Who are You

By eweek  |  Posted 2001-12-17 Print this article Print

?"> Who are You?

In some ways, the visualroute tool being used by NCMEC represents not much more than a repackaging of functionality already available through public domain IP monitoring tools. VisualRoute, for example, can be used to ping a Web site or perform a standard who-is or trace route search, all common online procedures that normally dont tell you much about the physical source of a Web site or e-mail. VisualRoute, which runs on a server or PC usually inside the corporate firewall, can be accessed from a Java front end and provides graphical displays for easier viewing of information.

Where VisualRoute adds value, say experts, is in its ability to quickly provide information on the location—usually the city—of a server hosting a Web site or delivering an e-mail message. The tool includes a proprietary rules-based engine and a frequently updated database that associates IP addresses with the physical location of registered service providers. According to Visualware Marketing Director Julie Lancaster, in Centreville, Va., the database is populated with proprietary information and data from the public domain American Registry for Internet Numbers database.

At NCMEC, the VisualRoute tool is used as part of the triage process that takes place when tips—many of them anonymous—are received via phone or e-mail through the organizations CyberTipline (www.cybertipline.com). Before passing information on to law enforcement authorities, NCMEC investigators quickly attempt to determine if the site in question is, in fact, dealing in child porn or other exploitative content. Sites are assigned a priority level. Investigators, looking more closely at the high-priority cases, use the VisualRoute tool to determine if the site is hosted in the United States and, if so, where.

Between 10 percent and 15 percent of high-priority cases are then turned over to local law enforcement agencies in those cities and states that have anti-online-child-exploitation laws. The rest are sent to federal agencies such as the FBI, U.S. Customs Service and U.S. Postal Inspection Service.

Besides giving law enforcement a jump on tracking down the bad guys, the graphical interface of the VisualRoute tool has enabled NCMEC investigators to reduce the amount of time it takes to sort through a growing number of tips.

Federal regulations enacted last September require ISPs and other service providers to report incidents of child pornography among their clients to the NCMEC for investigation. As a result, tips, which were running at about 300 per week earlier this year, have increased to 500 per week and are expected to grow eventually to 2,000 per week, according to NCMEC officials.

As much as VisualRoute has helped the NCMEC keep on top of all those tips, its not perfect. Visualware officials admit that because of incomplete information in the tools database, VisualRoute doesnt give accurate location information all the time. Lancaster estimated that between 60 percent and 80 percent of server locations provided by VisualRoute are accurate. Another user of the tool, James Moore, eDeltacom senior manager of information security group, said accuracy is often much lower.

Still, officials at NCMEC arent complaining. They welcome any tools that help make cyber-criminals a little less untouchable.


Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel