SlideShare a Scribd company logo
The Investigation, Forensics, and
Governance of ATM Heist Threats
in Law Enforcement Agencies
Associate Professor Dayu Kao (Ph. D.)
Department of Information Management,
Central Police University, Taiwan
camel@mail.cpu.edu.tw
Table of Content
 I. Introduction
 II. Literature Reviews
 III.Sample Case
 IV. Investigation, Forensics, and
Governance of ATM Heist Threats
 V. OSINT/SOCMINT in Law
Enforcement Agencies
 VI.Conclusions
Governance
InvestigationForensics
I. Introduction
 Law enforcement agencies (LEAs) should
 make certain observations and interpretations of the
digital data,
 supply sufficient evidence in crime reconstruction,
and
 prove the suspect’s illegal access to the computer
itself.
 People say a lot online.
 Computer scientists are actively developing
technology that reveals all kinds of secrets about
social media users.
 When data from millions of people can be
analyzed, statistical analysis and advanced
computational techniques can detect patterns
that indicate that a person has a particular
attribute.
Inferring Traits from Profiles
OSINT
 Open Source INTelligence (OSINT) is the intelligence
collected from the sources which are present openly
in the public.
 OSINT comprises of various public sources, such as:
 Academic publications: research papers, conference
publications, etc.
 Media sources: newspaper, radio channels, television, etc.
 Web content: websites, social media, etc.
 Public data: open government documents, public
companies announcements, etc.
OSINT Types
 Literature
 White literature: Published
 Black literature: Non-Published
 Grey literature (or gray literature): Published but not easy
to (specialized) access.
 Sources
 The Internet: geolocation data, people search engines
 Traditional mass media (e.g., television, radio)
 Specialized journals, academic publications
 Photos and videos including metadata
 Geospatial information (e.g., maps and commercial imagery
products)
Benefits of OSINT
 Less risky
 Cost effective
 Ease of accessibility
 Legal issues: without worrying about breaching
any copyright license as these resources are
already published publicly.
 Aiding financial (criminal) investigators
 Fighting against online counterfeiting (fake news)
 Maintaining national security and political stability
What are the challenges of
open source intelligence?
 Sheer volume of data
 Reliability of sources
 Human efforts
Techniques, methods and opportunities in
Social Media Intelligence (SOCMINT)
The ‘state of the art’ for generating insight from
SOCMINT (Social Media Intelligence).
(1) Evidence for law enforcement: establish and
generate evidence to situational awareness
(2) Big data Insight: aid understanding and explanation
(3) An aid to Prediction: apply predictive analytics to
social media datasets to predict a range of social
behaviors and phenomena
There are many types of social media:
• Social networks: Facebook, Google+, VK,
• Photo sharing: Instagram, Flickr
• Video sharing: YouTube
• Microblogging: Twitter, Tumblr
• Social bookmarking: Pinterest
• Social gaming
• Review sites: LinkedIn (business-oriented)
• App
• forums
• and more.
Categories of social media
Major categories include
• basic demographic information,
• social connections,
• location information,
• patterns of behavior, and
• the content of the posts themselves.
Information from social media
Anonymity and confidentiality
Going undetected
Use of pseudonames
No computer savvy
What are the attributes
of social networks?
 Users must decide
• whether their presentation will be
accurate or idealized,
• what and how much to disclose,
• who their audience consists of, and
• how they will interact with them.
What is the relationship between
Social Networking and Crime?
Law enforcement and lawyers in civil suits certainly
want to gather information on suspects or the
opposing side of a dispute.
The information that people reveal online is
valuable as evidence.
It quite easy to mistake one person for another
online, and information needs to be analyzed
carefully.
Why might the police conduct an
investigation online via OSINT/SOCMINT?
II. Literature Reviews
Organizational Cybercrime Activities
Year Group Name Actor
Type
1993~2001 DrinkOrDie (DoD)
Non-
state
1996~1998 The Wonderland Club
2003~ Anonymous
2006~2008 Dark Market
2006~2010
PLA Unit 61398
State
Shady RAT
Aurora
GhostNet
2007~2013 PRISM
2010
Operation Olympic Games
Stuxnet
2010~2012 Ukrainian ZeuS Group Non-
state
 The golden rule is for investigators to apply
what is known as the ‘ABC’ principle
throughout the life of an investigation as
follows:
 A. Assume nothing
 B. Believe nothing
 C. Challenge and check everything
2014
Cybercrime Investigation
 Criminal investigation actually begins with data on
a crime.
 The presence of relevant, reliable, and sufficient
evidence can officially open a case in LEAs.
 The identification, collection, examination,
analysis, and presentation of evidence in law.
 Cyber threats leave some traces in the packets.
Inman-Rudin Paradigm
 Inman-Rudin Paradigm expanded the Locard
Exchange Principle into two principles and four
processes.
 The principles include:
 ■ Transfer
 ■ The divisibility of matter
 The processes include:
 ■ Identification
 ■ Classification/individualization
 ■ Association
 ■ Reconstruction
Cybercrime Investigation
 Digital evidence has become an essential part of
crime scene investigation to collect live/volatile
network information in cybersecurity breaches.
 Cybercrime investigation focuses on
 (1) identifying the digital evidence from essential logs
(identification),
 (2) finding the suspect ID/account and determining a
common class from evidence process
(individualization/classification),
 (3) inferring interactions between the evidence and
the suspect from copied data (association), and
 ordering the associations in time and space from
necessary information (reconstruction).
Digital Forensic Process
1. Identification: 6W1H Questions
2. Collection: at scene, in lab, chain of custody
3. Examination: data, information, knowledge,
intelligence
4. Analysis: temporal, relational, functional
reconstruction
5. Presentation: relevant, reliable, sufficient evidences
III. Sample Case
 A. Taiwan’s Russian Mafia Group on Banks and
Payment Systems in July 2016
 B. Answering Some Questions
 1) Who: Andrejs Peregudovs, Mihail Colibaba and
Nikolay Penkov
 2) What: US$2.61 Million Theft in an ATM Looting
 3) When: July 9 ~ 10, 2016
 4) Where: Three Suspects Were Charged in Taipei
 5) How: ATM Attacks Targeting Wincor Nixdorf
Model
 C. Answering Follow-up Questions: How can
OSINT/SOCMINT help in this case?
Money Flow in Taiwan ATM Heist
Date Money Activity
July 9 and 10, 2016 NT$83.27 million
(US$2.61 million)
Seventeen suspects
was illegally
withdrawn
July 11, 2016 NT$200,000 Two suspects have
converted more than
NT$200,000 into
South Korean won,
Australian dollars and
US dollars
July 17, 2016 NT$60.24 million Two suspects were
arrested.
Some money was
recovered
July 20, 2016 NT$12.63 million police found Andrejs’s
bag
July 20, 2016 NT$4.54 million Mr. Ko handed
another bag to police.
93% Money Back
Time and luck
Are there any insiders involved?
 Irregularities in the connections between the
voice server in London, the bank’s internal
network and the ATMs in Taiwan.
 Because the bank’s computer system is a closed
network, insider assistance could not be ruled out
yet in this case.
 Cybercrime investigators will try their best to find
evidence in computers or networks.
Practices on Cybercrime Issues
 Be collaborating and making efforts to combat
cybercrime.
 Consider Private-Public-Partnership (PPP) to bring
research into reality for cybercrime investigation.
Actionable Intelligence Practices on Cybercrime Issues
Cybercrime
Governance
Near-Term Mid-Term Long-Term
Draw a
strategic roadmap to
combat cybercrime
Develop SOPs Facilitate cross-
border Cooperation
People
Cybersecurity Capacity
Building
Cybersecurity Reporting
Mechanism
Private-Public-
Partnership
Process
National Agency for
Cybersecurity
Legal Measures International
Cooperation
Technology Cybersecurity Strategy R&D on advanced Tools
and Technology Active Participation
Tasks
Create new procedures or policies to deter, respond to, and prosecute
cybercrime.
Enhance the actionable intelligence capability to rapidly gather data,
accurately process information, and strategically combat cybercrime.
Longer Arm of Cybercrime Investigation
 Making sound judgments at low cost is a core role and
important attribute for LEAs, who must maximize the
potential and exploit the possibilities to ensure things are
what they see.
 Various kind of intelligence provide important information
in a timely manner to an appropriate audience for better
informed decision making.
 Actionable intelligence is related to the investigation or
incident at hand within the wider intelligence mix.
 LEAs have produced actionable intelligence from criminal
investigation to gain knowledge in support of preventing
cybercrime or pursuing terrorists.
Sharing Malware Source Codes
Functional Comparison of ATM Malware Family
Malware Family Carberp Anunak Carbanak
Group Carberp, Pawn
Storm or APT28
Anunak hacker
group
Carbanak criminal
gang
Identified by the
Internet security
companies
Federal Office for
Information
Security, BSI (
Germany) and
Trend Micro
(Taiwan).
Group-IB (Russia)
and Fox-IT (The
Netherlands)
Kaspersky
(Russian/UK)
Malware
Successor (initially
based on)
Zeus, Rovnix,
RDPdor, Hodprot,
and Origami
Carberp (source
code) + Anunak
(Wincor ATMs)
Finding Time 2009 December 2014 2015
Victim Location Russian Eastern Europe,
the U.S.
Russia, the United
States, Germany,
China and Ukraine
Behavioral Attribute Comparison of ATM Malware Family
Catego
ry
Case 1 2 3
Who
An organized
criminal group
name
Carberp, Pawn
Storm or APT28
Unlimited Operations Russian Mafia
Suspect
numbers
8 8 19
Arrest by Russia USA Taiwan
Arrested
suspects name
(from
Newspaper)
Germes and
Arashi (Alias)
Elvis Rafael
Rodriguez, Emir
Yasser Yeje, and
Alberto Yusi Lajud-
Peña
Andrejs Peregudovs,
Mihail Colibaba and
Nikolay Penkov
What
USD theft in an
ATM looting
$1 Billion $45 Million $2.6 Million (NT$83.27
Million)
When
From plan to
ATM heist
2009 ~ February
2015
December 2012 and
