AGENDA
ISS World Europe is the world's largest gathering of Regional Law Enforcement, Intelligence and Homeland Security Analysts, Telecoms as well as Financial Crime Investigators responsible for Cyber Crime Investigation, Electronic Surveillance and Intelligence Gathering.
ISS World Programs present the methodologies and tools for Law Enforcement, Public Safety, Government and Private Sector Intelligence Communities in the fight against drug trafficking, cyber money laundering, human trafficking, terrorism and other criminal activities conducted over today's telecommunications network, the Internet and Social Media.
Track 1: Lawful Interception and Criminal Investigation Training
Track 2: LEA, Defense and Intelligence Analyst Product Demonstrations
Track 3: Social Network Monitoring, Artificial Intelligence and Analytics Product Training
Track 4: Threat Intelligence Gathering and Cyber Security Product Training
Track 5: Investigating DarkWeb, Bitcoin, Altcoin and Blockchain Transaction
Track 6: Mobile Signal Intercept Training and Product Demonstrations
Track 7: Electronic Surveillance Training and Product Demonstrations
Track 8: 5G Lawful Intercept, Tracking and Forensics Product Training
Plus Special Training Seminars lead by Law Enforcement Officers and Ph.D. Scientists
ISS World Europe Agenda - 6-8 June 2023
Training Seminars Led by Law Enforcement Officers and Ph.D., Computer Scientists
20 classroom training hours, presented by Law Enforcement Officers and Ph.D. Scientists
Charles Cohen, Vice President at NW3C, the National White Collar Crime Center, Professor in Practice Criminal Justice, Indiana University and Retired Captain, Indiana State Police
(6 classroom hours)Mark Bentley, Communications Data Expert, National Cyber Crime Law Enforcement, UK Police
(7 classroom hours)Jerry Lucas (Ph.D., Physics), President, TeleStrategies
(1 classroom hours)Matthew Lucas (Ph.D., Computer Science), VP, TeleStrategies
(3 classroom hours)Vladimir Vesely (Ph.D., Computer Science) Researcher, Brno University of Technology
(3 classroom hours)
Tuesday, 6 June 2023
Seminar #1
08:30-15:05Online Social Media and Internet Investigations
Presented by:Charles Cohen, Vice President at NW3C, the National White Collar Crime Center, Professor in Practice Criminal Justice, Indiana University and Retired Captain, Indiana State Police08:30-09:15
Proxies and VPNs: Identity Concealment and Location Obfuscation
09:30-10:15
Tor, onion routers, Deepnet, and Darknet: An Investigator's Perspective
10:30-11:15
Tor, onion routers, Deepnet, and Darknet: A Deep Dive for Criminal Investigators
11:30-12:15
Cellular Handset Geolocation: Investigative Opportunities and Personal Security Risks
13:15-14:00
Ultra-Wideband Geolocation and Cyber OSINT
14:15-15:00
Collecting Evidence from Online Social Media: Building a Cyber-OSINT ToolboxSeminar #2
08:30-15:05(THIS SEMINAR IS ONLY OPEN TO LEA AND GOVERNMENT ATTENDEES)
Practitioners Guide to Internet Investigations
Presented by: Mark Bentley, Communications Data Expert, National Cyber Crime Law Enforcement, UK PoliceThe aim of this 1-day seminar is to take the attendees from the basics of understanding the Internet,
how to find data, through to a full understanding of best practice of an Internet investigator, building their OSINT toolbox, and having awareness and knowledge of all the tools available to achieve this. It is aimed primarily at the investigator, delivered from the perspective of detective, to empower them to have the best methodology and tradecraft to profile and catch suspects.
This is exclusively Law Enforcement only, as Practical examples, covert and investigative methodology and tradecraft will be given throughout the seminar.08:30-09:20
The Internet, and how suspects leave a Digital Footprint. How the system works for us, as investigators09:25-10:15
Recognizing Traffic Data and digital profiling via social networks and devices - digital shadows
10:35-11:25
WIFI, geolocation, and Mobile Data traces and tracking11:30-12:20
Awareness of Emerging Technologies, Masking Tech and Tools, TOR and proxies13:20-14:10
Advanced Techniques in Tracing Suspects, and lateral problem solving14:15-15:05
Open Source Tools, PART 1. Resources, tradecraft and techniques - highlighting the best free tools and resourcesSeminar #3
08:30-09:20Understanding Mobile 2G, 3G, 4G & 5G NSA Infrastructure and Law Intercept for Technical Investigators
Presented by: Dr. Jerry Lucas, President, TeleStrategiesThis session addresses the infrastructure evolution of 2G to 3G to 4G to 5G NSA and the impact on lawful interception.
Seminar #4
09:25-10:15Understanding 5G Stand Alone NFV, Edge Computing and Network Slicing
Presented by: Matthew Lucas (Ph.D, Computer Science), VP, TeleStrategiesCellular market analysts collectively have identified 5G services deployed in over 400 cities spread over 30 or so countries. The one common feature of all these operations is that they are providing 5G services with a 4G/5G hybrid network infrastructures or so called non-Stand Alone (NSA) architecture. This session addresses the transition to 5G stand alone. (Full description below Track 9)
Seminar #5
10:35-11:25Understanding Advanced Techniques to Defeat (or Work Around) Encrypted Third Party Services, Bitcoin Anonymity, TOR/HS and iPhone Encryption
Presented by: Matthew Lucas (Ph.D, Computer Science), VP, TeleStrategiesYou can’t defeat today’s encryption (at least not that we know of) but law enforcement and the government intelligence community can “Work around encryption” for a price. Once you identify a target using commercially available encryption products or services (and with enough resources or money) government can defeat the target near 100% of the time.
Seminar #6
11:30-12:20Locating and Tracking Devices by MAC Addresses and App-Based SDKs plus Privacy Measures by Apple & Google
Presented by: Matthew Lucas (Ph.D, Computer Science), VP, TeleStrategiesThursday, 8 June 2023
Seminar #7
13:00-14:00(THIS SEMINAR IS ONLY OPEN TO LEA AND GOVERNMENT ATTENDEES)
Open Source Tools, PART 2. Top 20 FREE Open Source Tools (OSINT) Used in Cybercrime Investigations
Presented by: Mark Bentley, Communications Data Expert, National Cyber Crime Law Enforcement, UK PolicePre-Conference Sessions Description At The End of Agenda PostinG
Wednesday, 7 June 2023
Welcoming Remarks
8:15-8:30 Tatiana Lucas, ISS World Program Director, TeleStrategies
8:30-9:00
Top Ten Internet Challenges Facing Law Enforcement and the Intelligence Community and Who at ISS World Europe has Solutions
Dr. Jerry Lucas, President, TeleStrategies
ISS World Europe Exhibit Hours:
Wednesday, 7 June 2023
10:00-18:15
Thursday, 8 June 2023
10:00 -13:00
Track 1: Lawful Interception and Criminal Investigation Training
This track is for Telecom Operators and Law Enforcement/Intelligence/Defense Analysts who are responsible for specifying or developing lawful intercept network infrastructure.
