ISS World Asia is the world's largest gathering of Asian Law Enforcement, Intelligence and Homeland Security Analysts as well as Telecom Operators responsible for Lawful Interception, Hi-Tech Electronic Investigations, DarkNet Monitoring and Cyber Intelligence Gathering.
ISS World Programs present the methodologies and tools for Law Enforcement, Public Safety and Government Intelligence Communities in the fight against drug trafficking, cyber money laundering, human trafficking, terrorism and other criminal activities conducted over today's telecommunications network and the Internet.
Track 1: Lawful Interception and Criminal Investigation Training
Track 2: Encrypted Traffic Monitoring and IT Intrusion Product Training
Track 3: LEA, Defense and Intelligence Analyst Product Demonstrations
Track 4: OSINT Automation and Analysis for Social Network and DarkNet Monitoring
Track 5: Mobile Signal Intercept and Electronic Surveillance Product Demonstrations
Seminar and Conference Training Sessions (6 December 2016)
ISS World Asia 2016 - Agenda at a Glance
Training Seminars Led by Law Enforcement Officers and Ph.D Scientists
19 classroom training hours, presented by sworn law enforcement officers and Ph.D. Scientists
Charles Cohen, Cohen Training and Consulting, LLC, also holds the position of Captain, Indiana State Police
(6 classroom hours)
Mark Bentley, Communications Data Expert, National Cyber Crime Law Enforcement, UK Police
(7 classroom hours)
Jerry Lucas (Ph.D., Physics), President, TeleStrategies
(6 classroom hours)
Tuesday, 6 December 2016
Seminar #1
8:30-17:00
Online Social Media and Internet Investigations
Presented by: Charles Cohen, Cohen Training and Consulting, LLC
Charles Cohen also holds the position of Captain, Indiana State Police
8:30-9:30
The role of Online Social Media OSINT in Predicting and Interdicting Spree Killings: Case Studies and Analysis
9:45-10:45
OSINT and Criminal Investigations
11:00-12:00
Metadata Exploitation in Criminal Investigations
13:30-14:30
EXIF Tags and Geolocation of Devices for Investigations and Operational Security
14:45-15:45
Case Studies in Metadata Vulnerability Exploitation and Facial Recognition
16:00-17:00
What Investigators Need to Know about Emerging Technologies Used to Hide on the Internet
Seminar #2
8:30-17:00
Practitioners Guide to Internet Investigations
Presented by: Mark Bentley, Communications Data Expert, National Cyber Crime Law Enforcement, UK Police
The aim of this 1 day seminar is to take the attendees from the basics of understanding the Internet, how to find data, through to a full understanding of best practice of an Internet investigator, having awareness and knowledge of all the tools available to achieve this. It is aimed primarily at the investigator, delivered from the perspective of detective, to empower them to have the best methodology and tradecraft to profile and catch suspects.
This is exclusively Law Enforcement only, as Practical examples, covert and investigative methodology and tradecraft will be given throughout the seminar.
8:30-9:30
The Internet, and how suspects leave a digital footprint
9:45-10:45
Recognizing Traffic Data and digital profiling
11:00-12:00
WIFI, geolocation, and Mobile Data traces
13:30-14:30
Awareness of Emerging Technologies, Masking Tech and Tools, TOR and proxies
14:45-15:45
Advanced Techniques in Tracing Suspects and lateral problem solving
16:00-17:00
Open source tools, resources and techniques
Seminar #3
8:30-12:00
Understanding ISS Product Deployed in Telecommunication and IP Networks for Lawful Interception and Mass Surveillance
Presented by: Dr. Jerry Lucas, President, TeleStrategies
This half-day seminar covers what law enforcement and intelligence analysts need to understand about today's public telecommunications wirelin, wireless and IP networks as well as ISS technologies and products used to lawfully intercept electronic communications and conduct mass network surveillance as discussed at ISS World Conference sessions and by exhibitors.