February 2013
July 2016
Arrest date March 2012 May 2013 July 2016
Where
ATM location Moscow
in Russia
New York in USA
(More than 24
countries)
Taipei City, New Taipei
City, and Taichung in
Taiwan
How
Money from the financial
institution itself
Prepaid Debit
Accounts
the financial institution
itself
IV. Investigation, Forensics, and
Governance of ATM Heist Threats
https://tw.appledaily.com
People
• Commit Cross-Border
Cybercrimes
• Need for Global Cooperation
Process
• Limit Remote Access for ATMs
• Limit Convenient Access for ATM Cabinets
Technology
• Choose Closed System
• Protect Internal Information
Governance
• Protect against Computer Security Threats
• Enhance Access Control Practices
Prevention Strategy on ICT Governance
Cybercrime Countermeasure of
Insider Threat Investigation
1. Track the
Pathway of a
Threat
•Payload-based
inspection
•Port-based
identification
2. Perform 24/7
Full-packet Capture
•Getting packet
analyzers
•Capturing packets
3. Check All
Network
Connections
•Real‐time situational
awareness
•Inspecting packets
4. Track the Source
IP Address
•Differentiation with
user-generated
content
•IP Address-based filter
5. Show the Digital
Evidence
•Testify tools and
processes
•Evaluate admissibility
and weight
Governance
InvestigationForensics
The Governance of Digital Forensic
Investigation in Law Enforcement Agencies
Governance
InvestigationForensics
38
The multi-dimensional framework of digital forensics
Phases Functions Tools
Triage/Preview
Packet capture Wireshark
Make an image file
create hashes of files
Data recovery
FTK Imager
Dump the memory RAM Capturer
Examination
Browser information extraction Dumpzilla
capture the physical memory
analyze artifacts in memory
Magnet RAM
Capture
Network sniffering Network Miner
Analysis
Timeline Analysis
Hash Filtering
File System Analysis Keyword
Searching
Autopsy and
The Sleuth
Kit
extract applications data Xplico
Comprehensive analysis and
forensics
EnCASE
FTK
TCT
Reconstruction Temporal, Functional, and Relational Analysis39
IV. OSINT/SOCMINT in Law
Enforcement Agencies
https://inteltechniques.com/
Search Engines Tool
-Populate all-submit all
https://inteltechniques.com/
LEAs can look at
• where they post from,
• who they interact with,
• how people are sharing on social media, and
• what is reflected in their posts.
How can LEAs infer traits from the
target’s profiles?
1. Internet Habitats - Finding people
Look broadly for social networking sites
2. Snowball Sampling - Social searches
Effective on many sites
3. Social Networking Analysis -
relational linkage
Content is king
Law Enforcement
on Social Network Sites
Information sharing: There are a substantial number of
web forums, Internet relay chat (IRC) channels, blogs,
and other online resources that facilitate information
sharing between hackers across the world.
Facilitate attacks: These resources range from
legitimate, ethical discussions of hacking to serious
forums where individuals buy, sell, and trade malware
and stolen data to facilitate attacks and identity theft.
Create software and tools: The top tier of hackers have
the complex skills needed to create software and tools
to facilitate complex automated attacks against variety
of systems.
Case Study:
Habitats Through Social Network Data
 law enforcement has successfully used social
media to investigate street gangs and other small
organizations.
 When you have an individual target in mind but
you do not know much about him, it can be
helpful to understand information about the
demographic groups that the target is a member
of.
The Individual ‘s Habitats
 There is a lot of information available on social media to
better understand organizations and communities of people.
 Learning these insights about groups of people may not
reveal exactly what a specific investigation target is doing, but
it can provide valuable insight into where that target might be
found online, how he or she is using social media as a
member of that group, and what topics and activities are of
interest.
 Investigation of groups online can also lead to valuable
intelligence about individuals within those groups who late
become interesting.
Interest groups investigation
on social media sites
Only about 30% of adults report including location
information. (maybe more!)
This is an opt-in process, not an automatic one.
It is unlikely to become something we will see by default.
The availability of location information can be found
in geotagged posts, check-ins, and the embedded
metadata of images and videos. What are the
challenges to use location data on social media?
Location Data
Exif Viewer
 Jeffrey’s Exif Viewer is an online application
(http://regex.info/exif.cgi) which allows us to see
this Exif data present in any image file.
PEOPLE SEARCH
 Spokeo (http://www.spokeo.com)
 Pipl (https://pipl.com/)
 PeekYou (http://www.peekyou.com/)
 Yasni (http://www.yasni.com/)
 LittleSis (http://littlesis.org/)
 MarketVisual (http://www.marketvisual.com/)
 TheyRule (http://theyrule.net/)
Finding people on social media
 Non-authoritative answer: Social media is not an
authoritative information source.
 Specific sites: Search for people on the specific sites you
care about.
 Reuse usernames: People often reuse their usernames.
 Flexible search: Searching for people through their
associates and allowing for flexibility and some
incorrectness in search results will help you discover
targets in ways that you might not have initially
expected.
Finding people on social media
 Toolkits: the social media sites‘ internal
search/advanced Google search tools for finding
people.
 Names or usernames as input: Social media search
engines take names or possible usernames as input
and then search across social media sites to find
accounts.
 Updated list services: These services are constantly
changing, and the companion website for the book
has an updated list.
AUTHORSHIP ANALYSIS
 When the attack consists of documents that have
been written by an author, the main method for
performing attribution is called authorship
analysis.
 In authorship analysis, features from within the
text are used to model the writing behavior of the
author, and lead to a predictive model that can
identify the author of a text.
 The group characteristics can provide insights about
where to start looking for information specific to the
target.
 All types of organizations have presences on social media
 The activities, motivations, and online statements of the
organization can be valuable background for
understanding an individual target.
Looking for Valuable Information
Specific to The Target
Data
Trojan
Files
Host
Police Suspect
Analyzing Networks
Identify various forms of cybercrime: Identify
when and how various forms of cybercrime occur.
Promote reporting among citizens: Consider how
real-world community meetings may be
structured to promote reporting among citizens
and demonstrate law enforcement’s investigative
capabilities to the community.
Increase exposure of the agency: Help increase
exposure of the law enforcement agency to
various online populations.
Online Community Policing
Evidence: Social media postings may be used
as evidence of cybercrimes, such as
cyberstalking, online threats and harassment,
child pornography, and sexual assault.
Powerful tool: Social media is a powerful tool
for law enforcement, for investigation and
informing or collaborating with the public.
Prosecution and Social Media
Clues
 Clues help identify where attacks come from.
 (1) Keyboard layout: determine the first language of
the author
 (2) Malware metadata
 (3) Embedded fonts
 (4) DNS registration: can be easily faked, but still lead
to linking attacks
 (5) Language, such as mistakes, which we outline in the
next section on authorship analysis
 (6) Remote administration tool (RAT) configuration,
based on their personal preferences
 (7) Behavior of the attack
People can post basically anything on social media,
but there are a few terms that are used across sites
:
• Updates/posts
• Comment/reply
• Photos and videos
• Social networks/friends/contacts
• Metadata
Contents on social media
Identify various forms of cybercrime: Identify when
and how various forms of cybercrime occur.
Promote reporting among citizens: Consider how
real-world community meetings may be structured
to promote reporting among citizens and
demonstrate law enforcement’s investigative
capabilities to the community.
Increase exposure of the agency: Help increase
exposure of the law enforcement agency to various
online populations.
Online Community Policing
Social media sites are full of:
 demographic information;
 lists of friends, family, and associates;
 logs of activities, preferences, and favorites;
 maps showing places a person goes and how
frequently;
 time-stamped posts that indicate where a person
was and when; and
 the content of the posts themselves, where
people detail their thoughts, feelings, and ideas.
What does make social media a
powerful tool for investigators?
The police will have the skills you need to search,
navigate, and collect information from many
sources.
The police should learn lessons for the use of social
media: being mindful of what you put online, what
to expect (or not) in terms of privacy, and how to
manage your own online identity.
What kinds of skills does the police
need to search, navigate, and collect
information on social media?
Locate a target: trying to find the target
themselves, and find their associates.
Investigator: keep a low social media profile
Target profiles: They use the same email addresses,
same usernames, and same profile photos over
and over.
What are the standard
investigation techniques in SNSs?
Conclusions
Law enforcement officials are exploiting
social media to
• investigate crime,
• identify perpetrators, and
• build cases for prosecution.
 A promising approach to ensure efficient and
effective strategy is collaborations between
various private and public organizations.
 Security agencies, intelligence agencies and
LEAs can apply similar techniques.
65
Any comments are appreciated.
Thanks for your listening.
Dayu Kao (Ph. D.)
Associate Professor
Central Police University, Taiwan
E-mail: camel@mail.cpu.edu.tw
Don't believe everything
you are told!
Ask “Where is the
EVIDENCE?”