Tuesday, 6 June 2023
14:15-15:05 Session B
Revolution in Audio Investigations
At this session, you will discover an extremely efficient way to investigate audio recordings with Phonexia Orbis Investigator. Get ready to see the world’s most advanced voice biometrics in action!
Jan Pavlík, Phonexia15:25-16:05 Session A
Simplifying lawful requests: how CSPs can automate, secure and speed their responses to criminal investigations
Presented by Subtonomy & Telia Norway15:25-16:05 Session B
Accelerating investigation workflows with specially designed IT-forensic laboratories
incl. Cyfluene, fake news and campaign detection
Presented by mh-service GmbH15:25-16:05 Session C
AI-enabled Government Intelligence for multilingual content using Language Weaver Machine Translation
Claudiu Stiube, Senior Principal Solutions Consultant, RWS16:10-17:00
ETSI/3GPP LI/LD Standards Update
Martin Kissel, ETSI TC LI Chairman and Coordinator Lawful Interception, Telefónica Germany
Carmine Rizzo, ETSI TC LI Technical Officer and 3GPP SA3-LI Secretary, ETSI
Wednesday, 7 June 2023
13:00-13:40
5G LI Technical Compliance Challenges from a Mobile Operator Industry Perspective
Alex Leadbeater, Technical Security Director GSMA, Chair 3GPP SA3-LI / ETSI TC Cyber
13:45-14:30 Session A
Location investigations: beyond compliance using mass location techniques
Presented by Intersec13:45-14:30 Session B
Fighting Crime with Cutting-Edge Speech Technologies
In this session, you will discover the latest capabilities of voice biometrics and speech recognition and how these technologies can help law enforcement agencies fight crime efficiently.
Jiří Nezval, Phonexia15:00-15:40 Session A
Analyzing Social Networks
BREVIS and OSINT Plugin for i2 Analyst Notebook. Analyze Social Networks – Twitter, Facebook, Linkedin, YouTube, VK, Instagram, TikTok, Telegram, WhatsApp and Pipl.
Presented by MKCVI15:00-15:40 Session B
Interception Challenges on VoLTE Network for LEA's
Serkan Altınışık, General Director, Interprobe & Mustafa Göksu Gürkaş, Director of Software Development, Interprobe15:45-16:25
Get Top Performance while Keeping Cost and Development Time Down
Peter V. Thomsen, Senior Sales Director EMEA, Napatech16:30-17:15 Session A
Unlocking Hidden Insights: Exploring Metadata Extraction against Encrypted Data
Introducing IP metadata extraction and analysis—a transformative solution for tackling new investigative challenges head-on.
Presented by RCS S.p.A.16:30-17:15 Session B
Using OSINT in offensive operations’
Sylvain HAJRI, EpieosThursday, 8 June 2023
08:30-09:10 Session A
Mastering the password cracking
Users need to provide passwords when they are logging into the computer, starting their smartphone, accessing their favourite web service, opening protected files/disks, connecting to a network or pairing their wearable. Encryption is an inherent trait of digital presence, whether users realize it or not. We will speak about different approaches to password cracking, including dictionary, rule-based, brute-force, hybrid and association attacks. We will show benchmarks of how fast high-end GPU cards can recover passwords for various formats (e.g., Windows credentials, WPA2 handshakes, ZIP and RAR files, LUKS partitions, Android PINs, and iPhone Backups). We will answer what length or complexity of the password is enough to protect your data. Nevertheless, better than guessing the password is knowing the password! We will conclude our talk by demonstrating the applicability of personal information leaks with usernames, emails, phone numbers and passwords!
Vladimir Vesely (Ph.D., Computer Science) and Jan Pluskal, Researchers, Brno University of Technology08:30-9:10 Session C
Keep your Information Safe! New Trends and Developments in Information Protection
Presented by EO SECURITY s.r.o.9:15-10:00 Session A
Thou shalt wirelessly intercept your neighbor: Leveraging WiFi and Bluetooth in operative
In this talk, we shall discuss various security mechanisms used in WiFi and Bluetooth networks and how to abuse them to obtain mission-critical intel. Apart from explaining all principles, we will demonstrate them (hopefully live) on our tactical device! Starting with an access point and client scans, we will continue with client targetted jamming and total Denial-of-Service of the whole network that may even result in authentication handshake capture. This handshake contains information to recover the WiFi password to access the targeted network. Once inside the network, we will show essential hacking tools to conduct IP-level reconnaissance. But we will not limit ourselves to WiFi and demonstrate how Bluetooth can be leveraged to notify you about a person's presence or exploit various IoT devices.
Vladimir Vesely (Ph.D., Computer Science) and Jan Pluskal, Researchers, Brno University of Technology9:15-10:00 Session B
Cost effective network monitoring systems
As internet traffic continues to double every two years and as the data rates across the networks increase from 10G to 100G and even 400+ Gbps, how can you cost effectively access the droplets of information buried in the sea of data traversing your monitored networks. How do you architect the collection system so that you don’t have to rip out the entire monitoring system and replace it in the future when 100 Gbps networks migrate to 400, 800 Gbps or even higher rates? Come and learn how an optical circuit switch based network monitoring system can provide a future-proof front end to your network monitoring systems while also providing up to a 10 times reduction in CAPEX outlay, an 8 times reduction in rack space and over 100 times reduction in power and cooling.
Mike Bitting (Worldwide VP, HUBER+SUHNER Polatis), Huber+Suhner9:15-10:00 Session C
Securing Government Infrastructure in 2023: Insights from Dark Web Intelligence on Emerging Cyber Threats
Protecting critical infrastructure is crucial for national security, and the dark web has emerged as a potential threat vector. Criminals exploit the anonymity of the dark web to exchange information, plan attacks, and sell illicit tools to target critical infrastructure.
In this session, we will examine the prominent patterns and risks faced by critical infrastructure and explore the potential of dark web monitoring as a means to alleviate these challenges.
Presented by Webz.io11:00-11:40 Session A
From Academia to Industry: Dealing with Cryptography in Real Life
It is a common thought that cryptography is so theoretical to understand, and so technical to defeat, that it can’t be done without enormous effort and technical prowess only found in State Agencies. That is not completely true. In fact, there are many cryptographic problems developers and investigators routinely encounter that they think are insurmountable, but are not. Instead, with a systematic cryptographic approach, these issues can be overcome with modest effort and cost-effective tools.There is a need to use mechanisms that include algorithms, protocols and primitives in accordance with international standards such as ISO and FIPS, with a well-planned development, comprehensive testing and validation process. On the other hand, the strong analysis mechanism to obtain the decryption key is important for investigators. Forensics, reverse engineering, binary analysis, as well as the use of cryptanalysis attacks with AI-based dictionaries or rainbow tables are also used. For these reasons, tools that can operate all these mechanisms systematically that can manage them from a single point make it easier for investigators to deal with real-life use cases.
Pınar Gürkan Balıkçıoğlu (Ph.D. Cryptography), Chief Cryptography Officer, Interprobe & Adjunct Professor, Middle East Technical University, Interprobe11:45-12:30 Session A
Trending Topics in Cryptocurrency Forensics
Bitcoin, Ethereum and other cryptocurrencies are becoming mainstream for financial interactions and standard tools when conducting cybercrime such as scams, frauds, ransomware, darknet markets, sextortion, etc. LEAs also adapted to a new situation, and many investigators are already familiar with cryptocurrency basics and how to trace transactions on publicly available blockchain explorers. This session aims to extend the knowledge of participants about more advanced topics such as: a) address clustering techniques and their applicability to various cryptocurrencies; b) monitoring of cryptocurrency networks and their peers with the help of network intelligence; c) geolocating cryptocurrency transaction with IP address or originator; d) overcoming obfuscation of transactions entering and leaving mixers; e) correlating activities on darkweb with blockchain events. Each subtopic will be thoroughly explained, including currently existing methods and tools for addressing associated challenges.
Vladimir Vesely (Ph.D., Computer Science) and Jan Pluskal, Researchers, Brno University of Technology11:45-12:30 Session B
Understanding the Implications of Online Social Media and OSINT During Critical Incidents
Charles Cohen, Vice President at NW3C, the National White Collar Crime Center, Professor in Practice Criminal Justice, Indiana University and Retired Captain, Indiana State Police11:45-12:30 Session C
How QUIPO can support Cyber Threat Intelligence and Threat Hunting
In today's digital landscape, threat actors often leave digital footprints on public platforms, making OSINT and social media analysis invaluable in detecting and countering cyber threats. QUIPO, an advanced AI-powered platform, seamlessly integrates OSINT and social media analysis capabilities, enabling organizations to gather crucial intelligence from public sources. By leveraging these powerful tools, QUIPO enhances CTI efforts, providing security teams with actionable insights and proactive threat detection.
Presented by CY4GATE S.p.A.
Track 2: LEA, Defense and Intelligence Analyst Product Demonstrations
This track is only open to Law Enforcement, Public Safety and Government Intelligence Community Attendees.
Tuesday, 6 June 2023
08:30-9:20 Session A
Beyond Autonomous Cyber Intelligence : Leveraging Adequate Darknet Collection and Processing to Deliver Differentiating Value in an Integrated Approach to Intelligence.
Presented by Corexalys08:30-9:20 Session B
Using PCAP Forensics to Solve a Child Trafficking Case
This session will demonstrate how PCAPs can be used to crack a child trafficking ring by using Digital Witness to track encrypted VoIP calls and file transfers, visualize the communications network, monitor Social Media uploads, and correlate the VPN usage of all suspects in the case. The demonstration will also show how to narrow down or determine the identities of the unknown contacts that the known suspects are communicating with to visualize all members of the child trafficking ring.
Presented by Sandvine
09:25-10:15 Session A
ORCA - rule the ocean of metadata
Presenting VASTech’s solution for fusing telecommunications, IP, and location data from fibre cables, mobile networks, and satellite signals.
Using metadata to answer the important questions of Who, What, Where, and When?
Presented by VASTech09:25-10:15 Session B
Beyond LI: Advanced Investigative Fusion Techniques for an Evolving Digital Landscape
As lawful intercept (LI) continues to evolve, the value of LI data is diluted by the increased use of encryption and over-the-top communication. Law enforcement professionals must look for ways to enhance LI data by overlaying other sources, such as digital forensics, OSINT, deep/dark web, even blockchain, to gain a more complete picture of target activities and patterns of life. In this presentation, we will demonstrate a multi-source approach to investigations, how ML/AI can help increase focus, and examine the tools/techniques that can help get to outcomes faster in a rapidly evolving digital landscape.
Presented by JSI Group
10:35-11:25 Session A
Matison next generation Mediation system
Presented by Matison10:35-11:25 Session B
Intelligence that Goes Above and Beyond: Combining ADINT and VISINT for a Better Decision Making
Presented by Rayzone Group11:30-12:20 Session A
The future of digital data collection and analytics
Take a step into the future of policing. During this session, you'll discover new ways of uncovering digital intelligence with the most advanced technology. Prepared to have your mind blown away!
Ariel Karayev, Strategic Pre-Sales Expert, Cellebrite
11:30-12:20 Session C
Forensic analysis of smartwatches, mobile phones and clouds
Presented by Compelson13:20-14:10 Session A
Silent Data Gathering on Latest Generation Devices.
Presented by RCS S.p.A.13:20-14:10 Session B
FUSION – The single investigation platform
Presented by ATIS13:20-14:10 Session C
The Future of AI-Powered Data Fusion for Intelligence
Presented by Rayzone Group14:15-15:05 Session B
Harnessing Multiple Digital Data Sources to Revolutionize Investigations
Presented by PenLink15:25-16:05 Session C
Modernizing Digital Investigations: Automation and Data Enrichment for Efficient and Effective Case Resolution
In this session, you'll discover how leading investigation units are adopting a modern approach to digital investigations with automation and data enrichment. Learn how to tackle the challenges of managing large data volumes and drive faster and more efficient case resolutions.
Meirav Gingold, Product Owner, Cellebrite16:10-17:00 Session A
Drowning in audio data ? Speech technologies to the rescue.
Understand how to exploit our leading-edge language identification, speech transcription and keyword spotting solutions to ease your OSINT and COMINT activities.
Jodie Gauvain, Director, Vocapia Research
16:10-17:00 Session B
Complex investigation Use Case.
Multiple Cyber Intelligence tools coordinated to achieve significative results.
Presented by AREA16:10-17:00 Session C
Generating CDRs for WhatsApp, Telegram, Viber, Signal, and other Encrypted VoIP Applications
Presented by ClearTrail
Wednesday, 7 June 2023
09:10-10:00 Session A
NSO: The unencrypted story
Presented by NSO09:10-10:00 Session B
Special IT-forensic workflow including tactical and covert rapid on-scene triage and acquisition
Presented by mh-service GmbH and Detego Global
09:10-10:00 Session C
Faster and better IP Analysis outcomes with IntelligenceReveal: Real Life Case Studies & Live Demonstration
The BAE Systems IntelligenceReveal portfolio of solutions for Communications Intelligence and Multi-Source Analysis assists agencies in lawfully obtaining digitally sourced intelligence from the data generated by people, events and systems. In this demonstration you will hear how BAE Systems IP Analysis solution is able to transform the dark, encrypted flow of subject of interest (SOI) communications into important mappings of SOI activities. Providing an overview of the SOI online activity: which apps, services they use, when and where. This enables analysts to easily and quickly see specific activity or behavioural patterns, develop new lines of enquiries for investigators, such as comms data requests, account information requests, direct OSINT or surveillance.
Jez Nelmes, Product Manager BAE Systems Digital Intelligence09:10-10:00 Session D
How to increase operational efficiency during criminal investigation? -- A deep dive into Intelligence Analysis Management technologies.
Presented by OPPSCIENCE, an IDEMIA company13:00-13:40 Session A
Intelligence IoT: Networked Tactical Intelligence
Presented by Ateros13:00-13:40 Session B
Transform terabits per seconds into valuable information.
Unleash all intelligence in the data, combining analytics solution at the top. Use cases and demonstration.
Presented by AREA13:00-13:40 Session C
VASTech Cyclops: Real-world results showing the impact of Carrier-in-Carrier technologies on your satellite monitoring capabilities
Presented by VASTech13:45-14:30 Session A
Future of Traffic Summarization for LI: Correlating Carrier-Grade NAT (CGNAT) at Carrier Scale and Speed
Presented by Packet Forensics13:45-14:30 Session D
Profiling Suspects' Online Footprint with Digital Witness
This session will demonstrate the type of metadata Digital Witness extracts from encrypted traffic, including VoIP Forensics, Messaging Forensics, Social Media Forensics, Cyber Threat Forensics, and VPN Forensics. The live demo will walk you through the analysis of a suspect in a crime that is a mystery other than a suspected association with a suspect being monitored under a criminal warrant. You will see how the data obtained in a lawful intercept warrant can provide agents and detectives with significant leads that help solve cases faster than they can with current IPDR-based solutions or the use of WireShark.
Presented by Sandvine13:45-14:30 Session E
Radio forensics - what is that, and how can it help in your investigation?
Rafal Wolczyk, Vespereye
15:00-15:45 Session A
Advancing Data Inception Solutions for Narrow Bandwidth and IoT Devices
Lawful Interception solutions need to take into account the unique data exchange attributes associated with IoT devices. As these become more and more prevalent, a real-time and mediation solution can help intelligence agencies visualize additional information about a suspect of interest.
Presented by SS8 Networks15:00-15:40 Session B
The Encryption Battlefield: Leveraging Metadata for Real-World Intelligence Missions
Presented by ClearTrail15:00-15:40 Session C
Exploiting the power of Advanced AI to anticipate and prevent attacks on critical infrastructure
Investigators have access to enormous amounts of publicly available unstructured data that could hold the key to identifying and preventing potential infrastructure attacks. But while this data is accessible to all, it’s not possible for analysts to search, sift and analyze it quickly and effectively enough using manual methods. Join us to learn how AI-based technology can act as a force multiplier to accelerate digital investigations to help mitigate risk, identify threats and divert attacks.
Sam Holt, Sr. Solutions Architect, Voyager Labs15:00-15:40 Session D
Zero-Click Attacks - The Holy Grail:
Demystifying zero-click attacks and shedding light on the essential traits of the most sought after infiltration capability
Presented by Candiru15:00-15:40 Session E
OSINT and Forensic Data Consolidation For Modern Investigations
This session will walk you through the journey to digital intelligence maturity, the art of the possible for law enforcement, corporate and investigative professionals, and explain the practical steps along the way.
John Randles, CEO, Siren
Richard Chen, EMEA Professional Services, Siren15:45-16:25 Session A
Every piece of data tells a story – combine and analyze data from any source in your digital investigation.
Mark Uldahl, CTO, XCI A/S15:45-16:25 Session B
Fast visualization, analysis and fusion of large data sets from different sources
Presented by ATIS15:45-16:25 Session C
Snowpack: Become Invisible (an alternative to Tor and VPNs)
Presented by Snowpack15:45-16:25 Session D
Smartphones and PCs interception
Enable LEA and Intelligent Services the anonymous interception and the remote control of multiple devices
Presented by MOLLITIAM CYBERINTELLIGENCE16:30-17:15 Session A
Effective photo and video investigations: from CCTV enhancement and analysis to deepfake detection in OSINT media
Presented by Amped Software
16:30-17:15 Session C
How Lawful Interception benefits from Traffic Filtering.
High bandwidth networks like fiber and eMBB (LTE / 5G) put new requirements to a Lawful Interception solution. With high throughput data streams, the costs of processing this data increases. However, not all data is relevant for an investigation, e.g., Netflix and application and OS updates carry no user data. Within this session we will discuss how Lawful Interception benefits from Traffic Filtering capabilities.
Presented by Group 200016:30-17:15 Session D
Linking and analyzing data with different classifications or sensitivity across intelligence fields on the TOVEK platform
A live demonstration of the versatility of TOVEK in the analysis of data from various sources and systems enabling the cooperation of various police or intelligence departments such as OSINT, COMINT, FININT, forensics, etc.
Presented by Tovek16:30-17:15 Session E
A Deep Dive in to Mobile Exploitation - A Full Chain overview
Presented by SecFenceThursday, 8 June 2023
08:30-09:10 Session B
Operations Security (OpSec) in Offensive Mobile & PC operations (ft. How to make your Zero-Days last longer)
Presented by SecFence09:15-10:00 Session A
Grayshift's best practice in mobile forensics
Presented by Grayshift09:15-10:00 Session B
Expanding Operational Awareness and Uncovering Digital Footprints with AI-Driven Data Fusion
LLaw Enforcement and Security organizations are faced with an ever-increasing explosion of data, including OSINT, deep/dark web, mobile forensics, surveillance, financial transactions (including cryptocurrency), and more. Taking a multi-source approach to investigations has become essential to surfacing insights and eliminating the blind spots caused by organizational silos. This presentation will demonstrate how AI-enabled data fusion can help expand and enhance operational awareness, accelerate investigative outcomes and de-anonymous criminals and their behavior to keep countries and communities safe.
Presented by JSI Group09:15-10:00 Session C
Supercharged IPDR extraction and analysis - Encrypted IP Applications and Advanced Internet Activity Analytics
John Senior, CEO, Trovicor Intelligence11:00-11:40 Session B
Nirvana for Complex Problems faced by Defence & Intelligence Communities:
Complex problems needs complex engineering for simple outcomes. Get acknowledged to rapidly Identify cables(fibres) of interest. Capturing, Managing, and Extracting Intelligence from Gigabit Speed Networks. Apply Cyber Threat Hunting Techniques to track nation State actors. Welcome!
Presented by VEHERE11:00-11:40 Session C
Breaking Barriers: How SATCOM Intelligence Can Fill Communication Gaps in Law Enforcement Investigations
Presented by Cognyte11:45-12:30 Session A
Bringing clarity to complex missions - A single-screen investigation tool for real-time results.
In today's complex world of cyber intelligence, our 5-dimensional investigation module intuitively fuses diverse data fabrics into a seamless flow. Our toolset enables uncovering of hidden entities and relationships critical to operational intelligence.
Presented by TRG11:45-12:30 Session B
VASTech Cyclops: Real-world results showing the impact of Carrier-in-Carrier technologies on your satellite monitoring capabilities
Presented by VASTech
Track 3: Social Network Monitoring, Artificial Intelligence and Analytics Product Training
Sessions in this track are only open to Law Enforcement, Public Safety and Government Intelligence Community Attendees, unless marked otherwise.
Tuesday, 6 June 2023
08:30-09:20 Session A
Massive Social Media data collection and analysis for Counter-Terrorism Intelligence Activities
Presented by IPS08:30-09:20 Session C
Breaking Data Silos. Prevent Crime. Enhancing collaboration with SCOPE Mass-Data-Analysis.
