• Home

  • Documents

  • Cardsharing at Pay TV - KNIME · Cardsharing at Pay TV. Crime Investigation with KNIME Pay TV - a...
21
Crime Investigation with KNIME Crime Investigation with KNIME Cardsharing at Pay TV

Cardsharing at Pay TV - KNIME · Cardsharing at Pay TV. Crime Investigation with KNIME Pay TV - a short description Digital Video Broadcast Reveiver ... Download of the witetap-files

Embed Size (px)

Citation preview

Page 1: Cardsharing at Pay TV - KNIME · Cardsharing at Pay TV. Crime Investigation with KNIME Pay TV - a short description Digital Video Broadcast Reveiver ... Download of the witetap-files

Crime Investigation with KNIME

Crime Investigation with KNIMECardsharing at Pay TV

Page 2: Cardsharing at Pay TV - KNIME · Cardsharing at Pay TV. Crime Investigation with KNIME Pay TV - a short description Digital Video Broadcast Reveiver ... Download of the witetap-files

Crime Investigation with KNIME

Pay TV - a short description

Digital Video Broadcast Reveiver

CSA – Common Scrambling AlgorithmEMM – Entitlement Management MessageECM – Entitlement Control MessageCW – Control Word

Page 3: Cardsharing at Pay TV - KNIME · Cardsharing at Pay TV. Crime Investigation with KNIME Pay TV - a short description Digital Video Broadcast Reveiver ... Download of the witetap-files

Crime Investigation with KNIME

Card sharing – computer fraud

Digital Video Broadcast

User

Card-Sharing

Page 4: Cardsharing at Pay TV - KNIME · Cardsharing at Pay TV. Crime Investigation with KNIME Pay TV - a short description Digital Video Broadcast Reveiver ... Download of the witetap-files

Crime Investigation with KNIME

Server – Client Network

Page 5: Cardsharing at Pay TV - KNIME · Cardsharing at Pay TV. Crime Investigation with KNIME Pay TV - a short description Digital Video Broadcast Reveiver ... Download of the witetap-files

Crime Investigation with KNIME

Fruchterman-Reingold

Page 6: Cardsharing at Pay TV - KNIME · Cardsharing at Pay TV. Crime Investigation with KNIME Pay TV - a short description Digital Video Broadcast Reveiver ... Download of the witetap-files

Crime Investigation with KNIME

pcap analysis

One of the Question from the public prosecutor:Which german users connected the card-sharing-server

over a period of 300 seconds (5 minutes) in the time from 20 o'clock the day before yesterday und 20 o'clock yesterday?

Raw Data:● Combined wiretap from 3 card-sharing-server● wiretap period over 3 month● about 60 files (500 MByte) per day● about 17 Mio. packets per file● about 125.000 connections per file

Page 7: Cardsharing at Pay TV - KNIME · Cardsharing at Pay TV. Crime Investigation with KNIME Pay TV - a short description Digital Video Broadcast Reveiver ... Download of the witetap-files

Crime Investigation with KNIME

Full KNIME workflow

Page 8: Cardsharing at Pay TV - KNIME · Cardsharing at Pay TV. Crime Investigation with KNIME Pay TV - a short description Digital Video Broadcast Reveiver ... Download of the witetap-files

Crime Investigation with KNIME

Wireshark summary

Page 9: Cardsharing at Pay TV - KNIME · Cardsharing at Pay TV. Crime Investigation with KNIME Pay TV - a short description Digital Video Broadcast Reveiver ... Download of the witetap-files

Crime Investigation with KNIME

TCP-Flow

Page 10: Cardsharing at Pay TV - KNIME · Cardsharing at Pay TV. Crime Investigation with KNIME Pay TV - a short description Digital Video Broadcast Reveiver ... Download of the witetap-files

Crime Investigation with KNIME

Select files from period

Page 11: Cardsharing at Pay TV - KNIME · Cardsharing at Pay TV. Crime Investigation with KNIME Pay TV - a short description Digital Video Broadcast Reveiver ... Download of the witetap-files

Crime Investigation with KNIME

Load files ...

Page 12: Cardsharing at Pay TV - KNIME · Cardsharing at Pay TV. Crime Investigation with KNIME Pay TV - a short description Digital Video Broadcast Reveiver ... Download of the witetap-files

Crime Investigation with KNIME

split xml-files

Page 13: Cardsharing at Pay TV - KNIME · Cardsharing at Pay TV. Crime Investigation with KNIME Pay TV - a short description Digital Video Broadcast Reveiver ... Download of the witetap-files

Crime Investigation with KNIME

join server and client communication

Page 14: Cardsharing at Pay TV - KNIME · Cardsharing at Pay TV. Crime Investigation with KNIME Pay TV - a short description Digital Video Broadcast Reveiver ... Download of the witetap-files

Crime Investigation with KNIME

period time from 20 to 20

Page 15: Cardsharing at Pay TV - KNIME · Cardsharing at Pay TV. Crime Investigation with KNIME Pay TV - a short description Digital Video Broadcast Reveiver ... Download of the witetap-files

Crime Investigation with KNIME

prepare data from geolocation

Page 16: Cardsharing at Pay TV - KNIME · Cardsharing at Pay TV. Crime Investigation with KNIME Pay TV - a short description Digital Video Broadcast Reveiver ... Download of the witetap-files

Crime Investigation with KNIME

ip-address geolocation

Page 17: Cardsharing at Pay TV - KNIME · Cardsharing at Pay TV. Crime Investigation with KNIME Pay TV - a short description Digital Video Broadcast Reveiver ... Download of the witetap-files

Crime Investigation with KNIME

German only, time diff and group by

Page 18: Cardsharing at Pay TV - KNIME · Cardsharing at Pay TV. Crime Investigation with KNIME Pay TV - a short description Digital Video Broadcast Reveiver ... Download of the witetap-files

Crime Investigation with KNIME

whois and save

Page 19: Cardsharing at Pay TV - KNIME · Cardsharing at Pay TV. Crime Investigation with KNIME Pay TV - a short description Digital Video Broadcast Reveiver ... Download of the witetap-files

Crime Investigation with KNIME

csv – file with localized German users

Page 20: Cardsharing at Pay TV - KNIME · Cardsharing at Pay TV. Crime Investigation with KNIME Pay TV - a short description Digital Video Broadcast Reveiver ... Download of the witetap-files

Crime Investigation with KNIME

Full workflow

Automatisation of the analysis process. Using a cronjob.● Download of the witetap-files from ftp-server

[all 4 hours]● Start of the analysis process at 4 o'clock every day

● Cut the generic routing encapsulation (editcap)● Flow analysis to get the server-client connections within 6

consecutive pcap-files (tcpflow)– KNIME workflow to generate csv-tables with German IP-

addresses (KNIME batch-mode)● Encryption of the created csv-files (gpg)● Sending the encrypted files to the investigation

department at about 10 o'clock

Page 21: Cardsharing at Pay TV - KNIME · Cardsharing at Pay TV. Crime Investigation with KNIME Pay TV - a short description Digital Video Broadcast Reveiver ... Download of the witetap-files

Crime Investigation with KNIME

Questions ?

Andreas StahlhutPolice Department ZKD HannoverCybercrime Investigation [email protected]


Knime (presentacion grupal)

Knime (presentacion grupal)

Technology
Schrodinger KNIME extensions

Schrodinger KNIME extensions

Documents
Knime social media_white_paper

Knime social media_white_paper

Business
Cardsharing Server - best Cline CCcam Server at CCcamFullSer

Cardsharing Server - best Cline CCcam Server at CCcamFullSer

Documents
Generic Knime Nodes

Generic Knime Nodes

Documents
Manual Basico Knime

Manual Basico Knime

Documents
Nagra3 Hacked! « Satelly Blog · 2012 ALi Universal-Fixer Arhive Biss Cardsharing Cardsharing Tutorials Clarke Tech ... download |267l3|434618721|AMIKO_ssd__550_3329c__key__03

