Agenda : 28 February - 2 March 2022
ISS World Middle East and Africa is the world's largest gathering of Regional Law Enforcement, Intelligence and Homeland Security Analysts, Telecoms as well as Financial Crime Investigators responsible for Cyber Crime Investigation, Electronic Surveillance and Intelligence Gathering.
ISS World Programs present the methodologies and tools for Law Enforcement, Public Safety, Government and Private Sector Intelligence Communities in the fight against drug trafficking, cyber money laundering, human trafficking, terrorism and other criminal activities conducted over today's telecommunications network, the Internet and Social Media.
Track 1: Lawful Interception and Criminal Investigation Training
Track 2: LEA, Defense and Intelligence Analyst Product Demonstrations
Track 3: Social Network Monitoring, Artificial Intelligence and Analytics Product Training
Track 4: Threat Intelligence Gathering and Cyber Security Product Training
Track 5: Investigating DarkWeb, Bitcoin, Altcoin and Blockchain Transaction
Track 6: Mobile Signal Intercept and Electronic Surveillance Training
Track 7: 5G Lawful Intercept, Tracking and Forensics Product Training
Plus Special Training Seminars lead by Law Enforcement Officers and Ph.D. Scientists
ISS World MEA Exhibits Schedule:
Tuesday, 1 March 2022
10:00-18:00
Wednesday, 2 March 2022
9:15-12:30
Training Seminars Led by Law Enforcement Officers and Ph.D., Computer Scientists
20 classroom training hours, presented by Law Enforcement Officers and Ph.D. Scientists
Charles Cohen, Vice President at NW3C, the National White Collar Crime Center, Professor in Practice Criminal Justice, Indiana University and Retired Captain, Indiana State Police
(6 classroom hours)Mark Bentley, Communications Data Expert, National Cyber Crime Law Enforcement, UK Police
(7 classroom hours)Jerry Lucas (Ph.D., Physics), President, TeleStrategies
(2 classroom hours)Matthew Lucas (Ph.D., Computer Science), VP, TeleStrategies
(3 classroom hours)Vladimir Vesely (Ph.D., Computer Science) Researcher, Brno University of Technology
(2 classroom hours)
Monday, 28 February 2022
Seminar #1
08:30-16:00Online Social Media and Internet Investigations
Presented by:Charles Cohen, Vice President at NW3C, the National White Collar Crime Center, Professor in Practice Criminal Justice, Indiana University and Retired Captain, Indiana State Police08:30-09:30
Cellular Handset Geolocation: Investigative Opportunities and Personal Security Risks09:45-10:45
Collecting Evidence from Online Social Media: Building a Cyber-OSINT Toolbox (Part 1)11:00-12:00
Collecting Evidence from Online Social Media: Building a Cyber-OSINT Toolbox (Part 2)13:00-14:00
Proxies, VPNs, and Dark Web: Identity Concealment and Location Obfuscation14:15-15:00
Tor, onion routers, Deepnet, and Darknet: An Investigator's Perspective15:15-16:00
Tor, onion routers, Deepnet, and Darknet: A Deep Dive for Criminal InvestigatorsSeminar #2
08:30-16:00Practitioners Guide to Internet Investigations
Presented by: Mark Bentley, Communications Data Expert, National Cyber Crime Law Enforcement, UK PoliceThe aim of this 1-day seminar is to take the attendees from the basics of understanding the Internet,
how to find data, through to a full understanding of best practice of an Internet investigator, building their OSINT toolbox, and having awareness and knowledge of all the tools available to achieve this. It is aimed primarily at the investigator, delivered from the perspective of detective, to empower them to have the best methodology and tradecraft to profile and catch suspects.
This is exclusively Law Enforcement only, as Practical examples, covert and investigative methodology and tradecraft will be given throughout the seminar.08:30-09:30
The Internet, and how suspects leave a Digital Footprint. How the system works for us, as investigators09:45-10:45
Recognizing Traffic Data and digital profiling via social networks and devices - digital shadows
11:00-12:00
WIFI, geolocation, and Mobile Data traces and tracking13:00-14:00
Awareness of Emerging Technologies, Masking Tech and Tools, TOR and proxies14:15-15:00
Advanced Techniques in Tracing Suspects, and lateral problem solving15:15-16:00
Open Source Tools, resources and techniques - A walk through my free law enforcement open source tools siteSeminar #3
08:30-09:30Understanding Mobile 2G, 3G, 4G & 5G NSA Infrastructure and Law Intercept for Technical Investigators
Presented by: Dr. Jerry Lucas, President, TeleStrategiesThis session addresses the infrastructure evolution of 2G to 3G to 4G to 5G NSA and the impact on lawful interception.
Seminar #4
09:45-10:45Transitioning Lawful Interception Network Core Features from 4G to 5G SA: What’s it Looking Like and Challenges Ahead
Presented by: Matthew Lucas (Ph.D, Computer Science), VP, TeleStrategiesCellular market analysts collectively have identified 5G services deployed in over 400 cities spread over 30 or so countries. The one common feature of all these operations is that they are providing 5G services with a 4G/5G hybrid network infrastructures or so called non-Stand Alone (NSA) architecture. This session addresses the transition to 5G stand alone. (Full description below Track 9)
Seminar #5
11:00-12:00Understanding Advanced Techniques to Defeat (or Work Around) Encrypted Third Party Services, Bitcoin Anonymity, TOR/HS and iPhone Encryption
Presented by: Matthew Lucas (Ph.D, Computer Science), VP, TeleStrategiesYou can’t defeat today’s encryption (at least not that we know of) but law enforcement and the government intelligence community can “Work around encryption” for a price. Once you identify a target using commercially available encryption products or services (and with enough resources or money) government can defeat the target near 100% of the time.
