ISS World Asia is the world's largest gathering of Asian Law Enforcement, Homeland Security, Defense, Public Safety and other members of the Government Intelligence Community as well as Telecom Operators responsible for cyber threat intelligence gathering, DarkNet monitoring, lawful interception and cybercrime investigations.
ISS World Programs present the methodologies and tools for Law Enforcement, Public Safety and Government Intelligence Communities in the fight against drug trafficking, cyber money laundering, human trafficking, terrorism and other criminal activities conducted over today's Telecommunications networks, the Internet and Social Networks.
Track 1: Lawful Interception and Criminal Investigation Training
Track 2: LEA, Defense and Public Safety Product Training
Track 3: Social Network, Web Monitoring and Cyber Threat Analytics Training
Track 4: Dark Web Monitoring and Investigation Training
Track 5: Bitcoin, Altcoin and Blockchain Transaction Investigations
Track 6: Mobile Signal Intercept and Electronic Surveillance Product Training
Track 7: Financial Crime Prevention, Detection and Investigation TrainingAdvanced HI-Tech Cyber Investigation Training Seminars Led by Law Enforcement Officers and Ph.D Computer Scientists
ISS World Asia 2018 - Agenda at a Glance
Advanced HI-Tech Cyber Investigation Training Seminars Led by Law Enforcement Officers and Ph.D Computer Scientists
32 classroom training hours, presented by sworn law enforcement officers, Ph.D. Computer Scientists and nationally recognized cybercrime textbook authors and instructors. Distinguished ISS World Training Instructors Include:
Charles Cohen, Cohen Training and Consulting, LLC, also holds the position of Captain, Indiana State Police
(6 classroom hours)
Mark Bentley, Communications Data Expert, National Cyber Crime Law Enforcement, UK Police
(9 classroom hours)
Michael Loughnane, CAMS, CFE, Loughnane Associates, LLC and retired 27 year US Federal Law Enforcement Officer
(5 classroom hours)
Jerry Lucas (Ph.D., Physics), President, TeleStrategies
(3 classroom hours)
Andrew Lewman, VP, DarkOWL and Former Executive Director, The TOR Project
(3 classroom hours)
Vladimir Vesely (Ph.D., Computer Science) Researcher, Brno University of Technology
(3 classroom hours)
Robert Capodieci, Blockchain Zoo
(3 classroom hours)
Tuesday, 4 December 2018
Seminar #1
9:00-17:00
Online Social Media and Internet Investigations
Presented by: Charles Cohen, Cohen Training and Consulting, LLC;
Charles Cohen also holds the position of Captain, Cyber Crimes Investigative Technologies Section, Indiana State Police, USA
This one-day session provides an up-to-date understanding of how social networking sites work and how members act and interact. Attendees will learn what information is available on various sites and how to integrate that information into criminal investigations and criminal intelligence analysis.
9:00-10:00
Proxies, VPNs, and Dark Web: Identity Concealment and Location Obfuscation10:15-11:15
Tor, onion routers, Deepnet, and Darknet: An Investigator's Perspective11:30-12:30
Tor, onion routers, Deepnet, and Darknet: A Deep Dive for Criminal Investigators13:30-14:30
Cellular Handset Geolocation: Investigative Opportunities and Personal Security Risks14:45-15:45
Collecting Evidence from Online Social Media: Building a Cyber-OSINT Toolbox (Part 1)16:00-17:00
Collecting Evidence from Online Social Media: Building a Cyber-OSINT Toolbox (Part 2)
Seminar #2
9:00-17:00
Practitioners Guide to Internet Investigations
Presented by: Mark Bentley, Communications Data Expert, National Cyber Crime Law Enforcement, UK Police
The aim of this 1-day seminar is to take the attendees from the basics of understanding the Internet, how to find data, through to a full understanding of best practice of an Internet investigator, building their OSINT toolbox, and having awareness and knowledge of all the tools available to achieve this. It is aimed primarily at the investigator, delivered from the perspective of detective, to empower them to have the best methodology and tradecraft to profile and catch suspects.
This is exclusively Law Enforcement only, as Practical examples, covert and investigative methodology and tradecraft will be given throughout the seminar.
09:00-10:00
The Internet, and how suspects leave a Digital Footprint. How the system works for us, as investigators
10:15-11:15
Recognizing Traffic Data and digital profiling via social networks and devices - digital shadows
11:30-12:30
WIFI, geolocation, and Mobile Data traces and tracking
13:30-14:30
Awareness of Emerging Technologies, Masking Tech and Tools, TOR and proxies
14:45-15:45
Advanced Techniques in Tracing Suspects, and lateral problem solving
16:00-17:00
Open Source Tools, resources and techniques - A walk through my free law enforcement open source tools site
Seminar #3
9:00-11:15
Understanding ISS Technologies and Intercept Products Deployed in Telecommunications Networks for Lawful Interception and Mass Surveillance
Presented by: Dr. Jerry Lucas, President, TeleStrategies
These two seminars are for law enforcement and the government intelligence community who must understand the technical basics and telecommunication jargon used to describe ISS products deployed in wireline, IP, mobile and the Internet for lawful interception and mass surveillance. Session targeted to technical investigators not familiar with telecom and internet infrastructure.
9:00-10:00
Understanding Wireline, IP and Internet Infrastructure and Related ISS Products for Technical Investigators
10:15-11:15
Understanding Mobile 3G/4G/5G Infrastructure, and Related ISS Products for Technical Investigators
Seminar #4
11:30-12:30
Understanding Cryptography used in Third Party Encrypted Services, Bitcoin, TOR, TDR/HS and other DarkNets for Technical Investigators
Presented by: Dr. Jerry Lucas, President, TeleStrategies
Topics covered include Public Key Cryptography, Why semmetric keys, Hashing, WiFi Encryption, Certificates, SSL vs. TLS and defeating encryption with quantum computing.
