Search

US-12621255-B2 - Scalable utilization of encrypted platform device connection for legal intercept of messaging data

US12621255B2US 12621255 B2US12621255 B2US 12621255B2US-12621255-B2

Abstract

A system for intercepting and storing data transmitted between a device(s) and a messaging platform(s), the system including an intercept server such that when data is transmitted from the messaging platform(s) to the device(s), the data is also transmitted to the intercept server, the system automatically identifying the data and modifying/formatting the data to be normalized data, which is then accessible by an analyst computer.

Inventors

  • Finn MACLEOD

Assignees

  • DISTILX LTD.

Dates

Publication Date
20260505
Application Date
20240229

Claims (20)

  1. 1 . A system for managing information transmitted to one or more devices and automatically normalizing data received from a plurality of messaging platforms, the system comprising: an intercept server having a storage and having software executing thereon including: a normalization and indexing module; a connection module; a dashboard module; said intercept server coupled to an analyst computer via a network connection; said intercept server coupled to a messaging platform server via the network connection, the messaging platform server using a messaging platform data format for communicating data; wherein, when the data is transmitted from the messaging platform server to the one or more devices, the data is also transmitted to said intercept server; said connection module receiving the data transmitted from the messaging platform server in the messaging platform data format; said normalization and indexing module automatically identifying the received data and modifying the received data to be in a system data format, which is saved on the storage, wherein the system data format is different than the messaging platform data format; said dashboard module receiving a request from the analyst computer to access the saved data; said intercept computer transmitting the saved data to the analyst computer; wherein system data is transmitted from said intercept server via said connection module to the messaging platform server, and wherein the system data is automatically modified by said normalization and indexing module to be in the messaging platform data format prior to the system data being transmitted to the messaging platform server.
  2. 2 . The system according to claim 1 , wherein the one or more devices are associated with an account with the messaging platform server and the data transmitted from the messaging platform server to the one or more devices will remain on the one or more devices for a set time period after which the data transmitted from the messaging platform server to the one or more devices is automatically deleted from the one or more devices.
  3. 3 . The system according to claim 2 , wherein the received data is selected from a group consisting of: text, audio files, image files, video files, account contacts, usernames, groups that the account has joined or activity times for the account.
  4. 4 . The system according to claim 2 , wherein said connection module supplies account details to the messaging platform server including a phone number associated with the one or more devices and a receiving device identifier (ID).
  5. 5 . The system according to claim 4 , wherein authorization keys are exchanged between the messaging platform server and the connection module to enable end to end encrypted communication.
  6. 6 . The system according to claim 1 , wherein the one or more devices comprise a first device and a second device, where the first device is associated with a first account with the messaging platform server and the second device is associated with a second account with the messaging platform server.
  7. 7 . The system according to claim 6 , further comprising, a third device associated with the first account; and a fourth device associated with the second account.
  8. 8 . The system according to claim 1 , wherein the storage further comprises a look-up table, and said normalization and indexing module utilizes the look-up table to identify and modify the received data or modifies the received data with an additional column that labels the messaging platform server.
  9. 9 . The system according to claim 1 , wherein when the data is transmitted from the one or more devices to the messaging platform server, the data is simultaneously transmitted to said intercept server.
  10. 10 . The system according to claim 1 , wherein when the system data is transmitted from said intercept server, the system data is transmitted simultaneously to both the one or more devices and the messaging platform server.
  11. 11 . The system according to claim 1 , wherein the messaging platform server comprises a first messaging platform server, the messaging platform data format comprises a first data format, the data comprises first data, and said one or more devices comprise a first device and a second device, the first data transmitted to the first device, wherein, said intercept server coupled to a second messaging platform server via the network connection, the second messaging platform server using a second data format for communicating second data, wherein the system data format is different than the second data format; wherein, when the second data is transmitted from the second messaging platform server to the second device, the second data is simultaneously transmitted to said intercept server; said connection module receiving the second data from the second messaging platform server and saving the second data on the storage; said normalization and indexing module identifying the received second data and modifying the received second data to be in the system data format, which is saved on the storage; said dashboard module receiving a request from the analyst computer to access the saved second data; said intercept computer transmitting the saved second data to the analyst computer.
  12. 12 . The system according to claim 11 , wherein the system data comprises first system data, wherein second system data is transmitted from said intercept server via said connection module to the second messaging platform server; and wherein the second system data is automatically modified by said normalization and indexing module to be in the second data format prior to the second system data being transmitted to the second messaging platform server.
  13. 13 . The system according to claim 12 , wherein the first device and the second device are associated with a first account with the first messaging platform server and a second account with the second messaging platform server respectively.
  14. 14 . The system according to claim 13 , further comprising: a third device associated with the first account; and a fourth device associated with the second account.
  15. 15 . The system according to claim 13 , wherein the received first and second data are each selected from a group consisting of: text, audio files, image files, video files, account contacts, usernames, groups the account has joined or activity times for the first and second accounts respectively.
  16. 16 . The system according to claim 13 , wherein said connection module supplies account details for the first and second accounts respectively to the messaging platform server including a phone number and a receiving device identifier (ID) associated with respective first or second devices.
  17. 17 . The system according to claim 11 , wherein the storage further comprises a look-up table, and said normalization and indexing module utilizes the look-up table to identify and modify the first and second received data respectively or modifies the first and second received data respectively with an additional column that labels the first or second message platform server respectively.
  18. 18 . The system according to claim 12 , wherein the first data transmitted to the first device will remain on the first device for a set time period after which the first data is automatically deleted from the first device.
  19. 19 . The system according to claim 11 , wherein when the first or the second data is transmitted from either the first or second device to the first or second messaging platform servers respectively, the first or the second data is simultaneously transmitted to said intercept server.
  20. 20 . The system according to claim 11 , wherein when the system data or second system data is transmitted from said intercept server, the system data or second system data is simultaneously transmitted to the first or second devices respectively.

