer Acceptance Testing

Chapter 24. LI Deployment Planning after Project Delivery

24.1. Training program

24.1.1. On-site Training

24.1.2. Off-site Training

24.2. Maintenance Service

Chapter 25. Software Development Planning

25.1. Product Design Process

25.2. Product Development Tool

Section VI. Case Study with Lawful Interception Operation

Chapter 26. Case 01: LI Deployment in the Data Center of APP Service Provider

26.1. Objective

26.2. Background

26.3. Common Backend of Social Communication Service

26.4. LI Deployment for ETSI Compliance

26.5. Concerns of High Availability

Chapter 27. Case 2: LI Deployment Integrated with both Circuit Switching and Packet Switching Networks

27.1. Objective

27.2. Background

27.3. Conceptual Implementation based on ETSI

27.4. Requirement and Network Environment in the Case

27.5. LI deployment

Chapter 28. Case 3: Investigation on VoIP Phishing

28.1. Objective

28.2. Background

28.3. Track down by Local Investigation

28.4. Track by Lawful IRI Records

Chapter 29. Case 4: Conduct Lawful Intercept at Radio Access Network of 3G/4G Network

29.1. Objective

29.2. Background

29.3. Object Positioning on Mobile Phone

29.4. Positioning Calculation by GPS in the Lab

29.5. RF Positioning

29.6. Measurement of BTS by Mobile Tracking Device

Chapter 30. Case 5: Tactic LI Application – Crime Investigation on Drug Dealing Case by Wi-Fi Interceptor

30.1. Objective

30.2. Background

30.3. Passive lawful Wi-Fi Intercept

30.4. Active lawful Wi-Fi Intercept

30.5. Distributed Wi-Fi Interception

30.6. Case of drug dealing investigation in Internet Café

30.7. Data integrated into ETSI compliance LI process

Chapter 31. Case 6: Lawful Interception on Breach Trust of Former Employee in High Tech Company

31.1. Objective

31.2. Background

31.3. Digital Criminal Data Collection

31.4. Legal Procedure and Final Sentence

Chapter 32. Conclusion

32.1. Telecom Technologies

32.2. APPs Used by Cyber Criminals

32.3. Juristic Environment

32.4. IoT Platform

32.5. Data Analysis

32.6. Investigation Process

32.7. IT Security Requirement due to Virtualization

Appendix A – Building a Simulated Lawful Interception Lab

A.1. Objective of Simulated LI Lab

A.2. The Deployment of LI Simulation Lab

A.3. The Operation Procedure

A.4. The Target Simulated Service Network

A.5. The Role of Each LI Device

A.6. Simulated Lawful Interception Procedure

A.7. Data Analysis

A.8. Equipment List for LI Simulation Lab

A.9. The Conceptual Deployment

A.10. Conclusion

Appendix B - LI Ready Country List

Appendix C - XML and Its Application in Lawful Interception

Appendix D - Introduction on ASN.1

Appendix E - Acronym List

Reference

The Leanpub 60 Day 100% Happiness Guarantee

Within 60 days of purchase you can get a 100% refund on any Leanpub purchase, in two clicks.

Now, this is technically risky for us, since you'll have the book or course files either way. But we're so confident in our products and services, and in our authors and readers, that we're happy to offer a full money back guarantee for everything we sell.

You can only find out how good something is by trying it, and because of our 100% money back guarantee there's literally no risk to do so!

So, there's no reason not to click the Add to Cart button, is there?

See full terms...

Earn $8 on a $10 Purchase, and $16 on a $20 Purchase

We pay 80% royalties on purchases of $7.99 or more, and 80% royalties minus a 50 cent flat fee on purchases between $0.99 and $7.98. You earn $8 on a $10 sale, and $16 on a $20 sale. So, if we sell 5000 non-refunded copies of your book for $20, you'll earn $80,000.

(Yes, some authors have already earned much more than that on Leanpub.)

In fact, authors have earned over $14 million writing, publishing and selling on Leanpub.

Learn more about writing on Leanpub

Free Updates. DRM Free.

If you buy a Leanpub book, you get free updates for as long as the author updates the book! Many authors use Leanpub to publish their books in-progress, while they are writing them. All readers get free updates, regardless of when they bought the book or how much they paid (including free).

Most Leanpub books are available in PDF (for computers) and EPUB (for phones, tablets and Kindle). The formats that a book includes are shown at the top right corner of this page.

Finally, Leanpub books don't have any DRM copy-protection nonsense, so you can easily read them on any supported device.

Learn more about Leanpub's ebook formats and where to read them

Write and Publish on Leanpub

You can use Leanpub to easily write, publish and sell in-progress and completed ebooks and online courses!

Leanpub is a powerful platform for serious authors, combining a simple, elegant writing and publishing workflow with a store focused on selling in-progress ebooks.

Leanpub is a magical typewriter for authors: just write in plain text, and to publish your ebook, just click a button. (Or, if you are producing your ebook your own way, you can even upload your own PDF and/or EPUB files and then publish with one click!) It really is that easy.

Learn more about writing on Leanpub