Seminar #5
09:00-15:45
Concerns and Considerations in Financial Crime Investigations
Presented by: Michael Loughnane, CAMS, CFE, Loughnane Associates, LLC Mike is a former US Federal Law Enforcement Officer who specialized in complex fraud and cybercrime investigations and currently provides training to improve detection and investigations of fraud, money laundering and counter terror finance.
9:00-10:00
Criminal Essentials: The Needs of a Criminal Network
10:15-11:15
Financial Crime Schemes in Money Laundering
11:30-12:30
The Essentials of Trade Based Money Laundering
13:30-14:30
How Does Money Actually Move?
14:45-15:45
Follow the Money Beyond the Banks
Seminar #6
16:00-17:00
SSL/TLS Interception Workshop
by Vladimir Vesely (Ph.D., Computer Science) Researcher, Brno University of Technology
The presentation introduces methods for decrypting TLS/SSL connections. The focus is on man-in-middle attack employing TLS/SSL proxy and other ways how to obtain session's private keys. Speakers will demonstrate how to decrypt intercepted traffic using open-source tools like Wireshark and NetFox Detective. Participants will receive access to test-bed, which consists of real devices (and their traffic) including our 40Gbps interception probe storing TLS/SSL session keys and mirroring traffic on the monitoring interface.
Wednesday, 5 December 2018
Seminar #7
14:00-17:45
Special Half Day DarkNet Seminar
by Andrew Lewman, Vice President, DarkOWL and Former Executive Director, The TOR Project
14:00-15:00
Indexing the dark net – how do you catalog and search something that is not meant to be easily scrubbed? What's possible?
15:30-16:30
Case studies / examples in dark net investigations – de-anonymizing examples / approaches / best practices / lessons learned.
16:45-17:45
Future directions - what's next in dark net infrastructure, dark markets and investigation implications
Seminar #8
15:30-16:30
Cybercurrency 101: What Technical Investigators Need to Know about Bitcoin and Altcoin Transactions, Dark Web Commerce and Blockchain Analysis
Presented by: Dr. Jerry Lucas, President, TeleStrategies
This 101 training seminar is an introduction to Bitcoin, how the system is used to support criminal activities (e.g. Dark Web) and why technical investigators need to understand the basic Bitcoin transaction mechanism (Blockchain) to successfully defeat 21st century criminals and terrorist actions. Specifically, this introduction to Bitcoin, and Altcoins (Ethereium, Monero, Dash, ZCash and others)
Seminar #9
16:45-17:45
Hunting Down Cryptocurrency Users
Presented by: Vladimir Vesely (Ph.D., Computer Science) Researcher, Brno University of Technology
The session surveys current options of both blockchain and traffic analysis for various cryptocurrency networks (not limited to Bitcoin only but including also Litecoin, Dash, Monero, Zcash and others). We will explain in detail properties of cryptocurrency forensics including address clustering, coinjoining of inputs, transaction mixing, and traffic correlation. We will mention existing (non-)commercial tools and provide a subjective list of features that a “good” tool should have. We will demonstrate methods of cryptocurrency user tracking and crime assessment in the frame of our own tool.
Thursday, 6 December 2018
Seminar #10
8:30-13:00
Blockchain Half-Day Seminar
Roberto Capodieci, Blockchain Zoo
8:30-9:30
What Investigators Need to Know about Blockchain Architectures Supporting Altcoins or Cyber Currencies Other than Bitcoin (e.g. Ethereum, Monero, Litecoin, Dash, Ripplo, etc.).10:30-11:30
What Investigators Need to Know about Blockchain 2.0 & 3.0 Application Developments12:00-13:00
What Financial Crime Investigators need to Know about Blockchain Investigation Techniques.
Seminar #11
8:30-9:30
Practitioners Guide to Understanding Cyber Attacks on Banks - Exploring Vulnerabilities from The Perspective of The Hacker
Presented by: Mark Bentley, Communications Data Expert, National Cyber Crime Law Enforcement, UK Police
This one-hour session will explore the viewpoints of both the banks perception of vulnerabilities, and that of the attacker. A follow-up session at 10:30 will address Practitioners Guide to Defending Banks Against Cyber Attacks.
Seminar #12
10:30-11:30
Practitioners Guide to Defending Banks Against Cyber Attacks – Identifying and Protecting Vulnerabilities to Frustrate the Thief, and Integrity Proof the Systems
Presented by: Mark Bentley, Communications Data Expert, National Cyber Crime Law Enforcement, UK Police
This one-hour session will explore the protection of weak points and future proofing banks against cyber-attacks.
Seminar #13
12:00-13:00
Investigation Techniques for Unmasking TOR Hidden Services and Other Dark Web Operations
Presented by: Dr. Jerry Lucas, President, TeleStrategies
TOR networks are notoriously effective at hiding the online identity of criminals, terrorists and others who are up to no good. The other side that receives less attention are TOR hidden services. These are services that leverage TOR's anonymizing capabilities to mask the identity of criminally-hosted online services - forming the basis of just about all illegal gambling sites, drug markets, child exploitation material, firearm sales, terrorism propaganda, and more. Plus other DarkNets (OneSwarm, I2P, Freenet, etc.)