More Related Content

What's hot

Surveillance
SurveillanceSurveillance
Surveillance
Jennifer Howard
 
Surveillance Society
Surveillance SocietySurveillance Society
Surveillance Society
Karen Moxley
 
Interplay of Digital Forensics in eDiscovery
Interplay of Digital Forensics in eDiscoveryInterplay of Digital Forensics in eDiscovery
Interplay of Digital Forensics in eDiscovery
CSCJournals
 
Computer Forensics: The Emerging Significance to Law Enforcement
Computer Forensics: The Emerging Significance to Law Enforcement Computer Forensics: The Emerging Significance to Law Enforcement
Computer Forensics: The Emerging Significance to Law Enforcement
Lillian Ekwosi-Egbulem
 
Automatic Detection of Social Engineering Attacks Using Dialog
Automatic Detection of Social Engineering Attacks Using DialogAutomatic Detection of Social Engineering Attacks Using Dialog
Automatic Detection of Social Engineering Attacks Using Dialog
iosrjce
 
Hello dr. aguiar and classmates,for this week’s forum we were as
Hello dr. aguiar and classmates,for this week’s forum we were asHello dr. aguiar and classmates,for this week’s forum we were as
Hello dr. aguiar and classmates,for this week’s forum we were as
simba35
 
Bridging the gap between mobile and computer forensics
Bridging the gap between mobile and computer forensicsBridging the gap between mobile and computer forensics
Bridging the gap between mobile and computer forensics
Nina Ananiasvili
 
Instructions please write a 5 page paper answering the question con
Instructions please write a 5 page paper answering the question conInstructions please write a 5 page paper answering the question con
Instructions please write a 5 page paper answering the question con
simba35
 
Design and Development of Secure Electronic Voting System Using Radio Frequen...
Design and Development of Secure Electronic Voting System Using Radio Frequen...Design and Development of Secure Electronic Voting System Using Radio Frequen...
Design and Development of Secure Electronic Voting System Using Radio Frequen...
iosrjce
 
The snooping dragon: social-malware surveillance of the Tibetan movement
The snooping dragon: social-malware surveillance  of the Tibetan movementThe snooping dragon: social-malware surveillance  of the Tibetan movement
The snooping dragon: social-malware surveillance of the Tibetan movement
guesta33b66
 
Electronic Surveillance Of Communications 100225
Electronic Surveillance Of Communications 100225Electronic Surveillance Of Communications 100225
Electronic Surveillance Of Communications 100225
Klamberg
 
Electronic Surveillance of Communications 100225
Electronic Surveillance of Communications 100225Electronic Surveillance of Communications 100225
Electronic Surveillance of Communications 100225
Klamberg
 
Presentation1
Presentation1Presentation1
Presentation1
SP. Zems Mathias, PhD.
 
Computer Forensic: A Reactive Strategy for Fighting Computer Crime
Computer Forensic: A Reactive Strategy for Fighting Computer CrimeComputer Forensic: A Reactive Strategy for Fighting Computer Crime
Computer Forensic: A Reactive Strategy for Fighting Computer Crime
CSCJournals
 
Information Gathering in Intelligence Agencies
Information Gathering in Intelligence AgenciesInformation Gathering in Intelligence Agencies
Information Gathering in Intelligence Agencies
Nora A. Rahim
 
EUROPOL: THE INTERNET ORGANISED CRIME THREAT ASSESSMENT (IOCTA) 2015
EUROPOL: THE INTERNET ORGANISED CRIME THREAT ASSESSMENT (IOCTA) 2015EUROPOL: THE INTERNET ORGANISED CRIME THREAT ASSESSMENT (IOCTA) 2015
EUROPOL: THE INTERNET ORGANISED CRIME THREAT ASSESSMENT (IOCTA) 2015
ADISPO Asociación de directores de seguridad
 
The Investigative Lab - Nuix
The Investigative Lab - NuixThe Investigative Lab - Nuix
The Investigative Lab - Nuix
Nuix
 
A criminological psychology based digital forensic investigative framework
A criminological psychology based digital forensic investigative frameworkA criminological psychology based digital forensic investigative framework
A criminological psychology based digital forensic investigative framework
Sameer Dasaka
 
CyberTerrorismACaseOfAliceInWonderland
CyberTerrorismACaseOfAliceInWonderlandCyberTerrorismACaseOfAliceInWonderland
CyberTerrorismACaseOfAliceInWonderland
Enrique J Cordero
 

What's hot (19)

Surveillance
SurveillanceSurveillance
Surveillance
 
Surveillance Society
Surveillance SocietySurveillance Society
Surveillance Society
 
Interplay of Digital Forensics in eDiscovery
Interplay of Digital Forensics in eDiscoveryInterplay of Digital Forensics in eDiscovery
Interplay of Digital Forensics in eDiscovery
 
Computer Forensics: The Emerging Significance to Law Enforcement
Computer Forensics: The Emerging Significance to Law Enforcement Computer Forensics: The Emerging Significance to Law Enforcement
Computer Forensics: The Emerging Significance to Law Enforcement
 
Automatic Detection of Social Engineering Attacks Using Dialog
Automatic Detection of Social Engineering Attacks Using DialogAutomatic Detection of Social Engineering Attacks Using Dialog
Automatic Detection of Social Engineering Attacks Using Dialog
 
Hello dr. aguiar and classmates,for this week’s forum we were as
Hello dr. aguiar and classmates,for this week’s forum we were asHello dr. aguiar and classmates,for this week’s forum we were as
Hello dr. aguiar and classmates,for this week’s forum we were as
 
Bridging the gap between mobile and computer forensics
Bridging the gap between mobile and computer forensicsBridging the gap between mobile and computer forensics
Bridging the gap between mobile and computer forensics
 
Instructions please write a 5 page paper answering the question con
Instructions please write a 5 page paper answering the question conInstructions please write a 5 page paper answering the question con
Instructions please write a 5 page paper answering the question con
 
Design and Development of Secure Electronic Voting System Using Radio Frequen...
Design and Development of Secure Electronic Voting System Using Radio Frequen...Design and Development of Secure Electronic Voting System Using Radio Frequen...
Design and Development of Secure Electronic Voting System Using Radio Frequen...
 
The snooping dragon: social-malware surveillance of the Tibetan movement
The snooping dragon: social-malware surveillance  of the Tibetan movementThe snooping dragon: social-malware surveillance  of the Tibetan movement
The snooping dragon: social-malware surveillance of the Tibetan movement
 
Electronic Surveillance Of Communications 100225
Electronic Surveillance Of Communications 100225Electronic Surveillance Of Communications 100225
Electronic Surveillance Of Communications 100225
 
Electronic Surveillance of Communications 100225
Electronic Surveillance of Communications 100225Electronic Surveillance of Communications 100225
Electronic Surveillance of Communications 100225
 
Presentation1
Presentation1Presentation1
Presentation1
 
Computer Forensic: A Reactive Strategy for Fighting Computer Crime
Computer Forensic: A Reactive Strategy for Fighting Computer CrimeComputer Forensic: A Reactive Strategy for Fighting Computer Crime
Computer Forensic: A Reactive Strategy for Fighting Computer Crime
 
Information Gathering in Intelligence Agencies
Information Gathering in Intelligence AgenciesInformation Gathering in Intelligence Agencies
Information Gathering in Intelligence Agencies
 
EUROPOL: THE INTERNET ORGANISED CRIME THREAT ASSESSMENT (IOCTA) 2015
EUROPOL: THE INTERNET ORGANISED CRIME THREAT ASSESSMENT (IOCTA) 2015EUROPOL: THE INTERNET ORGANISED CRIME THREAT ASSESSMENT (IOCTA) 2015
EUROPOL: THE INTERNET ORGANISED CRIME THREAT ASSESSMENT (IOCTA) 2015
 
The Investigative Lab - Nuix
The Investigative Lab - NuixThe Investigative Lab - Nuix
The Investigative Lab - Nuix
 
A criminological psychology based digital forensic investigative framework
A criminological psychology based digital forensic investigative frameworkA criminological psychology based digital forensic investigative framework
A criminological psychology based digital forensic investigative framework
 
CyberTerrorismACaseOfAliceInWonderland
CyberTerrorismACaseOfAliceInWonderlandCyberTerrorismACaseOfAliceInWonderland
CyberTerrorismACaseOfAliceInWonderland
 

Similar to Dr. Da-Yu Kao - The Investigation, Forensics, and Governance of ATM Heist Threats in Law Enforcement Agencies

ESSENTIALS OF Management Information Systems 12eKENNETH C..docx
ESSENTIALS OF Management Information Systems 12eKENNETH C..docxESSENTIALS OF Management Information Systems 12eKENNETH C..docx
ESSENTIALS OF Management Information Systems 12eKENNETH C..docx
debishakespeare
 
ESSENTIALS OF Management Information Systems 12eKENNETH C.
ESSENTIALS OF Management Information Systems 12eKENNETH C.ESSENTIALS OF Management Information Systems 12eKENNETH C.
ESSENTIALS OF Management Information Systems 12eKENNETH C.
ronnasleightholm
 
Digital Footprints_ Investigating Digital Evidence in Online Crime Cases.pptx
Digital Footprints_ Investigating Digital Evidence in Online Crime Cases.pptxDigital Footprints_ Investigating Digital Evidence in Online Crime Cases.pptx
Digital Footprints_ Investigating Digital Evidence in Online Crime Cases.pptx
webb00704
 
