In July 2016, the ATM heist of Taiwan First bank is based on well-known Carberp malware family. The threat of cybercrime is becoming increasingly complex and diverse on putting citizen’s data or money in danger. Cybercrime threats are often originating from trusted, malicious, or negligent insiders, who have excessive access privileges to sensitive data. The analysis of ATM heist threats presents many opportunities for improving the quality and value of digital evidence. This talk will introduce some OSINT methods that can help investigators to perform a cybercrime investigation process in a forensically sound and timely fashion manner. This talk further points out cybercrime investigation, digital forensics, and ICT governance for fighting against cybercrime issues. It requires the sincere examination of all available data volumes at a crime scene or in a lab to present digital evidence in a court of law.
Police surveillance of social media - do you have a reasonable expectation of...Lilian Edwards
This paper (co-authored with lachlan Urquart of U of Nottingham) discusses if we have any expectations of privacy in content we make public on;line on social media - or can such content be data mined by the police at will? Should any kind of surveillance warrant be required of the police to use such material? has social jmedia become the new panopticon?
As technology transforms the legal practice, electronically stored information (ESI) has replaced the paper evidence as the lawyer’s primary stock in trade. This is the future of the legal profession. Far more information is retained by a computer than most people realize. Without the right tools and techniques to preserve, examine and extract data, legal officers run the risk of losing something important, rendering what you find inadmissible, or even causing spoliation of evidence.
In this presentation to the Uganda Law Society Uganda members, Mustapha B Mugisa (www.mustaphamugisa.com) explores the skills prosecutors and investigators must master in order to perform their jobs effectively. You will learn a lot by reading this presentation to the end, than most people know about forensics and the new developments.
Police surveillance of social media - do you have a reasonable expectation of...Lilian Edwards
This paper (co-authored with lachlan Urquart of U of Nottingham) discusses if we have any expectations of privacy in content we make public on;line on social media - or can such content be data mined by the police at will? Should any kind of surveillance warrant be required of the police to use such material? has social jmedia become the new panopticon?
As technology transforms the legal practice, electronically stored information (ESI) has replaced the paper evidence as the lawyer’s primary stock in trade. This is the future of the legal profession. Far more information is retained by a computer than most people realize. Without the right tools and techniques to preserve, examine and extract data, legal officers run the risk of losing something important, rendering what you find inadmissible, or even causing spoliation of evidence.
In this presentation to the Uganda Law Society Uganda members, Mustapha B Mugisa (www.mustaphamugisa.com) explores the skills prosecutors and investigators must master in order to perform their jobs effectively. You will learn a lot by reading this presentation to the end, than most people know about forensics and the new developments.
Interplay of Digital Forensics in eDiscoveryCSCJournals
Digital forensics is often confused with eDiscovery (electronic discovery). However, both the fields are highly independent of the other but slightly overlap to assist each other in a symbiotic relationship. With decreasing costs of cloud storage, growing Internet speeds, and growing capacity of portable storage media, their chances of being used in a crime have grown. Sifting through large volumes of evidential data during eDiscovery or forensically investigating them requires teams from both these fields to work together on a case. In this paper, the authors discuss the relationship between these disciplines and highlight the digital forensic skills required, sub-disciplines of digital forensics, the possible electronic artifacts that can be encountered in a case, and the forensic opportunities relative to the eDiscovery industry. Lastly, the authors touch upon the best practices in digital evidence management during the eDiscovery process.
Reasons why the developing field of computer forensics is essential to modern-day law enforcement in fighting cyber crimes (by Lillian Ekwosi-Egbulem).
Automatic Detection of Social Engineering Attacks Using Dialogiosrjce
IOSR Journal of Computer Engineering (IOSR-JCE) is a double blind peer reviewed International Journal that provides rapid publication (within a month) of articles in all areas of computer engineering and its applications. The journal welcomes publications of high quality papers on theoretical developments and practical applications in computer technology. Original research papers, state-of-the-art reviews, and high quality technical notes are invited for publications.
Bridging the gap between mobile and computer forensicsNina Ananiasvili
Mobile devices are becoming an increasingly integral part of criminal, legal, and regulatory investigations and disclosures.
However, computers and mobile devices are often examined separately by different people, often due to technical and procedural reasons. That can make it almost impossible to identify and review evidence and intelligence across multiple data sources, devices, and crime scenes. Only when we look at all of the devices at the same time will we start to see the complete picture.
In this webinar, we will look at some of the trends and challenges in acquiring and analysis mobile devices and will discuss:
- What we can expect to recover from mobile devices today
- What this data looks like when reviewed using Nuix
- Techniques and workflows for optimising investigations that include mobile devices, computers, and cloud-based evidence.
Design and Development of Secure Electronic Voting System Using Radio Frequen...iosrjce
IOSR Journal of Computer Engineering (IOSR-JCE) is a double blind peer reviewed International Journal that provides rapid publication (within a month) of articles in all areas of computer engineering and its applications. The journal welcomes publications of high quality papers on theoretical developments and practical applications in computer technology. Original research papers, state-of-the-art reviews, and high quality technical notes are invited for publications.
The snooping dragon: social-malware surveillance of the Tibetan movementguesta33b66
In this note we document a case of malware-based electronic surveillance of a
political organisation by the agents of a nation state. While malware attacks are not
new, two aspects of this case make it worth serious study. First, it was a targeted
surveillance attack designed to collect actionable intelligence for use by the police
and security services of a repressive state, with potentially fatal consequences for
those exposed. Second, the modus operandi combined social phishing with high-
grade malware. This combination of well-written malware with well-designed email
lures, which we call social malware, is devastatingly effective.
Computer Forensic: A Reactive Strategy for Fighting Computer CrimeCSCJournals
Computer Forensics is the science of obtaining, preserving, documenting and presenting digital evidence, stored in the form of encoded information, from digital electronic storage devices, such as computers, Personal Digital Assistance (PDA), digital cameras, mobile phones and various memory storage devices. All must be done in a manner designed to preserve the probative value of the evidence and to assure its admissibility in legal proceeding. The word forensics means “to bring to the court”. Forensics deals primarily with the recovery and analysis of latent evidence. Latent evidence can take many forms, from fingerprints left on a window to deoxyribonucleic acid (DNA) evidence recovered from blood stains to the files on a hard drive. This paper provides a high-level overview on computer forensics investigation phases for both technical and nontechnical audience. Although the term “computer” is used, the concept applies to any device capable of storing digital information.
In this paper, we will discuss a model for setting up an investigative lab that allows digital forensic specialists, non-technical investigators and subject matter experts to collaborate on digital evidence. The end result is a dramatic increase in the volume and quality of digital
evidence an investigative team can analyze within a fixed time.
A criminological psychology based digital forensic investigative frameworkSameer Dasaka
It’s been more than 30 years since digital forensics came into existence and started to evolve. United States first started finding the importance of digital forensics to catch the criminals and started adopting multiple investigative frameworks and strategies to improvise the investigation process.
Apart from performing the technical investigations, it is also equally important to understand and address the thought process of the criminal when the crime was committed.
Every crime that has been committed is always done with a specific disastrous purpose in mind and to fulfil that purpose, the criminal finds multiple loopholes and builds his/her way to such an extent that the line between right and wrong gets negligible.
Understanding what made the criminal think to commit the crime is just as important in producing future preventative measures.
ESSENTIALS OF Management Information Systems 12eKENNETH C..docxdebishakespeare
ESSENTIALS OF
Management Information Systems 12e
KENNETH C. LAUDON AND JANE P. LAUDON
continued
Systems
CHAPTER 4 ETHICAL AND SOCIAL ISSUES IN INFORMATION SYSTEMS
CASE 3 Data Mining for Terrorists and Innocents
SUMMARY This case describes how data mining software, combined with Big Data collection from
the Internet, are used to identify potential terrorists. The PRISM program of the U.S.
National Security Agency (NSA) is an on-going effort to enable such Internet surveillance.
In some cases innocent people have been mistaken for terrorists, while sometimes a
terrorist plot is disrupted. The existence of the PRISM program was a national security
secret until its existence was revealed by Edward Snowden, a former NSA contractor.