8:30-9:30
Understanding to Wirelines and IP Infrastructure and Related ISS Products for Lawful Interception and Mass Surveillance
9:45-10:45
Understanding Mobile Wireless Infrastructure and Related ISS Products for Lawful Interception and Mass Surveillance
11:00-12:00
Understanding the Internet Over-the-Top (OTT) Services and Related ISS Products for Mass Intelligence Gathering and Surveillance
Seminar #4
13:30-14:30
Defeating Encryption with Lawful Hacking: Techniques Investigators Need to Understand
Presented by: Dr. Jerry Lucas, President, TeleStrategies
This session covers the basics of what law enforcement needs to understand about encryption in general, methods used by cybercriminals and terrorists and proven "hacking" techniques that can successfully be used to defeat or more precisely how to get around (1) strong encryption algorithms, (2) cellular network encryption, (3) TOR, (4) third party encrypted services and (5) smartphone encryption.
- - Encryption Basics Without Complex Math
- - Public Key Cryptography
- - Encryption Keys
- - Hashing
- - End-System Encryption Keys
- - Cellular Air Link Encryption
- - TOR and Hidden Services
- - Third Party Encrypted Messaging Services
- - Smartphones Device Encryption
Seminar #5
14:45-15:45
Investigation Techniques for Unmasking TOR Hidden Services and Other Dark Web Operations
Presented by: Dr. Jerry Lucas, President, TeleStrategies
TOR networks are notoriously effective at hiding the online identity of criminals, terrorists and others who are up to no good. The other side that receives less attention are TOR hidden services. These are services that leverage TOR's anonymizing capabilities to mask the identity of criminally-hosted online services - forming the basis of just about all illegal gambling sites, drug markets, child exploitation material, firearm sales, terrorism propaganda, and more.
This webinar will present exactly:
- - How TOR Hidden Services Work
- - The Scale/Scope of TOR-Based Online Markets
- - How are TOR Hidden Services Set-up and Searched
- - How to Identify TOR Hidden Service Traffic
- - How Bitcoin is used in Dark Web Transactions
- - Basics of Bitcoin Clustering Analysis
- - Other Dark Web Operations Outside of TOR Hidden Service
- And More
Thursday, 8 December 2016
Seminar #6
8:30-9:30
Bitcoin 101: Introduction to What Technical Investigators Need to Know about Bitcoin Transactions, Dark Web Commerce and Blockchain Analysis
Presented by: Dr. Jerry Lucas, President, TeleStrategies
This 101 training seminar is an introduction to Bitcoin, how the system is used to support criminal activities (e.g. Dark Web) and why technical investigators need to understand the basic Bitcoin transaction mechanism (Blockchain) to successfully defeat 21st century criminals and terrorist actions. Specifically this introduction to Bitcoin for technical investigators addresses:
- - Investigating Bitcoin Transactions
- - Bitcoin Basics and Addresses
- - Blockchain Basics and Miners
- - Bitcoin Address Traceback
- - Joint Bitcoin/Dark Web Investigation
(Full Pre-Conference Seminar Agenda Appears After Track 5)
ISS World Asia 2016 - Conference Agenda
6-8 December 2016
Wednesday, 7 December 2016
Welcoming Remarks
8:15-8:30 Tatiana Lucas, ISS World Program Director, TeleStrategies 8:30-9:00
Top Ten Internet Challenges Facing Law Enforcement and the Intelligence Community and Who at ISS World Asia has Solutions
Dr. Jerry Lucas, President, TeleStrategiesISS World Asia Exhibit Hours:
Wednesday, 7 December 2016
Hours: 10:00 - 17:00Thursday, 8 December 2015
Hours: 9:30 - 12:30
Track 1: Lawful Interception and Criminal Investigation Training
This track is for Telecom Operators and Law Enforcement/Intelligence/Defense Analysts who are responsible for specifying or developing lawful intercept network infrastructure.