Reply to post 1 & 2 with 250 words  each.Post 11.  What va
Reply to post 1 & 2 with 250 words  each.Post 11.  What vaReply to post 1 & 2 with 250 words  each.Post 11.  What va
Reply to post 1 & 2 with 250 words  each.Post 11.  What va
felipaser7p
 
Behavioural Analytics in Cyber Security for Digital Forensics Application
Behavioural Analytics in Cyber Security for Digital Forensics ApplicationBehavioural Analytics in Cyber Security for Digital Forensics Application
Behavioural Analytics in Cyber Security for Digital Forensics Application
AIRCC Publishing Corporation
 
BEHAVIOURAL ANALYTICS IN CYBER SECURITY FOR DIGITAL FORENSICS APPLICATION
BEHAVIOURAL ANALYTICS IN CYBER SECURITY FOR DIGITAL FORENSICS APPLICATIONBEHAVIOURAL ANALYTICS IN CYBER SECURITY FOR DIGITAL FORENSICS APPLICATION
BEHAVIOURAL ANALYTICS IN CYBER SECURITY FOR DIGITAL FORENSICS APPLICATION
AIRCC Publishing Corporation
 
Behavioural Analytics in Cyber Security for Digital Forensics Application
Behavioural Analytics in Cyber Security for Digital Forensics ApplicationBehavioural Analytics in Cyber Security for Digital Forensics Application
Behavioural Analytics in Cyber Security for Digital Forensics Application
AIRCC Publishing Corporation
 
Pathways White Paper FINAL (1) (1)
Pathways White Paper FINAL (1) (1)Pathways White Paper FINAL (1) (1)
Pathways White Paper FINAL (1) (1)
Professor Mary Aiken
 
DarkNet_article_wn17
DarkNet_article_wn17DarkNet_article_wn17
DarkNet_article_wn17
Ed Alcantara
 
Lecture2 Introduction to Digital Forensics.ppt
Lecture2 Introduction to Digital Forensics.pptLecture2 Introduction to Digital Forensics.ppt
Lecture2 Introduction to Digital Forensics.ppt
Surajgroupsvideo
 
Clarke. nb. PRIVATE EYES. privacy and suveillance
Clarke. nb. PRIVATE EYES. privacy and suveillanceClarke. nb. PRIVATE EYES. privacy and suveillance
Clarke. nb. PRIVATE EYES. privacy and suveillance
NANDI AYANA
 
Crimea Russia or Ukraine An International Law Perspective.docx
Crimea Russia or Ukraine An International Law Perspective.docxCrimea Russia or Ukraine An International Law Perspective.docx
Crimea Russia or Ukraine An International Law Perspective.docx
willcoxjanay
 
A Study Of Cybercrimes In India Using Digital Forensics
A Study Of Cybercrimes In India Using Digital ForensicsA Study Of Cybercrimes In India Using Digital Forensics
A Study Of Cybercrimes In India Using Digital Forensics
Emily Smith
 
150 words agree or disagreeFuture Criminal Intelligence Enviro.docx
150 words agree or disagreeFuture Criminal Intelligence Enviro.docx150 words agree or disagreeFuture Criminal Intelligence Enviro.docx
150 words agree or disagreeFuture Criminal Intelligence Enviro.docx
drennanmicah
 
National framework for digital forensics bangladesh context
National framework for digital forensics   bangladesh context National framework for digital forensics   bangladesh context
National framework for digital forensics bangladesh context
Bank Alfalah Limited
 
Cyber Crime in Government
Cyber Crime in GovernmentCyber Crime in Government
Cyber Crime in Government
Jacqueline Fick
 
E2112733
E2112733E2112733
E2112733
ajmrdjournals
 
Graphs in Government
Graphs in GovernmentGraphs in Government
Graphs in Government
Neo4j
 
Cybercrimeandforensic 120828021931-phpapp02
Cybercrimeandforensic 120828021931-phpapp02Cybercrimeandforensic 120828021931-phpapp02
Cybercrimeandforensic 120828021931-phpapp02
Gol D Roger
 
Trends And Aspects Of Policing Models
Trends And Aspects Of Policing ModelsTrends And Aspects Of Policing Models
Trends And Aspects Of Policing Models
Tiffany Surratt
 

Similar to Dr. Da-Yu Kao - The Investigation, Forensics, and Governance of ATM Heist Threats in Law Enforcement Agencies (20)

ESSENTIALS OF Management Information Systems 12eKENNETH C..docx
ESSENTIALS OF Management Information Systems 12eKENNETH C..docxESSENTIALS OF Management Information Systems 12eKENNETH C..docx
ESSENTIALS OF Management Information Systems 12eKENNETH C..docx
 
ESSENTIALS OF Management Information Systems 12eKENNETH C.
ESSENTIALS OF Management Information Systems 12eKENNETH C.ESSENTIALS OF Management Information Systems 12eKENNETH C.
ESSENTIALS OF Management Information Systems 12eKENNETH C.
 
Digital Footprints_ Investigating Digital Evidence in Online Crime Cases.pptx
Digital Footprints_ Investigating Digital Evidence in Online Crime Cases.pptxDigital Footprints_ Investigating Digital Evidence in Online Crime Cases.pptx
Digital Footprints_ Investigating Digital Evidence in Online Crime Cases.pptx
 
Reply to post 1 & 2 with 250 words  each.Post 11.  What va
Reply to post 1 & 2 with 250 words  each.Post 11.  What vaReply to post 1 & 2 with 250 words  each.Post 11.  What va
Reply to post 1 & 2 with 250 words  each.Post 11.  What va
 
Behavioural Analytics in Cyber Security for Digital Forensics Application
Behavioural Analytics in Cyber Security for Digital Forensics ApplicationBehavioural Analytics in Cyber Security for Digital Forensics Application
Behavioural Analytics in Cyber Security for Digital Forensics Application
 
BEHAVIOURAL ANALYTICS IN CYBER SECURITY FOR DIGITAL FORENSICS APPLICATION
BEHAVIOURAL ANALYTICS IN CYBER SECURITY FOR DIGITAL FORENSICS APPLICATIONBEHAVIOURAL ANALYTICS IN CYBER SECURITY FOR DIGITAL FORENSICS APPLICATION
BEHAVIOURAL ANALYTICS IN CYBER SECURITY FOR DIGITAL FORENSICS APPLICATION
 
Behavioural Analytics in Cyber Security for Digital Forensics Application
Behavioural Analytics in Cyber Security for Digital Forensics ApplicationBehavioural Analytics in Cyber Security for Digital Forensics Application
Behavioural Analytics in Cyber Security for Digital Forensics Application
 
Pathways White Paper FINAL (1) (1)
Pathways White Paper FINAL (1) (1)Pathways White Paper FINAL (1) (1)
Pathways White Paper FINAL (1) (1)
 
DarkNet_article_wn17
DarkNet_article_wn17DarkNet_article_wn17
DarkNet_article_wn17
 
Lecture2 Introduction to Digital Forensics.ppt
Lecture2 Introduction to Digital Forensics.pptLecture2 Introduction to Digital Forensics.ppt
Lecture2 Introduction to Digital Forensics.ppt
 
Clarke. nb. PRIVATE EYES. privacy and suveillance
Clarke. nb. PRIVATE EYES. privacy and suveillanceClarke. nb. PRIVATE EYES. privacy and suveillance
Clarke. nb. PRIVATE EYES. privacy and suveillance
 
Crimea Russia or Ukraine An International Law Perspective.docx
Crimea Russia or Ukraine An International Law Perspective.docxCrimea Russia or Ukraine An International Law Perspective.docx
Crimea Russia or Ukraine An International Law Perspective.docx
 
A Study Of Cybercrimes In India Using Digital Forensics
A Study Of Cybercrimes In India Using Digital ForensicsA Study Of Cybercrimes In India Using Digital Forensics
A Study Of Cybercrimes In India Using Digital Forensics
 
150 words agree or disagreeFuture Criminal Intelligence Enviro.docx
150 words agree or disagreeFuture Criminal Intelligence Enviro.docx150 words agree or disagreeFuture Criminal Intelligence Enviro.docx
150 words agree or disagreeFuture Criminal Intelligence Enviro.docx
 
National framework for digital forensics bangladesh context
National framework for digital forensics   bangladesh context National framework for digital forensics   bangladesh context
National framework for digital forensics bangladesh context
 
Cyber Crime in Government
Cyber Crime in GovernmentCyber Crime in Government
Cyber Crime in Government
 
E2112733
E2112733E2112733
E2112733
 
Graphs in Government
Graphs in GovernmentGraphs in Government
Graphs in Government
 
Cybercrimeandforensic 120828021931-phpapp02
Cybercrimeandforensic 120828021931-phpapp02Cybercrimeandforensic 120828021931-phpapp02
Cybercrimeandforensic 120828021931-phpapp02
 
Trends And Aspects Of Policing Models
Trends And Aspects Of Policing ModelsTrends And Aspects Of Policing Models
Trends And Aspects Of Policing Models
 

More from REVULN

Yono REKSOPRODJO, Fahmy YUSUF - Information Warfare in Cyberspace: The Sprea...
Yono REKSOPRODJO,  Fahmy YUSUF - Information Warfare in Cyberspace: The Sprea...Yono REKSOPRODJO,  Fahmy YUSUF - Information Warfare in Cyberspace: The Sprea...
Yono REKSOPRODJO, Fahmy YUSUF - Information Warfare in Cyberspace: The Sprea...
REVULN
 
