ISS World Europe is the world's largest gathering of European Law Enforcement, Intelligence and Homeland Security Analysts as well as Telecom Operators responsible for Lawful Interception, Hi-Tech Electronic Investigations and Network Intelligence Gathering.
ISS World Programs present the methodologies and tools for Law Enforcement, Public Safety and Government Intelligence Communities in the fight against drug trafficking, cyber money laundering, human trafficking, terrorism and other criminal activities conducted over today's Telecommunications network, the Internet and Social Networks.
Track 1: Lawful Interception and Criminal Investigation Training
Track 2: OSINT Automation Training for Cyber Threat Detection
Track 3: Bitcoin, Blockchain, TOR and Dark Web Investigation Training
Track 4: Defeating Encryption and IT Intrusion Product Training
Track 5: LEA, Defense and Intelligence Analyst Product Demonstrations
Track 6: Social Network Monitoring, OSINT Automation and Big Data Analytics Training and Product Demonstrations
Track 7: Mobile Signal Intercept and Electronic Surveillance Product DemonstrationsPlus Special Law Enforcement Officer and Ph.D., Computer Scientist Led Training Sessions (Tuesday, 13 June 2017)
ISS World Agenda From 2016 ISS World Europe Program
ISS World Europe 2017
Agenda and Registration Link
Available March 13, 2017
Training Seminars Led by Law Enforcment Officers and Ph.D Computer Scientists
Tuesday, 7 June 2016
Seminar #1
09:00-17:15Online Social Media and Internet Investigations
Presented by Charles Cohen, Cohen Training and Consulting, LLC
Charles Cohen also holds the position of Commander, Cyber Crimes Investigative Technologies Section, Indiana State Police, USA09:00-10:00
The role of Online Social Media OSINT in Predicting and Interdicting Spree Killings: Case Studies and Analysis10:15-11:15
OSINT and Criminal Investigations11:30-12:30
Metadata Exploitation in Criminal Investigations13:45-14:45
EXIF Tags and Geolocation of Devices for Investigations and Operational Security15:00-16:00
Case Studies in Metadata Vulnerability Exploitation and Facial Recognition16:15-17:15
What Investigators Need to Know about Emerging Technologies Used to Hide on the InternetSeminar #2
9:00-17:15Practitioners Guide to Internet Investigations
Presented by: Mark Bentley, Communications Data Expert, National Cyber Crime Law Enforcement, UK Police
The aim of this 1 day seminar is to take the attendees from the basics of understanding the Internet, how to find data, through to a full understanding of best practice of an Internet investigator, having awareness and knowledge of all the tools available to achieve this. It is aimed primarily at the investigator, delivered from the perspective of detective, to empower them to have the best methodology and tradecraft to profile and catch suspects.
This is exclusively Law Enforcement only, as Practical examples, covert and investigative methodology and tradecraft will be given throughout the seminar.
09:00-10:00
The Internet, and how suspects leave a digital footprint10:15-11:15
Recognizing Traffic Data and digital profiling11:30-12:30
WIFI, geolocation, and Mobile Data traces13:45-14:45
Awareness of Emerging Technologies, Masking Tech and Tools, TOR and proxies15:00-16:00
Advanced Techniques in Tracing Suspects and lateral problem solving16:15-17:15
Open source tools, resources and techniquesSeminar #3
09:00-12:00Understanding ISS Technologies and Products Deployed in Telecommunications Networks and Monitoring Centers for Law Enforcement and Intelligence Analysts
Presented by: Dr. Jerry Lucas, President, TeleStrategies
This half-day seminar covers what law enforcement and intelligence analysts need to understand about today’s public telecommunications wireline and wireless networks as well as ISS technologies and products used to lawfully intercept electronic communications and conduct mass network surveillance as discussed at ISS World Conference sessions and by exhibitors.
9:00-10:00
Introduction to Wireline and IP Infrastructure and Related ISS Products for Lawful Interception and Mass Surveillance10:15-11:15
Understanding Mobile Wireless Infrastructure, and Related ISS Products for Lawful Interception and Mass Surveillance11:30-12:30
Understanding the Internet Over-the-Top (OTT) Services and Related ISS Products for Mass Intelligence Gathering and SurveillanceSeminar #4
13:45-14:45Understanding and Defeating Encryption, TOR and Dark Web Commerce
Presented by: Dr. Matthew Lucas, Vice President, TeleStrategies
This session covers how TOR is used to hide IP location of senders, HTTP log of files used and encrypt communications, TOR Hidden Services (Dark Web) and how to find Hidden Services and techniques for defeating TOR and encrypted services as used by criminals and terrorists.