Seminar #6
13:00-14:00Locating and Tracking Devices by MAC Addresses and App-Based SDKs plus Privacy Measures by Apple & Google
Presented by: Matthew Lucas (Ph.D, Computer Science), VP, TeleStrategiesWednesday, 2 March 2022
Seminar #7
12:30-13:30Top 20 Open Source Tools (OSINT) Used in Cybercrime Investigations
Presented by: Mark Bentley, Communications Data Expert, National Cyber Crime Law Enforcement, UK PolicePre-Conference Sessions Description At The End of Agenda PostinG
ISS World MEA Exhibits Schedule:
Tuesday, 1 March 2022
10:00-18:00
Wednesday, 2 March 2022
9:30-12:30
Tuesday, 1 March 2022
Welcoming Remarks
8:15-8:30 Tatiana Lucas, ISS World Program Director, TeleStrategies Keynote
8:30-9:00 Top Ten Internet Challenges Facing Law Enforcement and the Intelligence Community and Who at ISS World Middle East and Africa has Solutions
Dr. Jerry Lucas, President, TeleStrategies
Track 1: Lawful Interception and Criminal Investigation Training
This track is for Telecom Operators and Law Enforcement/Intelligence/Defense Analysts who are responsible for specifying or developing lawful intercept network infrastructure.
Monday, 28 February 2022
14:15-15:05 Session A
Forensic Hardware Solutions to Help Accelerate Investigations
Lana Davitadze, MHC ServiceWednesday, 2 March 2022
8:30-9:15
Intercepting and Collecting Web Evidence in the Times of TLS1.3 and HTTP3.0
The end-to-end HTTPS encryption and the volatile nature of web content make any interception and collection of data on the Internet a challenge. The presentation introduces methods addressing both of these phenomena – intercepting TLS/SSL connections with the help of man-in-the-middle attack employing proxy and automatically creating snapshots of problematic web pages. Speakers outline necessary theory (including news about TLS 1.3, HSTS, HTTP3.0), well-known attacks (e.g., renegotiation, downgrade, cipherspec change, and others), and industry-standard tools for traffic analysis (such as Wireshark, Fiddler proxy, SSL-Split) and decoding (e.g., Selenium, Scrapy). The session will include a live demo of MitM attack on HTTPS connection enhanced with covert extraction of form data, which would be later used to periodically web scrape and archive protected content.
Vladimir Vesely (Ph.D., Computer Science) and Jan Pluskal, Researchers, Brno University of Technology8:30-9:15
World of IT-Forensic Solutions with bet integration
Mohamed Awad Alla, MHC Service12:30-13:30
Lightning Speed forensics with the world's fastest imaging solution, rapid field-triage tools and all-in-one digital investigations platform
Alex Kirk, MHC Service
Track 2: LEA, Defense and Intelligence Analyst Product Demonstrations
This track is only open to Law Enforcement, Public Safety and Government Intelligence Community Attendees.
Monday, 28 February 2022
08:30-09:20
The importance of search and knowledge graphs to Law Enforcement and Intelligence Investigations
Presented by Siren9:45-10:45
GeoGence - National level, non-intrusive and independent accurate geo-monitoring and profiling covering all connected devices and networks (3/4/5G and WiFi) globally
VP Sales and Marketing, GeoGence11:00-12:00
From Current Available Data to Who, What Where and When
We present Geostar, a turn-key solution that allows analysts to maximize the use of call detail records (CDR). By fusing geolocation data, available internal data bases, forensics and OSInt, we are able to quickly recreate past events performed by a person of interest, allowing analysts to discover life patterns, associates, movements, out of pattern behaviors and linking identities to phone numbers. Our system is widely used to investigate and capture large organized criminal groups, identifying members and areas of influence. Discover our 1-click functionality to easily and quickly create evidence reports to be presented during judicial processes.
Presented by Geostar13:00-14:00
All-Optical Switching as an enabling technology for Intelligence, Law Enforcement and Cyber Monitoring
Presented by HUBER+SUHNER Polatis14:15-15:00 Session A
Simplify investigation with one platform
Presented by ATIS14:15-15:00 Session B
Revolution in Audio Investigations
At this session, you will discover an extremely efficient way to investigate audio recordings with Phonexia Orbis Investigator. Get ready to see the world’s most advanced voice biometrics in action!
Adam Wright and Martin Brezik, Phonexia15:15-16:00 Session A
How 5G technology and design choices are changing LI requirements for law enforcement and service providers
Max Posthuma de Boer, Group 200015:15-16:00 Session B
Human weakness vs Device weakness
RCS offers innovative cyber tools designed to support legal investigation community to bypass encryption. The multifaceted conveyance approaches will be compared, highlighting the strengths and weaknesses starting from field experiences and tradecraft.