Mei NELSON - Hacking and Trolling: The Changing Face of Hacktivism in the Dis...
Mei NELSON - Hacking and Trolling: The Changing Face of Hacktivism in the Dis...Mei NELSON - Hacking and Trolling: The Changing Face of Hacktivism in the Dis...
Mei NELSON - Hacking and Trolling: The Changing Face of Hacktivism in the Dis...
REVULN
 
Isao MATSUNAMI - Digital security in japanese journalism
Isao MATSUNAMI - Digital security in japanese journalismIsao MATSUNAMI - Digital security in japanese journalism
Isao MATSUNAMI - Digital security in japanese journalism
REVULN
 
Chung-Jui LAI - Polarization of Political Opinion by News Media
Chung-Jui LAI - Polarization of Political Opinion by News MediaChung-Jui LAI - Polarization of Political Opinion by News Media
Chung-Jui LAI - Polarization of Political Opinion by News Media
REVULN
 
Stewart MACKENZIE - The edge of the Internet is becoming the center
Stewart MACKENZIE - The edge of the Internet is becoming the centerStewart MACKENZIE - The edge of the Internet is becoming the center
Stewart MACKENZIE - The edge of the Internet is becoming the center
REVULN
 
Masayuki HATTA - Debunking toxic "Matome sites" in Japan
Masayuki HATTA - Debunking toxic "Matome sites" in JapanMasayuki HATTA - Debunking toxic "Matome sites" in Japan
Masayuki HATTA - Debunking toxic "Matome sites" in Japan
REVULN
 
Sebastien BOURDEAUDUCQ, Stewart MACKENZIE - A talk about nothing (How to crea...
Sebastien BOURDEAUDUCQ, Stewart MACKENZIE - A talk about nothing (How to crea...Sebastien BOURDEAUDUCQ, Stewart MACKENZIE - A talk about nothing (How to crea...
Sebastien BOURDEAUDUCQ, Stewart MACKENZIE - A talk about nothing (How to crea...
REVULN
 
Rachel BLUNDY - Overview of AFP Fact Check
Rachel BLUNDY - Overview of AFP Fact CheckRachel BLUNDY - Overview of AFP Fact Check
Rachel BLUNDY - Overview of AFP Fact Check
REVULN
 
Dominic WAI - When would using a computer be a crime?
Dominic WAI - When would using a computer be a crime?Dominic WAI - When would using a computer be a crime?
Dominic WAI - When would using a computer be a crime?
REVULN
 
Yi-Lang Tsai - Cyber Security, Threat Hunting and Defence Challenge in Taiwan...
Yi-Lang Tsai - Cyber Security, Threat Hunting and Defence Challenge in Taiwan...Yi-Lang Tsai - Cyber Security, Threat Hunting and Defence Challenge in Taiwan...
Yi-Lang Tsai - Cyber Security, Threat Hunting and Defence Challenge in Taiwan...
REVULN
 
Dr. Rolando Rivera Lansigan - The Privacy Act of 2012, its compliance and imp...
Dr. Rolando Rivera Lansigan - The Privacy Act of 2012, its compliance and imp...Dr. Rolando Rivera Lansigan - The Privacy Act of 2012, its compliance and imp...
Dr. Rolando Rivera Lansigan - The Privacy Act of 2012, its compliance and imp...
REVULN
 
Manabu Niseki, Hirokazu Kodera - Catch Phish If You Can: A Case Study of Phis...
Manabu Niseki, Hirokazu Kodera - Catch Phish If You Can: A Case Study of Phis...Manabu Niseki, Hirokazu Kodera - Catch Phish If You Can: A Case Study of Phis...
Manabu Niseki, Hirokazu Kodera - Catch Phish If You Can: A Case Study of Phis...
REVULN
 

More from REVULN (12)

Yono REKSOPRODJO, Fahmy YUSUF - Information Warfare in Cyberspace: The Sprea...
Yono REKSOPRODJO,  Fahmy YUSUF - Information Warfare in Cyberspace: The Sprea...Yono REKSOPRODJO,  Fahmy YUSUF - Information Warfare in Cyberspace: The Sprea...
Yono REKSOPRODJO, Fahmy YUSUF - Information Warfare in Cyberspace: The Sprea...
 
Mei NELSON - Hacking and Trolling: The Changing Face of Hacktivism in the Dis...
Mei NELSON - Hacking and Trolling: The Changing Face of Hacktivism in the Dis...Mei NELSON - Hacking and Trolling: The Changing Face of Hacktivism in the Dis...
Mei NELSON - Hacking and Trolling: The Changing Face of Hacktivism in the Dis...
 
Isao MATSUNAMI - Digital security in japanese journalism
Isao MATSUNAMI - Digital security in japanese journalismIsao MATSUNAMI - Digital security in japanese journalism
Isao MATSUNAMI - Digital security in japanese journalism
 
Chung-Jui LAI - Polarization of Political Opinion by News Media
Chung-Jui LAI - Polarization of Political Opinion by News MediaChung-Jui LAI - Polarization of Political Opinion by News Media
Chung-Jui LAI - Polarization of Political Opinion by News Media
 
Stewart MACKENZIE - The edge of the Internet is becoming the center
Stewart MACKENZIE - The edge of the Internet is becoming the centerStewart MACKENZIE - The edge of the Internet is becoming the center
Stewart MACKENZIE - The edge of the Internet is becoming the center
 
Masayuki HATTA - Debunking toxic "Matome sites" in Japan
Masayuki HATTA - Debunking toxic "Matome sites" in JapanMasayuki HATTA - Debunking toxic "Matome sites" in Japan
Masayuki HATTA - Debunking toxic "Matome sites" in Japan
 
Sebastien BOURDEAUDUCQ, Stewart MACKENZIE - A talk about nothing (How to crea...
Sebastien BOURDEAUDUCQ, Stewart MACKENZIE - A talk about nothing (How to crea...Sebastien BOURDEAUDUCQ, Stewart MACKENZIE - A talk about nothing (How to crea...
Sebastien BOURDEAUDUCQ, Stewart MACKENZIE - A talk about nothing (How to crea...
 
Rachel BLUNDY - Overview of AFP Fact Check
Rachel BLUNDY - Overview of AFP Fact CheckRachel BLUNDY - Overview of AFP Fact Check
Rachel BLUNDY - Overview of AFP Fact Check
 
Dominic WAI - When would using a computer be a crime?
Dominic WAI - When would using a computer be a crime?Dominic WAI - When would using a computer be a crime?
Dominic WAI - When would using a computer be a crime?
 
Yi-Lang Tsai - Cyber Security, Threat Hunting and Defence Challenge in Taiwan...
Yi-Lang Tsai - Cyber Security, Threat Hunting and Defence Challenge in Taiwan...Yi-Lang Tsai - Cyber Security, Threat Hunting and Defence Challenge in Taiwan...
Yi-Lang Tsai - Cyber Security, Threat Hunting and Defence Challenge in Taiwan...
 
Dr. Rolando Rivera Lansigan - The Privacy Act of 2012, its compliance and imp...
Dr. Rolando Rivera Lansigan - The Privacy Act of 2012, its compliance and imp...Dr. Rolando Rivera Lansigan - The Privacy Act of 2012, its compliance and imp...
Dr. Rolando Rivera Lansigan - The Privacy Act of 2012, its compliance and imp...
 
Manabu Niseki, Hirokazu Kodera - Catch Phish If You Can: A Case Study of Phis...
Manabu Niseki, Hirokazu Kodera - Catch Phish If You Can: A Case Study of Phis...Manabu Niseki, Hirokazu Kodera - Catch Phish If You Can: A Case Study of Phis...
Manabu Niseki, Hirokazu Kodera - Catch Phish If You Can: A Case Study of Phis...
 

Recently uploaded

一比一原版澳洲西澳大学毕业证(uwa毕业证书)如何办理
一比一原版澳洲西澳大学毕业证(uwa毕业证书)如何办理一比一原版澳洲西澳大学毕业证(uwa毕业证书)如何办理
一比一原版澳洲西澳大学毕业证(uwa毕业证书)如何办理
aguty
 
[VCOSA] Monthly Report - Cotton & Yarn Statistics March 2024
[VCOSA] Monthly Report - Cotton & Yarn Statistics March 2024[VCOSA] Monthly Report - Cotton & Yarn Statistics March 2024
[VCOSA] Monthly Report - Cotton & Yarn Statistics March 2024
Vietnam Cotton & Spinning Association
 
PyData London 2024: Mistakes were made (Dr. Rebecca Bilbro)
PyData London 2024: Mistakes were made (Dr. Rebecca Bilbro)PyData London 2024: Mistakes were made (Dr. Rebecca Bilbro)
PyData London 2024: Mistakes were made (Dr. Rebecca Bilbro)
Rebecca Bilbro
 
一比一原版(UO毕业证)渥太华大学毕业证如何办理
一比一原版(UO毕业证)渥太华大学毕业证如何办理一比一原版(UO毕业证)渥太华大学毕业证如何办理
一比一原版(UO毕业证)渥太华大学毕业证如何办理
bmucuha
 