Seminar #14
12:00-13:00
Top 20 Open Source Tools (OSINT) Used in Cybercrime Investigations
Presented by: Mark Bentley, Communications Data Expert, National Cyber Crime Law Enforcement, UK Police
Seminar #15
12:00-13:00
Towards Fully Automated Infinitely Scalable and Maximally Effective Password Cracking of Encrypted Documents
Presented by: Vladimir Vesely (Ph.D., Computer Science) Researcher, Brno University of Technology
The lecture outlines password-cracking use-cases, employed formats, current GPU/FPGA performance limits and existing (non-)commercial cracking tools. Moreover, we will introduce our hypervisor for distributed password cracking that helps investigators to utilize the potential of their infrastructure. We will show how to: a) automatically extract hashes from encrypted documents; b) prepare and evaluate password key space (e.g., generate passwords using Markov chains / rule-based grammars and handling of passwords containing national characters); c) orchestrate various cracking strategies (e.g., a combination of dictionaries). Last but not least, we will speak about our experience when developing own GPU-based hardware cracking platform competitive with industry standards from well-known vendors.
ISS World Asia 2018 Conference Agenda
4-6 December 2018
ISS World Asia Exhibit Hall Hours
Wednesday, 5 December 2018
10:00-18:00
Thursday, 6 December 2018
9:30 -12:30
Welcoming Remarks and Top Ten Challenges
Wednesday, 5 December 2018
8:15-8:30
Welcoming Remarks
Tatiana Lucas, ISS World Program Director, TeleStrategies
8:30-9:00
Top Ten Internet Challenges Facing Law Enforcement and the Government Intelligence Community and Who at ISS World Asia has Solutions
Dr. Jerry Lucas, President, TeleStrategies
Track 1: Lawful Interception and Criminal Investigation Training
Tuesday, 4 December 2018
9:00-17:00
Online Social Media and Internet Investigations
Charles Cohen, Cohen Training and Consulting, LLC Charles Cohen also holds the position of Captain, Indiana State Police
This one-day session provides an up-to-date understanding of how social networking sites work and how members act and interact. Attendees will learn what information is available on various sites and how to integrate that information into criminal investigations and criminal intelligence analysis.
16:00-17:00 Session A
Middlebox Security protocol (MSP); Explained
Tony Rutkowski, Yaana
16:00-17:00 Session B
SSL/TLS Interception Workshop
The presentation introduces methods for decrypting TLS/SSL connections. The focus is on man-in-middle attack employing TLS/SSL proxy and other ways how to obtain session's private keys. Speakers will demonstrate how to decrypt intercepted traffic using open-source tools like Wireshark and NetFox Detective. Participants will receive access to test-bed, which consists of real devices (and their traffic) including our 40Gbps interception probe storing TLS/SSL session keys and mirroring traffic on the monitoring interface.
Vladimir Vesely (Ph.D., Computer Science) Researcher, Brno University of Technology
Wednesday, 5 December 2018
9:00-9:30
Lawful Interception in 5G Mobile Networks
This session will elaborate the needs and the challenges of lawful interception in current
and future wireless networks. Network operators and law enforcement agencies will get
practical advice and hear about best practice techniques for the implementation of LI in
5G networks.
Presented by Utimaco TS GmbH
9:30-10:00
Move your LI systems to 100Gbps
Presented by Netcope Technologies
11:30-12:00 Session A
Legal Monitoring of Internet-of-Things (IOT)
This presentation gives a quick introduction to IOT technologies and market potential
of IOT. It will explore requirements and challenges in regards to legal compliance and
attendees will get knowledge about different interception scenarios to cover cloud-based
IOT or cellular IOT.
Presented by Utimaco TS GmbH
11:30-12:30 Session B
Hushmeeting: creating an iron-clad and quantum-safe communication environment
Preventing attacks, detecting intruders and collaborating within a backdoor-free and malware-proof communication framework. Real use cases and attacking scenarios
Mirko Minuzzo, Feedback Italia
12:00-12:30 Session A
Challenges facing Operators and LEA's: Interception of 10K+ targets on 100G networks and beyond
Considering advances in access technology that are enabling end users internet access reaching 1Gbps, with network capacity consisting of numerous 100Gbps links, more stringent intercept requirements and increasing numbers of intercept targets, we are discussing the challenges facing users of intercept solutions and network operators that are obliged to implement LIMS solution inside their networks. As both parties have seemingly opposite requirements, where LEA's would like to increase the functionality, while operators would like to drive down the cost, we will dive into the topic of how to provide interception of 10K+ targets on 100G networks and beyond while keeping the price in check.
Branko Martinović, Head of Operations, Matison
14:00-14:30 Session A
Navigating the Complexities of Communication Providers and Government Agencies for Legal Requests
Presented by Yaana
14:00-15:00 Session B
Speaker Identification: Revolution in Accuracy and Speed of Voice Biometrics
How will the new generation of Speaker Identification technology based exclusively on deep neural networks affect the hardware resources' efficiency, accuracy and speed? Experiences from applications of Speaker Identification and Content Analysis in governmental solutions.
Presented by Phonexia
14:30-15:00 Session A
Top Five New LI/DR Developments Shaping the Future
Tony Rutkowski, Yaana
Thursday, 6 December 2018
8:30-9:30
Overview of mobile phone monitoring
Note, this session is: (Only Open to LEA and Government)
Presented by Rohde & Schwarz
12:00-13:00
Towards Fully Automated Infinitely Scalable and Maximally Effective Password Cracking of Encrypted Documents
The lecture outlines password-cracking use-cases, employed formats, current GPU/FPGA performance limits and existing (non-)commercial cracking tools. Moreover, we will introduce our hypervisor for distributed password cracking that helps investigators to utilize the potential of their infrastructure. We will show how to: a) automatically extract hashes from encrypted documents; b) prepare and evaluate password key space (e.g., generate passwords using Markov chains / rule-based grammars and handling of passwords containing national characters); c) orchestrate various cracking strategies (e.g., a combination of dictionaries). Last but not least, we will speak about our experience when developing own GPU-based hardware cracking platform competitive with industry standards from well-known vendors.