- What's encryption, Where in the IP layer stack (2, 3, 4 and Applications) do you find encryption. Anonymity Services: Proxy Servers, VPNs and TOR
- How TOR hides IP addresses/identity/location
- TOR hosting, What is .ONION and content analysis
- "De-anonymizing" TOR: Investigation approaches, limitations and case studies
- Defeating Encryption Options: Brute force key cracking (?), force weak encryption, Man in the Middle (MITM) attacks and of course IT Intrusion Systems
Seminar #5
15:00-16:00Bitcoin 101: Introduction to What Technical Investigators Need to Know about Bitcoin Transactions, Dark Web Commerce and Blockchain Analysis
Presented by: Dr. Matthew Lucas, Vice President, TeleStrategies
This 101 training seminar is an introduction to Bitcoin, how the system is used to support criminal activities (e.g. Dark Web) and why technical investigators need to understand the basic Bitcoin transaction mechanism (Blockchain) to successfully defeat 21st century criminals and terrorist actions. Specifically this introduction to Bitcoin for technical investigators addresses:
- Bitcoin Basics for Technical Investigators
- Understanding Bitcoin Infrastructure, Blockchain and Bitcoin Mining
- How Criminals and Terrorists Use TOR and Dark Web
- Bitcoin Cryptography Demystified (For Non-Math Majors)
- Bitcoin 2.0 and the New Challenges Facing Law Enforcement
Seminar #6
16:15-17:15Bitcoin Interception Experience
Presented by: Vladimir Vesely, Researcher, FIT-BUT, Brno University of Technology
This session surveys interception options of the Bitcoin network. Namely, it investigates what kind of data may be collected from intercepted traffic of Bitcoin clients, miners and relevant services (online wallets, exchanges, payment gateways). Moreover, two real-life use-cases (involving Bitcoin fraud and ransomware) are presented together with the used methodologies.
Wednesday, 8 June 2016
Seminar #7
16:45-17:45TLS/SSL Decryption Workshop
Presented by: Jan Pluskal, Researcher, FIT-BUT, Brno University of Technology
The presentation introduces methods how to decrypt TLS/SSL connection. Focus is on man-in-middle attack employing TLS/SSL proxy and other ways how to obtain session’s private keys. Speaker will demonstrate how to decrypt intercepted traffic using open-source tools like Wireshark and NetFox Detective.
Thursday, 9 June 2016
Seminar #8
12:00-13:00(Anti)-forensic Features of Cryptocurrency
Presented by: Matej Gregr, Researcher, FIT-BUT, Brno University of Technology
The presentation will outline similarities and invariances between Bitcoin and other popular cryptocurrencies (including Litecoin, Dogecoin, Dashcoin, Ethereum, Ripple). Focus is on mixing (laundering), client data protection, transaction noise and other built-in services guaranteeing anonymity and confidentiality of cryptocurrency users.
Pre-Conference Sessions Description At The End of Agenda PostinG
Wednesday, 8 June 2016
Welcoming Remarks
8:15-8:30 Tatiana Lucas, ISS World Program Director, TeleStrategies
8:30-9:00
Top Ten Internet Challenges Facing Law Enforcement and the Intelligence Community and Who at ISS World Europe has Solutions
Moderator: Dr. Jerry Lucas, President, TeleStrategies
ISS World Europe Exhibit Hours:
Wednesday, 8 June 2016: 10:00 - 17:00
Thursday, 9 June 2016: 9:30 - 12:30
Track 1: Lawful Interception and Criminal Investigation Training
This track is for Telecom Operators and Law Enforcement/Intelligence/Defense Analysts who are responsible for specifying or developing lawful intercept network infrastructure.
Tuesday, 7 June 2016
13:45-16:00 Session A LI/RD Standards Update
Gerald McQuaid, Chairman, ETSI/TC LI
Alex Leadbeater, Chairman, 3GPP SA3LI
Carmine Rizzo, ETSI
Tony Rutkowski, VP Regulatory, Yaana Technologies13:45-14:45 Session B Designing the next generation of wireless equipment
Paul Beastall, Director, Technology Strategy, Wireless and Digital Services, Cambridge Consultants16:15-17:15 Universal and Complete LI Solutions for Telcos, ISPs and LEA
Presented by IskratelWednesday, 8 June 2016
9:00-10:00 Session A Current and Future Standardization Challenges: Encryption, Network Function Virtualization, Cloud Computing and More
Alex Leadbeater, Chairman, SA3 LI and EU Data Retention Compliance Manager, BT9:00-10:00 Session B Drone Interception and Mitigation
Expert Team Drone Interception Solutions Scan, Detect, Take Control and Mitigate the Risk Cause by Rogue Drones.
Edgardo Gonzales/Frankie Chan & Coach Chen, Expert Team9:00-9:30 Session C Mobile Forensics Solutions
Michel Berdah, Cellebrite9:30-10:00 Session C New trends in Voice Biometrics: Speaker clustering
Presented by Agnitio11:30-12:00 Data Retention for NAT (Network Address Translation)
Due to shortage of IPv4 addresses and security reasons, NAT is the de-facto standard for internet access of private customers.
But with NAT, only public IP addresses of an operator are visible to Law enforcement agencies, not the private IP addresses of subscribers.
To enable identification of subscribers communications data, retention of NAT-logging records is required. Otherwise, IP-based metadata
is worthless to LEAs. These requirements lead to specific challenges for the NAT and Data Retention infrastructure.
This presentation describes the fundamental requirements, technical challenges and the solutions developed by Utimaco (Telesoft and Utimaco) for a DRS of NAT.
Rudolf Winschuh, Utimaco TS Gmbh12:00-12:30 Accessing your targets’ data in the Cyber era
Tal Tchwella, Equus-Tech14:00-14:30 Session A Protecting sensitive LIMS information on external hardware security models (HSM)
Usually LIMS passwords are stored encrypted inside the database of the LIMS system and the keys to encrypt/decrypt the passwords are stored in wallets. As an additional security feature LIMS can connect to an external hardware security model (HSM), introducing hardware based encryption. A hardware security model stores the encryption keys on this HSM server and thus provides a higher level of security. Keys will never leave the HSM and all encryption/decryption operations are done inside the HSM only. The HSM has several additional security features which protect itself against unauthorized access.
Dirk Börgerding, Utimaco TS Gmbh14:00-15:00 Session B Real Time Intelligence Challenges: Managing masses of critical cellular information in real time
Ohad Lendner, Radcom14:30-15:00 Session A Advantages of Optical Transport Layer 1 Encryption
Presented by STORDIS GmbH15:30-16:00 Session A Understanding how Millennials (Gen Y) Communicate and the Impact these Communication Techniques Have on Exploiting Communications
Patrick Runyan, Business Development Manager, PenLink15:30-16:30 Session B Voice Biometry and Speech Analytics for Intelligence, LEA and Police Forces
Radim Kudla, Head of BD, Phonexia16:00-16:30 Session A 100GE network traffic interception
Denis Matousek, FPGA Product Manager, Netcope Technologies16:45-17:45 Secure voice communication with minimal interception probability
Miroslav Peric, PhD, R&D Institute, VlatacomThursday, 9 June 2016
8:30-9:00 It doesn't have to hurt
Meeting your global data retention and disclosure obligations with minimal business impact
Presented by CTG9:00-9:30 Connect to Anything and See Everything: 100% Visibility of next generation optical networks
Alan McDade, Founder & Chief Commercial Officer, Lumacron Technology10:30-11:00 Lawful Intercept and Investigatory Insights from the Internet of Things (IoT)
Curt Schwaderer, Yaana Technologies11:00-11:30 Actionable Intelligence with SDL Government Language Platform (SDL GLP)
Patrick Vanderper, SDLNote: Additional Lawful Interception and Criminal Investigation Product Training and Demonstrations Scheduled in Track 5
Track 2: OSINT Automation Training for Cyber Threat Detection
This track is for Intelligence Analysts and Law Enforcement agents who have to "connect the dots" between people, places and other entities by searching through massive amounts of unstructured data from various sources using visual analytics, semantic technologies, data mining, OSINT and other intelligence gathering tools and techniques
Tuesday, 7 June 2016
15:00-16:00 Finding Intelligence in Data with Network Visualization
Presented by Cambridge Intelligence16:15-17:15 Downloading the Internet: Smart Mass Collection
Presented by 3iMINDWednesday, 8 June 2016
14:00-14:30 Handling Multilingual Big Data with Automated Translation
Paul Doherty, SDL15:30-16:30 How can technology be an enabler in mitigating the threat posed by terrorists and criminals in present day Europe?
Presented by Chenega Corporation16:45-17:45 Beyond OSINT: Blending Online Surveillance of Targets with Multiple Other Sensors
Presented by S2TThursday, 9 June 2016
8:30-9:30 A Unique Collection of Internet-related Open Source Intelligence and How it can be Exploited
You’ll see a powerful collection of open source Internet intelligence data at work and see how some organizations use it to track cyber crime and enrich their existing tools to make sense of what is happening on the Internet related to your investigations. If cyber investigation is now part of your workload, you’re going to love this session and leave with lots of new ideas.
Presented by Packet Forensics10:30-11:30 Paris and Brussels: Lesson Learned and the Challenges for Industry
Professor Richard English, Chenega CorporationNote: Additional OSINT Automation Product Training scheduled in Track 6
Track 3: Bitcoin, Blockchain, TOR and Dark Web Investigation Training
This track is for Criminal Investigators, Interior Security and Private Enterprise Investigators who have to understand Bitcoin, Blockchain, TOR and Dark Web Transactions
Tuesday, 7 June 2016
11:30-12:30 (This session is only open to LEA and Government Attendees)
HIWIRE™ System: Accelerating Web Intelligence with a focus on Active Tools and Methods in the Deep Web and in Darknet
Presented by WebintPro15:00-16:00 Bitcoin 101: Introduction to What Technical Investigators Need to Know about Bitcoin Transactions, Dark Web Commerce and Blockchain Analysis
Dr. Matthew Lucas, Vice President, TeleStrategies16:15-17:15 Bitcoin Interception Experience
Vladimir Vesely, Researcher, FIT-BUT, Brno University of TechnologyWednesday, 8 June 2016
15:30-16:30 Blockchain Analysis: Best Investigation Practices
A case study focused presentation outlining the major threat actors and the anonymization techniques employed. Will step through some investigations outlining how to get leads in cases or look for corroborative evidence. Will step through some best practice when searching for Blockchain evidence, minimising the time wasted during an investigation. Will answer the important question on when to stop tracing and picking up wallet patterns in the blockchain.