Description

BACKGROUND 1. Field of the Invention This application relates to Legal Intercept for Intelligence, Military and Law Enforcement. More particularly, the present disclosure is related to a system for intercepting and storing data transmitted between a device(s) and a messaging platform(s) and automatically modifying/formatting the data for access by an analyst computer. 2. Description of Related Art In the field of legal intercept, intelligence and law enforcement agencies spend significant resources to secure intelligence from mobile and computing devices. The growth of encrypted messaging applications such as Whatsapp®, Telegram® and Signal®, however, prevents intelligence & law enforcement agencies from accessing data and information. Companies continually work to “crack phones” with various technologies and methods to gain access to previously secure data. These companies often have large research teams continually trying to find new ways to circumvent phone security. Additionally, hackers who discover new ways to access data in mobile devices and computers can sell this information for large sums of money. However, an exploit, once it has become known by the mobile device manufacturer, is typically patched quickly and the ability to access data based on that method is removed. Hence there is a continual arms race between mobile device manufacturers (who want security) and companies that sell tools to access these phones (legal intercept). This industry has significant value, for example Cellebrite, a publicly listed company who develops and sells a phone cracking tool used by many national police forces had a valuation of several billion dollars (as of 2020). However, the valuation of this type of company is at constant risk of being lost if their exploits become patched and they cannot discover new methods of obtaining access to secure devices. One use case in law enforcement is in child protection, where the messaging accounts (such as Telegram®, Signal®, WhatsApp®, etc.) of arrested child abusers are often taken over by authorities to discover and apprehend additional abusers. This mobile device might be cracked using a tool as described above or may be accessed via a negotiated consent. Once the phone is opened, an undercover government agent can assume the identity linked with the phone account to obtain evidence against additional offenders. An agent involved with this type of work may be responsible for working several phones simultaneously. This can require significant effort such as scrolling through menus on each phone, maintaining logs of what is said on each device, and even mobile device maintenance (e.g., keeping all the mobile devices charged, with sufficient credit, and so on). A typical agent may be monitoring and caring for hundreds of mobile devices, all with their own chargers, names, and numbers, often stuck to them with sticky notes. It is required by law that diligent records are kept of communications between an agent and a suspect. In undercover police or intelligence work, this includes interactions with sources or informants. However, with modern mobile platforms this is not a straightforward task. For example, communications platforms often have a “disappearing messages” feature. Suppose a suspect sends a message to a source's mobile device where the “disappearing message” feature is set to delete the message 1 minute after being read. To document this, it has been the case that an source must very quickly grab an additional phone and take a picture of the message, or read it, memorize it and take notes immediately thereafter. The source then forwards that information to the agent who logs it as evidence. This process is disadvantageous for the following reasons: 1) The process is time consuming. Manually logging information takes a lot of time as does the process of sending that manually logged information to an agent.2) Relying on a source to record and send each message is fallible-information may be omitted, both unintentionally and intentionally. Some communications may not be sent to the agent by the source, or only portions of the communication may be manually logged and forwarded.3) Remembered or contemporaneous notes may be fallible and can be questioned, for example, by the defense in court proceedings. Inserting a source directly into the chain of custody of evidence raises problems, as does having to directly rely on the memory and the reliability of the source.4) A mix of images, notes and video is unstructured and difficult to work with. It requires additional work by the agent or other members of staff to transcribe the source's information into text or into other databases to make it searchable and usable.5) Dangers to the source. A source will need a safe time and place to record this information and if they have an additional phone, they need to keep this safe. Likewise, if a source meets with an agent(s), these meetings must be discreet. Furthermore, old leg