There are two videos in this case:
(1) Data Mining for Terrorists and Innocents (L= 5:10)
URL http://www.youtube.com/watch?v=4lKpD7MC22I
(2) How Does the PRISM Program Work? (L=1:59)
URL https://www.youtube.com/watch?v=JR6YyYdF8ho
CASE Anti-terrorism agencies around the world have made effective use of new surveillance tech-
nologies that offer unprecedented abilities to identify and apprehend potential terrorists.
Today’s terrorists are by nature difficult to track, as disconnected groups of individuals can
use the Internet to communicate their plans with lower chance of detection. Anti-terrorist
technology has evolved to better handle this new type of threat.
But there are drawbacks to these new strategies. Often, innocent people may find their
privacy compromised or completely eliminated as a result of inaccurate information.
Surveillance technologies are constantly improving. While this makes it more difficult for
Chapter 4, Case 3 Data Mining for terrorists anD innoCents 2
continued
terrorists and other criminals to exchange information, it also jeopardizes our privacy, on
the Internet and elsewhere, going forward. For instance, it may be necessary to monitor the
phone calls of all American citizens, and visiting foreigners, in order to uncover a terrorist
plot. Is this reason for worry? Are comparisons to Orwell’s 1984 appropriate or overblown?
The first video displays both the positive and negative results of new advances in tech-
nology. The first segment describes a program called the Dark Web Project developed by
a team at the University of Tucson that combs the Internet in search of militant leaders
and their followers. The program creates profiles based on word length, punctuation,
syntax, and content, and displays information about the personality type of an individual
graphically.
The plotting of information on a graph represents whether the user is violent or militant,
inexperienced and seeking advice, or an opinion leader holding sway over many more
people. Programs like this have been adopted by many intelligence agencies worldwide,
who incorporate it into their arsenal of terrorist surveillance technologies.
It’s unclear if this project i.
ESSENTIALS OF Management Information Systems 12eKENNETH C.ronnasleightholm
ESSENTIALS OF
Management Information Systems 12e
KENNETH C. LAUDON AND JANE P. LAUDON
continued
Systems
CHAPTER 4 ETHICAL AND SOCIAL ISSUES IN INFORMATION SYSTEMS
CASE 3 Data Mining for Terrorists and Innocents
SUMMARY This case describes how data mining software, combined with Big Data collection from
the Internet, are used to identify potential terrorists. The PRISM program of the U.S.
National Security Agency (NSA) is an on-going effort to enable such Internet surveillance.
In some cases innocent people have been mistaken for terrorists, while sometimes a
terrorist plot is disrupted. The existence of the PRISM program was a national security
secret until its existence was revealed by Edward Snowden, a former NSA contractor.
There are two videos in this case:
(1) Data Mining for Terrorists and Innocents (L= 5:10)
URL http://www.youtube.com/watch?v=4lKpD7MC22I
(2) How Does the PRISM Program Work? (L=1:59)
URL https://www.youtube.com/watch?v=JR6YyYdF8ho
CASE Anti-terrorism agencies around the world have made effective use of new surveillance tech-
nologies that offer unprecedented abilities to identify and apprehend potential terrorists.
Today’s terrorists are by nature difficult to track, as disconnected groups of individuals can
use the Internet to communicate their plans with lower chance of detection. Anti-terrorist
technology has evolved to better handle this new type of threat.
But there are drawbacks to these new strategies. Often, innocent people may find their
privacy compromised or completely eliminated as a result of inaccurate information.
Surveillance technologies are constantly improving. While this makes it more difficult for
Chapter 4, Case 3 Data Mining for terrorists anD innoCents 2
continued
terrorists and other criminals to exchange information, it also jeopardizes our privacy, on
the Internet and elsewhere, going forward. For instance, it may be necessary to monitor the
phone calls of all American citizens, and visiting foreigners, in order to uncover a terrorist
plot. Is this reason for worry? Are comparisons to Orwell’s 1984 appropriate or overblown?
The first video displays both the positive and negative results of new advances in tech-
nology. The first segment describes a program called the Dark Web Project developed by
a team at the University of Tucson that combs the Internet in search of militant leaders
and their followers. The program creates profiles based on word length, punctuation,
syntax, and content, and displays information about the personality type of an individual
graphically.
The plotting of information on a graph represents whether the user is violent or militant,
inexperienced and seeking advice, or an opinion leader holding sway over many more
people. Programs like this have been adopted by many intelligence agencies worldwide,
who incorporate it into their arsenal of terrorist surveillance technologies.
It’s unclear if this project i ...
Digital Footprints_ Investigating Digital Evidence in Online Crime Cases.pptxwebb00704
Have you ever stopped to consider the trail of breadcrumbs you leave behind every time you browse the internet? From social media posts to online purchases, your digital footprint is expanding with each click. But what if I told you that this seemingly harmless virtual path holds immense significance in solving online crime cases? In an era where cybercriminals are growing more sophisticated by the day, understanding the importance of digital footprints has become crucial for law enforcement agencies and individuals alike. Get ready to dive into a world where every keystroke could be a potential clue in unraveling complex web-based crimes.
Interplay of Digital Forensics in eDiscoveryCSCJournals
Digital forensics is often confused with eDiscovery (electronic discovery). However, both the fields are highly independent of the other but slightly overlap to assist each other in a symbiotic relationship. With decreasing costs of cloud storage, growing Internet speeds, and growing capacity of portable storage media, their chances of being used in a crime have grown. Sifting through large volumes of evidential data during eDiscovery or forensically investigating them requires teams from both these fields to work together on a case. In this paper, the authors discuss the relationship between these disciplines and highlight the digital forensic skills required, sub-disciplines of digital forensics, the possible electronic artifacts that can be encountered in a case, and the forensic opportunities relative to the eDiscovery industry. Lastly, the authors touch upon the best practices in digital evidence management during the eDiscovery process.
Reasons why the developing field of computer forensics is essential to modern-day law enforcement in fighting cyber crimes (by Lillian Ekwosi-Egbulem).
Automatic Detection of Social Engineering Attacks Using Dialogiosrjce
IOSR Journal of Computer Engineering (IOSR-JCE) is a double blind peer reviewed International Journal that provides rapid publication (within a month) of articles in all areas of computer engineering and its applications. The journal welcomes publications of high quality papers on theoretical developments and practical applications in computer technology. Original research papers, state-of-the-art reviews, and high quality technical notes are invited for publications.
Bridging the gap between mobile and computer forensicsNina Ananiasvili
Mobile devices are becoming an increasingly integral part of criminal, legal, and regulatory investigations and disclosures.
However, computers and mobile devices are often examined separately by different people, often due to technical and procedural reasons. That can make it almost impossible to identify and review evidence and intelligence across multiple data sources, devices, and crime scenes. Only when we look at all of the devices at the same time will we start to see the complete picture.
In this webinar, we will look at some of the trends and challenges in acquiring and analysis mobile devices and will discuss:
- What we can expect to recover from mobile devices today
- What this data looks like when reviewed using Nuix
- Techniques and workflows for optimising investigations that include mobile devices, computers, and cloud-based evidence.
Design and Development of Secure Electronic Voting System Using Radio Frequen...iosrjce
IOSR Journal of Computer Engineering (IOSR-JCE) is a double blind peer reviewed International Journal that provides rapid publication (within a month) of articles in all areas of computer engineering and its applications. The journal welcomes publications of high quality papers on theoretical developments and practical applications in computer technology. Original research papers, state-of-the-art reviews, and high quality technical notes are invited for publications.
The snooping dragon: social-malware surveillance of the Tibetan movementguesta33b66
In this note we document a case of malware-based electronic surveillance of a
political organisation by the agents of a nation state. While malware attacks are not
new, two aspects of this case make it worth serious study. First, it was a targeted
surveillance attack designed to collect actionable intelligence for use by the police
and security services of a repressive state, with potentially fatal consequences for
those exposed. Second, the modus operandi combined social phishing with high-
grade malware. This combination of well-written malware with well-designed email
lures, which we call social malware, is devastatingly effective.
