Europol cops lean on phone networks, ISPs to dump CGNAT walls that 'hide' cyber-crooks

Plod say crims now too hard to find and catch online

hacker

Europol has asked cellphone networks and other internet providers to stop using Carrier Grade Network Address Translation (CGNAT) – because it’s making life too difficult for cops trying to track cyber-villains across the web.

CGNAT is used by telcos running short of public IPv4 addresses. By deploying CGNAT, a mobile network or ISP can stick a bunch of customers – typically small businesses and home subscribers – on private IPv4 addresses and route them through a small set of global IPv4 addresses. This technique has been widely deployed by providers unwilling or unable to bung their users on world-routable IPv6 addresses.

Having so many people sitting behind a small pool of public IP addresses is upsetting the Euro plod: identifying and tracking suspects by their network addresses in server logs is tough as it's not clear exactly who is who. Officers can ask network providers to unmask subscribers, but that's not always easy if an investigation is in its early stages and there are hundreds of thousands of people behind just a few IP numbers.

The courts are already split on whether an IP address can be used to formally identify someone. CGNAT muddies the waters further, especially when mobile networks are involved as they are heavy users of CGNAT. In short, loads of people on their phones are behind a small brick wall of IPs and the cops are banging their heads against it.

Disgusted man holds his hand up to obscure his view. Pic via Shutterstock

Finally a reason not to bother with IPv6: Uh, security concerns...?

READ MORE

"CGN technology has created a serious online capability gap in law enforcement efforts to investigate and attribute crime," said Europol’s executive director Rob Wainwright in a statement on Tuesday.

"It is particularly alarming that individuals who are using mobile phones to connect to the internet to facilitate criminal activities cannot be identified because 90 per cent of mobile internet access providers have adopted a technology which prevents them from complying with their legal obligations to identify individual subscribers."

The call came after a conference was held in Estonia to discuss the issue, in which crime fighters gave examples of investigations that had been stymied thanks to CGNAT. Various options are being considered including a voluntary agreement with cellular networks and ISPs not to have too many users per IP address or a legal requirement that they record detailed logs so customers can be traced back through a mega-NAT.

"Ensuring EU law enforcement investigations are effective and result in the arrests of responsible parties is one of Europol’s key functions," said Steven Wilson, head of Europol’s European Cybercrime Centre. "The issues relating to CGN, specifically the non-attribution of malicious groups and individuals, should be resolved."

The nuclear option is to force network operators to use IPv6, but that's unlikely to happen anytime soon. The industry is banking on making a slow transition that minimizes costs. Legal action to fend off the plod would hurt profits and potentially result in even less enthusiastic cooperation between network providers and investigating officers. ®




Biting the hand that feeds IT © 1998–2018