Vladimir Vesely (Ph.D., Computer Science) Researcher, Brno University of Technology
Track 2: LEA, Defense and Public Safety Product Training
Sessions in this track are only open to law enforcement and the government intelligence community and public safety
Tuesday, 4 December 2018
10:15-11:15
Vlatacom Solution for Secure Information Sharing Over the Cloud
Presented by Vlatacom
11:30-12:30
Live Demo: Speech to Text and Speaker Identification
Presented by ATIS
14:45-15:45
Extracting Intelligence in the Post-Plaintext Era - Fighting Encrypted Crime
Mr. Mark Uldahl, CTO, XCI A/S
Wednesday, 5 December 2018
9:00-10:00 Session A
Digital Toolbox: the investigator's best friend
Presented by AREA
9:00-10:00 Session B
Voice data collection, identification and analysis: Hardware and software integration
The fields of audio data acquisition and analysis have long been in a discord with one another, especially when it comes to such areas as tactical audio and voice biometrics. Organizations and departments working in one of them are sometimes unaware of either requirements or limitations of the other, limiting the effectiveness of the overall workflow. In this session, we will discuss the ways that this gap can potentially be mended, including specific developments and case studies.
Presented by STC
11:30-12:30 Session A
Live Demo: Automating forensic Speaker Recognition for Cyber Crime units
Presented by ATIS
Next Generation Monitoring Center- Discover your suspects unlike ever before
Investigators struggle to derive insights from the massive & ever-expanding voice & encrypted IP communication data. Moreover, the hardwired architecture of a traditional monitoring center poses limitations in allowing seamless integration across the latest investigation tools, thereby leaving the investigators with limited target visibility and insufficient evidence.
What if there was a way to transform conventional, passive monitoring approach to generate relevant intelligence & build powerful evidence from thousands of voice calls & encrypted traffic?
Join us to explore a world of transformational monitoring solutions that bring sustainability within the LI space and make it future ready, now.
14:00-15:00 Session A
Lawful Interception in 2018. VoLTE and encrypted services like Facebook, WhatsApp and Telegram. How Social Media Intelligence benefits investigators in a holistic vision.
Presented by IPS
15:30-16:30 Session A
L.I. Targeting respecting privacy
Presented by AREA
15:30-16:30 Session B
VSAT interception with Carrier in Carrier (CiC) separation
Presented by Rohde & Schwarz
15:30-16:30 Session C
Real-time geo-location in mobile networks: how to identify and get, in real-time, the accurate position of a handset in a mobile network.
Presented by Evistel
16:45-17:45
Internet Records Intelligence: Collection, Storage, Disclosure & Analysis
Presented by Yaana
Thursday, 6 December 2018
8:30-9:30 Session A
Live Demo: Data Retention - powerful investigation on metadata
Presented by ATIS
8:30-9:30 Session B
Generate powerful evidence from PCAP, CDR/IPDR and Social Media data, all over a single interface
Agencies have to deal with a variety of data like PCAP, CDR/IPDR and Open Source Data etc. coming from multiple sources.
A typical investigation involves multiple interfaces & manual correlation, eventually resulting in disconnected intelligence about the “Person of Interest”.
What if you could bring data, tools and systems together on a single interface?
Experience Investigation Workbench, a seamless platform that assists investigators to collaboratively discover evidence, profile suspects, build stories and solve cases rapidly.
Presented by: Dhruva Sharma - Manager, Inside Sales, ClearTrail Technologies
10:30-11:30
Data Fusion and Analytics for National Security and Intelligence
Presented by Yaana
Track 3: Social Network, Web Monitoring and Cyber Threat Analytics Training
Sessions in this track are only open to law enforcement and the government intelligence community and public safety
Tuesday, 4 December 2018
9:00-17:00 Session A
Practitioners Guide to Internet Investigations
Mark Bentley, Communications Data Expert, National Cyber Crime Law Enforcement, UK Police
9:00-10:00 Session B
How to monitor Public Sentiment with a platform able to listen, analyze and react to propaganda campaigns on Social Media.
Presented by IPS
13:30-14:00
Propaganda 4.0: is fake news really so new? A journey through the tools of OSINT
Presented by Gamma Group
14:00-14:30
Gamma Eye: Combining gadgets with hi-tech. Collect and process intell to help create operational awareness
Presented by Gamma Group
14:45-15:45
Automatic Exploitation of Social Network, Deep and Dark Web to complement traditional Lawful Interception Infrastructure.
Presented by IPS
Wednesday, 5 December 2018
9:00-10:00 Session A
Tactical Web Intelligence (WEBINT) & Social Engineering: Gathering Actionable Intelligence with a modular WEBINT platform
As Intelligence Agencies demand for advanced actionable intelligence increases, a combined end-to-end modular WEBINT approach is critical to ensure timely operational results. In this session we will discuss the current state of Web Intelligence and how it can be leveraged for monitoring, prevention and investigation. This session will include live product demonstration.
Presented by CWA Webint Applications
9:00-10:00 Session B
Generating holistic intelligence by blending WEBINT with other data sources
Web Intelligence provides a wealth of information regarding specific targets or groups. Using additional data, such as call data records (CDR), video feeds, transaction records, and existing databases, we can significantly enrich WEBINT data and increase its value. In this session we present the capabilities of our Deep WEBINT product in collecting and processing target centric data from WEBINT and other sources, and generating insights using multimodal analytics including text analytics, video analytics, and audio analytics.