Computer Forensic: A Reactive Strategy for Fighting Computer CrimeCSCJournals
Computer Forensics is the science of obtaining, preserving, documenting and presenting digital evidence, stored in the form of encoded information, from digital electronic storage devices, such as computers, Personal Digital Assistance (PDA), digital cameras, mobile phones and various memory storage devices. All must be done in a manner designed to preserve the probative value of the evidence and to assure its admissibility in legal proceeding. The word forensics means “to bring to the court”. Forensics deals primarily with the recovery and analysis of latent evidence. Latent evidence can take many forms, from fingerprints left on a window to deoxyribonucleic acid (DNA) evidence recovered from blood stains to the files on a hard drive. This paper provides a high-level overview on computer forensics investigation phases for both technical and nontechnical audience. Although the term “computer” is used, the concept applies to any device capable of storing digital information.
In this paper, we will discuss a model for setting up an investigative lab that allows digital forensic specialists, non-technical investigators and subject matter experts to collaborate on digital evidence. The end result is a dramatic increase in the volume and quality of digital
evidence an investigative team can analyze within a fixed time.
A criminological psychology based digital forensic investigative frameworkSameer Dasaka
It’s been more than 30 years since digital forensics came into existence and started to evolve. United States first started finding the importance of digital forensics to catch the criminals and started adopting multiple investigative frameworks and strategies to improvise the investigation process.
Apart from performing the technical investigations, it is also equally important to understand and address the thought process of the criminal when the crime was committed.
Every crime that has been committed is always done with a specific disastrous purpose in mind and to fulfil that purpose, the criminal finds multiple loopholes and builds his/her way to such an extent that the line between right and wrong gets negligible.
Understanding what made the criminal think to commit the crime is just as important in producing future preventative measures.
ESSENTIALS OF Management Information Systems 12eKENNETH C..docxdebishakespeare
ESSENTIALS OF
Management Information Systems 12e
KENNETH C. LAUDON AND JANE P. LAUDON
continued
Systems
CHAPTER 4 ETHICAL AND SOCIAL ISSUES IN INFORMATION SYSTEMS
CASE 3 Data Mining for Terrorists and Innocents
SUMMARY This case describes how data mining software, combined with Big Data collection from
the Internet, are used to identify potential terrorists. The PRISM program of the U.S.
National Security Agency (NSA) is an on-going effort to enable such Internet surveillance.
In some cases innocent people have been mistaken for terrorists, while sometimes a
terrorist plot is disrupted. The existence of the PRISM program was a national security
secret until its existence was revealed by Edward Snowden, a former NSA contractor.
There are two videos in this case:
(1) Data Mining for Terrorists and Innocents (L= 5:10)
URL http://www.youtube.com/watch?v=4lKpD7MC22I
(2) How Does the PRISM Program Work? (L=1:59)
URL https://www.youtube.com/watch?v=JR6YyYdF8ho
CASE Anti-terrorism agencies around the world have made effective use of new surveillance tech-
nologies that offer unprecedented abilities to identify and apprehend potential terrorists.
Today’s terrorists are by nature difficult to track, as disconnected groups of individuals can
use the Internet to communicate their plans with lower chance of detection. Anti-terrorist
technology has evolved to better handle this new type of threat.
But there are drawbacks to these new strategies. Often, innocent people may find their
privacy compromised or completely eliminated as a result of inaccurate information.
Surveillance technologies are constantly improving. While this makes it more difficult for
Chapter 4, Case 3 Data Mining for terrorists anD innoCents 2
continued
terrorists and other criminals to exchange information, it also jeopardizes our privacy, on
the Internet and elsewhere, going forward. For instance, it may be necessary to monitor the
phone calls of all American citizens, and visiting foreigners, in order to uncover a terrorist
plot. Is this reason for worry? Are comparisons to Orwell’s 1984 appropriate or overblown?
The first video displays both the positive and negative results of new advances in tech-
nology. The first segment describes a program called the Dark Web Project developed by
a team at the University of Tucson that combs the Internet in search of militant leaders
and their followers. The program creates profiles based on word length, punctuation,
syntax, and content, and displays information about the personality type of an individual
graphically.
The plotting of information on a graph represents whether the user is violent or militant,
inexperienced and seeking advice, or an opinion leader holding sway over many more
people. Programs like this have been adopted by many intelligence agencies worldwide,
who incorporate it into their arsenal of terrorist surveillance technologies.
It’s unclear if this project i.
ESSENTIALS OF Management Information Systems 12eKENNETH C.ronnasleightholm
ESSENTIALS OF
Management Information Systems 12e
KENNETH C. LAUDON AND JANE P. LAUDON
continued
Systems
CHAPTER 4 ETHICAL AND SOCIAL ISSUES IN INFORMATION SYSTEMS
CASE 3 Data Mining for Terrorists and Innocents
SUMMARY This case describes how data mining software, combined with Big Data collection from
the Internet, are used to identify potential terrorists. The PRISM program of the U.S.
National Security Agency (NSA) is an on-going effort to enable such Internet surveillance.
In some cases innocent people have been mistaken for terrorists, while sometimes a
terrorist plot is disrupted. The existence of the PRISM program was a national security
secret until its existence was revealed by Edward Snowden, a former NSA contractor.
There are two videos in this case:
(1) Data Mining for Terrorists and Innocents (L= 5:10)
URL http://www.youtube.com/watch?v=4lKpD7MC22I
(2) How Does the PRISM Program Work? (L=1:59)
URL https://www.youtube.com/watch?v=JR6YyYdF8ho
CASE Anti-terrorism agencies around the world have made effective use of new surveillance tech-
nologies that offer unprecedented abilities to identify and apprehend potential terrorists.
Today’s terrorists are by nature difficult to track, as disconnected groups of individuals can
use the Internet to communicate their plans with lower chance of detection. Anti-terrorist
technology has evolved to better handle this new type of threat.
But there are drawbacks to these new strategies. Often, innocent people may find their
privacy compromised or completely eliminated as a result of inaccurate information.
Surveillance technologies are constantly improving. While this makes it more difficult for
Chapter 4, Case 3 Data Mining for terrorists anD innoCents 2
continued
terrorists and other criminals to exchange information, it also jeopardizes our privacy, on
the Internet and elsewhere, going forward. For instance, it may be necessary to monitor the
phone calls of all American citizens, and visiting foreigners, in order to uncover a terrorist
plot. Is this reason for worry? Are comparisons to Orwell’s 1984 appropriate or overblown?
The first video displays both the positive and negative results of new advances in tech-
nology. The first segment describes a program called the Dark Web Project developed by
a team at the University of Tucson that combs the Internet in search of militant leaders
and their followers. The program creates profiles based on word length, punctuation,
syntax, and content, and displays information about the personality type of an individual
graphically.
The plotting of information on a graph represents whether the user is violent or militant,
inexperienced and seeking advice, or an opinion leader holding sway over many more
people. Programs like this have been adopted by many intelligence agencies worldwide,
who incorporate it into their arsenal of terrorist surveillance technologies.
It’s unclear if this project i ...
Digital Footprints_ Investigating Digital Evidence in Online Crime Cases.pptxwebb00704
Have you ever stopped to consider the trail of breadcrumbs you leave behind every time you browse the internet? From social media posts to online purchases, your digital footprint is expanding with each click. But what if I told you that this seemingly harmless virtual path holds immense significance in solving online crime cases? In an era where cybercriminals are growing more sophisticated by the day, understanding the importance of digital footprints has become crucial for law enforcement agencies and individuals alike. Get ready to dive into a world where every keystroke could be a potential clue in unraveling complex web-based crimes.
Reply to post 1 & 2 with 250 words each.Post 11. What vafelipaser7p
Reply to post 1 & 2 with 250 words each.
Post 1
1. What value does Open Source information have for law enforcement intelligence?
In today’s information age, open source information is extremely valuable to law enforcement today. The modernization of technology is accelerating at a fast pace. In the very near future, almost everything that someone says or does will be recorded in some way or another. The way open source information is used today has already shown a great potential in solving past crimes, addressing current crimes, and predicting crimes of the future. According to Friedman (1998), there are several categories of open source information, and some of the major sources are the media, databases, and everyone’s favorite, the internet. The reason why it is extremely valuable in law enforcement is because open source information is a repository of information. Some examples of open source information are DNA repositories, social media posts, photos with geotags, and statistical information. Just from the four examples mentioned, one can see the relevance to law enforcement. DNA databases can be used to link DNA evidence; statistical information can be used to develop crime maps, and help in predictive policing (Joh, 2014). Not so smart felons can leave geotags on photos or have Instagram photos that show their whereabouts.