Jonathan Levin, Co-Founder, ChainalysisThursday, 9 June 2016
12:00-13:00 (Anti)-forensic Features of Cryptocurrency
Presented by: Matej Gregr, Researcher, FIT-BUT, Brno University of Technology
Track 4: Defeating Encryption and IT Intrusion Product Training
This track is only open to Law Enforcement, Public Safety and Government Intelligence Community Attendees
Tuesday, 7 June 2016
9:00-10:00 FinFisher™:The End to End approach to Cyber Investigations
Presented by FinFisher10:15-10:45 Gaining Intelligence Value in Spite of Growing Encryption Challenges
Sophie Chetboun, Verint Systems10:45-11:15 Insights at a Glance - Digital Footprints as Unprecedented Sources of Intelligence
Moranne Yaari, Verint Systems11:30-12:30 Session A A World of Possibilities - Remote Exploitation of Smartphones and PCs
Presented by FinFisher11:30-12:30 Session B A Hybrid Tactical-Strategic Approach for Extracting Cyber Intelligence
Yuval Luria, VP Sales & Marketing, Wintego13:45-14:45 Session A Understanding and Defeating Encryption, TOR and Dark Web Commerce
Presented by: Dr. Matthew Lucas, Vice President, TeleStrategiesThis session covers how TOR is used to hide IP location of senders, HTTP log of files used and encrypt communications, TOR Hidden Services (Dark Web) and how to find Hidden Services and techniques for defeating TOR and encrypted services as used by criminals and terrorists.
- What's encryption, Where in the IP layer stack (2, 3, 4 and Applications) do you find encryption. Anonymity Services: Proxy Servers, VPNs and TOR
- How TOR hides IP addresses/identity/location
- TOR hosting, What is .ONION and content analysis
- "De-anonymizing" TOR: Investigation approaches, limitations and case studies
- Defeating Encryption Options: Brute force key cracking (?), force weak encryption, Man in the Middle (MITM) attacks and of course IT Intrusion Systems
13:45-14:45 Session B WOLF Profiling to Filter and Alert automatically unknown risky suspects and remotely inject and monitor target phones & system for actionable Intelligence
Presented by WOLF IntelligenceWednesday, 8 June 2016
9:00-10:00 Getting Real - OSINT and FinFisher™ in Day to Day Investigations
Presented by FinFisher14:00-15:00 Accelerated Cryptanalysis Infrastructure - Doing More With Less
Tim Pietruck, SciEngines GmbH15:30-16:30 In-Line tactical IP probing: practical demo and use cases from the field for passive/active interception and remote infection
Presented by RCS S.p.A.16:45-17:45 TLS/SSL Decryption Workshop
Jan Pluskal, Researcher, FIT-BUT, Brno University of Technology
Track 5: LEA, Defense and Intelligence Analyst Training and Product Demonstrations
This training is only open to Law Enforcement, Public Safety and Government Intelligence Community Attendees.
Tuesday, 7 June 2016
9:00-17:15 Practitioners Guide to Internet Investigations
Mark Bentley, Communications Data Expert, National Cyber Crime Law Enforcement, UK PoliceWednesday, 8 June 2016
11:30-12:00 Session A Generating new Intelligence from call data records
Presented by trovicor11:30-12:30 Session B Lawful Interception in 2016. Metadata Analysis on WhatsApp, Viber, Telegram, and other Encrypted Services together with new Standards of Voice Interception (VoLTE)
Presented by IPS11:30-12:30 Session C New Cutting-Edge Surveillance Tools from Hacking Team
Presented by Hacking Team12:00-12:30 Session A Identifying suspects through text analysis - An introduction to mass email monitoring
Presented by trovicor14:00-14:30 IP Address Resolution - Breaking the Anonymity of Network Address Translation
Leigh Porter, Yaana Technologies15:30-16:30 Session A IP Address Resolution in Mobile Data Networks
Steve Patton, Senior Product Manager, Telesoft Technologies15:30-16:30 Session B VITOK – 3X: Universal platform for Data Collection and Analysis
Roman Khokhlov, Head of Information Security Department, NORSI-TRANS16:45-17:15 Session A Advanced Intelligence Solution for Terrestrial Border Protection
Moshe Samoha, Verint Systems16:45-17:15 Session B How to Render the Ultimate Intelligence Gathering Tool Useless
Presented by Kaymera17:15-17:45 Advanced Cyber Solution for Protecting Your Digital Borders
Sophie Chetboun, Verint SystemsThursday, 9 June 2016
8:30-9:30 Session A Next generation LI-MC: extracting intelligence from Meta-Data with easy-to use DPI and Big Data analysis capabilities in a unique platform.
Presented by RCS S.p.A.8:30-9:30 Session B SDN Delivers Services Differentiation
Presented by STORDIS GmbH10:30-11:30 Session A "CONNECT THE DOTS" on a Right Click!
Agencies have multiple interception systems, crime records and identity databases in silos. A single view of a "Person of Interest" is missing…
What if you could bring data, tools and systems together on your Investigation Workbench?
Live Demonstration: Experience a seamless Investigation Workbench that assists investigators to collaboratively discover evidences, profile suspects, build stories and solve cases rapidly.
Sanjeev Sharma, Director of Engineering, ClearTrail Technologies10:30-11:30 Session B Voice Biometrics, a detailed insight into the operational aspects of the main uses cases - Tactical Analysis and Intelligence
Presented by Agnitio10:30-11:30 Session C Real-time target location tracking - How to generate alerts of suspicious movements
Presented by trovicor12:00-13:00 How to get many personal information quickly with Wifi?
Presented by Suneris
Track 6: Social Network Monitoring, OSINT Automation and Big Data Analytics Training and Product Demonstrations
This track is only open to Law Enforcement, Public Safety and Government Intelligence Community Attendees
Tuesday, 7 June 2016
9:00-10:00 Session A "CONNECT THE DOTS" on a Right Click!