Presented by S2T
9:00-10:00 Session C
Using AI and Machine Learning techniques to detect threats and anomalies in mass IP data. A discussion with use cases on sophisticated rule-based systems
Presented by Vehere
11:30-12:30 Session A
Sense Awareness on Big Data
Presented by Sinovatio
11:30-12:30 Session B
WebMine: Human Intelligence in Machine
Presented by Secninjaz
11:30-12:30 Session C
Enriching Target's Profiles with OSINT data
Presented by Trovicor
14:00-15:00
Different Intelligence Sources (OSINT, Dark Web, SIGINT, HUMINT) combined under a single analytical platform - Gamma's innovative approach
Presented by Gamma Group
15:30-16:30
Web Intelligence 4.0: Infusing Face Recognition, Image Analytics and Artificial Intelligence into the next generation of WEBINT platforms
Live end-to-end demo of CWA advanced AI-Powered WEBINT platform. The session will include a special announcement and guest co-speaker.
Presented by CWA Webint Applications
Thursday, 6 December 2018
8:30-9:30
Social media investigation: open source intelligence, forensics and artificial intuition
Presented by FRESHVALE
10:30-11:30
Knowledge and Wisdom Learning from Massive Data
Presented by Sinovatio
12:00-13:00
Top 20 Open Source Tools (OSINT) Used in Cybercrime Investigations
Mark Bentley, Communications Data Expert, National Cyber Crime Law Enforcement, UK Police
Track 4: Dark Web Monitoring and Investigation Training
Wednesday, 5 December 2018
14:00-17:45Special Half Day DarkNet Seminar
by Andrew Lewman, Vice President, DarkOWL and Former Executive Director, The TOR Project
14:00-15:00
Indexing the dark net – how do you catalog and search something that is not meant to be easily scrubbed? What's possible?
15:30-16:30
Case studies / examples in dark net investigations – de-anonymizing examples / approaches / best practices / lessons learned.
16:45-17:45
Future directions - what's next in dark net infrastructure, dark markets and investigation implications
Thursday, 6 December 2018
8:30-9:30
Profile, target and investigate the Darknet. Reinventing traditional HUMINT in the Digital Era
Note, this session is: (Only Open to LEA and Government)
Presented by AREA
12:00-13:00
Investigation Techniques for Unmasking TOR Hidden Services and Other Dark Web Operations
Dr. Jerry Lucas, President, TeleStrategies
Track 5: Bitcoin, Altcoin and Blockchain Transaction Investigations
Wednesday, 5 December 2018
15:30-16:30
Cybercurrency 101: What Technical Investigators Need to Know about Bitcoin and Altcoin Transactions, Dark Web Commerce and Blockchain Analysis
Dr. Jerry Lucas, President, TeleStrategies
16:45-17:45
Hunting Down Cryptocurrency Users
The session surveys current options of both blockchain and traffic analysis for various cryptocurrency networks (not limited to Bitcoin only but including also Litecoin, Dash, Monero, Zcash and others). We will explain in detail properties of cryptocurrency forensics including address clustering, coinjoining of inputs, transaction mixing, and traffic correlation. We will mention existing (non-)commercial tools and provide a subjective list of features that a “good” tool should have. We will demonstrate methods of cryptocurrency user tracking and crime assessment in the frame of our own tool.
Vladimir Vesely (Ph.D., Computer Science) Researcher, Brno University of Technology
Thursday, 6 December 2018
8:30-9:30
What Investigators Need to Know about Blockchain Architectures Supporting Altcoins or Cyber Currencies Other than Bitcoin (e.g. Ethereum, Monero, Litecoin, Dash, Ripplo, etc.).
Roberto Capodieci, Blockchain Zoo
10:30-11:30
What Investigators Need to Know about Blockchain 2.0 & 3.0 Application Developments
Roberto Capodieci, Blockchain Zoo
12:00-13:00
What Financial Crime Investigators need to Know about Blockchain Investigation Techniques.
Roberto Capodieci, Blockchain Zoo
Track 6: Mobile Signal Intercept and Electronic Surveillance Product Training
Sessions in this track are only open to law enforcement and the government intelligence community and public safety
Tuesday, 4 December 2018
16:00-17:00
Command and Control Center for covert field operations using Audio, Video and GPS feeds.
Presented by IPS
Wednesday, 5 December 2018
9:00-10:00
IMSI Catcher, 2G/3G/4G Interception, New Challenges and Solutions
Presented by NeoSoft AG
14:00-15:00
Training Tactical Cyber Teams as an Effective Fighting Force for the Battleground of the Future
Cyber is one of the most rapidly changing operational environments available and can present a number of significant challenges to intelligence operations as well as a number of advantages when the right training, tactics and procedures underpins the approach when combined with the correct technologies. The deployment of covert Cyber Operations has recently allowed intelligence gathering agencies to be pro-active and gain the upper hand in expanding the intelligence picture, allowing the dynamic deployment of other assets as real time opportunities present. Providence offers the key building blocks for Cyber Operations and Online Investigations upon which many other operational elements can grow, such as the creation of online intelligence networks and offensive Cyber Operations, delivered through a comprehensive menu of training courses. These courses transfer all of the essential skills necessary for a successful Cyber Operation to be carried out across social media and online forums across the Internet, Deep Web and Dark Net.