2. Provide two examples of Open Sources that can be beneficial to law enforcement and explain what those benefits are.
Something that comes quickly to mind is that open source information can be used to develop a pattern of life of an area. Using information gained from public databases, law enforcement officials can identify where the next crime might occur. Another way to use open source information is to monitor social media. Social media posts can indicate where protests will occur, or even where a crime is occurring. Recently, a mass shooting in New Zealand was live-streamed on social media. There are some things that law enforcement can learn from that video in terms of the attacker’s timeline and tactics he employed. Joh (2014) posits that open source information from the internet can be used in mass surveillance, and in predictive policing.
3. What concerns must be factored in if utilizing Open Source information?
The top concern with open source information is the validity of it. Additionally, is the information from a reputable source? How old is the information? The validity of the information critical especially with the internet; there is a lot of junk information on the web that must be disregarded by intelligence experts. Something else to also consider is that open source information can also be used by criminals. For example, criminals can observe the actions of a police force if the media is doing a live-broadcast of a crime in progress.
4. Can police lawfully use insincere or fraudulent means to access social media information? (LinkedIn, Facebook, Twitter, Pinterest...)
As state ...
The paper emphasizes the human aspects of cyber incidents concerning protecting information and
technology assets by addressing behavioral analytics in cybersecurity for digital forensics applications.
The paper demonstrates the human vulnerabilities associated with information systems technologies and
components. This assessment is based on past literature assessments done in this area. This study also
includes analyses of various frameworks that have led to the adoption of behavioral analysis in digital
forensics. The study's findings indicate that behavioral evidence analysis should be included as part of the
digital forensics examination. The provision of standardized investigation methods and the inclusion of
human factors such as motives and behavioral tendencies are some of the factors attached to the use of
behavioral digital forensic frameworks. However, the study also appreciates the need for a more
generalizable digital forensic method.
The paper emphasizes the human aspects of cyber incidents concerning protecting information and
technology assets by addressing behavioral analytics in cybersecurity for digital forensics applications.
The paper demonstrates the human vulnerabilities associated with information systems technologies and
components. This assessment is based on past literature assessments done in this area. This study also
includes analyses of various frameworks that have led to the adoption of behavioral analysis in digital
forensics. The study's findings indicate that behavioral evidence analysis should be included as part of the
digital forensics examination. The provision of standardized investigation methods and the inclusion of
human factors such as motives and behavioral tendencies are some of the factors attached to the use of
behavioral digital forensic frameworks. However, the study also appreciates the need for a more
generalizable digital forensic method.
The paper emphasizes the human aspects of cyber incidents concerning protecting information and
technology assets by addressing behavioral analytics in cybersecurity for digital forensics applications.
The paper demonstrates the human vulnerabilities associated with information systems technologies and
components. This assessment is based on past literature assessments done in this area. This study also
includes analyses of various frameworks that have led to the adoption of behavioral analysis in digital
forensics. The study's findings indicate that behavioral evidence analysis should be included as part of the
digital forensics examination. The provision of standardized investigation methods and the inclusion of
human factors such as motives and behavioral tendencies are some of the factors attached to the use of
behavioral digital forensic frameworks. However, the study also appreciates the need for a more
generalizable digital forensic method.
Crimea Russia or Ukraine An International Law Perspective.docxwillcoxjanay
Crimea: Russia or Ukraine? An International Law Perspective
Crimea was annexed by Russia in 2014 after a referendum was held which was not up to international standards. This move was largely condemned by the West and most of the international community does not recognize Crimea as a legitimate part of Russia, though it is now ruled by Russia and applicable to its laws, currency, and military. For example, residents of Crimea, even those who did not vote or voted against the annexation, are subject to the Russian conscription law which states that all healthy males aged 18 are required to complete mandatory military service unless unable to do so for a medical reason or if they are enrolled in a university (Conscription Service, p. 1). Up to today, Ukraine and Russia both claim that Crimea is theirs and there is no agreement reached at the time to settle this conflict.
Background on how crimea was taken (maidan revolution, etc.)
In order to begin to understand which country Crimea belongs to, it is important to understand the history of the peninsula. Crimea has been part of the Russian empire beginning in 1783 (Kramer, 1) after the defeat of the Ottomans up until 1954 when, during the Soviet Union, it was given to the Ukrainian SFSR by Premier Khrushchev.
Russia’s argument as to why Crimea is theirs
West’s argument as to why it belongs to Ukraine (their own motives and desire for influence)
International Law analysis
Works Cited
“Conscription Service.” Counterterrorism : Ministry of Defence of the Russian
Federation, eng.mil.ru/en/career/conscription/determent.htm.
Kramer, M. (2018, February 02). Why Did Russia Give Away Crimea Sixty Years Ago?
Retrieved December 07, 2018, from
https://www.wilsoncenter.org/publication/why-did-russia-give-away-crimea-sixty-y
ears-ago?gclid=CLHnyZC7ndACFSLicgod-UEIXw
Milestone One: MEMO Draft 1
Milestone One: MEMO Draft 6
THIS IS THE PROFESSOR’S COMMENT ON THE MEMO AND NEEDS TO BE FIXED FOR FINAL SUBMISSION.( Gifty,Thanks for getting this turned in. For a memo, this is a little long. You will want to be more succinct and cut this down a bit.)
MEMO
DATE: 12/08/2018
TO: Non-expert Stakeholder
FROM: (Cybersecurity Practitioner)
SUBJECT: DIGITAL FORENSIC INVESTIGATION MEMO
Over a period of years digital forensic investigation has out grown into a body that in need of details digital forensic model. Different academic researchers have suggested over a hundred different types of investigation procedural models. In addition to this proposed model over the years, there has been a challenged whereby the model lack experimental testing to ascertain the truth about the investigation. More so there is a need of evaluating the same model to complement the process of investigation progression in support to the entire scientific community (Learner, D. E. (2009). Electronic cri.
150 words agree or disagreeFuture Criminal Intelligence Enviro.docxdrennanmicah
150 words agree or disagree
Future Criminal Intelligence Environment:
It might seem that the criminal environment has not changed, as both personal and property crimes are the part of everyday routine of law enforcement. At the same time, technological development has provided new possibilities for criminals by allowing them to steal and commit fraud at bigger scale. Future criminal intelligence environment will revolve around technologies, virtual space, and ICT. According to the current trends, high-tech crimes are growing exponentially with the inability of law enforcement to prevent or address them at once (Zavrsnik, 2010). According to the analysis of cybercrime worldwide, investigation of cybercrime has multiple barriers, including the lack of correspondence among different international agencies concerning the legal prosecution, limited number of skilled talent in law enforcement, and absence of effective methods that would allow to find and prosecute offenders (Brown, 2015). As a result, the criminals continue committing identity thefts, spreading dangerous viruses (e.g. ransomware), phishing, and hacking. Since the technologies will continue to improve and update, it is more likely that the criminals will alter their tactics. The main goal of the modern law enforcement is to prepare for the future tendencies by investing in cybercrime department, training talent, and researching the newest trends in cybercrime. Since this type of crime threatens the individual citizens as well as the entire countries, the law enforcement agencies must ensure that the organized crime does not feel comfortable in the virtual space, which can be observed today.
Intelligence Analytics:
Tools and techniques in intelligence analysis might vary across the analysts, systems, and countries. Since today analysts deal with the intelligence presented in a variety of forms, including the digital one, the methods of analysis can be different. For example, basic analytical process usually includes the following steps: collect and sift all available data, construct a preliminary diagram, evaluate new information in light of old data, collect further information, develop preliminary inferences, develop conclusions, assemble a report (United Nations, 2011). This structure can vary according to the available intelligence, protocol of assembling the data, and the scheme used by a specific agency. Several basic techniques of data analysis include event charting, link, flow, and telephone analyses (Berlusconi et al., 2016). These methods are used according to the specific events, goals, and available data. Several software are used today to analyze intelligence and information, including Law Enforcement Specific GIS, RMC and CAD information exchange. Analysis is more effective if the officers have a wide variety of data. For example, today, the agencies can use social media analysis as one of the effective tools in data mining. For instance, a research exploring inte.