Agencies have multiple interception systems, crime records and identity databases in silos. A single view of a "Person of Interest" is missing…
What if you could bring data, tools and systems together on your Investigation Workbench?
Live Demonstration: Experience a seamless Investigation Workbench that assists investigators to collaboratively discover evidences, profile suspects, build stories and solve cases rapidly.
Sanjeev Sharma, Director of Engineering, ClearTrail Technologies9:00-10:00 Session B Facilitating the Analyst's Work through Automation of Deep and Dark Web Harvesting
Darius Heisig, VP of Sales - EMEA, Kofax from Lexmark
Diederik Quant, Sales Engineer, Kofax from Lexmark10:15-10:45 Session A OSINT Labs from an empty building to a cornerstone of any intelligence organization
Presented by Gamma Group10:15-11:15 Session B When Artificial Intelligence Meets Security Intelligence: Introducing the 1st Deep Learning Solution in the Security Domain
Presented by Fifth Dimension11:30-12:30 Session A HIWIRE™ System: Accelerating Web Intelligence with a focus on Active Tools and Methods in the Deep Web and in Darknet
Presented by WebintPro11:30-12:30 Session B Developing national cyber capabilities through training
Sebastian Madden, PGI13:45-14:45 Session A Confronting the multi dimensional challenges of the new cyber world
Confronting the multi-dimensional challenges of the new cyber world
In the rising content-less world , locating and monitoring targets identities is almost impossible. Applications security , tunnel encryption and temporary IDs create a new era in which most of the information is broken and not uniquely related to identity . This challenge is even greater when you have to protect your organization from unpleasant "malware surprises" sent to you by your target. Today's zero-days might disappear tomorrow.
The key to solve this new 3d Puzzle is having a sophisticated Big Data analysis module that knows to generate new leads from the "Anonymous information" and crossing it with tactical capabilities to reconstruct the distinct identity. Live Demonstration : We will practice this methodology by analyzing an example based on Bitcoin using CYBERBIT'S Pattern analysis of anonymous transaction , crossing it with IP-related correlation and lawful hacking investigation process to identify the hidden target.
Presented by CyberBit13:45-14:45 Session B Capture and translate Social Media content with SDL GLP
George Bara, SDL15:00-16:00 Future Webint - it's all about automatic actionable analytics
Presented by MER Group16:15-17:15 Session A C&C, Data Amalgamation and 3D Data Analysis
Presented by JTOL16:15-17:15 Session B Use advanced analytics to rapidly generate intelligence from fused OSINT, Comms and Trusted data sources.
Presented by Wynyard Group
Wednesday, 8 June 2016
9:00-10:00 Session A The New Forensic Investigator Toolbox: from Tactical to Open Source Investigations
Emanuele Marcozzi, Presales Engineer, AREA9:00-10:00 Session B Using All-Source Analysis in Handling Real-Life Crises
M Alexander, Lead Architect, IntelligenceReveal, BAE Systems11:30-12:30 Live Demo: How to catch your target in YouTube - Using OSINT and biometric voice recognition
Presented by ATIS systems11:30-12:30 Session C OSINT for Real-Time Protection and Surveillance: Practical Insights
Presented by AGT NL, value added reseller for 3iMIND14:00-14:30 Session A Web Intelligence & Data Fusion - A Case Study of Global Terrorism in Europe
Moranne Yaari, Verint Systems14:00-14:30 Session B The Future of Crime Analysis: Empowering Law Enforcement Agencies with Artificial Intelligence
Presented by Fifth Dimension14:30-15:00 Session A Fighting Terror and Crime Resulting from Unmonitored Migrant & Refugee Arrivals in Europe
Moshe Samoha, Verint Systems14:30-15:00 Session B "Minority Report" Comes to Life: The Science of Crime Prediction
Presented by Fifth Dimension16:45-17:45 Session A Post Trojan Infiltration: The new Digital Undercover Agent.
Marco Braccioli, Senior Vice President, AREA
Emanuele Marcozzi, Presales Engineer, AREA16:45-17:45 Session B TA-9, Using big data analysis systems for solving past crimes in the present, understanding the patterns and managing intelligence tolls for preventing these crimes to happen again in the future.
Presented by Rayzone Group Ltd.16:45-17:15 Session D Identify ISIS Recruiters Hidden in the Data with Artificial Intelligence
Presented by Fifth Dimension17:15-17:45 Session D Predictive Intelligence in Action: Reveal Terror Threats before they Become a Reality
Presented by Fifth DimensionThursday, 9 June 2016
8:30-9:30 Session A Facebook, Gmail, Skype, WhatsApp... Communication goes encrypted! Get access to encrypted content in minutes. A new approach to the IP investigation, beyond the Lawful Interception without Hacking Capabilities
Presented by IPS8:30-9:30 Session B HIWIRE™ System: Accelerating Web Intelligence with a focus on automated target-based analytics and profile-driven surveillance
Presented by WebintPro10:30-11:30 Session A Multimedia/lingual OSINT exploitation to combat global terrorism
Presented by Gamma Group10:30-11:30 Session B Distributed Intelligence Production
Presented by TOVEK12:00-13:00 Session A Open Source Tools (OSINT) Used in Cybercrime Investigations
Mark Bentley, Communications Data Expert, National Cyber Crime Law Enforcement, UK Police12:00-13:00 Session B Enhanced Target Profiling tool with automatic exploitation of Open Source Information
Presented by IPS12:00-13:00 Session C Turning Social Networks Analysis into Intelligence and Social Engineering
Presented by RCS S.p.A.