Paolo Funciniti, Pre Sales Engineer, RCS S.p.A.16:15-17:15 Session A
Leaving Simplistic Link Analysis Behind: The Rise of Fusing CDR, Geolocation and Multiple Data Sources
We show you how to take advantage of the information that you already have available in your agency, leveraging it in an expedite and actionable product for your decision maker and / or field operative team. Discovery leads that would not be visible to the analyst without our solution.
Presented by Geostar16:15-17:15 Session B
Generating CDRs for WhatsApp, Telegram, Viber, Signal and other Encrypted VoIP Applications
Presented by ClearTrail Technologies16:15-17:15 Session C
Strategies for LEAs in Data Fusion: Case Studies in Finding and Connecting Data
Presented by SS8Tuesday, 1 March 2022
09:00-10:00 Session A
Counter drone and low-intensity conflicts
Presented by NSO Group09:00-10:00 Session B
Memento Labs arsenal for criminals' deep monitoring - LIVE DEMO
Presented by Memento Labs13:00-13:45 Session A
The investigator toolbox: from Electornic Surveillance to Cyber intelligence.
Specialized digital tools ot get the task done.
Presented by AREA13:00-13:45 Session B
Massive Distributed Active WEBINT to counter influence operations
Bad actors often use accounts on different platforms for social engineering and other malicious purposes. In this talk we explain best practices for countering influence operations using Massive Distributed Active WEBINT.
Presented by S2T Unlocking Cyberspace13:00-13:45 Session C
AI-Powered Analytics in Oxygen Forensic Detective
Shaji Damodaran, MHC Service14:00-14:45 Session A
Fast visualization, analysis and fusion of large data sets from different sources
Presented by ATIS14:00-14:45 Session B
Memento Labs arsenal for criminals' deep monitoring - LIVE DEMO
Presented by Memento Labs14:00-14:45 Session C
Combating terrorism and crime by combining mass location, mobile network metadata, and intelligent call data records analytics in real-time
Mohsen Tavakol, Chief Executive Officer, Xolaris14:00-14:45 Session D
Encryption vs. You: 3 Ways to Combat Threats at a Nationwide Scale
Presented by ClearTrail Technologies15:00-15:45 Session A
Interception challenges on VoLTE network for LEA's
Serkan Altinisik, General Director, InterProbe15:00-15:45 Session B
GeoGence - National level, non-intrusive and independent accurate geo-monitoring and profiling covering all connected devices and networks (3/4/5G and WiFi) globally
VP Sales and Marketing, GeoGence15:00-15:45 Session C
Obtaining valuable information from the latest versions of MacOS
Presented by MOLLITIAM CYBERINTELLIGENCE15:00-15:45 Session D
Beyond Data Diodes: Digitizing domains in intelligence and law enforcement with next generation cross domain solutions
In past, IT systems with classified information were physically separated from other government networks. In today’s data driven world these practices prevent end-to-end digitization of sensitive domains for rapid data sharing as well as fusion between system and people. Next generation cross domain solutions enable new forms of digitization never been possible for decades, they complement existing security measures, protect systems and allow for full control about what data being shared from HIGH to LOW.
Presented by Infodas15:00-15:45 Session E
Missile Attacks in Yemen and KSA: Leveraging open-source data to predict and prevent future attacks: combating threats with advanced AI-based technology
Investigators have access to enormous amounts of publicly available unstructured data that could hold the key to solving a case, but while this data is accessible to all, it is not understandable by all. Join us to learn how AI-based technology can be used in a real-life case to Identify early signals to assist in predicting future attacks such as missile attacks in Yemen and KSA.
Presented by Voyager Labs16:00-17:00 Session A
Encrypted or not - every IP packet tells a story
Presented by XCI A/S16:00-17:00 Session B
CLOS-INT Closed Source Intelligence form Web2.0 sources
Presented by AREA16:00-17:00 Session C
OrcheSight – From processing to report on the fast track. Learn how orchestration and automation allow you shorten the time of investigation while increasing the quality.
Presented by OrcheSightWednesday, 2 March 2022
08:30-09:15 Session A
A light in the darkness of Encrypted Communications
Application awaare metadata fuel the Next Generation Cyber
Presented by AREA10:15-11:00 Session A
Real Time Application Forensics: Finding suspects and evidence on an encrypted internet
Presented by Sandvine10:15-11:00 Session B
The analytics toolbox to fight the IP encryption challenge
Moran Bar, Product Marketing Manager, Cognyte11:30-12:15 Session A
Supercharged IPDR extraction and analysis - Advanced Internet Activity Analytics
Presented by Trovicor11:30-12:15 Session C
Lawful interception Challenges: the Network Visibility case
As the world becomes more connected and the reliance on internet services increases, government agencies are increasingly challenged keeping IT infrastructures safe. Agencies are challenged ensuring they have complete visibility into their local telecom networks – whether they are fixed, mobile, satellite, or even fixed wireless when deploying lawful interception capabilities.Learn how Keysight’s visibility solutions are used in todays global lawful interception deployments, how we can ensure that data is not dropped and that security tools get only the data they need. Reliably collect the data needed from complex network environments and make them easy to access. Understand how advanced filtering technologies and aggregation techniques transform large volumes of traffic into consumable portions while simplifying the sharing of data across multiple security tools. Eliminating network traffic blind spot (on-prem, cloud, edge) puts you in the best position to identify and collect the data you need.
Kelly Ambriz, Int'l Gov IST Bus & Mkt Dev Mgr, Keysight12:30-13:30 Session A
Satellite traffic: cutting through the noise to find Actionable Insights
Moran Bar, Product Marketing Manager, Cognyte12:30-13:30 Session B
Encryption vs. You: 3 Ways to Combat Threats at a Nationwide Scale
Presented by ClearTrail Technologies12:30-13:30 Session C
Compact, yet mighty
Flexible and intelligent, tactical electronic surveillance fully scalable enabling platform LEMF with synchronized multimedia on a single panel.
Presented by AREA
Track 3: Social Network Monitoring, Artificial Intelligence and Analytics Product Training
Sessions in this track are only open to Law Enforcement, Public Safety and Government Intelligence Community Attendees, unless marked otherwise.
Monday, 28 February 2022
08:30-09:30
Massive Social Media data collection and analysis for Counter-Terrorism Intelligence Activities
Presented by IPS09:45-10:45
WhatsApp, Telegram, Facebook...how IPS helps you to locate most wanted targets with LI
Presented by IPS11:00-12:00
Welcome to the era of DNA. How to save 40 years and conduct an investigation in a few days
Presented by Social Links13:00-14:00 Session A
Next Generation Data Fusion Monitoring Center: new ways of gathering intelligence
Evolved from a legacy LI Monitoring Center, next generation systems must provide investigators and analysts with powerful analytical tools, able to bring intelligence insights out of the data lake. Moving from device-centric to data-centric approach.
Gian Marco Pazzola, Senior Pre-Sales Engineer, RCS S.p.A.13:00-14:00 Session B
Massive Distributed Active WEBINT to counter influence operations
Bad actors often use accounts on different platforms for social engineering and other malicious purposes. In this talk we explain best practices for countering influence operations using Massive Distributed Active WEBINT.
Presented by S2T Unlocking Cyberspace14:15-15:15
Looking into the future of investigations with big data analytics and ML
Peter Spasov, Product and Methodology Specialist, Cognyte15:15-15:35
Automatic Exploitation of Social Network, Deep and Dark Web to complement traditional Lawful Interception Infrastructure for Target Profiling.
Presented by IPS15:35-16:00
Cyber Threat Intelligence to accelerate online investigations
Presented by IPS16:15-17:15 Session A
CY4GATE: The emerging one stop shop for integrated Cyber-Intelligence.
Angelo Ferraris, Cy4gate16:15-17:15 Session B
Transforming low precision telecom location data into high accuracy dynamic crowd geodata with Machine Learning and OSINT.
Qualitative and quantitative investigations of riots and crowd events. Transforming low precision telecom location data into high accuracy dynamic crowd geodata with Machine Learning and OSINT.
Presented by Butterfly EffectTuesday, 1 March 2022
09:00-10:00
Tactical Web Intelligence (WEBINT): Gathering Actionable Intelligence via a powerful WEBINT platform
As Intelligence Agencies demand for advanced actionable intelligence increases, a combined end-to-end modular WEBINT approach is critical to ensure timely operational results. In this session we will discuss the current state of Web Intelligence and how it can be leveraged by Cobwebs’ powerful WEBINT platform for monitoring, prevention and investigation. This session will include live product demonstration. Presented by Cobwebs Technologies13:00-13:45 Session A
Location & Open Source Intelligence: Real Life Case Studies & Live Demonstration
As Intelligence Agencies demand for advanced actionable intelligence increases, a combined end-to-end modular OSINT approach is critical to ensure timely operational results. In this session we will discuss the current state of Web Intelligence and Location Intelligence and see how it can be combined by Cobwebs’ groundbreaking joint WEBINT + Location Intelligence platform. This session will include live product demonstration. Presented by Cobwebs Technologies13:00-13:45 Session B
The information warfare frontier: Detecting FAKE NEWS and foreign influence campaigns
Presented by Cyabra15:00-15:45
trovicor: New perspectives for Strategic Investigation – Latest Innovations!
Presented by Trovicor16:00-17:00 Session B
VoIP Forensics: Revealing encrypted VoIP communication network of criminal organizations
Presented by SandvineWednesday, 2 March 2022
08:30-9:15
Fast visualization, analysis and fusion of large data sets from different sources
Presented by ATIS10:15-11:00
Anonymity vs. You: Smart Methods to Identify Virality, Bots and Personally Identifiable Information
Presented by ClearTrail Technologies11:30-12:15 Session A
CY4GATE: Deep shadowing with Gens.AI
Fabrizio Cornelli, Cy4gate11:30-12:15 Session B
Every Second Matters: a race against the clock using open, deep, and dark web data to expose terror networks behind recent terror attack in Europe
Learn how AI technology empowers law enforcement & intelligence agencies with investigative insights in near real-time! We will present a real-life case showing how our AI-based platforms can be used to harness open-source data and accelerate investigations by revealing the terrorist’s networks.
