We've been working with law enforcement to help them tackle the ever-growing problem of cybercrime.
As the Internet continues to grow and has steadily become an essential part of our everyday lives, cybercrime is also becoming a part of our everyday lives. More and more, we see news stories about identity thefts, ransomware crippling computers, email servers being hacked, and victims of phishing scams.
What can a Regional Internet Registry do about all this? In some ways, the answer is not much. The RIPE NCC is not a law enforcement agency. Our function is not to pursue the “bad guys” or to punish crime. Contrary to what some urban legend might say, we really don’t have black helicopters waiting on the rooftop, ready to swoosh down on the crooks of the Internet.
On the other hand, the RIPE NCC is involved with Internet governance and we provide training courses. So we started thinking, could we maybe put these two things together to make the world a better place? Could we help fight cybercrime in some way?
The answer quickly dawned on us: Of course we can help! We can provide training for law enforcement agencies and help them do their job.
How can we help LEAs?
The RIPE NCC’s Training Services department has been delivering live webinars for quite a while now and we have gotten great feedback. Participants can engage directly with us and quench their thirst for knowledge right there on the spot. No questions go unanswered!
At the same time, we’ve been working with LEAs for some time to help them better understand what the RIPE NCC is and what we do (learn more about our engagement with the LEA community). We contacted EUROPOL and told them we had an idea about how we could help them in their operations. We had given them a couple of training courses in the past and they were very interested in collaborating with us.
We proposed a series of webinars about the Internet registry system tailored specifically for LEAs. The idea was to explain how the Internet works from our point of view, what the Internet registry system is and how to use the RIPE Database and some of our other tools, like RIPEstat. We could also introduce IPv6 to those who didn’t know about it. There was so much we could do!
Delivering on our ideas
We eventually decided on a series of six webinars, one a week and each an hour long with time for questions.
The first webinar was a general explanation of how the Internet works from a technical point of view, followed by an introduction to the Internet ecosystem and how the hierarchical distribution of address space works. This was intended to give the participants a framework to understand the other topics we would cover in the following webinars.
The second and third webinars were dedicated to explaining the RIPE Database and how to understand the data that is stored there, including live queries and showing how to interpret the different objects in the results.
Our fourth webinar was all about IPv6. We thought it was important to introduce the LEAs to the IPv4 replacement and make them aware that they have to keep their knowledge of Internet technologies up to date.
For the fifth webinar, we explored RIPEstat and the different data sources it uses to display information about specific Internet address space and related information for hostnames and countries. RIPEstat provides a treasure trove’s worth of data at a glance, which makes the investigation of IP addresses and AS Numbers easier.
To finish the series, the sixth webinar covered the RIPE community and RIPE Policy, the Policy Development Process and RIPE NCC procedures. Besides giving the LEAs some tools they could use to investigate, we thought it was also important to explain how the policies that govern the technical aspects of the Internet are developed – and maybe even get them interested in Internet governance.
After months of preparations, it was finally time to go live…
The webinars were all quite well attended, surpassing one hundred participants every time. We organised the series in partnership with Europol and CEPOL (the European Union Agency for Law Enforcement Training), and participants included law enforcement officers from across Europe.
We answered many questions about the Internet registry system and how the RIPE Database works. The live demos showed them how to query IPs in the most efficient way and how to interpret the results. We used many generic examples in the RIPE Database to show how IP address blocks are registered and what the information contained in the different types of objects mean.
The webinar dedicated to RIPEstat was one of the most eagerly anticipated by the LEAs. By explaining the different data sources and how to use the different widgets, we hoped to give the LEAs another tool they can use to investigate network activity around an IP address or AS Number.
A great collaboration
Without directly collaborating in a cybercrime investigation, it’s complicated to show LEAs what they can find in the RIPE Database or what they can do with the various RIPE NCC tools. Some LEAs understand almost straight away what they can do, while others need a little more time to give all this information a place. For some of them, it’s a completely new world.
We are happy to have been able to offer these webinars, hopefully filling in some gaps of knowledge and giving the LEAs a better understanding of the Internet that enables them to do their job and keep the Internet safe for everyone.