RU2782705C1 - Method for deanonimization of internet users - Google Patents

Abstract

FIELD: Internet users deanonymizing.

SUBSTANCE: invention relates to a method for deanonymizing Internet users. In the method, multimedia messages mixed with the data stream are broadcast to one or more electronic devices, the data stream contains an identifier, the identifier and data on at least one communication device are received on the server, where the method also receives spurious electromagnetic radiation generated by electronic device when processing a multimedia message mixed with a data stream by a radio receiving module on at least one communication device, then the identifier is extracted from the received electromagnetic signal, after the server receives the identifier and data about at least one communication device, the user's identity is established.

EFFECT: increasing the reliability of deanonymization of Internet users.

1 cl, 2 dwg

Description

The invention relates to the field of identification of network users, in particular their deanonymization.

Digitalization, which has become widespread in all spheres of human activity, increases labor productivity, improves the quality of life and greatly facilitates the interaction between people, regardless of their territorial location, thereby bringing the fourth industrial revolution closer [I.R. Zulkarneev, A.E. Kozlov, V.O. Nestor Deanonymization of offenders on the Internet // Proceedings of the XV International Scientific and Practical Conference, - 2019 - P. 119-122.].

At the same time, the availability and widespread use of the Internet have led to the emergence of such a concept as cybercrime, and the number of such crimes is constantly growing [Pavlyukov V.V. Computer intelligence as an operational-investigative measure // Legal Science and Practice: Bulletin of the Nizhny Novgorod Academy of the Ministry of Internal Affairs of Russia. - 2016.- No. 4(36) - C. 236-241]. The use of digital technologies allows attackers: both individuals and groups, to commit economic crimes, sell illegal prohibited goods and information, carry out calls for terrorism, conduct extremist activities [Kuvatov V.I., Primakin A.I., Yakushev D.I. . Countering terrorist and extremist organizations on the Internet // Bulletin of St. Petersburg University of the Ministry of Internal Affairs of Russia. - 2015. - No. 1(65) - C. 91-94]. Such activity must be counteracted, which determines the importance of solving the problem of searching and detecting cybercriminals.

One of the main features of crimes committed on the Internet is the use of modern anonymity mechanisms [Nemov M.V. Cybercrime as a new criminal threat // Epoch of Science. - 2017. - No. 9. - C. 47-50]. The most commonly used anonymity tools are third-party proxy servers, VPN tunnels, onion routing and I2P networks, non-personalized social network accounts, as well as various combinations of these tools [Sergeev S.M. Some problems of countering the use in criminal activity of means of ensuring the anonymization of the user on the Internet // Bulletin of the St. Petersburg University of the Ministry of Internal Affairs of Russia. - 2017. - No. 1 (73). - C. 137-140].

Analysis and generalization of materials [Denisov Yu. System-anonymizer tor. Quick introduction // System administrator. 2012. No. 11 (120). pp. 56-57.; Zakharchuk S.D. Normative-legal regulation of activities to counter anonymizer services // Bulletin of the Tyumen Institute for Advanced Studies of Employees of the Ministry of Internal Affairs of Russia. 2018. No. 2 (11). pp. 72-84.; Firsov V.V., Sobolev D.V. // Innovative crime. World experience in combating vpn and "anonymizers" // Topical issues of science. 2018. No. 46. P. 97-99] made it possible to formulate the definition of an anonymity means.

An anonymity tool is a software/hardware tool that hides the identification data of the user (consumer) of any resource on the Internet, while the identification data includes, but is not limited to, the user's personal data, IP address, browser settings, identifier in provider network.

A resource on the Internet is understood as any information system that functions for the purpose of disseminating information.

Information system - a set of information contained in databases and information technologies and technical means that ensure its processing [Federal Law "On Information, Information Technologies and Information Protection" of July 27, 2006 N 149-FZ].

Dissemination of information - actions aimed at obtaining information by an indefinite circle of persons or transferring information to an indefinite circle of persons [Federal Law "On Information, Information Technologies and Information Protection" dated July 27, 2006 N 149-FZ].

A website can act as a resource on the Internet. Website on the Internet - a set of programs for electronic computers and other information contained in the information system, access to which is provided through the information and telecommunication network Internet [Federal Law "On Information, Information Technologies and Information Protection" dated July 27, 2006 N 149 -FZ].