Presented by Voyager Labs12:30-13:30
Top 20 Open Source Tools (OSINT) Used in Cybercrime Investigations
Mark Bentley, Communications Data Expert, National Cyber Crime Law Enforcement, UK Police
Track 4: Threat Intelligence Gathering and Cyber Security Product Training
This track is only open to Law Enforcement, Public Safety and Government Intelligence Community Attendees
Monday, 28 February 2022
8:30-9:30
Geolocation Intelligence for Counter-Terrorism
As terrorist activity becomes increasingly sophisticated, the effectiveness of detection and investigation capabilities depends more and more on the quality, detail and accuracy of geolocation intelligence delivered for threat analytics and targets tracking. The session will cover specifics, actual challenges, and approaches of how security and law enforcement professionals may track high-risk individuals and groups, attribute suspects locations, devices, and movements in preemptive operations, surveillance, and counter-terrorism tasks.
Ayman Alshobaki, Business Development Manager, Middle East, Resecurity9:45-10:45
How Natural Language Processing Helps in the Intercept World
AI based text analytics is now a necessity for turning mounds of intercept into actionable information. Mr. Brown and Mr. Moussa will cover how AI-based text analytics has fundamentally changed the way intelligence gathering and analysis is conducted today and where it is going in the future. See real-world examples from Mr. Moussa’s experience as a former senior intelligence officer.
Presented by Basis Technology11:00-12:00
Mapping an Effective Intelligence Picture for Maximum Results
When investigating criminal activities, a centralized analysis and collection information hub is indispensable. Rayzone Group’s big data and intelligence platform, TA9 IntSight, allows users to quickly retrieve and group references to a particular actor or element of an investigation while maintaining seamless team coordination and information flow.
Presented by Rayzone Group13:00-14:00
Adapting Cyber Defense to the New Threat Landscape with Next-Generation DPI
As cyber attacks become increasingly sophisticated, and the use of encryption to conceal threats expands, the effectiveness of detection and investigation capabilities depends more and more on advanced techniques for extracting detailed and reliable information about network traffic for threat analytics. In highly sensitive environments, complementing traditional breach detection with the encrypted and evasive traffic intelligence capabilities of Deep Packet Inspection (DPI)-based cyber sensors is the only way to ensure full visibility into all network flows. This session will present the numerous techniques used by the latest generation of cyber sensors to provide detailed traffic intelligence, including flow analytics, advanced data mining, classification of encrypted traffic and detection of evasive traffic. It will show how sensors can complement IDS/IPS by identifying, investigating and analyzing VPNs, anonymizers, covert communications channels, complex tunneling, domain fronting, and traffic/file spoofing, and providing data that can be leveraged to identify users and locate devices.
Sebastien Synold, Product Manager, Qosmos Technology, ENEA14:15-15:00
Why software is not enough: building next-generation, hardenized smartphones for communication security
Presented by Feedback Italia16:15-17:15
Advanced data exfiltration on modern smartphones: inside the targets compromised
Presented by MOLLITIAM CYBERINTELLIGENCETuesday, 1 March 2022
9:00-10:00 Session A
The Human Factor in Cyber Security
The social nature of our society calls for more than a one-dimensional, strictly technological approach to cybersecurity. Effective cybersecurity requires protecting every aspect of an organization, including their employees and assets against cyber threats. RayzSecurity, Rayzone Group’s cybersecurity division, developed a holistic approach to cybersecurity which reinforces technological mechanisms by designing strategic employee awareness campaigns.
Presented by Rayzone Group9:00-10:00 Session B
Cutting through the noise with intelligent data acquisition
Gathering and processing accurate communications data has become an extremely challenging process. Join us to find out how to gain 100% real-time visibility of the traffic crossing a network to identify and protect against criminal and cyber threats using network intelligence probes at a national level.
Bruno Fornseca, System Consultant, BAE Systems AI9:00-10:00 Session C
NextGen Threat Intelligence Flow Sensors
Network traffic growth and the expansion of advanced encryption are challenging network threat detection techniques. This session discusses how a new breed of network sensors enable innovative Indicators of Compromise and Layer 7 visibility at scale to improve threat identification and reduce false positives and the investigative fatigue associated with them.
Gene Litt, CTO, NetQuest Corporation14:00-14:45
Achieving national scale intelligence-led cyber Defence
Cyber threat intelligence can help answer WHO the cyber adversary is and HOW they operate. But for national and sectoral organisations tasked with delivering cyber security this needs to be supported with a situational awareness that can answer WHEN campaigns are being run and WHERE these are targeted against. They then need to ensure this intelligence is provided to affected parties in a timely, relevant and actionable manner and be able to receive feedback on the results. Hear how BAE Systems can provide you with this this end-to-end capability.
Matthew Willsher, Government Presales, BAE Systems AI15:00-15:45
Shaping the ultimate communication protection strategy: custom-hardened, tamper-proof laptops for uncompromised security
Presented by Feedback Italia16:00-17:00 Session A
Extending IDS/IPS Visibility with Next-Generation DPI-Based Cyber Sensors
In this live demonstration, discover a new generation of DPI-based cyber sensors that leverage years of experience in cyber defense environments to extend the threat detection capabilities of Suricata and raise the performance of government-run Security Operations Centers (SOCs).Deep Packet Inspection (DPI) technology has long been used to provide granular detail of network traffic, but the malicious use of encryption and advanced evasive techniques have posed a challenge for Suricata-based IDS/IPS that uses conventional DPI and related monitoring technologies. The latest generation of DPI-based cyber sensors have been enriched with flow analytics and advanced data mining techniques to deliver critical visibility into encrypted and evasive traffic.