Wednesday, 7 December 2016
9:00-9:30 LI in Clouds, SDN & NFV
This presentation discusses the consequences of cloud-based telecommunication
services for LI. It will especially take a closer look at recent developments of
SDN/NFV (software defined networking/network functions virtualization) and their
relationship to clouds. Developments due to these new approaches to networking
are analyzed for their impact on LI, if they complicate it, make it easier or require
new or changed approaches to generate the required informations.
Rudolf Winschuh, Utimaco TS GmbH11:30-12:00 Scalable LI Solutions for dealing with LTE/VoLTE Roaming and OTT
Michael Hammer, Principal Engineer, Yaana Technologies14:00-14:30 High-Speed NAT Logging
Tracing back Internet addresses to individual users and devices is an important requirement of law enforcement agencies to support their fight against crime and terrorism. Anonymous access and network address translation (NAT), however, complicate the identification of suspects. This presentation elaborates the technical challenges and describes solutions based on high-speed logging.
Rene Nitzinger, Utimaco TS GmbH15:30-16:30 Multi-Source Intelligence Collection & Big Data Analytics
Presented by Nanjing Sinovatio TechnologyThursday, 8 December 2016
8:30-9:30 Bitcoin 101: Introduction to What Technical Investigators Need to Know about Bitcoin Transactions, Dark Web Commerce and Blockchain Analysis
Dr. Jerry Lucas, President, TeleStrategies
Track 2: Encrypted Traffic Monitoring and IT Intrusion Product Training
This track is only open to Law Enforcement, Public Safety and Government Intelligence Community Attendees
Tuesday, 6 December 2016
9:45-10:45 FinFisher™: The End to End approach to Cyber Investigations
Presented by FinFisher11:00-12:00 ClearTrail session TBA
Presented by ClearTrail Technologies13:30-14:30 Social Media Forensics!
Presented by AGT14:45-15:45 A World of Possibilities - Remote Exploitation of Smartphones and PCs
Presented by FinFisherWednesday, 7 December 2016
9:00-10:00 FinFisher Session TBA
Presented by FinFisher14:00-15:00 Cyber Security Most Effective Defensive Solution!
Presented by AGT15:30-16:30 In-Line tactical IP probing: practical demo and use cases from the field for passive/active interception and remote infection
Presented by RCS S.p.A.
Track 3: LEA, Defense and Intelligence Analyst Training and Product Demonstrations
This track is only open to Law Enforcement, Public Safety and Government Intelligence Community Attendees
Tuesday, 6 December 2016
8:30-17:00 Practitioners Guide to Internet Investigation
Mark Bentley, Communications Data Expert, National Cyber Crime Law Enforcement, UK PoliceWednesday, 7 December 2016
9:00-10:00 Lawful Interception in 2016. VoLTE and Metadata Analysis on encrypted services like WhatsApp, Viber & Telegram
Presented by IPS11:30-12:30 Session A New Cutting-Edge Surveillance Tools from Hacking Team
Presented by Hacking Team11:30-12:00 Session B How to quickly and efficiently identify suspects - Live demonstration analysing complex data generated from multiple Monitoring Centres
Presented by trovicor12:00-12:30 Session B Real-time target location tracking - Live demonstration detailing how to generate intelligence from location information
Presented by trovicor14:00-15:00 Work with WiFi-leaks
Presented by Suneris15:30-16:30 Session A Applying DPI for Social Network and other OTT Application Monitoring
Curt Schwaderer, VP of Engineering, Yaana Technologies15:30-16:30 Session B E-Detective
Network Investigation Toolkit - NIT 2.0
Presented by Decision GroupThursday, 8 December 2016
8:30-9:30 Session A Next generation LI-MC: extracting intelligence from Meta-Data with easy-to use DPI and Big Data analysis capabilities in a unique platform.
Presented by RCS S.p.A.8:30-9:30 Session B CONNECT THE DOTS" on a Right Click!
Sanjeev Sharma, Director of Engineering, ClearTrail Technologies10:30-11:00 How to uncover patterns in communication - Live demonstration on utilizing email analysis to detect corruption
Presented by trovicor
Track 4: OSINT Automation and Analytics for Social Network and DarkNet Monitoring
This track is only open to Law Enforcement, Public Safety and Government Intelligence Community Attendees
Tuesday, 6 December 2016
8:30-17:00 Online Social Media and Internet Investigations
Presented by Charles Cohen, Cohen Training and Consulting, LLC, also holds the position of Captain, Indiana State Police11:00-11:30 OSINT Labs from an empty building to a cornerstone of any intelligence organization
Presented by Gamma Group13:30-14:30 Beyond Lawful Interception without the need of Hacking! A new approach to the IP investigation on encrypted services like Facebook, Gmail and WhatsApp
Presented by IPSWednesday, 7 December 2016
9:00-10:00 Session A The New Forensic Investigator Toolbox: from Tactical to Open Source Investigations
Presented by AREA9:00-10:00 Session B Aegis, the overall Interception System based on Big Data
Presented by Semptian11:30-12:30 Session A CONNECT THE DOTS" on a Right Click!
Sanjeev Sharma, Director of Engineering, ClearTrail Technologies11:30-12:30 Session B OSINT-based Social Engineering
Presented by S2T14:00-15:00 Session A Intelligence Analysis on Big Data
Presented by Nanjing Sinovatio Technology14:00-15:00 Session B Automatic Exploitation of Social Network, Deep and Dark Web for Enhanced Target Profiling and Public Sentiment Analysis
Presented by IPS15:30-16:30 Post Trojan Infiltration: The new Digital Undercover Agent
Presented by AREAThursday, 8 December 2016
8:30-9:30 Session A New challenge Network Monitoring: IPv4 disambiguation and rich metadata SIGINT in the age of Encryption
Presented by AREA8:30-9:30 Session B Converging information from multiple sources to create holistic target profile
Presented by S2T10:30-11:30 Session A Multimedia/lingual OSINT exploitation to combat global terrorism
Presented by Gamma Group10:30-11:30 Session B Turning Social Networks Analysis into Intelligence and Social Engineering
Presented by RCS S.p.A12:00-13:00 Top 20 Open Source Tools (OSINT) Used in Cybercrime Investigations
Mark Bentley, Communications Data Expert, National Cyber Crime Law Enforcement, UK Police
Track 5: Mobile Signal Intercept and Electronic Surveillance Training and Product Demonstration
This track is for Law Enforcement, Interior Security and the Government Intelligence Community who must work with cellular and mobile satellite operators regarding mobile location, electronic surveillance and intercept.
This track is only open to Law Enforcement, Public Safety and Government Intelligence Community Attendees.
Tuesday, 6 December 2016
8:30-9:30 NeoSoft data traffic analyser for Mobile Monitoring
Presented by NeoSoft AG11:30-12:00 Covert Surveillance - from the simple to the sophisticated
Presented by Gamma GroupWednesday, 7 December 2016
9:00-10:00 Session A Smartphone Analytic / Forensic and Interception
Stefan Heimgaertner, Secure Information Management GmbH9:00-10:00 Session B Data Fusion Platform and 4G-3G-2G Tactical Location Finder Sensor Integration
Alper Tosun, BTT LTD11:30-12:30 Session A GSM Tactical Interception System for 3G and 4G
Presented by Advanced Systems11:30-12:30 Session B IMSI Catcher, Target localization, Active and Passive Interception, Basics and Options
Presented by NeoSoft14:00-15:00 Session A Passive tracker, the 3 in 1 target-transparent Phone Finder
Presented by Semptian14:00-15:00 Session B Turning Personal Communications Devices into Cyber-Secured Communication Platforms
Presented by Providence15:30-16:30 Session A Carrier in Carrier (Double Talk ®) Satellite Interception
Presented by Advanced Systems15:30-16:30 Session B Commesh: Launching New Audio/Video Surveillance Solutions
Presented by CommeshThursday, 3 December 2015
8:30-9:30 Tactical Operations with a Strategic Vision with a Command and Control Center using Audio, Video and GPS
Presented by IPS
Training Seminars Led by Law Enforcement Officers and Ph.D Scientists
Tuesday, 6 December 2016
Seminar #1
8:30-17:00
Online Social Media and Internet Investigations
Presented by: Charles Cohen, Cohen Training and Consulting, LLC
Charles Cohen also holds the position of Captain, Indiana State Police
8:30-9:30
The role of Online Social Media OSINT in Predicting and Interdicting Spree Killings: Case Studies and Analysis
This session is for criminal investigators and intelligence analysts who need to understand the impact of online social networking on how criminals communicate, train, interact with victims, and facilitate their criminality.
9:45-10:45
OSINT and Criminal Investigations
Now that the Internet is dominated by Online Social Media, OSINT is a critical component of criminal investigations. This session will demonstrate, through case studies, how OSINT can and should be integrated into traditional criminal investigations.
11:00-12:00
Metadata Exploitation in Criminal Investigations
This session is for investigators who need to understand social network communities along with the tools, tricks, and techniques to prevent, track, and solve crimes.
13:30-14:30
EXIF Tags and Geolocation of Devices for Investigations and Operational Security
Current and future undercover officers must now face a world in which facial recognition and Internet caching make it possible to locate an online image posted years or decades before. There are risks posed for undercover associated with online social media and online social networking Investigations. This session presents guidelines for dealing with these risks.
14:45-15:45
Case Studies in Metadata Vulnerability Exploitation and Facial Recognition
While there are over 300 social networking sites on the Internet, Facebook is by far the most populous, with over 800 million profiles. It has roughly the same population as the US and UK combined, making it the third largest country by population. There are over 250 million images and 170 million status updates loaded on Facebook every day. This session will cover topics including Facebook security and account settings, Facebook data retention and interaction with law enforcement, and common fraud schemes involving Facebook.
16:00-17:00
What Investigators Need to Know about Emerging Technologies Used to Hide on the Internet
Criminal investigators and analysts need to understand how people conceal their identity on the Internet. Technology may be neutral, but the ability to hide ones identity and location on the Internet can be both a challenge and an opportunity. Various methods of hiding ones identity and location while engaged in activates on the Internet, provides an opportunity for investigators to engage in covert online research while also providing a means for criminals to engage in surreptitious communication in furtherance of nefarious activities. As technologies, such as digital device fingerprinting, emerge as ways to attribute identity this becomes a topic about which every investigator and analyst may become familiar.
Seminar #2
8:30-17:00
Practitioners Guide to Internet Investigations
Presented by: Mark Bentley, Communications Data Expert, National Cyber Crime Law Enforcement, UK Police
The aim of this 1 day seminar is to take the attendees from the basics of understanding the Internet, how to find data, through to a full understanding of best practice of an Internet investigator, having awareness and knowledge of all the tools available to achieve this. It is aimed primarily at the investigator, delivered from the perspective of detective, to empower them to have the best methodology and tradecraft to profile and catch suspects.
This is exclusively Law Enforcement only, as Practical examples, covert and investigative methodology and tradecraft will be given throughout the seminar.
8:30-9:30
The Internet, and how suspects leave a digital footprint
How it works. Why it works. How data traffic leaves a trace ; What the internet is; what is an IP and how is it significant to trace a person. IPv4 and IPv6 – understanding the changes- the benefits and pitfalls for the investigator. The internet has millions of copies of data on it - why, and where can we find this. Tracking and evaluating data
9:45-10:45
Recognizing Traffic Data and digital profiling
What data is available. How to harvest and analyse it. Best practice to identify suspects and build profiles. Good practice, virtual data 'housekeeping' and tradecraft .Data collection and interrogation, significance and value. IP usage, exploitation and dynamics; IP plotting and analysis how to look for suspect mistakes and exploit them ( where they show their id). Dynamic approaches to identifying suspects through internet profiles. What investigators get from tech and service providers, and how to analyse it. Investigator capabilities and opportunities.