National framework for digital forensics bangladesh context Bank Alfalah Limited
Bangladesh is a young and rapidly growing population is 160 million. According to BASIS 2012 survey the ICT industry is consistently growing 20% to 30% per year. Most of our IT investment focused on Financial, Telecomm and Government sector. Now a day we cannot think a day without Information Technology as we are living on Information Age. We are very quickly accustomed to keeping and using digital information. While we are keeping our processed data on different digital media, security is one of the key issues in contemporary computing and is relevant to a wide range of activities, including software development, networking and system. Some people will then take the advantages of these loosely coupled securities and involved in different crime. Our object in this project is to make a Digital Forensics Framework which will cover Policy, Standard and give a future Guideline for investigation and presentation to law and enforcement agency.
Yono REKSOPRODJO, Fahmy YUSUF - Information Warfare in Cyberspace: The Sprea...REVULN
The rapid development of information and communication technology brings significant change to human life. In the past, people have been getting information through conventional media such as newspapers, radio, and television. Today, the public relies heavily on digital media consisting of social media and online media that are in the grip within the internet network which provides wide-ranging information in speedy manner. The phenomenon of hoaxes in social media is part of the information warfare in the cyberspace dimension. Hoaxes as tactic of choice in propaganda defined as misleading information attacks to various aspects, covering to include health, economy, disaster-events, and politics. People who are lacking in understanding propaganda tactics like how the news and information addressed in the digital media are often fooled by hoaxes that maybe appear as texts, pictures or videos. The spread of hoaxes may get uncontrollable due to the many parties who deliberately spread the hoaxes for a particular interest with anonymous accounts, fake accounts and so-called bots. The transmission of hoaxes as global phenomenon today, affecting many countries. Hoaxes that are spread in cyberspace are difficult to control without solid cooperation between government and society. This means of bad intension today by spreading news used as an asymmetric weapon extensively exercised during any political election period. This paper is about an analysis of hoax cases occurred in the time of Jakarta Gubernatorial Election 2017 as a case study.
Mei NELSON - Hacking and Trolling: The Changing Face of Hacktivism in the Dis...REVULN
Hacktivism, commonly known as actions by individuals or groups that using hacking skills to spread a specific message and bring attention to a political or social cause, has risen and then fallen globally in the past five years. In the meantime, hacktivist activities have evolved, with an increase in state-sponsored hacktivism using false hacktivist personas, and the appearance of hacktivists who could also be described as "entrepreneurial geeks." Not all hacktivists break into network systems; some perform troll activities to create online disruptions on social media to accomplish their goals. The recent phenomenon of fandom nationalists turned trolls adds another layer to the many roles of hacktivism.
This talk will discuss the role of hacktivism in information operations through case studies of hacktivist activities from various regions and countries, and provide insight into the structure, organization, motivations, goals, tactics, techniques, and procedures (TTPs) of these hacktivist groups. The talk will also analyze how other threat actors utilize hacktivists to conduct information operations. Lastly, the talk will reflect on the future direction of global hacktivism in information operations as geopolitical tensions among major powers increase and nation-states reposition their cyber defense posture.
Hacktivism is evolving in the disinformation age with traditional hacktivist activities of breaking into systems and emerging hacktivist activities of creating online disruptions without breaking into systems. Hacktivist actors are not only non-state actors, but also nation state actors who use false hacktivist personas conducting information operations.
Isao MATSUNAMI - Digital security in japanese journalismREVULN
Massive leaks such as Wikileaks, Panama Papers and Snowden have made journalists realize that good old "just-meet-people-shoot-photo" days are gone.
Getting leak documents over the internet, grappling with data format, processing text with machine learning and protecting sources from surveillance are all getting new-norm for journalism.
However reporters, generally and historically, would be the last species to understand digital technology and data-oriented thinking.
I would like to share my experiences of teaching digital security to journalists and discuss difficulties of journalism in this post-truth world.
Chung-Jui LAI - Polarization of Political Opinion by News MediaREVULN
In 2016 US election, social media played a vital role in shaping public opinions as expressed by the news media that have created the phenomenon of polarization in the United States. Because social media gave people the ability to follow, share, post, comment below everything, the phenomenon of political opinions being spread easily and quickly on social media by the news agencies is bringing out a significantly polarized populace.
Consequently, it’s very important to understand the language differences on Twitter and figure out how propaganda spread by different political parties that influence or perhaps mislead public opinion. This talk will introduce the relationship among the social media, public opinion, and news media, then suggests the method to collect the tweets from Twitter and conduct sentimental and logistic regression analysis on them. Furthermore, this talk points out the special aspect on the relationship between the polarization and the topic of this conference (fake news, disinformation and propaganda).
Main points:
- situation in Taiwan
- research on fake news
- methods for fighting fake news
Stewart MACKENZIE - The edge of the Internet is becoming the centerREVULN
The edge of the Internet is growing exponentially. NetFutures predicts by 2027 we'll have 1000+ devices per person.
Data is generated on the edge of the Internet and due to sociological and technical reasons the Internet, in the form of social networks, amplifies any voice no matter how small. Leading to the bombardment of information, thus filtering out manipulations and fake news from relevant information becomes harder.
This talk discusses the circumstances leading up to the current situation we're in and unveils a new internet protocol implementation designed to operate at the edge of the internet which builds the concept of provenance into data. A potential solution to the problem of fake news as proving data provenance allows you to authenticate the source or publisher of images, videos and text.
Masayuki HATTA - Debunking toxic "Matome sites" in JapanREVULN
"Matome" sites (pronounced "maa-tou-mee", roughly means "edited / curated") is a unique byproduct of Japanese online culture.
They aggregate comments from other sources including anonymous BBSs (typically 2ch / 5ch) and present them in a readable way (with online ads).
Matome sites have been known as sources of disinformation and defamation, and in recent years some of them became go-to places for "Netouyo" (Japanese internet far-rightists) and quite influential.
In this presentation, I will give you a brief introduction of Japanese matome sites and their influences, then explain the recent efforts to debunk some of the most notorious ones.
Based on the judicial records, leaked internal documents, etc., the presentation will explain the entire ecosystem of Japanese matome sites.
Main points:
- The business model of matome sites
- The rise and fall of "Hoshu Sokuhou", one of the most influential matome sites.
- How "netgeek" operates, a notorious viral media.
- Debunking "Anonymous Post", or how to find out the anonymous operator of a matome site.
General overview of AFP's work in the region, examples of disinformation and how the team debunked them, work with Facebook to take enforcement action to prevent their further spread online.
Dominic WAI - When would using a computer be a crime?REVULN
An analysis of section 161 of the Crimes Ordinance and sharing of case law on this offence.
http://www.onc.hk/wp-content/uploads/2018/09/1809_Criminal_EN.pdf
Yi-Lang Tsai - Cyber Security, Threat Hunting and Defence Challenge in Taiwan...REVULN
TWCSIRT is a full member of FIRST and mainly focuses on the protection of NARLabs, TANet and TWAREN. We are defense cyber-attack from internet and according to government policy to handling incident every day. I am a research fellow with National Center for High-performance Computing and lead cyber security team to operation security operation center to handling incident in Taiwan Academic Network.
In our research project from government, we are deployed the biggest honeynet in Taiwan and used over 6000 IP address to detection malicious network attack come from internet.
We have published our malware knowledge base to sharing malware samples and reports for many researchers, students, research center and sharing our data set for deep tracking about cyber security.
There are many new types of cyber-attack that’s is include ransomware, website mining, DDoS and hybrid malicious attack.