Today, one of the main problems in both organizational, tactical, technical, and legal aspects can be considered the problem of deanonymization of the Internet user. The concept of deanonymization of an Internet user is understood as a set of measures aimed at establishing his identity [Kublik E.I. Cross-device targeting in modern conditions Bulletin of the Institute of World Civilizations, - V. 9 No. 2 (19) - M. - 2018. - S. 128-130]. At the same time, the Internet user [in the context of the method] is considered as a person who commits illegal acts in cyberspace.

There is a method of deanonymization of Internet users [Sheludyakov D.A., Korchagin S.A., Heart D.V. Study of ways to deanonymize users of VPN services D.A. Sheludyakov, S.A. Korchagin, D.V. Heart - Saratov: LLC Publishing House "KUBiK", 2021 - 74 p. ISBN 978-5-91818-757-9] that in low latency networks (i.e., Tor and VPN networks), the user is identified by correlation of packet transit times.

The disadvantage of this method is the complexity of implementation and low efficiency due to the need to simultaneously control a large number of communication network nodes.

There is a method of deanonymization of Internet users [Sheludyakov D.A., Korchagin S.A., Heart D.V. Study of ways to deanonymize users of VPN services D.A. Sheludyakov, S.A. Korchagin, D.V. Heart - Saratov: LLC Publishing House "KUBiK", 2021 - 74 p. ISBN 978-5-91818-757-9], which consists in the fact that the user is identified due to the collected characteristics of the electronic device (IP address, MAC address, settings values, etc.).

The disadvantage of this method is the low efficiency due to the weak correlation of the collected data with the user's identity.

The closest in technical essence and functions to the claimed (prototype) is the "Method of cross-device user targeting" [US Pat. US 2015/0215668A1 USA, IPC H4N2L/234 Method and system for cross-device targeting of users / author: Hitesh Chawla, applicant: Silveredge, Inc., publ. 07/30/2015], which consists in broadcasting multimedia messages mixed with an audio data stream to one or more electronic devices, while the audio data stream contains an identifier, receiving the audio data stream on at least one communication device, extracting the identifier from the received audio data stream, receive on the server the identifier and data about at least one communication device, send one or more messages to at least one communication device associated with the identifier. In this case, the identifier contained in the audio data stream can be in both the audible and inaudible frequency ranges.

The technical problem is the need to expand the arsenal of technical means of deanonymization. The technical problem is due to the limited use of existing deanonymization tools.

The technical result is the expansion of the arsenal of technical means of deanonymization.

The technical problem of expanding the arsenal of technical means for deanonymizing Internet users is eliminated by creating a technical solution that consists in using an additional identifier extracted from spurious electromagnetic radiation (EMR) of an electronic device, while the radiation is received on the radio module of the communication device identified relative to the owner's identity.

The technical problem is solved in such a way that in the method of deanonymizing Internet users, multimedia messages are broadcast mixed with a data stream to one or more electronic devices, while the data stream contains an identifier, the identifier and data on at least one communication device are received on the server, according to of the invention additionally receive a parasitic EMI generated by an electronic device when processing a multimedia message mixed with a data stream by a radio receiving module on at least one communication device, then extract the identifier from the received electromagnetic signal, after the server receives the identifier and data about at least one communication device establish the identity of the user.

The analysis of the prior art made it possible to establish that there are no analogues characterized by sets of features identical to all the features of the claimed method. Therefore, the claimed invention meets the condition of patentability "novelty".

The listed new set of essential features provides an extension of the capabilities of the prototype method through the use of an electronic device as a radio transmitter that broadcasts an identifier on the air, which is received by a communication device located in close proximity to the electronic device.

The results of the search for known solutions in this and related fields of technology in order to identify features that match the distinguishing features of the prototypes of the claimed invention showed that they do not follow explicitly from the prior art. From the level of technology determined by the applicant, the known effect of the essential features of the claimed invention on the achievement of the specified technical result has not been revealed. Therefore, the claimed invention meets the condition of patentability "inventive step".

The "industrial applicability" of the method is due to the presence of an element base, on the basis of which devices can be made that implement this method with the achievement of the result specified in the invention.

The claimed method is illustrated by drawings:

fig. 1 is a block diagram of a method for deanonymizing Internet users,

fig. 2 - scheme of deanonymization of Internet users.

In block 1 (Fig. 1) broadcast multimedia messages mixed with the data stream to one or more electronic devices, while the data stream contains an identifier.

Any resource on the Internet, for example, a site, acts as a device for broadcasting multimedia messages (Fig. 2, block 10).

At the same time, the broadcast messages are preliminarily mixed with data, during the processing of which parasitic EMR with specified parameters arise on the Internet user's electronic device.

The identifier is a number associated on the server side (Fig. 2, blocks 6, 10) with a specific electronic device (Fig. 2, block 12) that received multimedia messages.

Any electronic device, for example, a PC, can act as a receiver of broadcast multimedia messages (Fig. 2, block 12).

At the same time, the access of the Internet user to the broadcast messages is carried out using means of anonymity (Fig. 2, block 11), for example, the Tor network.

Block 2 (Fig. 1) receives parasitic EMI generated by an electronic device during processing of a multimedia message mixed with a data stream by a radio receiving module on at least one communication device.

The communication device (Fig. 2, block 8) [in the context of the method] is a software and hardware device designed to operate in cellular networks. At the same time, modern communication devices, in addition to the main radio receiving module that ensures the operation of the device for its intended purpose, as a rule, have other radio receiving modules, for example, a Bluetooth module, a Wi-Fi module or an FM receiver.

The possibility of receiving EMR on the FM receiver of a communication device is considered, for example, in the article [Ryabinin A.M., Bonch-Bruevich A.M. Transmission of information via the PEMIN channel based on soft tempest technology // Youth Scientific and Technical Bulletin. FGBOU VPO "MSTU im. N.E. Bauman". El no. FS77-51038].

In block 3 (Fig. 1) the identifier is extracted from the received electromagnetic signal.

Extracting an identifier from a spurious EMP means detecting a change according to a known law in any of the parameters of the received radio signal, for example, the amplitude of the demodulated signal when the radio receiver module is tuned to a given frequency.

After extracting the identifier, the identifier and data on the communication device, the radio module of which received parasitic EMP, are sent to the server (Fig. 2, block 6).

Communication device data is represented by but not limited to mac address, IMEI number, phone number.

The identifier and data about the communication device are sent by known methods via the Internet (Fig. 2, block 7) [Olifer Victor, Olifer Natalia Computer networks. Principles, technologies, protocols: Anniversary edition. - St. Petersburg: Peter, 2020. - 1008 p.: ill. - (Series "Textbook for universities"). ISBN 978-5-4461-1426-9] using the software preinstalled on the device or using the methods of remote control of the device provided by the GSM standard.

In block 4 (Fig. 1), the identifier and data on at least one communication device are received on the server. Reception is carried out by known methods [Olifer Victor, Olifer Natalia Computer networks. Principles, technologies, protocols: Anniversary edition. - St. Petersburg: Peter, 2020. - 1008 p.: ill. - (Series "Textbook for universities"). ISBN 978-5-4461-1426-9].

In block 5 (Fig. 1) the identity of the Internet user is established.

The identity of the user is established by comparing the received identifier with the data on the communication device identified with respect to the identity of the owner, who is also an Internet user.

For example, in order to obtain a subscriber's identification electronic module (SIM card), it is necessary to provide the telecom operator with the subscriber's passport data [Federal Law "On Communications" dated 07.07.2003 N 126-FZ].

Also, telecom operators store an amount of information sufficient to identify the user according to the data on the communication device [Decree of the Government of the Russian Federation of April 12, 2018 N 445 “On Approval of the Rules for the Storage of Text Messages by Telecom Operators of Users of Communication Services, Voice Information, Images, Sounds, Video - and other messages of users of communication services” (with amendments and additions); Federal Law "On Communications" dated 07.07.2003 N 126-FZ], including the user's passport data, text messages, call directions, location data.

It is assumed that the communication device is not used to commit illegal acts, is registered to the user and operates without the use of anonymity means.

Thus, the identifier sent along with a multimedia message to an electronic device through which anonymous access to a resource on the Internet is carried out, being processed by an electronic device, is emitted into the air in the form of a parasitic EMP, while the identifier is received by the radio receiving module of the communication device, and the communication device , identified with respect to the identity of the user, sends to the server, together with the identifier, data about the communication device, while the server establishes the identity of the user by comparing the identifier and data about the communication device.

Therefore, the presented set of essential features is sufficient to solve the problem and achieve a technical result.

Claims (1)

A method for deanonymizing Internet users, which consists in broadcasting multimedia messages mixed with a data stream to one or more electronic devices, while the data stream contains an identifier, receiving an identifier and data on at least one communication device on the server, characterized in that that receive spurious electromagnetic radiation generated by an electronic device when processing a multimedia message mixed with a data stream by a radio receiving module on at least one communication device, then extract the identifier from the received electromagnetic signal, after the server receives the identifier and data about at least one device links establish the user's identity.

Images