As the Internet has increased in importance for governments, business and society, criminal activity has followed suit. Criminals use the Internet to facilitate and target their attacks with lucrative malware infections. Moreover, thanks to the anonymity offered by the Dark Web and the Darknet, perpetrators of online crime have established successful online marketplaces for the buying and selling of tools for these activities, namely malware-as-a-service. Tampering with multimedia files and concealing information within them has, moreover, allowed criminals and malware to communicate undetected and to utilise unsuspicious means of infection. Cryptocurrencies, and Bitcoin in particular, have further facilitated criminals in handling their financial proceeds.
Ransomware and banking Trojans are among the types of malware that have recently gained popularity amongst online perpetrators. As of March 2017, they were the most prominent categories of malware encountered by Law Enforcement Agencies (LEAs) in Europe. The RAMSES project focuses its efforts on these types of malware, seeking to enhance European investigatory capabilities in the field.
Motivated by the recent developments in cybercrime, the objective of the RAMSES project is to design and develop a holistic and intelligent forensic investigation platform for Law Enforcement Agencies (LEAs). To this end, RAMSES is developing a set of tools for internet forensics. To ensure the sustainable benefit of the project, RAMSES will undertake research to better understand malware investigations by LEAs, so the tools developed by RAMSES can enhance such investigations. RAMSES will also build a basis for long-term LEA collaboration in the sector by developing effective guidelines and collaborative methodologies for LEAs investigations. The impact and benefits of the RAMSES platform will be demonstrated through several pilot exercises in different countries, trainings and awareness campaigns.
Within the project, Trilateral will undertake a comprehensive Privacy and Ethical Impact Assessment and analyse the ethical considerations of digital surveillance to ensure the RAMSES platform and tools, as well as their practical deployment during pilot exercises with participating LEAs and after the end of the project, meet privacy and data protection requirements and ethical standards. Trilateral will closely examine the functioning of the tools and work closely with technical partners to ensure that identified privacy and data protection risks are mitigated through technical, organisational or operational measures built into the architecture of the platform and tools or in the way the RAMSES technology is used.
Trilateral will also oversee the research ethics and data management aspects of the project, ensuring that the consortium respects individuals’ rights and freedoms, takes steps to prevent abuse and misuse of the RAMSES outputs and handles data in a secure and responsible manner. Due regard has been taken of the values of open data, promoted by the European Commission, as well as the sensitivity of law enforcement research.
RAMSES will develop a big data platform and tools to extract, analyse, link and interpret information from the Internet that is related to financially-motivated malware. Using webscraping of the surface and deep layers of the web, these tools will look for patterns of fraudulent behaviour from among an enormous amount of unstructured and structured data. Along with particular desktop-based solutions, the RAMSES tools will provide insights regarding:
RAMSES will also research and expand the current state of knowledge regarding:
These investigatory tools will be tested during the RAMSES pilots that will be held in collaboration with LEAs in at least three EU member states (Portugal, Belgium and Spain) and opportunities for future exploitation, including commercial applications, will be developed.
The project aims to significantly improve the tools for Internet forensics in Europe, enhancing LEA capabilities to understand and investigate ransomware and banking Trojan infections by providing a wide array of tools and knowledge sources. All tools will be designed and developed with privacy, data protection and ethics in mind. The project will also improve the training of LEA staff in performing such investigations and lead to more effective law enforcement procedures by enhancing these capabilities.
Finally, the consortium’s experience with developing complex investigatory tools for LEAs and understanding LEA requirements will be summarised and made publicly available, contributing to a better prepared and more competitive European technology-development sector, capable of responding to law enforcement needs.
Please contact our team for more information:
You can view the Executive Summary and Table of contents of the Project Solebay Risk Assessment Methodology Report.
Please sign up to the Solebay mailing list to download the Full Solebay project report.