11:00-12:00
WIFI, geolocation, and Mobile Data traces
A detectives look at Wi-Fi, attribution, cell site data, GPRS location services and technology. How an investigator can track devices, attribute suspects locations, devices and movement. Unique communication identifiers . Dynamic live time tracing. Geo location services and uses. Online Surveillance and tracking movement and speed.
13:30-14:30
Awareness of Emerging Technologies, Masking Tech and Tools, TOR and proxies
How suspects are using emerging and new technologies.
An introduction to where technology is going, and how Law enforcement can use this to our advantages. dynamic and pro active problem solving. Darknet, (Deep web) , TOR and IRC use. VOIP, Skype and FaceTime exploits. Advanced data sniffing and profile building. TOR systems, applications and ways to coax offenders out of the system.
14:45-15:45
Advanced Techniques in Tracing Suspects and lateral problem solving
Using innovative and dynamic methods to trace offenders. Tricks used by suspects and how to combat them- Play them at their own game?. Covert internet investigations. Proxy servers and hiding. Managing collateral intrusion. Reverse and social engineering. Thinking outside the box. Lateral thinking. Possible missed opportunities. Profile building and manhunts through device footprints, speed and movement.
16:00-17:00
Open source tools, resources and techniques
"Just google it" doesn't work anymore. A look at good tradecraft, practice and methodology in profiling, tracking and tracing digital footprints and shadows on the internet, by means of best available tools. A look at a selection of 200+ tools available on Mark's open source law enforcement tools website, that search engines cant see, with login and password provided during the session. Do's and do nots. Best tools for best results. When was the last time you 'googled' something in an investigation, and it returned 5 results, all specifically relating to your suspect? This session will teach you how.
Seminar #3
8:30-12:00
Understanding ISS Product Deployed in Telecommunication and IP Networks for Lawful Interception and Mass Surveillance
Presented by: Dr. Jerry Lucas, President, TeleStrategies
This half-day seminar covers what law enforcement and intelligence analysts need to understand about today's public telecommunications wirelin, wireless and IP networks as well as ISS technologies and products used to lawfully intercept electronic communications and conduct mass network surveillance as discussed at ISS World Conference sessions and by exhibitors.
8:30-9:30
Understanding to Wirelines and IP Infrastructure and Related ISS Products for Lawful Interception and Mass Surveillance
• Wireline Interception Points
• PSTN Interception: Content, CDRs and MetaData
• Lawful Interception: Telecom to Monitoring Center
• Mass Metadata Surveillance and SS7
• IP Network Basics: Why IP Layers 1 to 7 needs to be understood
• Internet Access: Landline, Mobile, WiFi and others
• Deep Packet Inspection (DPI) and Intelligent Probes
• Optical Network Probe Intercept
• No. 1 Future Wireline Intercept Challenge: Network Function Virtualization
9:45-10:45
Understanding Mobile Wireless Infrastructure and Related ISS Products for Lawful Interception and Mass Surveillance
• Wireless Providers with Intercept Mandates and those with none
• Why Understand 2G, 3G, 4G and 4.5G Architecture need to be understood for Interception
• Wireless phone ID's and SIM cards
• Wireless Call Detail Record (CDR) Mining
• Wireless Data Services Option and Smartphone
• Cellular Roaming and Target Tracking with SS7
• Tracking and Location with IMSI Scanners and CDR Feeds
• Other Wireless Intercept: Satellite, Wi-Fi, WiMax and more
• No. 1 Future Wireless Intercept Challenge: True 4G and 4.5G
• ISS Products for Wireless Tracking Intercept and Mass Surveillance
11:00-12:00
Understanding the Internet Over-the-Top (OTT) Services and Related ISS Products for Mass Intelligence Gathering and Surveillance
• What's meant by Over the Top (OTT)
• Understanding IP Layering for Lawful Interception
• Internt Players and NSP/ISP/IXP Intercept Infrastructure
• Social Network and Web Monitoring Techniques
• VoIP (Skype & VUPEN) Intercept
• TOR and Dark Web Intercept
• Bitcoin and Blockchain Traceback for LEAs and Intel
• No. 1 Future Internet Intercept Challenge: Neew IETF Privacy Standard Initiatives
• ISS Products for OTT Tactical and Mass Surveillance
Seminar #4
13:30-14:30
Defeating Encryption with Lawful Hacking: Techniques Investigators Need to Understand
Presented by: Dr. Jerry Lucas, President, TeleStrategies
This session covers the basics of what law enforcement needs to understand about encryption in general, methods used by cybercriminals and terrorists and proven "hacking" techniques that can successfully be used to defeat or more precisely how to get around (1) strong encryption algorithms, (2) cellular network encryption, (3) TOR, (4) third party encrypted services and (5) smartphone encryption.
- Encryption Basics Without Complex Math
When ever your device/client accesses a server (commerce, email, web sites, etc.) and to establish an encrypted session, a digital handshake is done to negotiate the three cryptography protocols to be used. The first is what public key cryptography is agreed upon (almost always RSA), the second is what symmetric key algorithm is to be used (very frequently AEC) and third what hash algorithm is to be used (frequently SHA-256). If you understand these three cryptographic protocol pillars you will understand what's needed to defeat encryption. All cryptography pillars to be covered uses no more than high school level math.
- Public Key Cryptography
The basics of public and private key exchange, RSA, the most common PKC used, simply how does it work and who supplies the public/private keys, e.g Certificate Authorities.
Encryption Keys
Asymmetric vs. Symmetric, AES, the frequently used symmetric key algorithm, simply how does it work and the very basic Boolean Algebra process that allows Smartphone to engage very powerful message encryption.
- Hashing
What is a hash function, why its needed, what are hash algorithms needed (message and dark web site validation), simply how do they work and understanding SHA-256, a very common hash.
End-System Encryption Keys- As terrorists look at the smartphones in their hands, ipad on their laps or PCs on their desks and feel confident their devices are surveillance crack proof because the conventional technical press and blogs tell them it would take millions of years for a computer to defeat these resident encryption keys. Yes correct on the key cracking but wrong on surveillance avoidance.
- If you understand where and how these keys are generated and managed, you know the whole cryptography infrastructure can be weakened or totally bypassed. If the terrorist is not paying very close attention to the web site they think they are linking up with, they can be subject to a MITM attack defeating their resident keys. And if they are not paying attention to the friendly looking APP just loaded on their device, their data can be sucked out of their terminal before encryption because the lawful hacker now has device access!
Cellular Air Link Encryption
Our terrorists are comfortable using their cellular phones because their providers advertises "over the air" transmission is encrypted with a key so strong it can't be cracked. True but how does our terrorist know the cellular operator is not lawfully sharing this key with law enforcement!? Or has law enforcement deployed an ISS MITM mobile attack device defeating the advertised, strong encryption key? Or, has law enforcement accessed the keys by way of the SIM manufacturers?
TOR and Hidden Services
- TOR is heavily praised by privacy groups and criminal element blogs as the way to communicate anonymously and with bulletproof encryption. They are right about the encryption part if you refer to defeating TOR network encryption. But this is irrelevant because you attack TOR user encryption at the end points not within the TOR network.
- So the challenge TOR users create for law enforcement is defeating anonymity. This is an ongoing "arms race" between law enforcement/government intel with the TOR development community. As soon as a "back door" to TOR user anonymity is plugged, the TOR community posts this fix on their web site. It would be surprising if many criminals and terrorists who use TOR are frequent visitor to the TOR developer web site let alone have the wherewithall to heed and fix the constantly evolving TOR "back doors". This leaves the TOR "back doors" not known to the TOR Community or where fixes don't exist open to lawful hacking.