Paul Clarke, Cyber Director, Providence
15:30-16:30 Session A
Cellular Intelligence in Action. Real use cases solved by combining mobile location and traffic data from cellular networks
Presented by Mobilaris
Track 7: Financial Crime Prevention, Detection and Investigation Training
Tuesday, 4 December 2018
9:00-15:45Concerns and Considerations in Financial Crime Investigations
Presented by: Michael Loughnane, CAMS, CFE, Loughnane Associates, LLC Mike is a former US Federal Law Enforcement Officer who specialized in complex fraud and cybercrime investigations and currently provides training to improve detection and investigations of fraud, money laundering and counter terror finance.
9:00-10:00
Criminal Essentials: The Needs of a Criminal Network
10:15-11:15
Financial Crime Schemes in Money Laundering
11:30-12:30
The Essentials of Trade Based Money Laundering
13:30-14:30
How Does Money Actually Move?
14:45-15:45
Follow the Money Beyond the Banks
Thursday, 6 December 2018
8:30-9:30
Practitioners Guide to Understanding Cyber Attacks on Banks - Exploring Vulnerabilities from The Perspective of The Hacker
Mark Bentley, Communications Data Expert, National Cyber Crime Law Enforcement, UK Police
10:30-11:30 Session A
Practitioners Guide to Defending Banks Against Cyber Attacks – Identifying and Protecting Vulnerabilities To Frustrate The Thief, and Integrity Proof The Systems
Mark Bentley, Communications Data Expert, National Cyber Crime Law Enforcement, UK Police
10:30-11:30 Session B
Money Laundry Use Case: Banking Data Analysis
Note, this session is: (Only Open to LEA and Government)
Presented by Trovicor
Advanced HI-Tech Cyber Investigation Training Seminars Led by Law Enforcement Officers and Ph.D Computer Scientists
32 classroom training hours, presented by sworn law enforcement officers, Ph.D. Computer Scientists and nationally recognized cybercrime textbook authors and instructors.
Tuesday, 4 December 2018
Seminar #1
9:00-17:00
Online Social Media and Internet Investigations
Presented by: Charles Cohen, Cohen Training and Consulting, LLC;
Charles Cohen also holds the position of Captain, Cyber Crimes Investigative Technologies Section, Indiana State Police, USA
9:00-10:00
Proxies, VPNs, and Dark Web: Identity Concealment and Location Obfuscation10:15-11:15
Tor, onion routers, Deepnet, and Darknet: An Investigator's Perspective11:30-12:30
Tor, onion routers, Deepnet, and Darknet: A Deep Dive for Criminal Investigators13:30-14:30
Cellular Handset Geolocation: Investigative Opportunities and Personal Security Risks14:45-15:45
Collecting Evidence from Online Social Media: Building a Cyber-OSINT Toolbox (Part 1)16:00-17:00
Collecting Evidence from Online Social Media: Building a Cyber-OSINT Toolbox (Part 2)
Seminar #2
9:00-17:00
Practitioners Guide to Internet Investigations
Presented by: Mark Bentley, Communications Data Expert, National Cyber Crime Law Enforcement, UK Police
The aim of this 1-day seminar is to take the attendees from the basics of understanding the Internet, how to find data, through to a full understanding of best practice of an Internet investigator, building their OSINT toolbox, and having awareness and knowledge of all the tools available to achieve this. It is aimed primarily at the investigator, delivered from the perspective of detective, to empower them to have the best methodology and tradecraft to profile and catch suspects.
This is exclusively Law Enforcement only, as Practical examples, covert and investigative methodology and tradecraft will be given throughout the seminar.
09:00-10:00
The Internet, and how suspects leave a Digital Footprint. How the system works for us, as investigators
How it works. Why it works. How it works for us. How data traffic leaves a trace; What the internet is; what is an IP and how is it significant to trace a person. IPv4 and IPv6 – understanding the changes- the benefits and pitfalls for the investigator. The internet has millions of copies of data on it - why, and where can we find this. Tracking and evaluating data. MAC adders tracking.10:15-11:15
Recognizing Traffic Data and digital profiling via social networks and devices - digital shadowsWhat data is available. How to harvest and analyze it. Best practice to identify suspects and build profiles. Good practice, virtual data 'housekeeping' and tradecraft. Data collection and interrogation, significance and value. IP usage, exploitation and dynamics; IP plotting and analysis how to look for suspect mistakes and exploit them (where they show their id). Dynamic approaches to identifying suspects through internet profiles. What investigators get from tech and service providers, and how to analyze it. Investigator capabilities and opportunities.
11:30-12:30
WIFI, geolocation, and Mobile Data traces and trackingA detectives look at Wi-Fi, attribution, cell site data, GPRS location services and technology. How an investigator can track devices, attribute suspects locations, devices and movement. Unique communication identifiers. Dynamic live time tracing. Geo location services and uses. Online Surveillance and tracking movement and speed.
13:30-14:30
Awareness of Emerging Technologies, Masking Tech and Tools, TOR and proxies
How suspects are using emerging and new technologies.
An introduction to where technology is going, and how Law enforcement can use this to our advantages. dynamic and pro-active problem solving. Darknet, (Deep web), TOR and IRC use. VOIP, Skype and FaceTime exploits. Advanced data sniffing and profile building. TOR systems, applications and ways to coax offenders out of the system.14:45-15:45
Advanced Techniques in Tracing Suspects, and lateral problem solving
Using innovative and dynamic methods to trace offenders. Tricks used by suspects and how to combat them- Play them at their own game? Covert internet investigations. Proxy servers and hiding. Managing collateral intrusion. Reverse and social engineering. Thinking outside the box. Lateral thinking. Possible missed opportunities. Profile building and manhunts through device footprints, speed and movement.16:00-17:00
Open Source Tools, resources and techniques - A walk through my free law enforcement open source tools site
"Just google it" doesn't work anymore. A look at good tradecraft, practice and methodology in profiling, tracking and tracing digital footprints and shadows on the internet, by means of best available tools. A look at a selection of 200+ tools available on Mark's open source law enforcement tools website, that search engines can't see, with login and password provided during the session. Do's and do not's. Best tools for best results. When was the last time you 'googled' something in an investigation, and it returned 5 results, all specifically relating to your suspect? This session will teach you how.
Seminar #3
9:00-11:15
Understanding ISS Technologies and Intercept Products Deployed in Telecommunications Networks for Lawful Interception and Mass Surveillance
Presented by: Dr. Jerry Lucas, President, TeleStrategies
These two sessions are for law enforcement and the government intelligence community who must understand the technical basics and telecommunication jargon used to describe ISS products deployed in wireline, IP, mobile and the Internet for lawful interception and mass surveillance.
9:00-10:00
Understanding Wireline, IP and Internet Infrastructure and Related ISS Products for Technical Investigators
- Wireline Networks and Intercept: DPI, PSTN metadata, and mass surveillance, VoIP and Optical Intercept
- Internet and IP Network basics, ISP & NSP Infrastructure, Radius vs. Diameter, and what investigators need to know about IPv4 vs. IPv6, DNS and more
10:15-11:15
Understanding Mobile 3G/4G/5G Infrastructure, and Related ISS Products for Technical Investigators
Mobile Network Infrastructure Differences (2G, 3G, 4G and 5G), Network Infrastructure Sub-Systems (BTS, BSC, HLR, VLR, RAN, etc.), target tracking with SS7, RF Signal tracking and location and other wireless networks (WiFi, Femtocells, WiMAX and mobile satellite communications), investigators need to know
Seminar #4
11:30-12:30
Understanding Cryptography used in Third Party Encrypted Services, Bitcoin, TOR, TDR/HS and other DarkNets for Technical Investigators
Presented by: Dr. Jerry Lucas, President, TeleStrategies
- Cryptography Basics: PKI, Symmetric Keys, Hashing, Certificates and authentication
- Cellular and WiFi Encryption: 2G, 3G, 4G and 5G differences and WEP, WPA and WPA-2 differences
- Third Party Encryption Services (Telegram vs. others)
- VPN vs TOR cryptography, IPsec, SSL vs. TCS 1.1, 1.2 and 1.3
- Cryptocurrency cryptogrpahy: Bitcoin PKI, Blockchain Hashing and differences with Altcoins (Monero, etc.)
- Defeating Encryption with Quantum Computing and more
Seminar #5
09:00-15:45
Concerns and Considerations in Financial Crime Investigations
Presented by: Michael Loughnane, CAMS, CFE, Loughnane Associates, LLC Mike is a former US Federal Law Enforcement Officer who specialized in complex fraud and cybercrime investigations and currently provides training to improve detection and investigations of fraud, money laundering and counter terror finance.
The purpose of financial crime can be to generate or protect criminal profit. Locally or internationally, criminals face a continuous challenge of building structure to protect against the efforts of law enforcement and make their profits useable without fear of getting caught. Criminals will therefore build business and financial structures to mask their activities as well as launder money.
In this 1-day seminar we will discuss the tools and methods criminals use and the law enforcement response. Each presentation describes different elements of financial crime and business models used by criminals as well as law enforcement methods and tactics to identify and disrupt them. We will discuss the essentials in criminal networks, key players, money laundering, and trade-based money laundering. We will describe how information can be found as money is moved around the world and how investigators can make best use of this knowledge. This training is aimed primarily at the investigator and analyst, but also has application to the law enforcement, intelligence, and financial regulatory community.
9:00-10:00
Criminal Essentials: The Needs of a Criminal Network
10:15-11:15
Financial Crime Schemes in Money Laundering
11:30-12:30
The Essentials of Trade Based Money Laundering
13:30-14:30
How Does Money Actually Move?
14:45-15:45
Follow the Money Beyond the Banks
Seminar #6
16:00-17:00
SSL/TLS Interception Workshop
by Vladimir Vesely (Ph.D., Computer Science) Researcher, Brno University of Technology
The presentation introduces methods for decrypting TLS/SSL connections. The focus is on man-in-middle attack employing TLS/SSL proxy and other ways how to obtain session's private keys. Speakers will demonstrate how to decrypt intercepted traffic using open-source tools like Wireshark and NetFox Detective. Participants will receive access to test-bed, which consists of real devices (and their traffic) including our 40Gbps interception probe storing TLS/SSL session keys and mirroring traffic on the monitoring interface.
Wednesday, 5 December 2018
Seminar #7
14:00-17:45
Special Half Day DarkNet Seminar
Presented by: Andrew Lewman, Vice President, DarkOWL and Former Executive Director, The TOR Project
14:00-15:00
Indexing the dark net – how do you catalog and search something that is not meant to be easily scrubbed? What's possible?
15:30-16:30
Case studies / examples in dark net investigations – de-anonymizing examples / approaches / best practices / lessons learned.