Presented by Innosystec09:25-10:15 Session A
WhatsApp, Telegram, Facebook...how IPS helps you to locate most wanted targets with LI
Presented by IPS09:25-10:15 Session B
Exploiting the power of Advanced AI to anticipate and prevent attacks on critical infrastructure
Investigators have access to enormous amounts of publicly available unstructured data that could hold the key to identifying and preventing potential infrastructure attacks. But while this data is accessible to all, it’s not possible for analysts to search, sift and analyze it quickly and effectively enough using manual methods. Join us to learn how AI-based technology can act as a force multiplier to accelerate digital investigations to help mitigate risk, identify threats and divert attacks.
Sam Holt, Sr. Solutions Architect, Voyager Labs
10:35-11:25 Session A
LEVARAGING THE BIG DATA POWERHOUSE TO ADDRESS THE FINANCIAL CRIME OF ANTI MONEY LAUNDERING (AML)
Using a real case we will demonstrate how a BIG DATA PLATORM can enhance analysts/ investigators ability for early detection, prevention and resolution of anti-money laundering crimes , fraud etc. We will show how big data platforms can do more than just follow the money. It can predict where it will go, making analysts and investigators faster and more effective in addressing what is and will become the greatest threat to economic stability, sustainability and growth in the 21stcentury.
Omri Raiter, RAKIA Group11:30-12:20 Session A
Videoma Intelion: massive and automatic management and analysis of video and audio in police operations and intelligence investigations.
Videoma Intelion is the new suite of security products presented by ISID at ISS. Videoma is a technological tool of reference in the field of security for multimedia content management, which expands its capabilities of automatic analysis of video, image and audio, as well as the automation of the processes of investigators and analysts. We have solutions adapted to any of the usual sources of video, image and audio, from CCTV, communication interceptions, social networks, open sources, TV or radio.
ISID provides the most advanced technologies for automatic transcription of voice to text, facial or voice biometrics, license plate reading, among others, which allow the automatic processing of large amounts of video or audio without the need for manual review, which saves a great saving of effort and time.
Presented by ISID
13:20-14:10 Session B
Future of Mass Data Visualisation for fast and precise actionable intelligence.
Presented by Innosystec14:15-14:40 Session A
TikTok challenges: Adapting to new and evolving platforms
While communities and governments are justifiably concerned about threats related to censorship and espionage, this talk examines the variety of nefarious and criminal behaviour playing out on TikTok, the challenges for law enforcement SOCMINT efforts and how these can be overcome.
Presented by Fivecast14:15-14:40 Session B
Automatic Exploitation of Social Network, Deep and Dark Web to complement traditional Lawful Interception Infrastructure for Target Profiling.
Presented by IPS14:40-15:05 Session B
Cyber Threat Intelligence to accelerate online investigations
Presented by IPS15:25-16:05 Session A
How to Uncover a Money Laundering Network in 7 Steps
Presented by Cognyte
15:25-16:05 Session C
Graphs in Criminal Intelligence
Presented by Graphaware15:25-16:05 Session D
The use of Euler Big Data Technology & Graph database for Cyber and Social Media Investigations
Presented by Euler Data Solutions16:10-17:00 Session A
Investigative Analytics - Looking into the future of intelligence with advanced data analytics
Presented by Cognyte16:10-17:00 Session C
Accelerating Social Media and OSINT Investigations with ShadowDragon
Presented by Shadow Dragon
Wednesday, 7 June 2023
9:10-10:00 Session A
Location & Open Source Intelligence: Real Life Case Studies & Live Demonstration
Presented by Cobwebs13:00-13:40 Session A
From IOC to threat actors hunting
Presented by Cobwebs13:00-13:40 Session C
Revolutionize OSINT with ChatGPT and LLMs: a Practical Guide
This presentation explores the transformative potential of ChatGPT and other large language models (LLMs) in revolutionizing open-source intelligence (OSINT) collection and analysis. We will discuss practical applications of these advanced AI technologies in streamlining OSINT processes. Attendees will learn how to effectively harness the power of ChatGPT and LLMs to enhance their OSINT operations and discover best practices for implementing these cutting-edge tools in real-world scenarios.
Presented by S2T Unlocking Cyberspace13:45-14:30 Session A
AI-powered Language Technology Solution to handle Multi-language OSINT & COMINT
Emmanuel Tonnelier, Director, Defence and Intelligence Solutions, SYSTRAN13:45-14:30 Session B
Automation meets Intelligence – Our view of AI-powered Analytics.
Presented by Innosystec15:00-15:45 Session B
trovicor’s Latest interception Innovations – Speech Analysis, Encrypted IP applications and hyper efficient Big Data Analytics.
Renita John, CPO, Trovicor Intelligence15:45-16:25 Session A
Using OSINT with visual link analysis to enhance your investigations
Presented by Maltego15:45-16:25 Session B
Translate alternative socials into actionable data
Web-IQ’s Open Language Intelligence (OLI) combined with data from alternative socials such as Sina Weibo, Discord, Naver or even Telegram discloses intelligence as never shown before. Our experts will show how to activate these new intelligence sources using Voyager and its features such as OCR, entity resolution and -relation analyses, account discovery and more. Welcome!
Presented by Web-IQ16:30-17:15 Session B
The Rise of the Titan: A New Era of Social Media Investigation Begins
Get a sneak peek of the future of social media data investigation with the SNH Titan.
Join us for an exclusive first look at our new product and see it in action through a real-world case study. Discover the powerful new features and efficient working methods of the SNH Titan. Don't miss this opportunity to ask questions and give feedback directly to the team. Join this exclusive event!
Markus Brause, Partner and Salesmanager and Henry Müssemann, M.Sc., Tech Lead, Freezingdata
Thursday, 8 June 2023
08:30-09:10 Session A
Speed to Insight and Decision advantage using OSINT
Kyle Randall, OSINT Combine08:30-9:10 Session B
Transforming OSINT, Cyber and POI investigations with the power of Maltego
Presented by Maltego08:30-9:10 Session C
Anonymity vs You: Accelerated WEBINT insights to identify virality, influencers and unmask suspects across social networks
Presented by ClearTrail, co-hosted by Mark Bentley, Communications Data Expert, UK Police08:30-09:10 Session D
Follow your suspect down the OSINT Rabbit Hole.
Cyber Intelligence platform to get deeper into the OSINT of online social communities and Dark Web. Use cases and demonstration.
Presented by AREA09:15-10:00 Session A
Break the silos: plan and execute a pluridisciplinary intelligence operation on theatre with Paliscope multi-source platform
Presented by Paliscope AB09:15-10:00 Session B
OSINT Case Study: Leveraging Open Data to Make Breakthroughs in an Arms Trafficking Investigation
Open data can provide the connections required to expand cases around existing leads. In this presentation, the team will demonstrate how the Social Links’ OSINT solution, SL Professional, enabled investigators to greatly enhance internal data with open sources. This led to significant breakthroughs in an arms trafficking case, where the main actors were successfully identified.
Christof De Windt, OSINT Specialist at the Federal Judicial Police of Belgium; and Alexandra Samuseva, Customer Success Manager, Social Links
09:15-10:00 Session C
How to accelerate avatar-based social network intelligence gathering while staying secure?
Presented by Corexalys11:00-11:40 Session A
AI & geolocation for homeland security
Presented by Intersec11:00-11:40 Session B
OSINT For Counter Extremism in Europe
Ideologically motivated violent extremism is on the rise across Europe. Widespread adoption of social media has exacerbated the situation, as it has become a conduit for spreading and sharing extremist propaganda and false information. This presentation discusses the history of extremism over the past decade, and how the current threat is being mitigated through open-source intelligence.
Presented by Fivecast11:00-11:40 Session C
BIG DATA PLATFORM – A comprehensive, practical guide to getting the most out of your DATA
A practical and comprehensive guide on the ins and outs of big data platforms and how they have been used to address key problems/challenges in law enforcement agencies . Through a specific use case we will highlight the highest value insight that everyone should have with regards these matters. Some of the elements covered include defining needs, devising algorithms using a no-code rule engine, how to link databases , report generator and much more.
Omri Raiter, RAKIA Group11:45-12:30 Session A
Open Source Tools, PART 2. Top 20 FREE Open Source Tools (OSINT) Used in Cybercrime Investigations
Mark Bentley, Communications Data Expert, National Cyber Crime Law Enforcement, UK Police11:45-12:30 Session B
Video/Audio intelligence automation in police operation. Use case.
Presented by ISID
Track 4: Threat Intelligence Gathering and Cyber Security Product Training
This track is only open to Law Enforcement, Public Safety and Government Intelligence Community Attendees
Tuesday, 6 June 2023
08:30-09:20
Stuck with traditional IP Traffic Analysis?
Traverse the time vortex to view Gartner’s new-age Network Detection and Response Techniques. Tried the emerging AI-based Network Detection and Response (NDR) to combat national threats yet? – Tech-powered for Défense and Intelligence Communities. See you at our seminar and booth.
Presented by VEHERE09:25-10:15 Session B
Connecting the Dots for Proactive Threat Detection - stay ahead of your targets with KELA Cyber Threat Intelligence - Live demo
Effective Cyber Threat Intelligence (CTI) requires a comprehensive understanding of a target's activities and intentions. In this session, we will explore how CTI can be leveraged to gain insights into a target's identity, behavior, and potential next steps. We will introduce our unique CTI solution, which uses innovative capabilities to collect, investigate and analyze data from cybercrime sources. Through a live demo, attendees will see how our solution can assist in exposing the bad guys and staying one step ahead of them.
David Carmiel, CEO, KELA
14:15-15:05
When Spyware Turns Phones Into Weapons: Addressing Mobile Devices Software and Hardware Vulnerabilities to Save Your Organization
Presented by Feedback Italia15:25-16:05
OSINT Case Study: How the Analysis of TikTok Led to the Identification of a Fugitive Criminal
This talk will have two parts. The first will focus on a real case in which a suspect had disappeared. We’ll demonstrate how investigators used SL Professional to carefully analyze media from TikTok, leading to the fugitive’s identification. Following on from this, part two will cover how the OSINT solution can process a whole range of open-source media to boost investigations.
Speakers: Christof De Windt, OSINT Specialist at the Federal Judicial Police of Belgium; and Dmitry Danilov, Head of the Expertise Centre at Social Links.
Christof De Windt, OSINT Specialist at the Federal Judicial Police of Belgium; and Dmitry Danilov, Head of the Expertise Centre, Social Links16:10-17:00
Complex OSINT and CSINT in two unique solutions
How to collect high-value intelligence by accesing public and private data
Presented by MOLLITIAM CYBERINTELLIGENCE
Wednesday, 7 June 2023
09:10-10:00 Session B
COUNTER ΙLLEGAL ACTIVITY– From a mere hint to real threat mitigation!
A step-by-step guide to harnessing OSINT and fusion technology to effectively support the entire process of identification and mitigation of nation illegal threats. We will include the entire OSINT & WEBINT collection capabilities from all aspects , target , mass collection ,darknet , avatar design and management , fake accounts identification and mitigation and no code crawlers
Omri Raiter, RAKIA Group13:00-13:40 Session A
Emerging Technologies for Espionage Tradecraft: Why Encryption Matters
This presentation examines the confluence of emerging technologies that could potentially be exploited by adversaries for espionage tradecraft and we discuss the critical role of encryption in cyber defense.
Presented by Asperiq
13:00-13:40 Session B
Cybersecurity Reinvented: Navigating the Landscape of Secure Communication in the Age of Threats, Hardware Vulnerabilities, and Post-Quantum Computing
Presented by Feedback Italia13:00-13:40 Session C
Starting an investigation at an area of interest and revealing suspects in real-time
In this session you will understand how [REDACTED] supports rapid decision making and enables gathering, enriching, visualizing and reporting multi-modal and multi-dimensional cyber intelligence data.
Presented by TRG13:45-14:30
Cryptanalysis: Size Matters
Encryption and Authentication is at the heart of any IT and communication systems. It commonly poses a difficult challenge for law enforcement, intelligence and military in investigations and missions. Not only for file and harddrive encryptions but also access to computers, WiFi and websites. In this session, we present common attack-methods with a focus on brute-force approaches and optimal infrastructure choices to support the objectives in an increasingly challenging environment. The same principles are applicable also to penetration testing and password audits to ensure your own IT security.
Presented by SciEngines15:00-15:40
Enabling Network-centric operations: Vision and Strategy for Secure Communications
This presentation examines the latest innovation trend in network centric operations and proposes a vision and strategy for implementation of secure communications to cater for the diverse needs of national security, intelligence, and defense.
Presented by Asperiq
Thursday, 8 June 2023
11:00-11:40 Session A
Cyber Resilience System for DoS
How to reduce the vulnerability and neutralize threats for public and critical infrastructures
Presented by MOLLITIAM CYBERINTELLIGENCE11:00-11:40 Session B
Identify New Threats With Next-Generation DPI-Based Cyber Sensors
In this live demonstration, discover a new generation of DPI-based cyber sensors that leverage years of experience in cyber defense environments to extend the cyber threat detection capabilities, and raise the performance of government-run Security Operations Centers (SOCs).
Nicolas Duteil, Senior Technical Account Manager, DPI & Traffic Intelligence, Enea
Track 5: Investigating DarkWeb, Bitcoin, Altcoin and Blockchain Transaction
This track is for law enforcement and private enterprise investigators who have to monitor and investigate the DarkNet along with Bitcoin transactions associated with criminal activities
This track is only open to Law Enforcement, Public Safety and Government Intelligence Community Attendees.
Tuesday, 6 June 2023
8:30-9:20
Shedding light on the Info-stealer Eco System
In this session, we describe the eco-system of the info-stealer. Numerous IABs (Initial Access Brokers) and marketplaces are active on Darkweb and Deepweb. Recently, criminals have been continuously moving to other platforms such as Telegram and Discord. We will elucidate how they are selling and buying the leaked data. Furthermore, we show how adversaries can breach this data by analyzing malware and their TTPs (Tactics, Techniques, and Procedures).
In addition, we examine cryptocurrency flow to track criminals’ cash to launder its origin.
Presented by S2W09:25-10:15
Defeating the dark web: Policing Tor’s hidden services and dark markets.
Presented by Searchlight Cyber13:20-14:10
Live Demonstration of DarkOwl Vision: Darknet Intelligence Discovery and Collection
David Alley, CEO, DarkOWL FZE16:10-17:00
Cryptanalysis: Size Matters
Profits from illegal activities are often stored as cryptocurrencies in offline wallets. Retrieval of confiscated proceeds/funds can be challenging if the criminal doesn’t cooperate. In this session, SciEngines presents password-search options to access it nevertheless. Additionally, password-cracking against other targets is covered.
Presented by SciEnginesWednesday, 7 June 2023
13:45-14:30
Revealing the invisible: Real Stories of Cryptocurrency Deanonymization
Presented by Cognyte15:45-16:25
Bitcoin in War: OP_RETURN Callouts Point to Blockchains’ Growing Role in Geopolitical Conflict
- OP_RETURN is a field used to store data in transactions, effectively allowing users to attach messages to transactions and broadcast them to the entire blockchain, where they’ll be saved forever
- Chainalysis recently discovered what appears to be an example of a more direct, aggressive usage of Bitcoin for counterintelligence, through the unprecedented weaponization of the OP_RETURN field.
- In this case, a vigilante sent thousands of transactions to a total of 986 unique Bitcoin addresses, burning the Bitcoin while doing so, to publicly callout multiple foreign intelligence agencies.
Presented by Chainalysis
16:30-17:15
Dark what?! Telegram is now the hub for hackers, fraudsters and other criminals
Presented by S2T Unlocking CyberspaceThursday, 8 June 2023
9:15-10:00
Thou shalt wirelessly intercept your neighbor: Leveraging WiFi and Bluetooth in operative
In this talk, we shall discuss various security mechanisms used in WiFi and Bluetooth networks and how to abuse them to obtain mission-critical intel. Apart from explaining all principles, we will demonstrate them (hopefully live) on our tactical device! Starting with an access point and client scans, we will continue with client targetted jamming and total Denial-of-Service of the whole network that may even result in authentication handshake capture. This handshake contains information to recover the WiFi password to access the targeted network. Once inside the network, we will show essential hacking tools to conduct IP-level reconnaissance. But we will not limit ourselves to WiFi and demonstrate how Bluetooth can be leveraged to notify you about a person's presence or exploit various IoT devices.
Vladimir Vesely (Ph.D., Computer Science) and Jan Pluskal, Researchers, Brno University of Technology
Track 6: Mobile Signal Intercept Product Training and Demonstrations
This track is for Law Enforcement, Interior Security and the Government Intelligence Community who must work with cellular and mobile satellite operators regarding mobile location, electronic surveillance and RF intercept.
This track is only open to Law Enforcement, Public Safety and Government Intelligence Community Attendees.
Tuesday, 6 June 2023
8:30-9:20 Session B
Understanding Mobile 2G, 3G, 4G and 5G NSA Infrastructure, Intercept and Cryptography
Dr. Jerry Lucas, President, TeleStrategies10:35-11:25
Satellite Networks: Detecting, Locating and Intercepting transmitters
Presented by Kratos11:30-12:20
Advanced SatCom Monitoring in tactical and strategic scenarios
Presented by Rohde Schwarz13:20-14:10 Session A
Streaming Visual Intelligence from IoT
NightHawk, a cyber intelligence platform delivering E2E intelligence gathering and covert operations unique capabilities. The NightHawk can be operated remotely or by proximity to the targeted device. The session will enable law enforcement and intelligence agencies a glimpse into how to gather unique intelligence, analyze, track targets and events worldwide in the NightHawk platform.
Presented by Interionet13:20-14:10 Session B
Investigation approaches for the collection and evaluation of radio traces (cellular radio, WLAN, Bluetooth, LTE-V).
Presented by S.E.A. Datentechnik GmbH14:15-15:05 Session A
A Revolutionary AI Based network independent 5G SA cellular locator
Presented by Septier14:15-15:05 Session B
Why mobile phone location accuracy matters for successful missions
Chris Fritz, Polaris Wireless15:25-16:05
Secure the smartphone data at rest and in transit - Bittium secure communication solutions
The modern smartphone environment offers users various options for storing and moving sensitive organizational data. Therefore, it is crucial for organizations to have a communication solution which makes sure the data is secure when it is stored into device, but especially when the data is in transit. In this session, Bittium Security Specialist Mr. Niko Keskitalo will present the ways how to secure your organization’s sensitive data with Bittium security solutions.
Presented by Bittium16:10-17:00
Mobile tracking with a narcotic investigation
Presented by Intersec
Wednesday, 7 June 2023
9:10-9:30
(Very) Connected Cars: How Identity Collection From Vehicles Can Help Fight Crime
Presented by Cognyte9:30-10:00
It's Compact...It's Covert...It's a Micro-tactical Suite – Operating Everyday Field Missions in Versatile Environments
Presented by Cognyte13:45-14:30
ArrowCell - Securing your Cellular Environment, Anywhere, Anytime
Presented by Rayzone Group15:00-15:40
Stay ahead of the multi-band wireless curve for vehicular, portable, and airborne investigations
Presented by Octasic
15:45-16:25
A Revolutionary AI Based network independent 5G SA cellular locator
Presented by SeptierThursday, 8 June 2023
11:00-11:40
Why mobile phone location accuracy matters for successful missions
Chris Fritz, Polaris Wireless
Track 7: Electronic Surveillance Training and Product Demonstrations
This track is for law enforcement investigators and the government intelligence community who are responsible for deploying video, audio and GPS surveillance products and only open to Law Enforcement, Public Safety and Government Intelligence Community Attendees.
Wednesday, 7 June 2023
13:45-14:30 Session B
New Microphone Arrays from Squarehead
Vibeke Jahr, COO and Founder, Squarehead Technology15:00-15:40
Modern data-driven SIGINT: how multisource RF analytics can support intelligence and critical decisions?
Virginie Chapuis, Eias Daka, Avantix15:45-16:25 Session A
QuipoEVO: new features and new use case for Cy4Gate Decision Intelligence Platform
Introducing QuipoEVO, the latest innovation from Cy4Gate, designed specifically for Law Enforcement Agencies (LEAs) to enhance decision intelligence capabilities. In the fast-paced world of law enforcement, staying ahead of criminals and ensuring public safety requires advanced tools and technologies. QuipoEVO combines cutting-edge artificial intelligence and machine learning to provide LEAs with a comprehensive Decision Intelligence Platform tailored to their unique needs.