Main Points:
- What’s TWCSIRT Mission and Scope
- How to coordinate in National level with ISAC, CERT and SOC
- Cyber-attack and threat hunting in Taiwan Academic Network
- How to develop cyber security platform for incident handling
- How to do red team and blue team training by CDX
Dr. Rolando Rivera Lansigan - The Privacy Act of 2012, its compliance and imp...REVULN
The Data Privacy Act of the Philippines was enacted into law in March of 2012. Thus, the creation of the National Privacy Commission (NPC) last 2016, which is mandated to administer its implementation. After more than two years after its creation, NPC had successfully championed its cause from awareness, compliance and enforcement with the registration of more than 30,000 Data Protection Officers (DPO), accepted more than 1,000 complaints and cases and has made headlines in the Philippines as one of the most popular government because of its strict implementation of the law. Among its most popular implementation is its Five Pillars of Compliance which was regarded as one of the most successful implementation among other countries. Republic Act 10173, otherwise known as the Data Privacy Act (DPA) of 2012 was passed into law last 2012 in the Philippines. The law requires that all Personal Information Controllers (PIC) and Personal Information Processors (PIP) must appoint a Data Protection Officer (DPO) to manage compliance with the DPA and other applicable laws and policies. In addition, having a DPO will ensure the protection of personal data collection and processing in accordance with the requirement of the law.
Having a DPO will also ensure the organization’s competitive advantage in this digital age of data protection.
As a data protection officer, he/she must be must monitor the organization’s compliance with the DPA, its implementing rules and regulations and other issuances by the National Privacy Commission. Including the conduct of Privacy Impact Assessment, creation of a Privacy Management Program and Privacy Manual and the conduct of Breach Reporting Procedure.
In addition, a DPO should cultivate awareness to promote the culture of privacy not only within the organization, but as well as for the entire country.
The presentation will also present some issues surrounding the digital world. Including some potential breaches that may affect each individual and organization. Will also present a compilation of the most common breaches that has happened in the Philippines and how to avoid them. Technical, physical and organization security measures will also be discussed in the presentation.
Manabu Niseki, Hirokazu Kodera - Catch Phish If You Can: A Case Study of Phis...REVULN
Phishing, an old and traditional attack, is still a thing.
Hundreds of phishing website are launched every day and it threats people around the world. Anti-Phishing Working Group (APWG) says that APWG detected 150,000+ phishing websites for the 3rd quarter of 2018.
Sometimes phishing actors make OPSEC failures and, thanks to that, researchers can obtain a phishing kit (a kit to deploy a phishing website).
We have collected 18,000+ phishing kits based on OSINT and analyzed mechanisms of phishing websites and phishing actors themselves.
In this presentation, we will show the following findings.
- How to collect phishing kits based on OSINT data.
- Analysis of phishing actors:
- Who develops a phishing kit, How to distribute it, etc.
- Including a methodology to find out a phishing actor based on information (email, username and signature) inside a phishing kit.
- We will show an analysis of Indonesian phishing actors who target Asian countries.
- Especially focusing on an actor named DevilScream/Z1Coder who develops an infamous phishing kit“16shop”.
Finally, we will show countermeasures we have taken against phishing websites and actors.
Levelwise PageRank with Loop-Based Dead End Handling Strategy : SHORT REPORT ...Subhajit Sahu
Abstract — Levelwise PageRank is an alternative method of PageRank computation which decomposes the input graph into a directed acyclic block-graph of strongly connected components, and processes them in topological order, one level at a time. This enables calculation for ranks in a distributed fashion without per-iteration communication, unlike the standard method where all vertices are processed in each iteration. It however comes with a precondition of the absence of dead ends in the input graph. Here, the native non-distributed performance of Levelwise PageRank was compared against Monolithic PageRank on a CPU as well as a GPU. To ensure a fair comparison, Monolithic PageRank was also performed on a graph where vertices were split by components. Results indicate that Levelwise PageRank is about as fast as Monolithic PageRank on the CPU, but quite a bit slower on the GPU. Slowdown on the GPU is likely caused by a large submission of small workloads, and expected to be non-issue when the computation is performed on massive graphs.
Techniques to optimize the pagerank algorithm usually fall in two categories. One is to try reducing the work per iteration, and the other is to try reducing the number of iterations. These goals are often at odds with one another. Skipping computation on vertices which have already converged has the potential to save iteration time. Skipping in-identical vertices, with the same in-links, helps reduce duplicate computations and thus could help reduce iteration time. Road networks often have chains which can be short-circuited before pagerank computation to improve performance. Final ranks of chain nodes can be easily calculated. This could reduce both the iteration time, and the number of iterations. If a graph has no dangling nodes, pagerank of each strongly connected component can be computed in topological order. This could help reduce the iteration time, no. of iterations, and also enable multi-iteration concurrency in pagerank computation. The combination of all of the above methods is the STICD algorithm. [sticd] For dynamic graphs, unchanged components whose ranks are unaffected can be skipped altogether.
StarCompliance is a leading firm specializing in the recovery of stolen cryptocurrency. Our comprehensive services are designed to assist individuals and organizations in navigating the complex process of fraud reporting, investigation, and fund recovery. We combine cutting-edge technology with expert legal support to provide a robust solution for victims of crypto theft.
Our Services Include:
Reporting to Tracking Authorities:
We immediately notify all relevant centralized exchanges (CEX), decentralized exchanges (DEX), and wallet providers about the stolen cryptocurrency. This ensures that the stolen assets are flagged as scam transactions, making it impossible for the thief to use them.
Assistance with Filing Police Reports:
We guide you through the process of filing a valid police report. Our support team provides detailed instructions on which police department to contact and helps you complete the necessary paperwork within the critical 72-hour window.
Launching the Refund Process:
Our team of experienced lawyers can initiate lawsuits on your behalf and represent you in various jurisdictions around the world. They work diligently to recover your stolen funds and ensure that justice is served.
At StarCompliance, we understand the urgency and stress involved in dealing with cryptocurrency theft. Our dedicated team works quickly and efficiently to provide you with the support and expertise needed to recover your assets. Trust us to be your partner in navigating the complexities of the crypto world and safeguarding your investments.
As Europe's leading economic powerhouse and the fourth-largest hashtag#economy globally, Germany stands at the forefront of innovation and industrial might. Renowned for its precision engineering and high-tech sectors, Germany's economic structure is heavily supported by a robust service industry, accounting for approximately 68% of its GDP. This economic clout and strategic geopolitical stance position Germany as a focal point in the global cyber threat landscape.
In the face of escalating global tensions, particularly those emanating from geopolitical disputes with nations like hashtag#Russia and hashtag#China, hashtag#Germany has witnessed a significant uptick in targeted cyber operations. Our analysis indicates a marked increase in hashtag#cyberattack sophistication aimed at critical infrastructure and key industrial sectors. These attacks range from ransomware campaigns to hashtag#AdvancedPersistentThreats (hashtag#APTs), threatening national security and business integrity.
🔑 Key findings include:
🔍 Increased frequency and complexity of cyber threats.
🔍 Escalation of state-sponsored and criminally motivated cyber operations.
🔍 Active dark web exchanges of malicious tools and tactics.
Our comprehensive report delves into these challenges, using a blend of open-source and proprietary data collection techniques. By monitoring activity on critical networks and analyzing attack patterns, our team provides a detailed overview of the threats facing German entities.
This report aims to equip stakeholders across public and private sectors with the knowledge to enhance their defensive strategies, reduce exposure to cyber risks, and reinforce Germany's resilience against cyber threats.
Dr. Da-Yu Kao - The Investigation, Forensics, and Governance of ATM Heist Threats in Law Enforcement Agencies
1. The Investigation, Forensics, and
Governance of ATM Heist Threats
in Law Enforcement Agencies
Associate Professor Dayu Kao (Ph. D.)
Department of Information Management,
Central Police University, Taiwan
camel@mail.cpu.edu.tw
2. Table of Content
I. Introduction
II. Literature Reviews
III.Sample Case
IV. Investigation, Forensics, and
Governance of ATM Heist Threats
V. OSINT/SOCMINT in Law
Enforcement Agencies
VI.Conclusions
Governance
InvestigationForensics
3. I. Introduction
Law enforcement agencies (LEAs) should
make certain observations and interpretations of the
digital data,
supply sufficient evidence in crime reconstruction,
and
prove the suspect’s illegal access to the computer
itself.
4. People say a lot online.
Computer scientists are actively developing
technology that reveals all kinds of secrets about
social media users.
When data from millions of people can be
analyzed, statistical analysis and advanced
computational techniques can detect patterns
that indicate that a person has a particular
attribute.