Discover how you can use next-gen DPI to:
- Get maximum visibility into all encrypted traffic to support:
- Triage for decryption
- Advanced analytics for anomaly detection
- Forensics
- Detect and extract maximum data about traffic using evasive techniques, including
- VPNs
- Anonymizers
- Covert communications channels
- Complex tunneling
- Domain fronting
- Traffic spoofing
- File spoofing, and more
Sebastien Synold, Product Manager, Qosmos DPI Business Unit, ENEA
16:00-17:00 Session C
Augmented Analytics: Preventing threats through using automated anomalies detection
Presented by InnosystecWednesday, 2 March 2022
08:30-09:15
ADINT - Monitor Digital Footprints to Anticipate and Prevent Evolving Threats
Traditional strategic systems have proven to be time consuming, expensive, and complex. The next generation of strategic intelligence collection relies on a more proactive and innovative approach to counter emerging security threats. Rayzone Group’s Echo operates as a modern and dynamic Ad- based intelligence solution which enables security agencies to retrospectively investigate incidents.
Presented by Rayzone Group10:15-11:00 Session A
Data breaches compromising national security
Presented by Social Links10:15-11:00 Session B
How to Protect your RF Environment Against Illegal Interception Systems
IMSI catchers and MITM attacks are a few of the longest standing threats in cellular communication. These interception techniques place the confidentiality, integrity, and availability of organizational data at risk. ArrowCell, Rayzone Group’s detector, locator and preventor of IMSI catchers, allows users to monitor and protect their cellular network, offering ongoing protection of the RF environment.
Presented by Rayzone Group11:30-12:15
There is more to CTI than Dark Web monitoring
Omer Frenkel, Product Manager, Cognyte12:30-13:30
Riots in Colombia: crowd control on the internet
Presented by MOLLITIAM CYBERINTELLIGENCE
Track 5: Investigating DarkWeb, Bitcoin, Altcoin and Blockchain Transaction
This track is for law enforcement and private enterprise investigators who have to monitor and investigate the DarkNet along with Bitcoin transactions associated with criminal activities
Note: Some sessions are only open to LEA and Government. These sessions are marked accordingly.
Monday, 28 February 2022
15:15-16:00
Policing the Darkweb
The darkweb is a place where criminal actors think they can act with impunity because it provides them with a degree of anonymity. As a result, the darkweb is frequently home to a myriad of serious and organised crime such as drugs, cyber crime, ransomware and child exploitation. In this talk we will give you an overview of activity on the darkweb and key investigative tools and techniques for bringing criminals to justice.
Presented by Searchlight Security
(THIS SESSION IS ONLY OPEN TO LEA AND GOVERNMENT ATTENDEES)
16:15-17:15
Live Demonstration of DarkOwl Vision: Darknet Intelligence Discovery and Collection
David Alley, CEO, DarkOWL FZE
(THIS SESSION IS ONLY OPEN TO LEA AND GOVERNMENT ATTENDEES)Tuesday, 1 March 2022
9:00-10:00
Survival of IMSI-catchers in 5G Networks
5G networks use hidden or temporary identifiers instead of permanent identifiers to ensure that identities visible on exposed interfaces (e.g. radio) are not used to track or compromise a subscriber's privacy. This in itself makes the use of tactical IMSI catchers / stingrays worthless. However, this presentation shows a legal standardized way to overcome this situation.
Presented by Utimaco13:00-13:45
Offline darknet investigation with the Web-l-Qube
Presented by mh Service GmbH14:00-15:00
De-anonymizing cryptocurrency transactions to fight crime and terror
Yuval Altman, VP Blink, Cognyte
(THIS SESSION IS ONLY OPEN TO LEA AND GOVERNMENT ATTENDEES)Wednesday, 2 March 2022
8:30-9:15
Tracking cryptocurrency transactions for real-world entity attribution + talk about ransoms generally
Nicholas Smart, Blockchain Intelligence Associate Director, Crystal Blockchain10:15-11:00
Workshop on Correlating Blockchain Activity with Real-Life Events and Users
The session starts with the outline of current methods for blockchain and traffic analysis. Speaker explains in detail the properties of cryptocurrencies, including address clustering, coin-joining of inputs, transaction mixing, and traffic correlation. It then focuses on employing previously described methods to obtain intel about dark marketplace operators, vendors, and buyers. To address cryptocurrency forensics, we have developed a set of tools (exclusively available to law enforcement agencies) that are capable of correlating things happening in real-life with the blockchain. Moreover, participants will have a chance to bring their cryptocurrency addresses/transactions for assessment.
Vladimir Vesely (Ph.D., Computer Science) and Jan Pluskal, Researchers, Brno University of Technology
Track 6: Mobile Signal Intercept and Electronic Surveillance Product Training and Demonstrations
This track is for Law Enforcement, Interior Security and the Government Intelligence Community who must work with cellular and mobile satellite operators regarding mobile location, electronic surveillance and RF intercept.