Nagra3 Hacked! « Satelly Blog · 2012 ALi Universal-Fixer Arhive Biss Cardsharing Cardsharing Tutorials Clarke Tech ... download |267l3|434618721|AMIKO_ssd__550_3329c__key__03

Documents
Cardsharing server best cline cccam server at cccamfullserver

Cardsharing server best cline cccam server at cccamfullserver

Documents
Knime & bioinformatics

Knime & bioinformatics

Science
KNIME Server on Azure Marketplace · KNIME Server on Azure Marketplace KNIME AG, Zurich, Switzerland Version 4.9 (last updated on 2019-10-22)

KNIME Server on Azure Marketplace · KNIME Server on Azure Marketplace KNIME AG, Zurich, Switzerland Version 4.9 (last updated on 2019-10-22)

Documents
KNIME Server Workshop...Designed to integrate your advanced hardware and infrastructure capabilities for even better KNIME performance • KNIME Cluster Execution • KNIME Big Data

KNIME Server Workshop...Designed to integrate your advanced hardware and infrastructure capabilities for even better KNIME performance • KNIME Cluster Execution • KNIME Big Data

Documents
Manual Básico Knime

Manual Básico Knime

Engineering
Manual CardSharing (Cliente) Em Prog-Dvb

Manual CardSharing (Cliente) Em Prog-Dvb

Documents
KNIME Workbench Guide · When you start KNIME Analytics Platform, the KNIME Analytics Platform launcher window appears and you are asked to define the KNIME workspace, as shown in

KNIME Workbench Guide · When you start KNIME Analytics Platform, the KNIME Analytics Platform launcher window appears and you are asked to define the KNIME workspace, as shown in

Documents
Premium Cardsharing Server at CCcamFullServer

Premium Cardsharing Server at CCcamFullServer

Services
Notat om Cardsharing - jegvaelgeraegte.dk

Notat om Cardsharing - jegvaelgeraegte.dk

Documents
KNIME Meetup Flyer

KNIME Meetup Flyer

Business
Cardsharing manul

Cardsharing manul

Documents
KNIME –podstawy obsługi programu - Chemometrics › Download.php?f=knime-kurs-podstawowy.pdf · KNIME –podstawy obsługi programu Pracownia Chemometrii Środowiska Katedra Chemii

KNIME –podstawy obsługi programu - Chemometrics › Download.php?f=knime-kurs-podstawowy.pdf · KNIME –podstawy obsługi programu Pracownia Chemometrii Środowiska Katedra Chemii

Documents
Knime Evaluation Des

Knime Evaluation Des

Documents
What is KNIME?

What is KNIME?

Documents
KNIME Meetup Pavia/Milano€¦ · KNIME Meetup Pavia/Milano. A Brief History of KNIME 2004: KNIME development commences 2006: KNIME v1 released 2006: Spin-off in Konstanz, Germany

KNIME Meetup Pavia/Milano€¦ · KNIME Meetup Pavia/Milano. A Brief History of KNIME 2004: KNIME development commences 2006: KNIME v1 released 2006: Spin-off in Konstanz, Germany

Documents
213836684 CardSharing Com Dreambox 500 S

213836684 CardSharing Com Dreambox 500 S

Documents
Montar Server Cardsharing CCcam - Manualeitor

Montar Server Cardsharing CCcam - Manualeitor

Documents
KNIME Workbench Guide

KNIME Workbench Guide

Documents
Premium CCcam Server - Best Cardsharing Server at CCcamFullServer

Premium CCcam Server - Best Cardsharing Server at CCcamFullServer

Services
Knime Evaluation Smaller

Knime Evaluation Smaller

Documents
The KNIME Cookbook

The KNIME Cookbook

Documents
Introduction to knime

Introduction to knime

Technology
Cardsharing by Je Souis Blonde New Release

Cardsharing by Je Souis Blonde New Release

Documents