- So what about TOR "Hidden Services" or Dark Web sites. For law enforcement it's about applying ISS dark web monitoring tools to locate these sites, e.g. identify the actual dark web IP address hidden behind a TOR proxy address.
- Third Party Encrypted Messaging Services
- Cybercriminals and terrorists have a boatload of third party encrypted services to choose from:
- GroupMe, WhatsApp, Telegram, Facebook Messanger, SilentCircle, Wickr, VIBER, WEChat, CoverMe, Vuxer, Hike, Live and many more!
- Do cybercriminals and terrorists know which encrypted services are easily defeated and which ones aren't? More to the point, do investigators know for each of these encryption services where to go for intelligence gathering help or what can be gleaned from lawful hacking techniques?
- Smartphones Device Encryption
Cybercriminals and terrorists who use smartphones are probably aware of the FBI vs. Apple decryption issue. But do they know their session metadata and message content can be retrieved, what smartphones are tougher to crack encryption-wise by specific vendors, etc. More to the point, do investigators know where to go for smartphone target data and what are the capabilities of specific mobile forensic vendors?
- Smartphones Device Encryption
- Third Party Encrypted Messaging Services
Seminar #5
14:45-15:45
Investigation Techniques for Unmasking TOR Hidden Services and Other Dark Web Operations
Presented by: Dr. Jerry Lucas, President, TeleStrategies
TOR networks are notoriously effective at hiding the online identity of criminals, terrorists and others who are up to no good. The other side that receives less attention are TOR hidden services. These are services that leverage TOR's anonymizing capabilities to mask the identity of criminally-hosted online services - forming the basis of just about all illegal gambling sites, drug markets, child exploitation material, firearm sales, terrorism propaganda, and more.
This seminar will present exactly:
- - How TOR Hidden Services Work
- - The Scale/Scope of TOR-Based Online Markets
- - How are TOR Hidden Services Set-up and Searched
- - How to Identify TOR Hidden Service Traffic
- - How Bitcoin is used in Dark Web Transactions
- - Basics of Bitcoin Clustering Analysis
- - Other Dark Web Operations Outside of TOR Hidden Service
- And More
Thursday, 8 December 2016
Seminar #6
8:30-9:30
Bitcoin 101: Introduction to What Technical Investigators Need to Know about Bitcoin Transactions, Dark Web Commerce and Blockchain Analysis
Presented by: Dr. Jerry Lucas, President, TeleStrategies
This 101 training seminar is an introduction to Bitcoin, how the system is used to support criminal activities (e.g. Dark Web) and why technical investigators need to understand the basic Bitcoin transaction mechanism (Blockchain) to successfully defeat 21st century criminals and terrorist actions. Specifically this introduction to Bitcoin for technical investigators addresses:
- Investigating Bitcoin Transactions
The turning point of a Bitcoin investigation is successful traceback of Bitcoin addresses to their owners who in this case are criminals or terrorist groups.
- Bitcoin Basics and Addresses
Bitcoin wallets: What's a wallet, why investigators need to understand the different types and how do you go from cash to Bitcoin and Bitcoin back to cash.
Blockchain Basics and Miners
What's a block and blockchain. The blockchain contains all Bitcoin transactions from Day 1 (or year 2009). Bitcoin Miners have a database of unspent Bitcoin and manage the process. Understanding Bitcoin Mining is essential in following the money (or Bitcoin) to the criminal terrorist organization receiver/spenders.
Bitcoin Address Traceback
Just like there is no such thing as a perfect crime, there is no such thing as a perfectly anonymous Bitcoin transaction. How do today's criminals and terrorist organizations further anonymize transactions? They use tumbler services, seedcan, non-address reuse, ring signatures, one-time keys and more. How do investigators traceback transactions: cluster analysis, delivery service traceback, Bitcoin denomination analysis, Dark Web infection and more.
Joint Bitcoin/Dark Web Investigation
How can Bitcoin Investigations lead to Dark Web operators and How can Dark Web Investigations lead identifying criminal terrorist operations funded by Bitcoin.