SAP BW4HANA Implementagtion Content Document
SAP BW4HANA Implementagtion Content DocumentSAP BW4HANA Implementagtion Content Document
SAP BW4HANA Implementagtion Content Document
newdirectionconsulta
 
Sid Sigma educational and problem solving power point- Six Sigma.ppt
Sid Sigma educational and problem solving power point- Six Sigma.pptSid Sigma educational and problem solving power point- Six Sigma.ppt
Sid Sigma educational and problem solving power point- Six Sigma.ppt
ArshadAyub49
 
Call Girls Hyderabad (india) ☎️ +91-7426014248 Hyderabad Call Girl
Call Girls Hyderabad  (india) ☎️ +91-7426014248 Hyderabad  Call GirlCall Girls Hyderabad  (india) ☎️ +91-7426014248 Hyderabad  Call Girl
Call Girls Hyderabad (india) ☎️ +91-7426014248 Hyderabad Call Girl
sapna sharmap11
 
Econ3060_Screen Time and Success_ final_GroupProject.pdf
Econ3060_Screen Time and Success_ final_GroupProject.pdfEcon3060_Screen Time and Success_ final_GroupProject.pdf
Econ3060_Screen Time and Success_ final_GroupProject.pdf
blueshagoo1
 
一比一原版(uob毕业证书)伯明翰大学毕业证如何办理
一比一原版(uob毕业证书)伯明翰大学毕业证如何办理一比一原版(uob毕业证书)伯明翰大学毕业证如何办理
一比一原版(uob毕业证书)伯明翰大学毕业证如何办理
9gr6pty
 
Drownings spike from May to August in children
Drownings spike from May to August in childrenDrownings spike from May to August in children
Drownings spike from May to August in children
Bisnar Chase Personal Injury Attorneys
 
CAP Excel Formulas & Functions July - Copy (4).pdf
CAP Excel Formulas & Functions July - Copy (4).pdfCAP Excel Formulas & Functions July - Copy (4).pdf
CAP Excel Formulas & Functions July - Copy (4).pdf
frp60658
 
Sample Devops SRE Product Companies .pdf
Sample Devops SRE  Product Companies .pdfSample Devops SRE  Product Companies .pdf
Sample Devops SRE Product Companies .pdf
Vineet
 
Q4FY24 Investor-Presentation.pdf bank slide
Q4FY24 Investor-Presentation.pdf bank slideQ4FY24 Investor-Presentation.pdf bank slide
Q4FY24 Investor-Presentation.pdf bank slide
mukulupadhayay1
 
一比一原版卡尔加里大学毕业证(uc毕业证)如何办理
一比一原版卡尔加里大学毕业证(uc毕业证)如何办理一比一原版卡尔加里大学毕业证(uc毕业证)如何办理
一比一原版卡尔加里大学毕业证(uc毕业证)如何办理
oaxefes
 
Template xxxxxxxx ssssssssssss Sertifikat.pptx
Template xxxxxxxx ssssssssssss Sertifikat.pptxTemplate xxxxxxxx ssssssssssss Sertifikat.pptx
Template xxxxxxxx ssssssssssss Sertifikat.pptx
TeukuEriSyahputra
 
一比一原版(lbs毕业证书)伦敦商学院毕业证如何办理
一比一原版(lbs毕业证书)伦敦商学院毕业证如何办理一比一原版(lbs毕业证书)伦敦商学院毕业证如何办理
一比一原版(lbs毕业证书)伦敦商学院毕业证如何办理
ywqeos
 
一比一原版斯威本理工大学毕业证(swinburne毕业证)如何办理
一比一原版斯威本理工大学毕业证(swinburne毕业证)如何办理一比一原版斯威本理工大学毕业证(swinburne毕业证)如何办理
一比一原版斯威本理工大学毕业证(swinburne毕业证)如何办理
actyx
 
A gentle exploration of Retrieval Augmented Generation
A gentle exploration of Retrieval Augmented GenerationA gentle exploration of Retrieval Augmented Generation
A gentle exploration of Retrieval Augmented Generation
dataschool1
 
一比一原版悉尼大学毕业证如何办理
一比一原版悉尼大学毕业证如何办理一比一原版悉尼大学毕业证如何办理
一比一原版悉尼大学毕业证如何办理
keesa2
 
reading_sample_sap_press_operational_data_provisioning_with_sap_bw4hana (1).pdf
reading_sample_sap_press_operational_data_provisioning_with_sap_bw4hana (1).pdfreading_sample_sap_press_operational_data_provisioning_with_sap_bw4hana (1).pdf
reading_sample_sap_press_operational_data_provisioning_with_sap_bw4hana (1).pdf
perranet1
 

Recently uploaded (20)

一比一原版澳洲西澳大学毕业证(uwa毕业证书)如何办理
一比一原版澳洲西澳大学毕业证(uwa毕业证书)如何办理一比一原版澳洲西澳大学毕业证(uwa毕业证书)如何办理
一比一原版澳洲西澳大学毕业证(uwa毕业证书)如何办理
 
[VCOSA] Monthly Report - Cotton & Yarn Statistics March 2024
[VCOSA] Monthly Report - Cotton & Yarn Statistics March 2024[VCOSA] Monthly Report - Cotton & Yarn Statistics March 2024
[VCOSA] Monthly Report - Cotton & Yarn Statistics March 2024
 
PyData London 2024: Mistakes were made (Dr. Rebecca Bilbro)
PyData London 2024: Mistakes were made (Dr. Rebecca Bilbro)PyData London 2024: Mistakes were made (Dr. Rebecca Bilbro)
PyData London 2024: Mistakes were made (Dr. Rebecca Bilbro)
 
一比一原版(UO毕业证)渥太华大学毕业证如何办理
一比一原版(UO毕业证)渥太华大学毕业证如何办理一比一原版(UO毕业证)渥太华大学毕业证如何办理
一比一原版(UO毕业证)渥太华大学毕业证如何办理
 
SAP BW4HANA Implementagtion Content Document
SAP BW4HANA Implementagtion Content DocumentSAP BW4HANA Implementagtion Content Document
SAP BW4HANA Implementagtion Content Document
 
Sid Sigma educational and problem solving power point- Six Sigma.ppt
Sid Sigma educational and problem solving power point- Six Sigma.pptSid Sigma educational and problem solving power point- Six Sigma.ppt
Sid Sigma educational and problem solving power point- Six Sigma.ppt
 
Call Girls Hyderabad (india) ☎️ +91-7426014248 Hyderabad Call Girl
Call Girls Hyderabad  (india) ☎️ +91-7426014248 Hyderabad  Call GirlCall Girls Hyderabad  (india) ☎️ +91-7426014248 Hyderabad  Call Girl
Call Girls Hyderabad (india) ☎️ +91-7426014248 Hyderabad Call Girl
 
Econ3060_Screen Time and Success_ final_GroupProject.pdf
Econ3060_Screen Time and Success_ final_GroupProject.pdfEcon3060_Screen Time and Success_ final_GroupProject.pdf
Econ3060_Screen Time and Success_ final_GroupProject.pdf
 
一比一原版(uob毕业证书)伯明翰大学毕业证如何办理
一比一原版(uob毕业证书)伯明翰大学毕业证如何办理一比一原版(uob毕业证书)伯明翰大学毕业证如何办理
一比一原版(uob毕业证书)伯明翰大学毕业证如何办理
 
Drownings spike from May to August in children
Drownings spike from May to August in childrenDrownings spike from May to August in children
Drownings spike from May to August in children
 
CAP Excel Formulas & Functions July - Copy (4).pdf
CAP Excel Formulas & Functions July - Copy (4).pdfCAP Excel Formulas & Functions July - Copy (4).pdf
CAP Excel Formulas & Functions July - Copy (4).pdf
 
Sample Devops SRE Product Companies .pdf
Sample Devops SRE  Product Companies .pdfSample Devops SRE  Product Companies .pdf
Sample Devops SRE Product Companies .pdf
 
Q4FY24 Investor-Presentation.pdf bank slide
Q4FY24 Investor-Presentation.pdf bank slideQ4FY24 Investor-Presentation.pdf bank slide
Q4FY24 Investor-Presentation.pdf bank slide
 
一比一原版卡尔加里大学毕业证(uc毕业证)如何办理
一比一原版卡尔加里大学毕业证(uc毕业证)如何办理一比一原版卡尔加里大学毕业证(uc毕业证)如何办理
一比一原版卡尔加里大学毕业证(uc毕业证)如何办理
 
Template xxxxxxxx ssssssssssss Sertifikat.pptx
Template xxxxxxxx ssssssssssss Sertifikat.pptxTemplate xxxxxxxx ssssssssssss Sertifikat.pptx
Template xxxxxxxx ssssssssssss Sertifikat.pptx
 
一比一原版(lbs毕业证书)伦敦商学院毕业证如何办理
一比一原版(lbs毕业证书)伦敦商学院毕业证如何办理一比一原版(lbs毕业证书)伦敦商学院毕业证如何办理
一比一原版(lbs毕业证书)伦敦商学院毕业证如何办理
 
一比一原版斯威本理工大学毕业证(swinburne毕业证)如何办理
一比一原版斯威本理工大学毕业证(swinburne毕业证)如何办理一比一原版斯威本理工大学毕业证(swinburne毕业证)如何办理
一比一原版斯威本理工大学毕业证(swinburne毕业证)如何办理
 
A gentle exploration of Retrieval Augmented Generation
A gentle exploration of Retrieval Augmented GenerationA gentle exploration of Retrieval Augmented Generation
A gentle exploration of Retrieval Augmented Generation
 