16:45-17:45
Future directions - what's next in dark net infrastructure, dark markets and investigation implications
Seminar #8
15:30-16:30
Cybercurrency 101: What Technical Investigators Need to Know about Bitcoin and Altcoin Transactions, Dark Web Commerce and Blockchain Analysis
Presented by: Dr. Jerry Lucas, President, TeleStrategies
This 101 training seminar is an introduction to Bitcoin, how the system is used to support criminal activities (e.g. Dark Web) and why technical investigators need to understand the basic Bitcoin transaction mechanism (Blockchain) to successfully defeat 21st century criminals and terrorist actions. Specifically, this introduction to Bitcoin for technical investigators addresses
- Bitcoin Basics for Technical Investigators
- Understanding Bitcoin Infrastructure, Blockchain and Bitcoin Mining
- How Criminals and Terrorists Use TOR and Dark Web
- Bitcoin Cryptography Demystified (For Non-Math Majors)
- Popular Altcoins (Monero, Ethereium, Dash, Zcash and others) used by Criminals and the New Crypto Currency Challenges Facing Law Enforcement
Seminar #9
16:45-17:45
Hunting Down Cryptocurrency Users
Presented by: Vladimir Vesely (Ph.D., Computer Science) Researcher, Brno University of Technology
The session surveys current options of both blockchain and traffic analysis for various cryptocurrency networks (not limited to Bitcoin only but including also Litecoin, Dash, Monero, Zcash and others). We will explain in detail properties of cryptocurrency forensics including address clustering, coinjoining of inputs, transaction mixing, and traffic correlation. We will mention existing (non-)commercial tools and provide a subjective list of features that a “good” tool should have. We will demonstrate methods of cryptocurrency user tracking and crime assessment in the frame of our own tool.
Thursday, 6 December 2018
Seminar #10
8:30-13:00
Blockchain Half-Day Seminar
Roberto Capodieci, Blockchain Zoo
8:30-9:30
What Investigators Need to Know about Blockchain Architectures Supporting Altcoins or Cyber Currencies Other than Bitcoin (e.g. Ethereum, Monero, Litecoin, Dash, Ripplo, etc.).10:30-11:30
What Investigators Need to Know about Blockchain 2.0 & 3.0 Application Developments12:00-13:00
What Financial Crime Investigators need to Know about Blockchain Investigation Techniques.
Seminar #11
8:30-9:30
Practitioners Guide to Understanding Cyber Attacks on Banks - Exploring Vulnerabilities from The Perspective of The Hacker
Presented by: Mark Bentley, Communications Data Expert, National Cyber Crime Law Enforcement, UK Police
This one-hour session will explore the viewpoints of both the banks perception of vulnerabilities, and that of the attacker. A follow-up session at 10:30 will address Practitioners Guide to Defending Banks Against Cyber Attacks
• What is the current typical attack
• Vulnerabilities leak points, and weak points
• Hacking the Bank by traditional social engineering
• Man in the middle/mobile (MITM)
• Man in the Browser (MITB) attacks
• DDOS, Zeus, Zbot, and other exploits
• BHO poisoning (browser helper objects)
• DNS poisoning
• Pineapple and Rasberry Pi devices
• Clickjacking
• Formgrabbers
• Cloning and contactless card vulnerabilities
• PCI-DSS attacks and vulnerabilities
• The hacker's point of view
Seminar #12
10:30-11:30
Practitioners Guide to Defending Banks Against Cyber Attacks – Identifying and Protecting Vulnerabilities to Frustrate The Thief, and Integrity Proof The Systems
Presented by: Mark Bentley, Communications Data Expert, National Cyber Crime Law Enforcement, UK Police
This one-hour session will explore the protection of weak points and future proofing banks against cyber-attacks.
• PCI-DSS security and tightening
• Wi-Fi encryption to avoid MITM
• Pen testing
• Dynamic virus signatures and monitoring
• End user verification and login
• Customer vulnerabilities and verification
• Quantum Dawn and Waking Shark II (wargaming) benefits
• Future proofing and horizon scanning
• Playing the hacker at his own game.
Seminar #13
12:00-13:00
Investigation Techniques for Unmasking TOR Hidden Services and Other Dark Web Operations
Presented by: Dr. Jerry Lucas, President, TeleStrategies
TOR networks are notoriously effective at hiding the online identity of criminals, terrorists and others who are up to no good. The other side that receives less attention are TOR hidden services. These are services that leverage TOR's anonymizing capabilities to mask the identity of criminally-hosted online services - forming the basis of just about all illegal gambling sites, drug markets, child exploitation material, firearm sales, terrorism propaganda, and more.
• How TOR hides IP addresses/identity/location
• TOR Hidden Services, What is .ONION and content analysis
• How technical investigators can defeat TOR and TOR/HS
• Other DarkNet Operations (OneSwarm, I2P, Freenet, etc.) and why criminals use these TOR/HS alternatives.
Seminar #14
12:00-13:00
Top 20 Open Source Tools (OSINT) Used in Cybercrime Investigations
Presented by: Mark Bentley, Communications Data Expert, National Cyber Crime Law Enforcement, UK Police
Seminar #15
12:00-13:00
Towards Fully Automated Infinitely Scalable and Maximally Effective Password Cracking of Encrypted Documents
Presented by: Vladimir Vesely (Ph.D., Computer Science) Researcher, Brno University of Technology
The lecture outlines password-cracking use-cases, employed formats, current GPU/FPGA performance limits and existing (non-)commercial cracking tools. Moreover, we will introduce our hypervisor for distributed password cracking that helps investigators to utilize the potential of their infrastructure. We will show how to: a) automatically extract hashes from encrypted documents; b) prepare and evaluate password key space (e.g., generate passwords using Markov chains / rule-based grammars and handling of passwords containing national characters); c) orchestrate various cracking strategies (e.g., a combination of dictionaries). Last but not least, we will speak about our experience when developing own GPU-based hardware cracking platform competitive with industry standards from well-known vendors.