Track 7: Mobile Signal Intercept and Electronic Surveillance Training and Product Demonstration
This track is for Law Enforcement, Interior Security and the Government Intelligence Community who must work with cellular and mobile satellite operators regarding mobile location, electronic surveillance and RF intercept.
This track is only open to Law Enforcement, Public Safety and Government Intelligence Community Attendees.
Tuesday, 7 June 2016
9:00-10:00 Border SIGINT Fence
Menachem Kenan, CEO, PICSIX LTD10:45-11:15 Session A Covert Surveillance - from the simple to the sophisticated
Presented by Gamma Group10:15-11:15 ARROWCELL, Protecting governmental Authorities against illegal active GSM interception systems
Presented by Rayzone Group Ltd.11:30-12:30 Data Fusion Platform and 4G-3G-2G Tactical Location Finder Sensor Integration
Presented by BTT13:45-14:45 Proliferation of Surveillance Techniques and Vulnerabilities in the Mobile Environment
Presented by Inpedio15:00-16:00 Session A Advanced analytics in mobile forensics-Empowering collaborative investigation environment with end-to-end forensic
Arnon Tirosh, Cellebrite15:00-16:00 Session B Future Proofing Tactical COMINT Systems
Presented by EXFO Homeland Security16:15-17:15 Session A Combined metadata anlytics from mass mobile, satellite and international gateway traffic: Challenges and Solutions
Presented by VASTech16:15-16:45 Session B IMSI grabbing in unconventional environments
Deployment of miniaturised IMSI grabbing systems in scenarios that are not traditionally suitable for large, vehicle based systems.
Neil Spencer, Sales Lead-Tracking, Tracking and Locating, DTCWednesday, 8 June 2016
9:00-10:00 Session A NeoSoft tactical solutions for Mobile monitoring.
GSM/3G/LTE IMSI catcher basics. Public number detection. Mass Emergency notification by SMS. Target localization for LEAs and Search & Rescue operations.
Presented by NeoSoft11:30-12:30 Session A Carrier In Carrier (Double Talk ®) Satellite Interception
Presented by Advanced Systems11:30-12:30 Session B Satellite monitoring explained, including solving the problem of VSAT interception
Presented by VASTech14:00-14:30 Session A Operationally focussed Covert Technical Surveillance & Intelligence Gathering Training Programs
Presented by Providence Europe BV14:00-15:00 Session B A Passive Radio System and Analytics Platform for Gaining Deep Insight from Public Wireless Signals
Passively collect and react to the presence of RF signals using a small form factor sensor. Automatically decode and analyze protocols to gain knowledge about individuals. Correlate sensor data (and where available, open source data) to build a pattern of life and uncover group affiliations. This session will include live demonstrations of real-world scenarios.
Presented by Packet Forensics14:00-15:00 Session C MTR-X, Using geolocation system for collecting info and intelligence on GSM target mobile phone.
Presented by Rayzone Group Ltd.14:30-15:00 Session A The Value for High Accuracy Mass Location
Olof Henricsson, Senior Vice President, Global Sales, Polaris Wireless15:30-16:30 Session B GSM Tactical Interception System for 3G and 4G
Presented by Advanced Systems15:30-16:30 Session C Mobile Phone Forensic and HDD Recovery, a new way?
Presented by Secure Information Management GmbH16:45-17:45 Session A Command and Control Center for Tactical Operations with Audio, Video and GPS in a Strategic Vision
Presented by IPSThursday, 9 June 2016
8:30-9:30 Session A Forensic Data Fusion Center: IPDR, CDR , Nat-Pat disambiguation and every external source in a single frame.
Marco Braccioli, Senior Vice President, AREA
Emanuele Marcozzi, Presales Engineer, AREA8:30-9:30 Session B Target Tracking and Surveillance with Gamma Eye
Presented by Gamma Group8:30-9:30 Session C Archer, Next Generation Positioning Sensor
Presented by Septier10:30-11:30 Session A Combined metadata analytics from mass mobile, satellite and international gateway traffic: Challenges and Solutions
Presented by VASTech10:30-11:00 Session B Protecting assets against off-air Interception and Jamming
Presented by CEPIA Technologies s.r.o.
Training Seminars Led by Law Enforcement Officers and Ph.D Computer Scientists
Tuesday, 7 June 2016
Seminar #1
09:00-17:15Online Social Media and Internet Investigations
Presented by Charles Cohen, Cohen Training and Consulting, LLC
Charles Cohen also holds the position of Commander, Cyber Crimes Investigative Technologies Section, Indiana State Police, USA9:00-10:00
The role of Online Social Media OSINT in Predicting and Interdicting Spree Killings: Case Studies and Analysis
This session is for criminal investigators and intelligence analysts who need to understand the impact of online social networking on how criminals communicate, train, interact with victims, and facilitate their criminality.10:15-11:15
OSINT and Criminal Investigations
Now that the Internet is dominated by Online Social Media, OSINT is a critical component of criminal investigations. This session will demonstrate, through case studies, how OSINT can and should be integrated into traditional criminal investigations.
11:30-12:30
Metadata Exploitation in Criminal Investigations
This session is for investigators who need to understand social network communities along with the tools, tricks, and techniques to prevent, track, and solve crimes.13:45-14:45
EXIF Tags and Geolocation of Devices for Investigations and Operational Security
Current and future undercover officers must now face a world in which facial recognition and Internet caching make it possible to locate an online image posted years or decades before. There are risks posed for undercover associated with online social media and online social networking Investigations. This session presents guidelines for dealing with these risks.15:00-16:00
Case Studies in Metadata Vulnerability Exploitation and Facial Recognition
While there are over 300 social networking sites on the Internet, Facebook is by far the most populous, with over 800 million profiles. It has roughly the same population as the US and UK combined, making it the third largest country by population. There are over 250 million images and 170 million status updates loaded on Facebook every day. This session will cover topics including Facebook security and account settings, Facebook data retention and interaction with law enforcement, and common fraud schemes involving Facebook.16:15-17:15
What Investigators Need to Know about Emerging Technologies Used to Hide on the Internet
Criminal investigators and analysts need to understand how people conceal their identity on the Internet. Technology may be neutral, but the ability to hide ones identity and location on the Internet can be both a challenge and an opportunity. Various methods of hiding ones identity and location while engaged in activates on the Internet, provides an opportunity for investigators to engage in covert online research while also providing a means for criminals to engage in surreptitious communication in furtherance of nefarious activities. As technologies, such as digital device fingerprinting, emerge as ways to attribute identity this becomes a topic about which every investigator and analyst may become familiar.Seminar #2
9:00-17:15Practitioners Guide to Internet Investigations
Presented by: Mark Bentley, Communications Data Expert, National Cyber Crime Law Enforcement, UK Police
The aim of this 1 day seminar is to take the attendees from the basics of understanding the Internet, how to find data, through to a full understanding of best practice of an Internet investigator, having awareness and knowledge of all the tools available to achieve this. It is aimed primarily at the investigator, delivered from the perspective of detective, to empower them to have the best methodology and tradecraft to profile and catch suspects.
This is exclusively Law Enforcement only, as Practical examples, covert and investigative methodology and tradecraft will be given throughout the seminar.
09:00-10:00
The Internet, and how suspects leave a digital footprint
How it works. Why it works. How data traffic leaves a trace ; What the internet is; what is an IP and how is it significant to trace a person. IPv4 and IPv6 – understanding the changes- the benefits and pitfalls for the investigator. The internet has millions of copies of data on it - why, and where can we find this. Tracking and evaluating data10:15-11:15
Recognizing Traffic Data and digital profiling
What data is available. How to harvest and analyse it. Best practice to identify suspects and build profiles. Good practice, virtual data ‘housekeeping’ and tradecraft .Data collection and interrogation, significance and value. IP usage, exploitation and dynamics; IP plotting and analysis how to look for suspect mistakes and exploit them ( where they show their id). Dynamic approaches to identifying suspects through internet profiles. What investigators get from tech and service providers, and how to analyse it. Investigator capabilities and opportunities.11:30-12:30
WIFI, geolocation, and Mobile Data traces
A detectives look at Wi-Fi, attribution, cell site data, GPRS location services and technology. How an investigator can track devices, attribute suspects locations, devices and movement. Unique communication identifiers . Dynamic live time tracing. Geo location services and uses. Online Surveillance and tracking movement and speed.13:45-14:45
Awareness of Emerging Technologies, Masking Tech and Tools, TOR and proxies
How suspects are using emerging and new technologies.
An introduction to where technology is going, and how Law enforcement can use this to our advantages. dynamic and pro active problem solving. Darknet, (Deep web) , TOR and IRC use. VOIP, Skype and FaceTime exploits. Advanced data sniffing and profile building. TOR systems, applications and ways to coax offenders out of the system.15:00-16:00
Advanced Techniques in Tracing Suspects and lateral problem solving
Using innovative and dynamic methods to trace offenders. Tricks used by suspects and how to combat them- Play them at their own game?. Covert internet investigations. Proxy servers and hiding. Managing collateral intrusion. Reverse and social engineering. Thinking outside the box. Lateral thinking. Possible missed opportunities. Profile building and manhunts through device footprints, speed and movement.16:15-17:15
Open source tools, resources and techniques
“Just google it” doesn't work anymore. A look at good tradecraft, practice and methodology in profiling, tracking and tracing digital footprints and shadows on the internet, by means of best available tools. A look at a selection of 200+ tools available on Mark’s open source law enforcement tools website, that search engines cant see, with login and password provided during the session. Do’s and do nots. Best tools for best results. When was the last time you ‘googled’ something in an investigation, and it returned 5 results, all specifically relating to your suspect? This session will teach you how.Seminar #3
09:00-12:00Understanding ISS Technologies and Products Deployed in Telecommunications Networks and Monitoring Centers for Law Enforcement and Intelligence Analysts
Presented by: Dr. Jerry Lucas, President, TeleStrategies
This half-day seminar covers what law enforcement and intelligence analysts need to understand about today’s public telecommunications wireline and wireless networks as well as ISS technologies and products used to lawfully intercept electronic communications and conduct mass network surveillance as discussed at ISS World Conference sessions and by exhibitors.
9:00-10:00
Introduction to Wireline and IP Infrastructure and Related ISS Products for Lawful Interception and Mass Surveillance
- Wireline Interception Points
- PSTN Interception: Content, CDRs and MetaData
- Lawful Interception: Telecom to Monitoring Center
- Mass Metadata Surveillance and SS7
- IP Network Basics: Why IP Layers 1 to 7 needs to be understood
- Internet Access: Landline, Mobile, WiFi and others
- Deep Packet Inspection (DPI) and Intelligent Probes
- Optical Network Probe Intercept
- No. 1 Future Wireline Intercept Challenge: Network Function Virtualization
10:15-11:15
Understanding Mobile Wireless Infrastructure, and Related ISS Products for Lawful Interception and Mass Surveillance
- Wireless Providers with Intercept Mandates and those with none
- Why Understand 2G, 3G, 4G and 4.5G Architecture need to be understood for Interception
- Wireless phone ID's and SIM cards
- Wireless Call Detail Record (CDR) Mining
- Wireless Data Services Option and Smartphone
- Cellular Roaming and Target Tracking with SS7
- Tracking and Location with IMSI Scanners and CDR Feeds
- Other Wireless Intercept: Satellite, Wi-Fi, WiMax and more
- No. 1 Future Wireless Intercept Challenge: True 4G and 4.5G
- ISS Products for Wireless Tracking Intercept and Mass Surveillance
11:30-12:30
Understanding the Internet Over-the-Top (OTT) Services and Related ISS Products for Mass Intelligence Gathering and Surveillance
- What's meant by Over the Top (OTT)
- Understanding IP Layering for Lawful Interception
- Internt Players and NSP/ISP/IXP Intercept Infrastructure
- Social Network and Web Monitoring Techniques
- VoIP (Skype & VUPEN) Intercept
- TOR and Dark Web Intercept
- Bitcoin and Blockchain Traceback for LEAs and Intel
- No. 1 Future Internet Intercept Challenge: Neew IETF Privacy Standard Initiatives
- ISS Products for OTT Tactical and Mass Surveillance
Seminar #4
13:45-14:45Understanding and Defeating Encryption, TOR and Dark Web Commerce
Presented by: Dr. Matthew Lucas, Vice President, TeleStrategies
This session covers how TOR is used to hide IP location of senders, HTTP log of files used and encrypt communications, TOR Hidden Services (Dark Web) and how to find Hidden Services and techniques for defeating TOR and encrypted services as used by criminals and terrorists.
- What's encryption, Where in the IP layer stack (2, 3, 4 and Applications) do you find encryption. Anonymity Services: Proxy Servers, VPNs and TOR
- How TOR hides IP addresses/identity/location
- TOR hosting, What is .ONION and content analysis
- "De-anonymizing" TOR: Investigation approaches, limitations and case studies
- Defeating Encryption Options: Brute force key cracking (?), force weak encryption, Man in the Middle (MITM) attacks and of course IT Intrusion Systems
Seminar #5
15:00-16:00Bitcoin 101: Introduction to What Technical Investigators Need to Know about Bitcoin Transactions, Dark Web Commerce and Blockchain Analysis
Presented by: Dr. Matthew Lucas, Vice President, TeleStrategies
This 101 training seminar is an introduction to Bitcoin, how the system is used to support criminal activities (e.g. Dark Web) and why technical investigators need to understand the basic Bitcoin transaction mechanism (Blockchain) to successfully defeat 21st century criminals and terrorist actions. Specifically this introduction to Bitcoin for technical investigators addresses:
- Bitcoin Basics for Technical Investigators
- Understanding Bitcoin Infrastructure, Blockchain and Bitcoin Mining
- How Criminals and Terrorists Use TOR and Dark Web
- Bitcoin Cryptography Demystified (For Non-Math Majors)
- Bitcoin 2.0 and the New Challenges Facing Law Enforcement
Seminar #6
16:15-17:15Bitcoin Interception Experience
Presented by: Vladimir Vesely, Researcher, FIT-BUT, Brno University of Technology
This session surveys interception options of the Bitcoin network. Namely, it investigates what kind of data may be collected from intercepted traffic of Bitcoin clients, miners and relevant services (online wallets, exchanges, payment gateways). Moreover, two real-life use-cases (involving Bitcoin fraud and ransomware) are presented together with the used methodologies.
Wednesday, 8 June 2016
Seminar #7
16:45-17:45TLS/SSL Decryption Workshop
Presented by: Jan Pluskal, Researcher, FIT-BUT, Brno University of Technology
The presentation introduces methods how to decrypt TLS/SSL connection. Focus is on man-in-middle attack employing TLS/SSL proxy and other ways how to obtain session’s private keys. Speaker will demonstrate how to decrypt intercepted traffic using open-source tools like Wireshark and NetFox Detective.
Thursday, 9 June 2016
Seminar #8
12:00-13:00(Anti)-forensic Features of Cryptocurrency
Presented by: Matej Gregr, Researcher, FIT-BUT, Brno University of Technology
The presentation will outline similarities and invariances between Bitcoin and other popular cryptocurrencies (including Litecoin, Dogecoin, Dashcoin, Ethereum, Ripple). Focus is on mixing (laundering), client data protection, transaction noise and other built-in services guaranteeing anonymity and confidentiality of cryptocurrency users.