Inferring Traits from Profiles
5. OSINT
Open Source INTelligence (OSINT) is the intelligence
collected from the sources which are present openly
in the public.
OSINT comprises of various public sources, such as:
Academic publications: research papers, conference
publications, etc.
Media sources: newspaper, radio channels, television, etc.
Web content: websites, social media, etc.
Public data: open government documents, public
companies announcements, etc.
6. OSINT Types
Literature
White literature: Published
Black literature: Non-Published
Grey literature (or gray literature): Published but not easy
to (specialized) access.
Sources
The Internet: geolocation data, people search engines
Traditional mass media (e.g., television, radio)
Specialized journals, academic publications
Photos and videos including metadata
Geospatial information (e.g., maps and commercial imagery
products)
7. Benefits of OSINT
Less risky
Cost effective
Ease of accessibility
Legal issues: without worrying about breaching
any copyright license as these resources are
already published publicly.
Aiding financial (criminal) investigators
Fighting against online counterfeiting (fake news)
Maintaining national security and political stability
8. What are the challenges of
open source intelligence?
Sheer volume of data
Reliability of sources
Human efforts
9. Techniques, methods and opportunities in
Social Media Intelligence (SOCMINT)
The ‘state of the art’ for generating insight from
SOCMINT (Social Media Intelligence).
(1) Evidence for law enforcement: establish and
generate evidence to situational awareness
(2) Big data Insight: aid understanding and explanation
(3) An aid to Prediction: apply predictive analytics to
social media datasets to predict a range of social
behaviors and phenomena
10. There are many types of social media:
• Social networks: Facebook, Google+, VK,
• Photo sharing: Instagram, Flickr
• Video sharing: YouTube
• Microblogging: Twitter, Tumblr
• Social bookmarking: Pinterest
• Social gaming
• Review sites: LinkedIn (business-oriented)
• App
• forums
• and more.
Categories of social media
11. Major categories include
• basic demographic information,
• social connections,
• location information,
• patterns of behavior, and
• the content of the posts themselves.
Information from social media
13. Users must decide
• whether their presentation will be
accurate or idealized,
• what and how much to disclose,
• who their audience consists of, and
• how they will interact with them.
What is the relationship between
Social Networking and Crime?
14. Law enforcement and lawyers in civil suits certainly
want to gather information on suspects or the
opposing side of a dispute.
The information that people reveal online is
valuable as evidence.
It quite easy to mistake one person for another
online, and information needs to be analyzed
carefully.
Why might the police conduct an
investigation online via OSINT/SOCMINT?
16. Organizational Cybercrime Activities
Year Group Name Actor
Type
1993~2001 DrinkOrDie (DoD)
Non-
state
1996~1998 The Wonderland Club
2003~ Anonymous
2006~2008 Dark Market
2006~2010
PLA Unit 61398
State
Shady RAT
Aurora
GhostNet
2007~2013 PRISM
2010
Operation Olympic Games
Stuxnet
2010~2012 Ukrainian ZeuS Group Non-
state
17. The golden rule is for investigators to apply
what is known as the ‘ABC’ principle
throughout the life of an investigation as
follows:
A. Assume nothing
B. Believe nothing
C. Challenge and check everything
2014
18. Cybercrime Investigation
Criminal investigation actually begins with data on
a crime.
The presence of relevant, reliable, and sufficient
evidence can officially open a case in LEAs.
The identification, collection, examination,
analysis, and presentation of evidence in law.
Cyber threats leave some traces in the packets.
19. Inman-Rudin Paradigm
Inman-Rudin Paradigm expanded the Locard
Exchange Principle into two principles and four
processes.
The principles include:
■ Transfer
■ The divisibility of matter
The processes include:
■ Identification
■ Classification/individualization
■ Association
■ Reconstruction
20. Cybercrime Investigation
Digital evidence has become an essential part of
crime scene investigation to collect live/volatile
network information in cybersecurity breaches.
Cybercrime investigation focuses on
(1) identifying the digital evidence from essential logs
(identification),
(2) finding the suspect ID/account and determining a
common class from evidence process
(individualization/classification),
(3) inferring interactions between the evidence and
the suspect from copied data (association), and
ordering the associations in time and space from
necessary information (reconstruction).
21. Digital Forensic Process
1. Identification: 6W1H Questions
2. Collection: at scene, in lab, chain of custody
3. Examination: data, information, knowledge,
intelligence
4. Analysis: temporal, relational, functional
reconstruction
5. Presentation: relevant, reliable, sufficient evidences
22. III. Sample Case
A. Taiwan’s Russian Mafia Group on Banks and
Payment Systems in July 2016
B. Answering Some Questions
1) Who: Andrejs Peregudovs, Mihail Colibaba and
Nikolay Penkov
2) What: US$2.61 Million Theft in an ATM Looting
3) When: July 9 ~ 10, 2016
4) Where: Three Suspects Were Charged in Taipei
5) How: ATM Attacks Targeting Wincor Nixdorf
Model
C. Answering Follow-up Questions: How can
OSINT/SOCMINT help in this case?
23. Money Flow in Taiwan ATM Heist
Date Money Activity
July 9 and 10, 2016 NT$83.27 million
(US$2.61 million)
Seventeen suspects
was illegally
withdrawn
July 11, 2016 NT$200,000 Two suspects have
converted more than
NT$200,000 into
South Korean won,
Australian dollars and
US dollars
July 17, 2016 NT$60.24 million Two suspects were
arrested.
Some money was
recovered
July 20, 2016 NT$12.63 million police found Andrejs’s
bag
July 20, 2016 NT$4.54 million Mr. Ko handed
another bag to police.
93% Money Back
Time and luck
24. Are there any insiders involved?
Irregularities in the connections between the
voice server in London, the bank’s internal
network and the ATMs in Taiwan.
Because the bank’s computer system is a closed
network, insider assistance could not be ruled out
yet in this case.
Cybercrime investigators will try their best to find
evidence in computers or networks.
25. Practices on Cybercrime Issues
Be collaborating and making efforts to combat
cybercrime.
Consider Private-Public-Partnership (PPP) to bring
research into reality for cybercrime investigation.
26. Actionable Intelligence Practices on Cybercrime Issues
Cybercrime
Governance
Near-Term Mid-Term Long-Term
Draw a
strategic roadmap to
combat cybercrime
Develop SOPs Facilitate cross-
border Cooperation
People
Cybersecurity Capacity
Building
Cybersecurity Reporting
Mechanism
Private-Public-
Partnership
Process
National Agency for
Cybersecurity
Legal Measures International
Cooperation
Technology Cybersecurity Strategy R&D on advanced Tools
and Technology Active Participation
Tasks
Create new procedures or policies to deter, respond to, and prosecute
cybercrime.
Enhance the actionable intelligence capability to rapidly gather data,
accurately process information, and strategically combat cybercrime.
27. Longer Arm of Cybercrime Investigation
Making sound judgments at low cost is a core role and
important attribute for LEAs, who must maximize the
potential and exploit the possibilities to ensure things are
what they see.
Various kind of intelligence provide important information
in a timely manner to an appropriate audience for better
informed decision making.
Actionable intelligence is related to the investigation or
incident at hand within the wider intelligence mix.
LEAs have produced actionable intelligence from criminal
investigation to gain knowledge in support of preventing
cybercrime or pursuing terrorists.
29. Functional Comparison of ATM Malware Family
Malware Family Carberp Anunak Carbanak
Group Carberp, Pawn
Storm or APT28
Anunak hacker
group
Carbanak criminal
gang
Identified by the
Internet security
companies
Federal Office for
Information
Security, BSI (
Germany) and
Trend Micro
(Taiwan).
Group-IB (Russia)
and Fox-IT (The
Netherlands)
Kaspersky
(Russian/UK)
Malware
Successor (initially
based on)
Zeus, Rovnix,
RDPdor, Hodprot,
and Origami
Carberp (source
code) + Anunak
(Wincor ATMs)
Finding Time 2009 December 2014 2015
Victim Location Russian Eastern Europe,
the U.S.
