AGENDA : 9-11 December 2020
ISS World Europe is the world's largest gathering of Regional Law Enforcement, Intelligence and Homeland Security Analysts, Telecoms as well as Financial Crime Investigators responsible for Cyber Crime Investigation, Electronic Surveillance and Intelligence Gathering.
ISS World Programs present the methodologies and tools for Law Enforcement, Public Safety, Government and Private Sector Intelligence Communities in the fight against drug trafficking, cyber money laundering, human trafficking, terrorism and other criminal activities conducted over today's telecommunications network, the Internet and Social Media.
Track 1: Lawful Interception and Criminal Investigation Training
Track 2: LEA, Defense and Intelligence Analyst Product Demonstrations
Track 3: Social Network Monitoring, Artificial Intelligence and Analytics Product Training
Track 4: Threat Intelligence Gathering and Cyber Security Product Training
Track 5: Investigating DarkWeb, Bitcoin, Altcoin and Blockchain Transaction
Track 6: Mobile Signal Intercept Training and Product Demonstrations
Track 7: Electronic Surveillance Training and Product Demonstrations
Track 8: 5G Lawful Intercept, Tracking and Forensics Product Training
Plus Special Training Seminars lead by Law Enforcement Officers and Ph.D. Scientists
ISS World Europe 2020 Program Agenda
Training Seminars Led by Law Enforcement Officers and Ph.D., Computer Scientists
25 classroom training hours, presented by Law Enforcement Officers and Ph.D. Scientists
Charles Cohen, Vice President at NW3C, the National White Collar Crime Center, Professor in Practice Criminal Justice, Indiana University and Retired Captain, Indiana State Police
(6 classroom hours)Mark Bentley, Communications Data Expert, National Cyber Crime Law Enforcement, UK Police
(7 classroom hours)Jerry Lucas (Ph.D., Physics), President, TeleStrategies
(4 classroom hours)Matthew Lucas (Ph.D., Computer Science), VP, TeleStrategies
(2 classroom hours)Vladimir Vesely (Ph.D., Computer Science) Researcher, Brno University of Technology
(3 classroom hours)
Andrew Lewman, VP, DarkOWL and Former Executive Director, The TOR Project
(3 classroom hours)Wednesday, 9 December 2020
Seminar #1
08:30-15:05Online Social Media and Internet Investigations
Presented by: Charles Cohen, Cohen Training and Consulting, LLC, also holds the position of Vice President at NW3C, the National White Collar Crime Center, Professor in Practice Criminal Justice, Indiana University and Retired Captain, Indiana State Police08:30-09:20
The role of Online Social Media OSINT in Predicting and Interdicting Spree Killings: Case Studies and Analysis09:25-10:15
OSINT and Criminal Investigations10:35-11:25
Metadata Exploitation in Criminal Investigations11:30-12:20
EXIF Tags and Geolocation of Devices for Investigations and Operational Security
13:20-14:10
Case Studies in Metadata Vulnerability Exploitation and Facial Recognition14:15-15:05
What Investigators Need to Know about Emerging Technologies Used to Hide on the InternetSeminar #2
08:30-15:05Practitioners Guide to Internet Investigations
Presented by: Mark Bentley, Communications Data Expert, National Cyber Crime Law Enforcement, UK PoliceThe aim of this 1-day seminar is to take the attendees from the basics of understanding the Internet,
how to find data, through to a full understanding of best practice of an Internet investigator, building their OSINT toolbox, and having awareness and knowledge of all the tools available to achieve this. It is aimed primarily at the investigator, delivered from the perspective of detective, to empower them to have the best methodology and tradecraft to profile and catch suspects.
This is exclusively Law Enforcement only, as Practical examples, covert and investigative methodology and tradecraft will be given throughout the seminar.08:30-09:20
The Internet, and how suspects leave a Digital Footprint. How the system works for us, as investigators09:25-10:15
Recognizing Traffic Data and digital profiling via social networks and devices - digital shadows
10:35-11:25
WIFI, geolocation, and Mobile Data traces and tracking11:30-12:20
Awareness of Emerging Technologies, Masking Tech and Tools, TOR and proxies13:20-14:10
Advanced Techniques in Tracing Suspects, and lateral problem solving14:15-15:05
Open Source Tools, resources and techniques - A walk through my free law enforcement open source tools siteSeminar #3
08:30-09:20Understanding Mobile 2G, 3G, 4G & 5G Infrastructure and Law Intercept for Technical Investigators
Presented by: Dr. Jerry Lucas, President, TeleStrategiesThis webinar addresses the infrastructure evolution of 2G to 3G to 4G to 5G and the impact on lawful interception.
Seminar #4
09:25-10:15Transitioning Lawful Interception Network Core Features from 4G to 5G: What's it Looking Like and Challenges Ahead
Presented by: Matthew Lucas (Ph.D, Computer Science), VP, TeleStrategiesCellular market analysts collectively have identified 5G services deployed in over 400 cities spread over 30 or so countries. The one common feature of all these operations is that they are providing 5G services with a 4G/5G hybrid network infrastructures or so called non-Stand Alone (NSA) architecture. (Full description below Track 9)
Seminar #5
10:35-11:25Cybercurrency 101: What Technical Investigators Need to Know about Bitcoin and Altcoin Transactions, Dark Web Commerce and Blockchain Analysis
Presented by: Matthew Lucas (Ph.D, Computer Science), VP, TeleStrategiesThis 101-training seminar is an introduction to Bitcoin, how the system is used to support criminal activities (e.g. Dark Web) and why technical investigators need to understand the basic Bitcoin transaction mechanism (Blockchain) to successfully defeat 21st century criminals and terrorist actions. Specifically, this introduction to Bitcoin for technical investigators
Seminar #6
11:30-12:20Understanding Advanced Techniques to Defeat (or Work Around) Encrypted Third Party Services, Bitcoin Anonymity, TOR/HS and iPhone Encryption
Presented by: Matthew Lucas (Ph.D, Computer Science), VP, TeleStrategiesYou can’t defeat today’s encryption (at least not that we know of) but law enforcement and the government intelligence community can “Work around encryption” for a price. Once you identify a target using commercially available encryption products or services (and with enough resources or money) government can defeat the target near 100% of the time.