一比一原版悉尼大学毕业证如何办理
一比一原版悉尼大学毕业证如何办理一比一原版悉尼大学毕业证如何办理
一比一原版悉尼大学毕业证如何办理
 
reading_sample_sap_press_operational_data_provisioning_with_sap_bw4hana (1).pdf
reading_sample_sap_press_operational_data_provisioning_with_sap_bw4hana (1).pdfreading_sample_sap_press_operational_data_provisioning_with_sap_bw4hana (1).pdf
reading_sample_sap_press_operational_data_provisioning_with_sap_bw4hana (1).pdf
 

Dr. Da-Yu Kao - The Investigation, Forensics, and Governance of ATM Heist Threats in Law Enforcement Agencies

  • 1. The Investigation, Forensics, and Governance of ATM Heist Threats in Law Enforcement Agencies Associate Professor Dayu Kao (Ph. D.) Department of Information Management, Central Police University, Taiwan camel@mail.cpu.edu.tw
  • 2. Table of Content  I. Introduction  II. Literature Reviews  III.Sample Case  IV. Investigation, Forensics, and Governance of ATM Heist Threats  V. OSINT/SOCMINT in Law Enforcement Agencies  VI.Conclusions Governance InvestigationForensics
  • 3. I. Introduction  Law enforcement agencies (LEAs) should  make certain observations and interpretations of the digital data,  supply sufficient evidence in crime reconstruction, and  prove the suspect’s illegal access to the computer itself.
  • 4.  People say a lot online.  Computer scientists are actively developing technology that reveals all kinds of secrets about social media users.  When data from millions of people can be analyzed, statistical analysis and advanced computational techniques can detect patterns that indicate that a person has a particular attribute. Inferring Traits from Profiles
  • 5. OSINT  Open Source INTelligence (OSINT) is the intelligence collected from the sources which are present openly in the public.  OSINT comprises of various public sources, such as:  Academic publications: research papers, conference publications, etc.  Media sources: newspaper, radio channels, television, etc.  Web content: websites, social media, etc.  Public data: open government documents, public companies announcements, etc.
  • 6. OSINT Types  Literature  White literature: Published  Black literature: Non-Published  Grey literature (or gray literature): Published but not easy to (specialized) access.  Sources  The Internet: geolocation data, people search engines  Traditional mass media (e.g., television, radio)  Specialized journals, academic publications  Photos and videos including metadata  Geospatial information (e.g., maps and commercial imagery products)
  • 7. Benefits of OSINT  Less risky  Cost effective  Ease of accessibility  Legal issues: without worrying about breaching any copyright license as these resources are already published publicly.  Aiding financial (criminal) investigators  Fighting against online counterfeiting (fake news)  Maintaining national security and political stability
  • 8. What are the challenges of open source intelligence?  Sheer volume of data  Reliability of sources  Human efforts
  • 9. Techniques, methods and opportunities in Social Media Intelligence (SOCMINT) The ‘state of the art’ for generating insight from SOCMINT (Social Media Intelligence). (1) Evidence for law enforcement: establish and generate evidence to situational awareness (2) Big data Insight: aid understanding and explanation (3) An aid to Prediction: apply predictive analytics to social media datasets to predict a range of social behaviors and phenomena
  • 10. There are many types of social media: • Social networks: Facebook, Google+, VK, • Photo sharing: Instagram, Flickr • Video sharing: YouTube • Microblogging: Twitter, Tumblr • Social bookmarking: Pinterest • Social gaming • Review sites: LinkedIn (business-oriented) • App • forums • and more. Categories of social media
  • 11. Major categories include • basic demographic information, • social connections, • location information, • patterns of behavior, and • the content of the posts themselves. Information from social media
  • 12. Anonymity and confidentiality Going undetected Use of pseudonames No computer savvy What are the attributes of social networks?
  • 13.  Users must decide • whether their presentation will be accurate or idealized, • what and how much to disclose, • who their audience consists of, and • how they will interact with them. What is the relationship between Social Networking and Crime?
  • 14. Law enforcement and lawyers in civil suits certainly want to gather information on suspects or the opposing side of a dispute. The information that people reveal online is valuable as evidence. It quite easy to mistake one person for another online, and information needs to be analyzed carefully. Why might the police conduct an investigation online via OSINT/SOCMINT?
  • 16. Organizational Cybercrime Activities Year Group Name Actor Type 1993~2001 DrinkOrDie (DoD) Non- state 1996~1998 The Wonderland Club 2003~ Anonymous 2006~2008 Dark Market 2006~2010 PLA Unit 61398 State Shady RAT Aurora GhostNet 2007~2013 PRISM 2010 Operation Olympic Games Stuxnet 2010~2012 Ukrainian ZeuS Group Non- state
  • 17.  The golden rule is for investigators to apply what is known as the ‘ABC’ principle throughout the life of an investigation as follows:  A. Assume nothing  B. Believe nothing  C. Challenge and check everything 2014
  • 18. Cybercrime Investigation  Criminal investigation actually begins with data on a crime.  The presence of relevant, reliable, and sufficient evidence can officially open a case in LEAs.  The identification, collection, examination, analysis, and presentation of evidence in law.  Cyber threats leave some traces in the packets.
  • 19. Inman-Rudin Paradigm  Inman-Rudin Paradigm expanded the Locard Exchange Principle into two principles and four processes.  The principles include:  ■ Transfer  ■ The divisibility of matter  The processes include:  ■ Identification  ■ Classification/individualization  ■ Association  ■ Reconstruction
  • 20. Cybercrime Investigation  Digital evidence has become an essential part of crime scene investigation to collect live/volatile network information in cybersecurity breaches.  Cybercrime investigation focuses on  (1) identifying the digital evidence from essential logs (identification),  (2) finding the suspect ID/account and determining a common class from evidence process (individualization/classification),  (3) inferring interactions between the evidence and the suspect from copied data (association), and  ordering the associations in time and space from necessary information (reconstruction).
  • 21. Digital Forensic Process 1. Identification: 6W1H Questions 2. Collection: at scene, in lab, chain of custody 3. Examination: data, information, knowledge, intelligence 4. Analysis: temporal, relational, functional reconstruction 5. Presentation: relevant, reliable, sufficient evidences
  • 22. III. Sample Case  A. Taiwan’s Russian Mafia Group on Banks and Payment Systems in July 2016  B. Answering Some Questions  1) Who: Andrejs Peregudovs, Mihail Colibaba and Nikolay Penkov  2) What: US$2.61 Million Theft in an ATM Looting  3) When: July 9 ~ 10, 2016  4) Where: Three Suspects Were Charged in Taipei  5) How: ATM Attacks Targeting Wincor Nixdorf Model  C. Answering Follow-up Questions: How can OSINT/SOCMINT help in this case?
  • 23. Money Flow in Taiwan ATM Heist Date Money Activity July 9 and 10, 2016 NT$83.27 million (US$2.61 million) Seventeen suspects was illegally withdrawn July 11, 2016 NT$200,000 Two suspects have converted more than NT$200,000 into South Korean won, Australian dollars and US dollars July 17, 2016 NT$60.24 million Two suspects were arrested. Some money was recovered July 20, 2016 NT$12.63 million police found Andrejs’s bag July 20, 2016 NT$4.54 million Mr. Ko handed another bag to police. 93% Money Back Time and luck
  • 24. Are there any insiders involved?  Irregularities in the connections between the voice server in London, the bank’s internal network and the ATMs in Taiwan.  Because the bank’s computer system is a closed network, insider assistance could not be ruled out yet in this case.  Cybercrime investigators will try their best to find evidence in computers or networks.
  • 25. Practices on Cybercrime Issues  Be collaborating and making efforts to combat cybercrime.  Consider Private-Public-Partnership (PPP) to bring research into reality for cybercrime investigation.
  • 26. Actionable Intelligence Practices on Cybercrime Issues Cybercrime Governance Near-Term Mid-Term Long-Term Draw a strategic roadmap to combat cybercrime Develop SOPs Facilitate cross- border Cooperation People Cybersecurity Capacity Building Cybersecurity Reporting Mechanism Private-Public- Partnership Process National Agency for Cybersecurity Legal Measures International Cooperation Technology Cybersecurity Strategy R&D on advanced Tools and Technology Active Participation Tasks Create new procedures or policies to deter, respond to, and prosecute cybercrime. Enhance the actionable intelligence capability to rapidly gather data, accurately process information, and strategically combat cybercrime.
  • 27. Longer Arm of Cybercrime Investigation  Making sound judgments at low cost is a core role and important attribute for LEAs, who must maximize the potential and exploit the possibilities to ensure things are what they see.  Various kind of intelligence provide important information in a timely manner to an appropriate audience for better informed decision making.  Actionable intelligence is related to the investigation or incident at hand within the wider intelligence mix.  LEAs have produced actionable intelligence from criminal investigation to gain knowledge in support of preventing cybercrime or pursuing terrorists.
  • 29. Functional Comparison of ATM Malware Family Malware Family Carberp Anunak Carbanak Group Carberp, Pawn Storm or APT28 Anunak hacker group Carbanak criminal gang Identified by the Internet security companies Federal Office for Information Security, BSI ( Germany) and Trend Micro (Taiwan). Group-IB (Russia) and Fox-IT (The Netherlands) Kaspersky (Russian/UK) Malware Successor (initially based on) Zeus, Rovnix, RDPdor, Hodprot, and Origami Carberp (source code) + Anunak (Wincor ATMs) Finding Time 2009 December 2014 2015 Victim Location Russian Eastern Europe, the U.S. Russia, the United States, Germany, China and Ukraine