Russia, the United
States, Germany,
China and Ukraine
30. Behavioral Attribute Comparison of ATM Malware Family
Catego
ry
Case 1 2 3
Who
An organized
criminal group
name
Carberp, Pawn
Storm or APT28
Unlimited Operations Russian Mafia
Suspect
numbers
8 8 19
Arrest by Russia USA Taiwan
Arrested
suspects name
(from
Newspaper)
Germes and
Arashi (Alias)
Elvis Rafael
Rodriguez, Emir
Yasser Yeje, and
Alberto Yusi Lajud-
Peña
Andrejs Peregudovs,
Mihail Colibaba and
Nikolay Penkov
What
USD theft in an
ATM looting
$1 Billion $45 Million $2.6 Million (NT$83.27
Million)
When
From plan to
ATM heist
2009 ~ February
2015
December 2012 and
February 2013
July 2016
Arrest date March 2012 May 2013 July 2016
Where
ATM location Moscow
in Russia
New York in USA
(More than 24
countries)
Taipei City, New Taipei
City, and Taichung in
Taiwan
How
Money from the financial
institution itself
Prepaid Debit
Accounts
the financial institution
itself
32. People
• Commit Cross-Border
Cybercrimes
• Need for Global Cooperation
Process
• Limit Remote Access for ATMs
• Limit Convenient Access for ATM Cabinets
Technology
• Choose Closed System
• Protect Internal Information
Governance
• Protect against Computer Security Threats
• Enhance Access Control Practices
Prevention Strategy on ICT Governance
33. Cybercrime Countermeasure of
Insider Threat Investigation
1. Track the
Pathway of a
Threat
•Payload-based
inspection
•Port-based
identification
2. Perform 24/7
Full-packet Capture
•Getting packet
analyzers
•Capturing packets
3. Check All
Network
Connections
•Real‐time situational
awareness
•Inspecting packets
4. Track the Source
IP Address
•Differentiation with
user-generated
content
•IP Address-based filter
5. Show the Digital
Evidence
•Testify tools and
processes
•Evaluate admissibility
and weight
Governance
InvestigationForensics
34. The Governance of Digital Forensic
Investigation in Law Enforcement Agencies
Governance
InvestigationForensics
39. LEAs can look at
• where they post from,
• who they interact with,
• how people are sharing on social media, and
• what is reflected in their posts.
How can LEAs infer traits from the
target’s profiles?
40. 1. Internet Habitats - Finding people
Look broadly for social networking sites
2. Snowball Sampling - Social searches
Effective on many sites
3. Social Networking Analysis -
relational linkage
Content is king
Law Enforcement
on Social Network Sites
41. Information sharing: There are a substantial number of
web forums, Internet relay chat (IRC) channels, blogs,
and other online resources that facilitate information
sharing between hackers across the world.
Facilitate attacks: These resources range from
legitimate, ethical discussions of hacking to serious
forums where individuals buy, sell, and trade malware
and stolen data to facilitate attacks and identity theft.
Create software and tools: The top tier of hackers have
the complex skills needed to create software and tools
to facilitate complex automated attacks against variety
of systems.
Case Study:
Habitats Through Social Network Data
42. law enforcement has successfully used social
media to investigate street gangs and other small
organizations.
When you have an individual target in mind but
you do not know much about him, it can be
helpful to understand information about the
demographic groups that the target is a member
of.
The Individual ‘s Habitats
43. There is a lot of information available on social media to
better understand organizations and communities of people.
Learning these insights about groups of people may not
reveal exactly what a specific investigation target is doing, but
it can provide valuable insight into where that target might be
found online, how he or she is using social media as a
member of that group, and what topics and activities are of
interest.
Investigation of groups online can also lead to valuable
intelligence about individuals within those groups who late
become interesting.
Interest groups investigation
on social media sites
44. Only about 30% of adults report including location
information. (maybe more!)
This is an opt-in process, not an automatic one.
It is unlikely to become something we will see by default.
The availability of location information can be found
in geotagged posts, check-ins, and the embedded
metadata of images and videos. What are the
challenges to use location data on social media?
Location Data
45. Exif Viewer
Jeffrey’s Exif Viewer is an online application
(http://regex.info/exif.cgi) which allows us to see
this Exif data present in any image file.
47. Finding people on social media
Non-authoritative answer: Social media is not an
authoritative information source.
Specific sites: Search for people on the specific sites you
care about.
Reuse usernames: People often reuse their usernames.
Flexible search: Searching for people through their
associates and allowing for flexibility and some
incorrectness in search results will help you discover
targets in ways that you might not have initially
expected.
48. Finding people on social media
Toolkits: the social media sites‘ internal
search/advanced Google search tools for finding
people.
Names or usernames as input: Social media search
engines take names or possible usernames as input
and then search across social media sites to find
accounts.
Updated list services: These services are constantly
changing, and the companion website for the book
has an updated list.
49. AUTHORSHIP ANALYSIS
When the attack consists of documents that have
been written by an author, the main method for
performing attribution is called authorship
analysis.
In authorship analysis, features from within the
text are used to model the writing behavior of the
author, and lead to a predictive model that can
identify the author of a text.
50. The group characteristics can provide insights about
where to start looking for information specific to the
target.
All types of organizations have presences on social media
The activities, motivations, and online statements of the
organization can be valuable background for
understanding an individual target.
Looking for Valuable Information
Specific to The Target
52. Identify various forms of cybercrime: Identify
when and how various forms of cybercrime occur.
Promote reporting among citizens: Consider how
real-world community meetings may be
structured to promote reporting among citizens
and demonstrate law enforcement’s investigative
capabilities to the community.
Increase exposure of the agency: Help increase
exposure of the law enforcement agency to
various online populations.
Online Community Policing
53. Evidence: Social media postings may be used
as evidence of cybercrimes, such as
cyberstalking, online threats and harassment,
child pornography, and sexual assault.
Powerful tool: Social media is a powerful tool
for law enforcement, for investigation and
informing or collaborating with the public.
Prosecution and Social Media
54. Clues
Clues help identify where attacks come from.
(1) Keyboard layout: determine the first language of
the author
(2) Malware metadata
(3) Embedded fonts
(4) DNS registration: can be easily faked, but still lead
to linking attacks
(5) Language, such as mistakes, which we outline in the
next section on authorship analysis
(6) Remote administration tool (RAT) configuration,
based on their personal preferences
(7) Behavior of the attack
55. People can post basically anything on social media,
but there are a few terms that are used across sites
:
• Updates/posts
• Comment/reply
• Photos and videos
• Social networks/friends/contacts
• Metadata
Contents on social media
56. Identify various forms of cybercrime: Identify when
and how various forms of cybercrime occur.
Promote reporting among citizens: Consider how
real-world community meetings may be structured
to promote reporting among citizens and
demonstrate law enforcement’s investigative
capabilities to the community.
Increase exposure of the agency: Help increase
exposure of the law enforcement agency to various
online populations.
Online Community Policing
57. Social media sites are full of:
demographic information;
lists of friends, family, and associates;
logs of activities, preferences, and favorites;
maps showing places a person goes and how
frequently;
time-stamped posts that indicate where a person
was and when; and
the content of the posts themselves, where
people detail their thoughts, feelings, and ideas.
What does make social media a
powerful tool for investigators?
58. The police will have the skills you need to search,
navigate, and collect information from many
sources.
The police should learn lessons for the use of social
media: being mindful of what you put online, what
to expect (or not) in terms of privacy, and how to
manage your own online identity.
What kinds of skills does the police
need to search, navigate, and collect
information on social media?
59. Locate a target: trying to find the target
themselves, and find their associates.
Investigator: keep a low social media profile
Target profiles: They use the same email addresses,
same usernames, and same profile photos over
and over.
What are the standard
investigation techniques in SNSs?
60. Conclusions
Law enforcement officials are exploiting
social media to
• investigate crime,
• identify perpetrators, and
• build cases for prosecution.
A promising approach to ensure efficient and
effective strategy is collaborations between
various private and public organizations.
Security agencies, intelligence agencies and
LEAs can apply similar techniques.
61. 65
Any comments are appreciated.
Thanks for your listening.
Dayu Kao (Ph. D.)
Associate Professor
Central Police University, Taiwan
E-mail: camel@mail.cpu.edu.tw
Don't believe everything
you are told!
Ask “Where is the
EVIDENCE?”