Anonymization

Anonymization Definition

It is the “process of destroying tracks, or the electronic trail, on the data -according to Techopedia- that would lead an eavesdropper to its origins. An electronic trail is the information that is left behind when someone sends data over a network. Forensic experts can follow the data to figure out who sent it. This is often done in criminal cases, but sometimes companies undermine user privacy in order to track user data.”

Anonymizing, similarly, is the action of stripping the identity of the sender of an email, from the identification data that accompanies it.

Online Anonymization Techniques

In his book “Cyberthreats and International Law” (Eleven International Publishing, 2012), Georg Kerschischnig wrote:

“The difficulty of tracing cyberintrusions back to their originator creates defacto anonymity.
Cunning hackers“hop” overseveral intermediate stations(“proxies” )to reach their ultimate
target. The proxies in the chain ideally differ in technology, ownership, and geographical
distribution. Of course, this poses a challenge for the hacker, since he has to assign a lot
of time and effort to hack the intermediaries. But in the end, this is the best insurance
against getting caught. From the point of view of the ultimately targeted system, it then
appears as if it had been attacked by a system that in reality is only the last link of a long
chain. Investigators therefore have to check each proxy and try to determine whether it really was the attacker or if the originator is further hops away. Since attacks might happen at off hours and span over several countries and time zones, tracing can take quite some time. (1)

Additionally, tracks might be covered up or tampered with, in order to set investigators
on the wrong track and create a so-called “false flag” attack. (2) Hackers strive to
tamper with the logfiles of their proxies, and, if possible, wipe them clean. In addition,
they might use deceiving techniques such as “IP-spoofing” , where they forge the source
IP-address, which can usually be linked to a physical location. The “spoofed” IP-address
will then lead investigations only to uninvolved parties, if any, or into dead ends. (3) Conversely,
this also gives an accused originator of attacks plausible deniability.

Resources

Notes and References

1. ee also Lukasik Stephen J., Current and Future Technical Capabilities, 138 et seq., in: Sofaer Abraham D.; Goodman Seymour E.(eds.), The Transnational Dimension ofCyberCrime and Terrorism, Stanford (Hoover Institution Press), 2001.
2. See, for example, the 1994 U.S. Air Force Rome Laboratory incident, where British hackers gained control over the military research lab and transferred data stolen from the South Korean Atomic Research Institute to it, feigning U.S. and otherstate’sinvolvement:see generally Greenberg, Goodman et al. 1998 – Information Warfare and International Law, 24 et seq.
3. See generally Institute for Security Technology Studies at Dartmouth College 2004 – Law Enforcement Tools and Technologies, 15.