Seminar #7
16:30-17:15SSL/TLS Interception Workshop
Presented by: Vladimir Vesely (Ph.D., Computer Science) and Jan Pluskal, Researchers, Brno University of TechnologyThe presentation introduces methods for intercepting TLS/SSL connections. The focus is on man-in-
middle attack employing TLS/SSL proxy and other ways how to obtain session's private keys. Speakers will outline necessary theory (including the history of SSL/TLS framework design), well-known attacks (including OpenSSL Hearthbleed, Logjam or BEAST) and industry standard tools (such as Wireshark, NetFox Detective, Fiddler Proxy and SSL-Split). The session will also include a live demonstration of MitM attack on HTTPS connections enhanced with form-logging JavaScript injection. Participants will receive free of charge access to test-bed, which consists of real devices (and their traffic) including the prototype of our hardware probe decrypting SSL/TLS on-the-fly.Friday, 11 December 2020
Seminar #8
08:30-11:45Special Half Day DarkNet Seminar
by Andrew Lewman, Vice President, DarkOWL and Former Executive Director, The TOR Project08:30-09:15
Indexing the dark net – how do you catalog and search something that is not meant to be easily scrubbed? What's possible?09:15-10:00
Case studies / examples in dark net investigations – de-anonymizing examples / approaches / best practices / lessons learned.
11:00-11:45
Future directions - what's next in dark net infrastructure, dark markets and investigation implications
This one-hour session will explore the protection of weak points and future proofing banks against cyber-attacks.Seminar #9
13:00-14:00Understanding "Defeating Encryption" with Quantum Computing for Non-Engineers
Presented by: Jerry Lucas, (Ph.D, Physics) President, TeleStrategiesThis one hour, session is for cyber security executives and specialists who have the responsibility of assessing the lead time they have before deploying quantum safe cryptography solutions but don't have a technical background. If you believe nation state security agencies are developing quantum computing to decrypt your past and future intercepted transmission sessions, this high-level webinar should be a must attend briefing.
And to do this you need to understand how a quantum computing circuit works when designed for the sole purpose of defeating public key encryption.Seminar #10
13:00-14:00Top 20 Open Source Tools (OSINT) Used in Cybercrime Investigations
Presented by: Mark Bentley, Communications Data Expert, National Cyber Crime Law Enforcement, UK PolicePre-Conference Sessions Description At The End of Agenda PostinG
Thursday, 10 December 2020
Welcoming Remarks
8:15-8:30 Tatiana Lucas, ISS World Program Director, TeleStrategies
8:30-9:00
Top Ten Internet Challenges Facing Law Enforcement and the Intelligence Community and Who at ISS World Europe has Solutions
Dr. Jerry Lucas, President, TeleStrategies
ISS World Europe Exhibit Hours:
Thursday, 10 December 2020
10:00-18:15
Friday, 11 December 2020
10:00 -14:00
Track 1: Lawful Interception and Criminal Investigation Training
This track is for Telecom Operators and Law Enforcement/Intelligence/Defense Analysts who are responsible for specifying or developing lawful intercept network infrastructure.
Wednesday, 9 December 2020
14:15-15:05 Session A
Accelerating investigation workflows with specially designed IT-forensic laboratories
Presented by mh Service GmbH14:15-15:05 Session B
Memento Labs, the evolution of lawful 360˚ remote surveillance
Presented by Memento Labs14:15-15:05 Session C
The CY4GATE integrated Cyber-Intelligence solution
Providing Law Enforcement and Intelligence agencies with a “target centric” approach that allows to control and combine together in real-time all the information retrieved by the target under surveillance, levering on multiple class of active and passive sensors.
Presented by CY4GATE15:25-16:15
How Far States have to go to Secure the Net
-What is Regulatory Compliance / Digital Enforcement
-Why do governments need such solutions
-What are countries doing about it (use cases from the public sources)
Joseph Dadon, VP Sales, Allot16:30-17:20 Session A
SSL/TLS Interception Workshop
Vladimir Vesely (Ph.D., Computer Science) Researcher, Brno University of Technology16:30-17:20 Session B
Enhancing Lawful Interception with the Five Elements of Cyber Law Enforcement
Criminal and terror organizations are using cyberspace to enhance operations and grow globally. Increased sophistication and the large variation of information channels are stretching intelligence agencies and police resources. Understanding the elements of Cyber Law Enforcement and efficiently utilizing them is key to the effective interception of outlaw activities.
Presented by TokaThursday, 10 December 2020
09:00-10:00 Session A
Lawful Interception and Communication Data, Current & Future Challenges: Mobile, Cyber Security, Virtualization and AI - An industry view
Alex Leadbeater, 3GPP SA3-LI and ETSI TC Cyber Chairman and Head of Global Obligations Future and Standards, BT Security09:00-09:30 Session C
Things to Consider When Choosing a Modern Lawful Interception Monitoring Center
Presented by Verint09:30-10:00 Session B
Optical Network Access, Visibility and Recording for 100Gbps and Beyond
Presented by LumacronFriday, 11 December 2020
11:45-12:30
Overview of CC-Driver and RAYUELA Projects for Recognizing Human Factors and Drivers of Young Cybercriminality
Rubén Fernández, Àrea de Protecció Ciutadana, Valencia Local Police13:00-14:00
Understanding "Defeating Encryption" with Quantum Computing for Non-Engineers
Presented by: Jerry Lucas, (Ph.D, Physics) President, TeleStrategies
Track 2: LEA, Defense and Intelligence Analyst Product Demonstrations
This track is only open to Law Enforcement, Public Safety and Government Intelligence Community Attendees.
Wednesday, 9 December 2020
08:30-09:20 Session A
The Wide Area Network vs. Moore's Law: Generating IP Intelligence at 100G and beyond
Gene Litt, CTO, NetQuest09:25-10:15 Session A
Carrier in Carrier Analysis: Determine the impact of Carrier in Carrier technology on your satellite monitoring capabilities
Presenting the challenges posed by Carrier in Carrier technologies and VASTech’s approach to the analysis of Carrier in Carrier signals and the separation of Symmetrical and Asymmetrical Carrier in Carrier Signals.
Presented by VASTech09:25-10:15 Session B
TOVEK - creating missing knowledge from disparate information sources
Presented by Tovek10:35-11:25 Session A
NEW METHODS AND TOOLS DESIGNED FOR LAW ENFORCEMENT AGENCIES FOR ADVANCED CRIMINAL INVESTIGATION
In this presentation, potential new technologies will be presented to help law enforcement agencies in their day-to-day law enforcement tasks. The focus of the session will be on practical use cases and scenarios for prosecution, that also takes future technological developments into account.
Presented by Utimaco10:35-11:25 Session B
Efficient Cryptanalysis Infrastructure - Doing More with Less
Presented by SciEngines11:30-12:20 Session A
Different Intelligence Sources combined under a single analytical platform – an innovative approach
Presented by Gamma Group11:30-12:20 Session B
Product Demonstration Session
Presented by BAE Systems AI13:20-14:10 Session A
ATIS PANDORA - simplify investigation with one platform
Presented by ATIS13:20-14:10 Session B
New experience gained from Voice Biometrics and Speech Analytics deployments
Presented by Phonexia14:15-15:05 Session A
Cyber Intelligence in Our Increasingly Privacy & Security Conscious Environment
Presented by Wintego14:15-15:05 Session C
Commercial SIGINT - unrestricted, global and large-scale accurate geo-monitoring and profiling of connected devices
VP Sales and Marketing, GeoGence15:25-16:15 Session A
The Role and Importance of Covert Communication in Data Transmission
Presented by Vlatacom15:25-16:15 Session B
How to transform network data into intelligence in spite of encrypted and obfuscated IP traffic
Presented by Rohde Schwarz16:30-17:20
Session Title TBA
Presented by ClearTrail TechnologiesThursday, 10 December 2020
09:00-10:00 Session A
Setting standards in Cyber Technology & Defense
Presented by NSO Group
09:00-09:30 Session C
NEO. Targeted Mission-Based Investigation
Presented by FinFisher09:00-10:00 Session D
Industry Secrets of end-to-end data Collection and Analysis: How technology is changing everything and what you need to do, now!
Presented by BAE Systems AI09:30-10:00 Session B
Collection in a privacy driven era: We mapped out the collection options
Presented by Verint09:30-10:00 Session C
WiFi Intelligence Gathering - A Key Piece of the Strategic Intelligence Puzzle
Presented by FinFisher
13:00-13:45 Session A
Advanced Tactical Interception and Data Extraction Vectors
Presented by Merlinx13:00-13:45 Session B
Digital Toolbox: the investigator’s best friend
Presented by AREA13:00-13:45 Session C
A Safe Landing based approach to Sensitive and Urban Scenario Counter-Drone Defense
Presented by D-Fend13:45-14:30
Automating forensic Speaker Recognition for Cyber Crime units
Presented by ATIS15:00-15:45 Session A
LIMS, only black box! Or can it bring additional value to LEAs?
Presented by Sedam15:00-15:45 Session B
Making the analyst smarter with Intellexa’s Insight
The art of extracting meaningful intelligence from a multitude of sources and vast amounts of data
Presented by Advanced Systems15:45-16:30
Encrypted or not - every IP-packet tells a story
Mark Uldahl, CTO, XCI A/S16:30-17:15 Session B
Illuminating the Dark - Technologies for Unmasking Darknet Criminals
Presented by FinFisher16:30-17:15 Session C
Live Demo. Real Investigation, from OSINT and exfiltration to active cyber security tools (Cyberwarfare).
How to follow the targets in the cyberspace and exfiltrate information, finally using Thor Hammer to neutralize their connected systems.
Presented by MOLLITIAM CYBERINTELLIGENCEFriday, 11 December 2020
08:30-09:15 Session A
Guess who is using THAT App in your Country. Metadata as IP Intelligence
Presented by AREA08:30-09:15 Session B
Fibre Signal Analysis: What intelligence value does a fibre link contain?
Presenting VASTech’s approach to Signal Analysis, Protocol Analysis, Application Classification, Metadata Exploration and Content Evaluation on fibre optic links on a single platform. Enabling agencies to obtain maximum value by understanding the content of a fibre and capturing the useful information.
Presented by VASTech09:15-10:00 Session A
Taking advantage of technology breakthroughs to advance your investigations
As investigations rely on more digital sources and digital data, investigators become overwhelmed by the volume and complexity, making it even more difficult to pinpoint critical case evidence. Learn how you can leverage Artificial Intelligence and Machine Learning to advance your investigation, find critical insights and accelerate the time to evidence.
Muna Assi, Senior Product Marketing Manager, Cellebrite09:15-10:00 Session B
Practical and creative example of modifying Android OS by HEX editing system files, and having regular applications to achieve surveillance.
Denis Cuculic, CEO ex. Head of Technical Department, PRO4SEC11:00-11:45 Session A
trovicor’s best kept secret – The whole truth about the Intelligence Platform
Presented by Trovicor11:00-11:45 Session B
Following the black rabbit - Advanced targets monitoring
Presented by Memento Labs
Track 3: Social Network Monitoring, Artificial Intelligence and Analytics Product Training
Sessions in this track are only open to Law Enforcement, Public Safety and Government Intelligence Community Attendees, unless marked otherwise.
Wednesday, 9 December 2020
08:30-09:20 Session A
Massive Social Media data collection and analysis for Counter-Terrorism Intelligence Activities
Presented by IPS09:25-10:15
WhatsApp, Telegram, Facebook...how IPS helps you to locate most wanted targets with LI
Presented by IPS11:30-12:20
Using AI-based Risk Scoring for Multi-source Target Acquisition and Prioritization
Presented by Simulation Software & Technology, S2T13:20-14:10 Session A
Combating Threats with Advanced AI-Driven Technologies – Leveraging open source data to anticipate and prevent future attacks
Presented by Voyager Labs13:20-14:10 Session B
SCOPE Product – A Real Life Scenario (demo)
Presented by Innosystec14:15-14:40 Session A
Combating Threats with Advanced AI-Driven Technologies – Leveraging open source data to anticipate and prevent future attacks
Presented by Voyager Labs14:15-14:40 Session B
Automatic Exploitation of Social Network, Deep and Dark Web to complement traditional Lawful Interception Infrastructure for Target Profiling.
Presented by IPS14:40-15:05 Session B
Machine Learning in a Command and Control Centre for covert field operations and situation awareness
Presented by IPS15:25-16:15 Session A
How social media platforms are limiting the API approach and advanced DB queries
Presented by Verint15:25-16:15 Session B
Multimedia Monitoring and Forensics Laboratory
Presented by Everis16:30-17:20 Session A
The hype of AI usage in intelligence is facing multiple challenges
Presented by Verint16:30-17:20 Session C
Uncovering Intelligence on Messaging Apps
How to track and profile cyber criminals using large sources of data collected on mobile messaging apps
Liran Sorani, Cyber Business Unit Manager, Webhose.io
Thursday, 10 December 2020
09:00-10:00
Tactical Web Intelligence (WEBINT) & Social Engineering: Gathering Actionable Intelligence via a powerful WEBINT platform
Presented by Cobwebs Technologies13:00-13:45 Session A
Global Terror Butterfly Effect: Social Network and Real Time Threat Analysis of Lone Wolves Terrorism
Presented by Cobwebs13:00-13:45 Session B
Propaganda 4.0: is fake news really so new? A Journey through the various ways in which media is used
Presented by Gamma Group13:00-13:45 Session C
Using ML, device fingerprinting (not just IP addresses) and tactical fiber systems to detect threats and anomalies in mass IP data. A discussion with use cases on sophisticated rule based systems.
Presented by Vehere13:00-13:45 Session C
SCOPE Product – Prevent and Predict
Presented by Innosystec13:45-14:30 Session A
Discover the Unknowns of the Digital Sphere
Presented by Ultra13:45-14:30 Session B
Follow the digital traces in social media- approaches and best practices to leverage the potential of cloud data in your investigations
As more people spend time on social applications, investigations today require data that resides beyond the mobile device. We will explore technologies that can help you effectively surface evidence from public and private domain data, in cloud-based applications, services and web pages to identify suspects and solve cases fast.
Muna Assi, Senior Product Marketing Manager, Cellebrite15:00-15:45 Session A
Unlocking the full potential of speech technologies to transform OSINT and COMINT
Presented by Vocapia15:00-15:45 Session B
trovicor’s best kept secret – The whole truth about the Intelligence Platform
Presented by Trovicor15:00-15:45 Session C
Transforming Investigations & Risk Assessment with Artificial Intelligence
Presented by Voyager Labs15:45-16:20
Session Title TBA
Presented by ClearTrail Technologies16:30-17:15
Gens.AI, the Cyber Humint solution that can automate the management of virtual identities
Starting from the digital profile creation and its background maintenance, to the execution of under-cover operations on the Internet.
Presented by CY4GATEFriday, 11 December 2020
08:30-09:15 Session A
Transforming Investigations & Risk Assessment with Artificial Intelligence
Presented by Voyager Labs08:30-9:15 Session B
ATIS PANDORA - fast visualization, analysis and fusion of large data sets from different sources
Presented by ATIS09:15-10:00 Session A
SCOPE Product – Bringing Data to Life
Presented by Innosystec09:15-10:00 Session B
How to Protect the Status of Data Traffic Without Changing the Status Quo
-DPI as a starting point (watch the network)
-Application Control and Network Management
-Network Security and Traffic Prioritization
Joseph Dadon, VP Sales, Allot09:15-10:00 Session C
Social Links for Social Media and Open Source intelligence and investigations
Presented by Social Links11:00-11:45 Session A
Using ML, device fingerprinting (not just IP addresses) and tactical fiber systems to detect threats and anomalies in mass IP data. A discussion with use cases on sophisticated rule based systems.
Presented by Vehere11:00-11:45 Session B
AI-based Language Technology Solutions to Handle Multi-language OSINT & COMINT
Presented by SYSTRAN13:00-14:00
Top 20 Open Source Tools (OSINT) Used in Cybercrime Investigations
Mark Bentley, Communications Data Expert, National Cyber Crime Law Enforcement, UK Police
Track 4: Threat Intelligence Gathering and Cyber Security Product Training
This track is only open to Law Enforcement, Public Safety and Government Intelligence Community Attendees
Wednesday, 9 December 2020
9:25-10:15
Live Demo. Real Cyberoperation, invisible control of Android smartphones, Windows/macOS systems and Clouds (hijacking).
Live Demo of the latest technology used to take invisible control of target systems, and lessons learned in tactical operations in the Cyberspace.
Presented by MOLLITIAM CYBERINTELLIGENCE10:35-11:25
The Matrix Concept – Combining forward-thinking intelligence tools and proven workflows to assemble a coherent intelligence picture (LIVE DEMO)
Presented by Rayzone Group
13:20-14;10
Disrupt cyber threats by unmasking your adversaries
Presented by 4iQThursday, 10 December 2020
13:00-13:45
Hushmeeting: creating an iron-clad and quantum-safe communication environment
Presented by Feedback Italia15:00-15:45
Router based interception – redefining remote monitoring by infiltrating targeted LAN networks (LIVE DEMO)
Presented by Rayzone Group15:45-16:30
Encrypted & Evasive Traffic: New Visibility with Next-Generation DPI
As cyber attacks become increasingly sophisticated, the effectiveness of detection and investigation capabilities depends more and more on the quality, detail and accuracy of the network traffic information delivered for threat analytics. Discover a new generation of DPI sensors, enriched with flow analytics and advanced data mining techniques, capable of delivering critical visibility into encrypted traffic to support triage for decryption, advanced analytics, anomaly detection and forensics. The sensors can also detect and extract data about traffic using evasive techniques, such as VPNs, anonymizers, covert communications channels, complex tunneling, domain fronting, traffic/file spoofing, etc., and provide data that can be leveraged to identify users and locate devices.
Sebastien Synold, Product Manager, Qosmos DPI Business Unit, ENEAFriday, 11 December 2020
08:30-09:15
Worldwide Virtual SIGINT – monitoring digital footprint in order to anticipate and prevent evolving threats (LIVE DEMO)
Presented by Rayzone Group
Track 5: Investigating DarkWeb, Bitcoin, Altcoin and Blockchain Transaction
This track is for law enforcement and private enterprise investigators who have to monitor and investigate the DarkNet along with Bitcoin transactions associated with criminal activities
Note: Some sessions are only open to LEA and Government. These sessions are marked accordingly.
Wednesday, 9 December 2020
10:35-11:25
Cybercurrency 101: What Technical Investigators Need to Know about Bitcoin and Altcoin Transactions, Dark Web Commerce and Blockchain Analysis
Matthew Lucas (Ph.D, Computer Science), VP, TeleStrategies13:20-14:10
Automated data collection and normalization from clearnet, darknet and deep web sources
Presented by Kofax14:15-15:05
Live Demonstration of DarkOwl Vision: Darknet Intelligence Discovery and Collection
David Alley, CEO, DarkOWL FZE
(THIS SESSION IS ONLY OPEN TO LEA AND GOVERNMENT ATTENDEES)15:25-16:15
Offline Darknet web-crawling with the Web-I-Qube
Presented by mh-Service GmbH
(THIS SESSION IS ONLY OPEN TO LEA AND GOVERNMENT ATTENDEES)16:30-17:20
Identifying Darknet Suspects: When Law Enforcement Hacks
Presented by SearchlightThursday, 10 December 2020
15:45-16:30
Profile, target and investigate the Darknet. Reinventing traditional HUMINT in the Digital Era
Presented by AREA
(THIS SESSION IS ONLY OPEN TO LEA AND GOVERNMENT ATTENDEES)Friday, 11 December 2020
08:30-09:15 Session A
Indexing the dark net – how do you catalog and search something that is not meant to be easily scrubbed? What's possible?
Andrew Lewman, Vice President, DarkOWL and Former Executive Director, The TOR Project08:30-09:15 Session B
Hunting Down Cryptocurrency Users
Vladimir Vesely (Ph.D., Computer Science) Researcher, Brno University of Technology09:15-10:00 Session A
Case studies / examples in dark net investigations – de-anonymizing examples / approaches / best practices / lessons learned.
Andrew Lewman, Vice President, DarkOWL and Former Executive Director, The TOR Project11:00-11:45 Session A
Future directions - what's next in dark net infrastructure, dark markets and investigation implications
Andrew Lewman, Vice President, DarkOWL and Former Executive Director, The TOR Project11:00-11:45 Session B
Decentralized Finance, Terrorist Fundraising, and Money LaunderingDuring this session, we will take a deep dive into Decentralized Finance, also known as DeFi, and how the different projects and products can directly aid money laundering and fundraising for terrorists and criminal elements. You will learn what open money is and why the rise of DeFi will provide a significant advantage to terrorists in the effort of fundraising and money laundering
You will learn how Smart Contracts work, why they are Essential for DeFi, how terrorists can use them for fundraising. You will know how to search for them, and what to look for during your investigation. You will learn about the weak points of DeFi and how they can be an advantage during your investigation.
Furthermore, you will see a live demonstration of how terrorists use DeFi products bypassing KYC using DeFi, DEX, and Swaps during this session. You will also learn how terrorists and criminal elements can gain interest on their funds using DeFi products.
Karhrman Ziegenbein, Managing Partner, Tomoco Discovery13:00-14:00
Follow the Cryptocurrency trail to trace the next terrorist
Presented by Verint
Track 6: Mobile Signal Intercept Product Training and Demonstrations
This track is for Law Enforcement, Interior Security and the Government Intelligence Community who must work with cellular and mobile satellite operators regarding mobile location, electronic surveillance and RF intercept.
This track is only open to Law Enforcement, Public Safety and Government Intelligence Community Attendees.Wednesday, 9 December 2020
8:30-9:20 Session A
SCPC/VSAT Interception in CiC/CuC Scenarios
Presented by Rohde Schwarz8:30-9:20 Session B
Understanding Mobile 2G, 3G, 4G and 5G Infrastructure, Intercept and Cryptography
Dr. Jerry Lucas, President, TeleStrategies10:35-11:25
VSAT Networks: Tactical and Strategic Threat Detection and Geolocation
Presented by Kratos11:30-12:20
Latest techniques of detecting and neutralizing IMSI Catchers and Wi-Fi monitoring systems
Presented by NeoSoft13:30-14:10
Real-time identification and geo-location in mobile networks: how to identify and get, in real-time, the accurate position of a handset in a mobile network
Presented by Evistel15:25-16:15 Session B
Hiding from SIGINT - mobile network approach
Presented by MACRO-SYSTEM16:20-17:20
Distributed IMSI Catching & Private networks
Nick Johnson, CTO & Head of PLM, IP AccessThursday, 10 December 2020
09:00-10:00
Empowering field intelligence teams – how Intellexa combines native 3G/4G interception and long range WiFi interception to make field cyber operations more successful than ever
Presented by Intellexa13:45-14:30 Session A
Strategic intelligence to follow trends and reveal hidden targets
Presented by Advanced Systems13:45-14:30 Session B
Breaking the borders of tactical cyber-intelligence
Presented by Jenovice15:00-15:45
Next-generation IMSI Catcher with public number detection: overview of latest developments and trends
Presented by NeoSoft15:45-16:30
Providence Training Academy
Presented by ProvidenceFriday, 11 December 2020
08:30-09:00
Mobile Radio Analysis Solutions with 5G for Government
Presented by Rohde Schwarz11:45-12:30
Seeing Beyond - Groundbreaking Intelligence Gathering Platform for the IoT Landscape
The IoT landscape is the fastest-growing part of the digital landscape. Groundbreaking intelligence software presents a breakthrough in intelligence gathering, to enhance investigations, operations, and emergency situations, all of which are extremely necessary for the post-COVID-19 era. The presentation will be followed by a product demo.
Presented by Toka
Track 7: Electronic Surveillance Training and Product Demonstrations
This track is for law enforcement investigators and the government intelligence community who are responsible for deploying video, audio and GPS surveillance products and only open to Law Enforcement, Public Safety and Government Intelligence Community Attendees.
Wednesday, 9 December 2020
8:30-9:20
Intelligent Connections - Gathering Intelligence from IoT Made Simple
Presented by Interionet9:25-10:15
Taking Control with Drone Takeover C-UAS technology for sensitive and urban environments
Presented by D-Fend11:30-12:20
A new paradigm for covert audio surveillance in large areas
Presented by Commesh15:25-16:15
Waveguard’s border monitoring and control solutions
Presented by WaveGuardThursday, 10 December 2020
13:00-13:45
Simultaneous use of many Squarehead Audio recorders in complex and challenging acoustic environments.
Stig Nyvold, CEO, Squarehead Technology15:45-16:20
Seeing Beyond - Groundbreaking Intelligence Gathering Platform for the IoT Landscape
The IoT landscape is the fastest-growing part of the digital landscape. Groundbreaking intelligence software presents a breakthrough in intelligence gathering, to enhance investigations, operations, and emergency situations, all of which are extremely necessary for the post-COVID-19 era. The presentation will be followed by a product demo.
Presented by Toka
Track 8: 5G Lawful Interception Product Training
This track is open to all conference attendees.
Wednesday, 9 December 2020
9:25-10:15
Understanding 5G Network Core (NFV, SDN, EDGE Computing and Network Slicing) for Law Enforcement Investigators
Matthew Lucas (Ph.D, Computer Science), VP, TeleStrategies14:15-15:05
SIGINT in 5G - How to catch an IMSI
Sander de Jong, Group 200015:25-16:15
The challenges 5G brings to cellular Security & Surveillance
Nick Johnson, CTO & Head of PLM, IP Access16:30-17:20
Changing Needs for LEAs with 5G, Location and Encryption
Presented by SS8
Thursday, 10 December 2020
13:00-13:45
LAWFUL INTERCEPTION IN 5G MOBILE NETWORKS
This session will elaborate the needs and the challenges of lawful interception in current and future wireless networks. Network operators and law enforcement agencies will get practical advice and hear about best practice techniques for the implementation of LI in 5G networks.
Presented by Utimaco13:45-14:30
Challenges to consider when preparing for the 5G Lawful Interception Era
Presented by Verint15:00-15:45
LAWFUL INTERCEPTION OF ROAMING TARGETS (S8HR)
S8HR is recognized as the easiest LTE Roaming architecture to implement by many mobile operators. With all mobile traffic traversing the home network, there are lawful intercept limitations when monito- ring VoLTE calls of visiting roamers. In this session we will present solutions to meet these challenges.
Presented by Utimaco15:45-16:30
ETSI/3GPP LI/RD Standards Update
Alex Leadbeater, 3GPP SA3-LI and ETSI TC Cyber Chairman and Head of Global Obligations Future and Standards, BT Security
Carmine Rizzo, ETSI TC LI Technical Officer and 3GPP SA3LI Secretary, ETSI
Martin Kissel, ETSI TC LI Chairman and Coordinator Lawful Interception, Telefónica Germany15:45-16:30
Real World Interpretation of 5G LI Requirements and Implicatios for Carriers and LEAs with 5G
Presented by SS8
Training Seminars Led by Law Enforcment Officers and Ph.D Computer Scientists
Wednesday, 9 December 2020
Seminar #1
08:30-15:05Online Social Media and Internet Investigations
Presented by:Charles Cohen, Vice President at NW3C, the National White Collar Crime Center, Professor in Practice Criminal Justice, Indiana University and Retired Captain, Indiana State Police08:30-09:20
The role of Online Social Media OSINT in Predicting and Interdicting Spree Killings: Case Studies and Analysis09:25-10:15
OSINT and Criminal Investigations10:35-11:25
Metadata Exploitation in Criminal Investigations11:30-12:20
EXIF Tags and Geolocation of Devices for Investigations and Operational Security
13:20-14:10
Case Studies in Metadata Vulnerability Exploitation and Facial Recognition14:15-15:05
What Investigators Need to Know about Emerging Technologies Used to Hide on the InternetSeminar #2
08:30-15:05Practitioners Guide to Internet Investigations
Presented by: Mark Bentley, Communications Data Expert, National Cyber Crime Law Enforcement, UK PoliceThe aim of this 1-day seminar is to take the attendees from the basics of understanding the Internet,
how to find data, through to a full understanding of best practice of an Internet investigator, building their OSINT toolbox, and having awareness and knowledge of all the tools available to achieve this. It is aimed primarily at the investigator, delivered from the perspective of detective, to empower them to have the best methodology and tradecraft to profile and catch suspects.
This is exclusively Law Enforcement only, as Practical examples, covert and investigative methodology and tradecraft will be given throughout the seminar.08:30-09:20
The Internet, and how suspects leave a Digital Footprint. How the system works for us, as investigatorsHow it works. Why it works. How it works for us .How data traffic leaves a trace ; What the internet is; what is an IP and how is it significant to trace a person. IPv4 and IPv6 – understanding the changes- the benefits and pitfalls for the investigator. The internet has millions of copies of data on it - why, and where can we find this. Tracking and evaluating data. MAC adders tracking.
09:25-10:15
Recognizing Traffic Data and digital profiling via social networks and devices - digital shadowsWhat data is available. How to harvest and analyze it. Best practice to identify suspects and build profiles. Good practice, virtual data 'housekeeping' and tradecraft .Data collection and interrogation, significance and value. IP usage, exploitation and dynamics; IP plotting and analysis how to look for suspect mistakes and exploit them ( where they show their id). Dynamic approaches to identifying suspects through internet profiles. What investigators get from tech and service providers, and how to analyze it. Investigator capabilities and opportunities.
10:35-11:25
WIFI, geolocation, and Mobile Data traces and trackingA detectives look at Wi-Fi, attribution, cell site data, GPRS location services and technology. How an investigator can track devices, attribute suspects locations, devices and movement. Unique communication identifiers. Dynamic live time tracing. Geo location services and uses. Online Surveillance and tracking movement and speed.
11:30-12:20
Awareness of Emerging Technologies, Masking Tech and Tools, TOR and proxiesHow suspects are using emerging and new technologies.
An introduction to where technology is going, and how Law enforcement can use this to our advantages. dynamic and pro-active problem solving. Darknet, (Deep web) , TOR and IRC use. VOIP, Skype and FaceTime exploits. Advanced data sniffing and profile building. TOR systems, applications and ways to coax offenders out of the system.13:20-14:10
Advanced Techniques in Tracing Suspects, and lateral problem solvingUsing innovative and dynamic methods to trace offenders. Tricks used by suspects and how to combat them- Play them at their own game?. Covert internet investigations. Proxy servers and hiding. Managing collateral intrusion. Reverse and social engineering. Thinking outside the box. Lateral thinking. Possible missed opportunities. Profile building and manhunts through device footprints, speed and movement.
14:15-15:05
Open Source Tools, resources and techniques - A walk through my free law enforcement open source tools site"Just google it" doesn't work anymore. A look at good tradecraft, practice and methodology in profiling, tracking and tracing digital footprints and shadows on the internet, by means of best available tools. A look at a selection of 200+ tools available on Mark's open source law enforcement tools website, that search engines can’t see, with login and password provided during the session. Do's and do nots. Best tools for best results. When was the last time you 'googled' something in an investigation, and it returned 5 results, all specifically relating to your suspect? This session will teach you how.
Seminar #3
08:30-09:20Understanding Mobile 2G, 3G, 4G & 5G Infrastructure and Law Intercept for Technical Investigators
Presented by: Dr. Jerry Lucas, President, TeleStrategiesThis webinar addresses the infrastructure evolution of 2G to 3G to 4G to 5G and the impact on lawful interception. Specifically;
Network Architecture Evolution from 2G to 3G, 3G to 4G, 4G to 5G regarding radio technology (TDMA, CDMA, OFDM and MIMO), network core from CSFB to VoLTE and SS7 to Diameter.
Encryption, Target Identification and Location: SIM and eSIM cards, IMSI and Target ID, encryption algorithms (A3, A5, A8 and Ki) and basically how user authentication and traffic encryption is accomplished.
Target Location Tracking with CDR analysis, MAC address farming, MITM attacks, SS7 access, IMSI catchers and IT intrusion.
4G to 5G Transition Specifics Understanding 5G Non Stand Alone (NSA) vs. SA 5G, the IMSI catcher issue (myth vs. realities), 5G Cryptography (ECC, SUPI, SUCI), 5G target location enhancement and LTE/NR Internetworking and Co-existance.
5G Spectrum What can 5G deliver with mid vs. high frequency spectrum and what new spectrum bands are soon to be auctioned off
SA 5G Infrastructure Features: NFV, SDN, Edge/Cloud Computing and Network Slicing
Seminar #4
09:25-10:15Transitioning Lawful Interception Network Core Features from 4G to 5G: What's it Looking Like and Challenges Ahead
Presented by: Matthew Lucas (Ph.D, Computer Science), VP, TeleStrategiesCellular market analysts collectively have identified 5G services deployed in over 400 cities spread over 30 or so countries. The one common feature of all these operations is that they are providing 5G services with a 4G/5G hybrid network infrastructures or so called non-Stand Alone (NSA) architecture.
