‘No metaphor is more misleading than SMART - Mark Weiser. The world has produced more data in the last two years than the entire history of mankind. Internet has brought a digital revolution that has intensified the change both quantitatively and qualitatively. The global consumption of technology per capita has increased exponentially, with more and more people connecting their daily lives to the internet. The bridges that connect our lives to the internet are not restricted to just social media, emails and chat messengers, as they were five years ago. With the emergence of Smart Devices or what is popularly known as the Internet of Things, the interface connecting internet with our lives has expanded causing a mammoth increase. As per Gartner, there are 6.4 billion connected devices at the end of 2016. The number is slated to increase to 20.8 billion by 2025. With the proliferation of connected devices, our Digital Footprint, also known as the Digital DNA, has also increased massively. A Digital Footprint is nothing but the trail of information that we leave over the internet through our web activities. It is classified as active and passive, with the former meaning the information that we willingly share by ourselves, and the latter pertaining to the trail of data left behind without the person knowing about it.

As attack pathways increase, it is imperative that the scale, speed, and the reach of the investigation pathways must also improve and expand. The cyber criminals are increasingly using our information that is available online to conduct fraud, phishing and identity theft. They are hacking into our Smart Devices, infecting them with malware and using those devices to bring down the major internet platforms and services. In October 2016, the hackers infected around half a million IoT devices with the Mirai malware, converting them into botnets. These botnets were then used to carry out a massive DDoS attack with the throughput of 1.2 TB per second on Dyn servers that host major internet platforms like Twitter, Amazon and PayPal, rendering them unavailable to users in North America.

In such cases, the examination of Digital DNA becomes essential for the law enforcement to track the criminals. The use of Digital DNA for investigation purpose is not restricted to merely cyber-crimes but physical crimes as well, because the future crime scenes would extensively involve our IoT devices.

Doorbells that would connect directly to the apps on our smartphones will act as a record of entrants in the house. The fingerprint sensors in the doorbells would capture the data and relay it to the smartphone. Sophisticated cameras within the Smart Fridge would monitor and log the user activity. This data would be extremely useful in investigation of crime scenes such as theft and murder.

As IoT devices grow in numbers and their integration with our lives increases, it becomes extremely necessary for us to follow proper cyber hygiene

There is another worrying aspect of the Internet of Things. As cited by Europol, the premier European law authority, the IoT devices could be directly used by the criminals to murder people; something which is known as the First Online Murder in digital parlance. Such
events can happen as criminals can exploit vulnerabilities in software of Smart Cars, take control and cause accident. Similarly, they could exploit backdoors in home appliances like connected electrical switches and devices to cause ‘Smart Murder’.

With rise in intensity, frequency and sophistication of cybercrime, the use of Digital Footprints in crime and investigation is getting a push from government and law enforcement authorities. In 2015, the British government came up with an interesting proposal. The British parliament in Westminster witnessed the introduction of investigatory bill that sought to make the hacking of smart toys legal, for providing investigators with new crime detection pathways. In fact, the digital forensics chief of Scotland Yard, Mark Stokes, stressed upon the capability of IoT devices for revolutionizing the crime scene investigation. The Digital DNA would allow enforcement authorities to successfully trace the criminals and rule out inconsistencies in the statements given by the accused and establish the legitimacy of alibi. In U.S., the police authorities have already started the trend of using data logged in the smart devices. During an investigation of a crime scene in Arkansas, the police asked the technology giant Amazon to provide the data from one of its Echo devices for murder investigation purposes.

Protecting Your IoT devices

Protecting your IoT devices from the reach of hackers is the first and best line of defense. Poor security is the major vulnerability that allows hackers to access your devices and infect them with malware. There are two primary reasons for poor security – the first problem lies at the manufacturers end, as not much efforts and investment are made in this direction. The issue can be overcome when consumers demand security as a feature in IoT products. Also, there needs to be a legal compliance for optimum security standards that needs to be mandatorily followed. The second issue is at the user’s end. Most of the devices continue to carry default access credentials as consumers seldom change them. The criminals create a list of such credentials, use Shodan search engine to identify such devices and then use brute force to gain access and infect them. Also, users tend to download third party apps on their smart devices which further expose them to malicious activity. As IoT devices grow in numbers and their integration with our lives increases, it becomes extremely necessary for us to follow proper cyber hygiene; else we are simply offering them on a plate to hackers to be used against us. Similarly, on the other hand, if proper cyber hygiene is followed, the IoT devices could also be weaponized to capture evidence in crime investigations. The threat is real than ever. It should come as a surprise if your IoT device emerges as a proof of evidence in the next major crime investigation.