  • 30. Behavioral Attribute Comparison of ATM Malware Family Catego ry Case 1 2 3 Who An organized criminal group name Carberp, Pawn Storm or APT28 Unlimited Operations Russian Mafia Suspect numbers 8 8 19 Arrest by Russia USA Taiwan Arrested suspects name (from Newspaper) Germes and Arashi (Alias) Elvis Rafael Rodriguez, Emir Yasser Yeje, and Alberto Yusi Lajud- Peña Andrejs Peregudovs, Mihail Colibaba and Nikolay Penkov What USD theft in an ATM looting $1 Billion $45 Million $2.6 Million (NT$83.27 Million) When From plan to ATM heist 2009 ~ February 2015 December 2012 and February 2013 July 2016 Arrest date March 2012 May 2013 July 2016 Where ATM location Moscow in Russia New York in USA (More than 24 countries) Taipei City, New Taipei City, and Taichung in Taiwan How Money from the financial institution itself Prepaid Debit Accounts the financial institution itself
  • 31. IV. Investigation, Forensics, and Governance of ATM Heist Threats https://tw.appledaily.com
  • 32. People • Commit Cross-Border Cybercrimes • Need for Global Cooperation Process • Limit Remote Access for ATMs • Limit Convenient Access for ATM Cabinets Technology • Choose Closed System • Protect Internal Information Governance • Protect against Computer Security Threats • Enhance Access Control Practices Prevention Strategy on ICT Governance
  • 33. Cybercrime Countermeasure of Insider Threat Investigation 1. Track the Pathway of a Threat •Payload-based inspection •Port-based identification 2. Perform 24/7 Full-packet Capture •Getting packet analyzers •Capturing packets 3. Check All Network Connections •Real‐time situational awareness •Inspecting packets 4. Track the Source IP Address •Differentiation with user-generated content •IP Address-based filter 5. Show the Digital Evidence •Testify tools and processes •Evaluate admissibility and weight Governance InvestigationForensics
  • 34. The Governance of Digital Forensic Investigation in Law Enforcement Agencies Governance InvestigationForensics
  • 35. 38 The multi-dimensional framework of digital forensics
  • 36. Phases Functions Tools Triage/Preview Packet capture Wireshark Make an image file create hashes of files Data recovery FTK Imager Dump the memory RAM Capturer Examination Browser information extraction Dumpzilla capture the physical memory analyze artifacts in memory Magnet RAM Capture Network sniffering Network Miner Analysis Timeline Analysis Hash Filtering File System Analysis Keyword Searching Autopsy and The Sleuth Kit extract applications data Xplico Comprehensive analysis and forensics EnCASE FTK TCT Reconstruction Temporal, Functional, and Relational Analysis39
  • 37. IV. OSINT/SOCMINT in Law Enforcement Agencies https://inteltechniques.com/
  • 38. Search Engines Tool -Populate all-submit all https://inteltechniques.com/
  • 39. LEAs can look at • where they post from, • who they interact with, • how people are sharing on social media, and • what is reflected in their posts. How can LEAs infer traits from the target’s profiles?
  • 40. 1. Internet Habitats - Finding people Look broadly for social networking sites 2. Snowball Sampling - Social searches Effective on many sites 3. Social Networking Analysis - relational linkage Content is king Law Enforcement on Social Network Sites
  • 41. Information sharing: There are a substantial number of web forums, Internet relay chat (IRC) channels, blogs, and other online resources that facilitate information sharing between hackers across the world. Facilitate attacks: These resources range from legitimate, ethical discussions of hacking to serious forums where individuals buy, sell, and trade malware and stolen data to facilitate attacks and identity theft. Create software and tools: The top tier of hackers have the complex skills needed to create software and tools to facilitate complex automated attacks against variety of systems. Case Study: Habitats Through Social Network Data
  • 42.  law enforcement has successfully used social media to investigate street gangs and other small organizations.  When you have an individual target in mind but you do not know much about him, it can be helpful to understand information about the demographic groups that the target is a member of. The Individual ‘s Habitats
  • 43.  There is a lot of information available on social media to better understand organizations and communities of people.  Learning these insights about groups of people may not reveal exactly what a specific investigation target is doing, but it can provide valuable insight into where that target might be found online, how he or she is using social media as a member of that group, and what topics and activities are of interest.  Investigation of groups online can also lead to valuable intelligence about individuals within those groups who late become interesting. Interest groups investigation on social media sites
  • 44. Only about 30% of adults report including location information. (maybe more!) This is an opt-in process, not an automatic one. It is unlikely to become something we will see by default. The availability of location information can be found in geotagged posts, check-ins, and the embedded metadata of images and videos. What are the challenges to use location data on social media? Location Data
  • 45. Exif Viewer  Jeffrey’s Exif Viewer is an online application (http://regex.info/exif.cgi) which allows us to see this Exif data present in any image file.
  • 46. PEOPLE SEARCH  Spokeo (http://www.spokeo.com)  Pipl (https://pipl.com/)  PeekYou (http://www.peekyou.com/)  Yasni (http://www.yasni.com/)  LittleSis (http://littlesis.org/)  MarketVisual (http://www.marketvisual.com/)  TheyRule (http://theyrule.net/)
  • 47. Finding people on social media  Non-authoritative answer: Social media is not an authoritative information source.  Specific sites: Search for people on the specific sites you care about.  Reuse usernames: People often reuse their usernames.  Flexible search: Searching for people through their associates and allowing for flexibility and some incorrectness in search results will help you discover targets in ways that you might not have initially expected.
  • 48. Finding people on social media  Toolkits: the social media sites‘ internal search/advanced Google search tools for finding people.  Names or usernames as input: Social media search engines take names or possible usernames as input and then search across social media sites to find accounts.  Updated list services: These services are constantly changing, and the companion website for the book has an updated list.
  • 49. AUTHORSHIP ANALYSIS  When the attack consists of documents that have been written by an author, the main method for performing attribution is called authorship analysis.  In authorship analysis, features from within the text are used to model the writing behavior of the author, and lead to a predictive model that can identify the author of a text.
  • 50.  The group characteristics can provide insights about where to start looking for information specific to the target.  All types of organizations have presences on social media  The activities, motivations, and online statements of the organization can be valuable background for understanding an individual target. Looking for Valuable Information Specific to The Target
  • 52. Identify various forms of cybercrime: Identify when and how various forms of cybercrime occur. Promote reporting among citizens: Consider how real-world community meetings may be structured to promote reporting among citizens and demonstrate law enforcement’s investigative capabilities to the community. Increase exposure of the agency: Help increase exposure of the law enforcement agency to various online populations. Online Community Policing
  • 53. Evidence: Social media postings may be used as evidence of cybercrimes, such as cyberstalking, online threats and harassment, child pornography, and sexual assault. Powerful tool: Social media is a powerful tool for law enforcement, for investigation and informing or collaborating with the public. Prosecution and Social Media
  • 54. Clues  Clues help identify where attacks come from.  (1) Keyboard layout: determine the first language of the author  (2) Malware metadata  (3) Embedded fonts  (4) DNS registration: can be easily faked, but still lead to linking attacks  (5) Language, such as mistakes, which we outline in the next section on authorship analysis  (6) Remote administration tool (RAT) configuration, based on their personal preferences  (7) Behavior of the attack
  • 55. People can post basically anything on social media, but there are a few terms that are used across sites : • Updates/posts • Comment/reply • Photos and videos • Social networks/friends/contacts • Metadata Contents on social media
  • 56. Identify various forms of cybercrime: Identify when and how various forms of cybercrime occur. Promote reporting among citizens: Consider how real-world community meetings may be structured to promote reporting among citizens and demonstrate law enforcement’s investigative capabilities to the community. Increase exposure of the agency: Help increase exposure of the law enforcement agency to various online populations. Online Community Policing
  • 57. Social media sites are full of:  demographic information;  lists of friends, family, and associates;  logs of activities, preferences, and favorites;  maps showing places a person goes and how frequently;  time-stamped posts that indicate where a person was and when; and  the content of the posts themselves, where people detail their thoughts, feelings, and ideas. What does make social media a powerful tool for investigators?
  • 58. The police will have the skills you need to search, navigate, and collect information from many sources. The police should learn lessons for the use of social media: being mindful of what you put online, what to expect (or not) in terms of privacy, and how to manage your own online identity. What kinds of skills does the police need to search, navigate, and collect information on social media?
  • 59. Locate a target: trying to find the target themselves, and find their associates. Investigator: keep a low social media profile Target profiles: They use the same email addresses, same usernames, and same profile photos over and over. What are the standard investigation techniques in SNSs?
  • 60. Conclusions Law enforcement officials are exploiting social media to • investigate crime, • identify perpetrators, and • build cases for prosecution.  A promising approach to ensure efficient and effective strategy is collaborations between various private and public organizations.  Security agencies, intelligence agencies and LEAs can apply similar techniques.
  • 61. 65 Any comments are appreciated. Thanks for your listening. Dayu Kao (Ph. D.) Associate Professor Central Police University, Taiwan E-mail: camel@mail.cpu.edu.tw Don't believe everything you are told! Ask “Where is the EVIDENCE?”