This track is only open to Law Enforcement, Public Safety and Government Intelligence Community Attendees.Monday, 28 February 2022
08:30-09:30
Understanding Mobile 2G, 3G, 4G and 5G NSA Infrastructure, Intercept and Cryptography
Dr. Jerry Lucas, President, TeleStrategies11:00-12:00
VSAT Networks: Tactical and Strategic Threat Detection and Geolocation
Presented by KratosTuesday, 1 March 2022
13:00-13:45
Lawful location access
Presented by Intersec14:00-14:45
Breaking the borders of tactical cyber-intelligence
Presented by Jenovice15:00-15:45
Tactical intelligence solutions for evolving threats and technologies
Marios Demetriou, TI Intelligence Solutions Manager, Cognyte16:00-17:00
Intelligence IoT: Networked Tactical Intelligence
Presented by Ateros
Track 7: 5G Lawful Interception Product Training
This track is open to all conference attendees unless marked otherwise.
Note: Some sessions are only open to LEA and Government. These sessions are marked accordingly.
Monday, 28 February 2022
08:30-09:30
Understanding Mobile 2G, 3G, 4G & 5G NSA Infrastructure, Intercept and Cryptography
TeleStrategies
Dr. Jerry Lucas, President, TeleStrategies09:45-10:45
Transitioning Lawful interception Network Core Features from 4G to 5G SA: What’s it Looking Like and Challenges Ahead
Dr. Matthew Lucas, VP, TeleStrategies15:15-16:00
Overcoming geolocation challenges in a complex mobile world
Presented by Intersec
Tuesday, 1 March 2022
13:00-13:45
Lawful interception in 5G Mobile Networks
Presented by Utimaco14:00-14:45
Veritical Applications and Usage Areas of IMSI CATCHERs
Presented by Interdata15:45-16:30
Real World Interpretation of 5G LI Requirements and Implications for Carriers and LEAs with 5G
Presented by SS8Wednesday, 2 March 2022
11:30-12:15
5G Enabled LEMF
Presented by AREA
Training Seminars Led by Law Enforcment Officers and Ph.D Computer Scientists
Monday, 28 February 2022
Seminar #1
08:30-16:00Online Social Media and Internet Investigations
Presented by:Charles Cohen, Vice President at NW3C, the National White Collar Crime Center, Professor in Practice Criminal Justice, Indiana University and Retired Captain, Indiana State Police08:30-09:30
Cellular Handset Geolocation: Investigative Opportunities and Personal Security Risks09:45-10:45
Collecting Evidence from Online Social Media: Building a Cyber-OSINT Toolbox (Part 1)11:00-12:00
Collecting Evidence from Online Social Media: Building a Cyber-OSINT Toolbox (Part 2)13:00-14:00
Proxies, VPNs, and Dark Web: Identity Concealment and Location Obfuscation14:15-15:00
Tor, onion routers, Deepnet, and Darknet: An Investigator's Perspective15:15-16:00
Tor, onion routers, Deepnet, and Darknet: A Deep Dive for Criminal InvestigatorsSeminar #2
08:30-16:00Practitioners Guide to Internet Investigations
Presented by: Mark Bentley, Communications Data Expert, National Cyber Crime Law Enforcement, UK PoliceThe aim of this 1-day seminar is to take the attendees from the basics of understanding the Internet,
how to find data, through to a full understanding of best practice of an Internet investigator, building their OSINT toolbox, and having awareness and knowledge of all the tools available to achieve this. It is aimed primarily at the investigator, delivered from the perspective of detective, to empower them to have the best methodology and tradecraft to profile and catch suspects.
This is exclusively Law Enforcement only, as Practical examples, covert and investigative methodology and tradecraft will be given throughout the seminar.08:30-09:30
The Internet, and how suspects leave a Digital Footprint. How the system works for us, as investigatorsHow it works. Why it works. How it works for us .How data traffic leaves a trace ; What the internet is; what is an IP and how is it significant to trace a person. IPv4 and IPv6 – understanding the changes- the benefits and pitfalls for the investigator. The internet has millions of copies of data on it - why, and where can we find this. Tracking and evaluating data. MAC adders tracking.
09:45-10:45
Recognizing Traffic Data and digital profiling via social networks and devices - digital shadowsWhat data is available. How to harvest and analyze it. Best practice to identify suspects and build profiles. Good practice, virtual data 'housekeeping' and tradecraft .Data collection and interrogation, significance and value. IP usage, exploitation and dynamics; IP plotting and analysis how to look for suspect mistakes and exploit them ( where they show their id). Dynamic approaches to identifying suspects through internet profiles. What investigators get from tech and service providers, and how to analyze it. Investigator capabilities and opportunities.
11:00-12:00
WIFI, geolocation, and Mobile Data traces and trackingA detectives look at Wi-Fi, attribution, cell site data, GPRS location services and technology. How an investigator can track devices, attribute suspects locations, devices and movement. Unique communication identifiers. Dynamic live time tracing. Geo location services and uses. Online Surveillance and tracking movement and speed.
13:00-14:00
Awareness of Emerging Technologies, Masking Tech and Tools, TOR and proxiesHow suspects are using emerging and new technologies.
An introduction to where technology is going, and how Law enforcement can use this to our advantages. dynamic and pro-active problem solving. Darknet, (Deep web) , TOR and IRC use. VOIP, Skype and FaceTime exploits. Advanced data sniffing and profile building. TOR systems, applications and ways to coax offenders out of the system.14:15-15:00
Advanced Techniques in Tracing Suspects, and lateral problem solvingUsing innovative and dynamic methods to trace offenders. Tricks used by suspects and how to combat them- Play them at their own game?. Covert internet investigations. Proxy servers and hiding. Managing collateral intrusion. Reverse and social engineering. Thinking outside the box. Lateral thinking. Possible missed opportunities. Profile building and manhunts through device footprints, speed and movement.