In reality lawful interception of non-standalone is not any different from 4G interception regarding new LI feature additions. The next LI challenge will be for 5G SA. This webinar addresses the technical challenges facing law enforcement, 5G operators and ISS vendors. Specifically the four transitions are:
- 5G Network Challenges Identifiers: How are law enforcement going to grab 1gbps traffic streams; backhaul to monitoring centers and filter non-important traffic of interest.
- 5G Edge Cloud Computing: How do you intercept on a 5G operators IT systems, deal with proprietary system protocols, e2e encryption and localized content
- 5G Virtual Network Core: How complicated will this be regarding LI, VoIP on virtual devices and what LI barriers has the IETF created
- 5G Network Slicing: Is this 5G feature restricted to private enterprises or will 5G MVNO’s provide public mobile wireless services, How will law enforcement interconnect with 5G OSS provisioning systems and what is the LI point of interconnection?
Seminar #5
10:35-11:25Cybercurrency 101: What Technical Investigators Need to Know about Bitcoin and Altcoin Transactions, Dark Web Commerce and Blockchain Analysis
Presented by: Matthew Lucas (Ph.D, Computer Science), VP, TeleStrategiesThis 101 training seminar is an introduction to Bitcoin, how the system is used to support criminal activities (e.g. Dark Web) and why technical investigators need to understand the basic Bitcoin transaction mechanism (Blockchain) to successfully defeat 21st century criminals and terrorist actions. Specifically, this introduction to Bitcoin for technical investigators addresses:
- Bitcoin Basics for Technical Investigators
- Understanding Bitcoin Infrastructure, Blockchain and Bitcoin Mining
- How Criminals and Terrorists Use TOR and Dark Web
- Bitcoin Cryptography Demystified (For Non-Math Majors)
- Popular Altcoins used by Criminals and the New Challenges Facing Law Enforcement
Seminar #6
11:30-12:20Understanding Advanced Techniques to Defeat (or Work Around) Encrypted Third Party Services, Bitcoin Anonymity, TOR/HS and iPhone Encryption
Presented by: Matthew Lucas (Ph.D, Computer Science), VP, TeleStrategiesYou can’t defeat today’s encryption (at least not that we know of) but law enforcement and the government intelligence community can “Work around encryption” for a price. Once you identify a target using commercially available encryption products or services (and with enough resources or money) government can defeat the target near 100% of the time.
This session:
- Analyses the top third party encrypted serves (Telegram, Silent Circle, WhatsApp, Skype, Viber,TOR, TOR/HS); the cryptography deployed; why criminals and terrorists choose one over the other; and related LI challenges.
- Presents the common techniques for defeating the encryption deployed in these services, and their success/weakness, including:
- Man in the Middle Attacks
- IT Intrusion (Installing Malware)
- Exploiting bugs in SSL/TLS
- Connecting the “metadata” dots between known targets and communication patterns
- Case studies working around third party encryption case studies, e.g. how was it done!
- TOR / DarkNets (TOR/HS)
- Bitcoin Traceback
- Mobile phone/encryption cracking
- Future Directions in cryptography presenting new challenges for law enforcement and the government intelligence community.
Seminar #7
16:30-17:15SSL/TLS Interception Workshop
Presented by: Vladimir Vesely (Ph.D., Computer Science) and Jan Pluskal, Researchers, Brno University of TechnologyThe presentation introduces methods for intercepting TLS/SSL connections. The focus is on man-in-
middle attack employing TLS/SSL proxy and other ways how to obtain session's private keys. Speakers will outline necessary theory (including the history of SSL/TLS framework design), well-known attacks (including OpenSSL Hearthbleed, Logjam or BEAST) and industry standard tools (such as Wireshark, NetFox Detective, Fiddler Proxy and SSL-Split). The session will also include a live demonstration of MitM attack on HTTPS connections enhanced with form-logging JavaScript injection. Participants will receive free of charge access to test-bed, which consists of real devices (and their traffic) including the prototype of our hardware probe decrypting SSL/TLS on-the-fly.Friday, 11 December 2020
Seminar #8
08:30-11:45Special Half Day DarkNet Seminar
by Andrew Lewman, Vice President, DarkOWL and Former Executive Director, The TOR Project08:30-09:15
Indexing the dark net – how do you catalog and search something that is not meant to be easily scrubbed? What's possible?09:15-10:00
Case studies / examples in dark net investigations – de-anonymizing examples / approaches / best practices / lessons learned.
11:00-11:45
Future directions - what's next in dark net infrastructure, dark markets and investigation implications
This one-hour session will explore the protection of weak points and future proofing banks against cyber-attacks.Seminar #9
13:00-14:00Understanding "Defeating Encryption" with Quantum Computing for Non-Engineers
Presented by: Jerry Lucas, (Ph.D, Physics) President, TeleStrategiesThis one hour, session is for cyber security executives and specialists who have the responsibility of assessing the lead time they have before deploying quantum safe cryptography solutions but don't have a technical background. If you believe nation state security agencies are developing quantum computing to decrypt your past and future intercepted transmission sessions, this high-level webinar should be a must attend briefing.
And to do this you need to understand how a quantum computing circuit works when designed for the sole purpose of defeating public key encryption.Seminar #10
13:00-14:00Top 20 Open Source Tools (OSINT) Used in Cybercrime Investigations
Presented by: Mark Bentley, Communications Data Expert, National Cyber Crime Law Enforcement, UK Police