15:15-16:00
Open Source Tools, resources and techniques - A walk through my free law enforcement open source tools site"Just google it" doesn't work anymore. A look at good tradecraft, practice and methodology in profiling, tracking and tracing digital footprints and shadows on the internet, by means of best available tools. A look at a selection of 200+ tools available on Mark's open source law enforcement tools website, that search engines can’t see, with login and password provided during the session. Do's and do nots. Best tools for best results. When was the last time you 'googled' something in an investigation, and it returned 5 results, all specifically relating to your suspect? This session will teach you how.
Seminar #3
08:30-09:30Understanding Mobile 2G, 3G, 4G & 5G NSA Infrastructure and Law Intercept for Technical Investigators
Presented by: Dr. Jerry Lucas, President, TeleStrategiesThis session addresses the infrastructure evolution of 2G to 3G to 4G to 5G NSA and the impact on lawful interception. Specifically;
Network Architecture Evolution from 2G to 3G, 3G to 4G, 4G to 5G regarding radio technology (TDMA, CDMA, OFDM and MIMO), network core from CSFB to VoLTE and SS7 to Diameter.
Encryption, Target Identification and Location: SIM and eSIM cards, IMSI and Target ID, encryption algorithms (A3, A5, A8 and Ki) and basically how user authentication and traffic encryption is accomplished.
Target Location Tracking with CDR analysis, MAC address farming, MITM attacks, SS7 access, IMSI catchers and IT intrusion.
4G to 5G Transition Specifics Understanding 5G Non Stand Alone (NSA) vs. SA 5G, the IMSI catcher issue (myth vs. realities), 5G Cryptography (ECC, SUPI, SUCI), 5G target location enhancement and LTE/NR Internetworking and Co-existance.
5G Spectrum What can 5G deliver with mid vs. high frequency spectrum and what new spectrum bands are soon to be auctioned off
SA 5G Infrastructure Features: NFV, SDN, Edge/Cloud Computing and Network Slicing
Seminar #4
09:45-10:45Transitioning Lawful Interception Network Core Features from 4G to 5G SA: What's it Looking Like and Challenges Ahead
Presented by: Matthew Lucas (Ph.D, Computer Science), VP, TeleStrategiesCellular market analysts collectively have identified 5G services deployed in over 400 cities spread over 30 or so countries. The one common feature of all these operations is that they are providing 5G services with a 4G/5G hybrid network infrastructures or so called non-Stand Alone (NSA) architecture. This session addresses the trasition to 5G standalone.
In reality lawful interception of non-standalone is not any different from 4G interception regarding new LI feature additions. The next LI challenge will be for 5G SA. This webinar addresses the technical challenges facing law enforcement, 5G operators and ISS vendors. Specifically the four transitions are:
- 5G Network Challenges Identifiers: How are law enforcement going to grab 1gbps traffic streams; backhaul to monitoring centers and filter non-important traffic of interest.
- 5G Edge Cloud Computing: How do you intercept on a 5G operators IT systems, deal with proprietary system protocols, e2e encryption and localized content
- 5G Virtual Network Core: How complicated will this be regarding LI, VoIP on virtual devices and what LI barriers has the IETF created
- 5G Network Slicing: Is this 5G feature restricted to private enterprises or will 5G MVNO’s provide public mobile wireless services, How will law enforcement interconnect with 5G OSS provisioning systems and what is the LI point of interconnection?
Seminar #5
11:00-12:00Understanding Advanced Techniques to Defeat (or Work Around) Encrypted Third Party Services, Bitcoin Anonymity, TOR/HS and iPhone Encryption
Presented by: Matthew Lucas (Ph.D, Computer Science), VP, TeleStrategiesYou can’t defeat today’s encryption (at least not that we know of) but law enforcement and the government intelligence community can “Work around encryption” for a price. Once you identify a target using commercially available encryption products or services (and with enough resources or money) government can defeat the target near 100% of the time.
This session:
- Analyses the top third party encrypted serves (Telegram, Silent Circle, WhatsApp, Skype, Viber,TOR, TOR/HS); the cryptography deployed; why criminals and terrorists choose one over the other; and related LI challenges.
- Presents the common techniques for defeating the encryption deployed in these services, and their success/weakness, including:
- Man in the Middle Attacks
- IT Intrusion (Installing Malware)
- Exploiting bugs in SSL/TLS
- Connecting the “metadata” dots between known targets and communication patterns
- Case studies working around third party encryption case studies, e.g. how was it done!
- TOR / DarkNets (TOR/HS)
- Bitcoin Traceback
- Mobile phone/encryption cracking
- Future Directions in cryptography presenting new challenges for law enforcement and the government intelligence community.
Seminar #6
13:00-14:00Locating and Tracking Devices by MAC Addresses and App-Based SDKs plus Privacy Measures by Apple & Google
Presented by: Matthew Lucas (Ph.D, Computer Science), VP, TeleStrategiesWednesday, 2 March 2022
Seminar #7
12:30-13:30Top 20 Open Source Tools (OSINT) Used in Cybercrime Investigations
Presented by: Mark Bentley, Communications Data Expert, National Cyber Crime Law Enforcement, UK Police