QuipoEVO offers a range of powerful new features that revolutionize data analysis and decision-making in the LEA domain. Real-time data integration and analysis capabilities enable LEAs to gather and process vast amounts of data from multiple sources, including structured and unstructured data. By leveraging advanced analytics and algorithms, QuipoEVO provides actionable insights and helps LEAs identify patterns, detect trends, and make informed decisions to combat crime effectively.
Presented by CY4GATE S.p.A.15:45-16:25 Session B
Tracers: walk in the shoes of your target.
Electronic Surveillance solutions to covertly investigate on suspects in the field and operate from an all-in-one, AI enabled, centralized cyber intelligence platform. Use cases and demonstration.
Presented by AREA16:30-17:15 Session A
Border Security and Force Protection Analytics using Passive RF - Update
Presented by Packet Forensics
Track 8: 5G Lawful Interception Product Training
This track is only open to Law Enforcement, Public Safety and Government Intelligence Community Attendees.
Tuesday, 6 June 2023
9:25-10:15
Understanding 5G Stand Alone NFV, Edge Computing and Network Slicing
Matthew Lucas (Ph.D, Computer Science), VP, TeleStrategies
10:35-11:25
Survival of IMSI-catchers in 5G Networks
Presented by Utimaco11:30-12:30 Session A
IMSI-CATCHER IN 5G (SUPI-CATCHER) Challenges - Solutions - Proof of Concept and Best Practice (60Min)
Presented by Central Office for Information Technology in the Security Sector (ZITiS)11:30-12:20 Session B
POLIIICE: Introducing the EU Horizon research into Powerful Lawful Interception, Investigation, and Intelligence. Supporting law enforcement in the new age of communication of 5G and beyond, E2EE and quantum based cryptography.
Chris Young, Product Manager, BAE Systems Digital Intelligence13:20-14:10
Conquer 5G SA and 3D geolocation challenges for continued mission success
Presented by Octasic14:15-15:05
Transforming security intelligence with high accuracy 5G location
Accurate location intelligence is key to law enforcement and intelligence agencies. However, they are usually only provided with mobile phone records with the cell tower location that gives a rough area covered by that mobile cell. This can equate to a location range of 300 to 500 meters even in dense urban areas, meaning several blocks from the suspect. In rural areas, the location range can be tens of kilometres wide. In this presentation, SS8 will review the impact of 5G on location accuracy and lawful intercept
Presented by SS815:25-16:05
Keep using your IMSI Catchers and Direction Finders in the 5G SA Era
With the introduction of 5G SA, the 3GPP decided to improve subscribers’ privacy by designing an encrypted protocol architecture that protects against the use of IMSI catchers. These design choices resulted in the need for a “future proof” and solid solution in order for law enforcement to correlate temporary identifiers collected over the air interface and match them to permanent identifiers and to track suspects using their direction-finding tools and capabilities.
Presented by Group 200016:10-17:00
Update on 5G NR Mobile Radio Analysis – Network Survey and SUPI Catchers
Presented by Rohde Schwarz
Wednesday, 7 June 2023
16:30-17:15
5G ID Resolution
Presented by EXFOThursday, 8 June 2023
09:15-10:00
Lawful Interception of IMS/VoLTE Roaming (S8HR)
Presented by Utimaco11:45-12:30
Conquer 5G SA and 3D geolocation challenges for continued mission success
Presented by Octasic
Training Seminars Led by Law Enforcment Officers and Ph.D Computer Scientists
Tuesday, 6 June 2023
Seminar #1
08:30-15:05Online Social Media and Internet Investigations
Presented by:Charles Cohen, Vice President at NW3C, the National White Collar Crime Center, Professor in Practice Criminal Justice, Indiana University and Retired Captain, Indiana State Police08:30-09:15
Proxies and VPNs: Identity Concealment and Location Obfuscation
09:30-10:15
Tor, onion routers, Deepnet, and Darknet: An Investigator's Perspective
10:30-11:15
Tor, onion routers, Deepnet, and Darknet: A Deep Dive for Criminal Investigators
11:30-12:15
Cellular Handset Geolocation: Investigative Opportunities and Personal Security Risks
13:15-14:00
Ultra-Wideband Geolocation and Cyber OSINT
14:15-15:00
Collecting Evidence from Online Social Media: Building a Cyber-OSINT ToolboxSeminar #2
08:30-15:05(THIS SEMINAR IS ONLY OPEN TO LEA AND GOVERNMENT ATTENDEES)
Practitioners Guide to Internet Investigations
Presented by: Mark Bentley, Communications Data Expert, National Cyber Crime Law Enforcement, UK PoliceThe aim of this 1-day seminar is to take the attendees from the basics of understanding the Internet,
how to find data, through to a full understanding of best practice of an Internet investigator, building their OSINT toolbox, and having awareness and knowledge of all the tools available to achieve this. It is aimed primarily at the investigator, delivered from the perspective of detective, to empower them to have the best methodology and tradecraft to profile and catch suspects.
This is exclusively Law Enforcement only, as Practical examples, covert and investigative methodology and tradecraft will be given throughout the seminar.08:30-09:20
The Internet, and how suspects leave a Digital Footprint. How the system works for us, as investigatorsHow it works. Why it works. How it works for us .How data traffic leaves a trace ; What the internet is; what is an IP and how is it significant to trace a person. IPv4 and IPv6 – understanding the changes- the benefits and pitfalls for the investigator. The internet has millions of copies of data on it - why, and where can we find this. Tracking and evaluating data. MAC adders tracking.
09:25-10:15
Recognizing Traffic Data and digital profiling via social networks and devices - digital shadowsWhat data is available. How to harvest and analyze it. Best practice to identify suspects and build profiles. Good practice, virtual data 'housekeeping' and tradecraft .Data collection and interrogation, significance and value. IP usage, exploitation and dynamics; IP plotting and analysis how to look for suspect mistakes and exploit them ( where they show their id). Dynamic approaches to identifying suspects through internet profiles. What investigators get from tech and service providers, and how to analyze it. Investigator capabilities and opportunities.
10:35-11:25
WIFI, geolocation, and Mobile Data traces and trackingA detectives look at Wi-Fi, attribution, cell site data, GPRS location services and technology. How an investigator can track devices, attribute suspects locations, devices and movement. Unique communication identifiers. Dynamic live time tracing. Geo location services and uses. Online Surveillance and tracking movement and speed.
11:30-12:20
Awareness of Emerging Technologies, Masking Tech and Tools, TOR and proxiesHow suspects are using emerging and new technologies.
An introduction to where technology is going, and how Law enforcement can use this to our advantages. dynamic and pro-active problem solving. Darknet, (Deep web) , TOR and IRC use. VOIP, Skype and FaceTime exploits. Advanced data sniffing and profile building. TOR systems, applications and ways to coax offenders out of the system.13:20-14:10
Advanced Techniques in Tracing Suspects, and lateral problem solvingUsing innovative and dynamic methods to trace offenders. Tricks used by suspects and how to combat them- Play them at their own game?. Covert internet investigations. Proxy servers and hiding. Managing collateral intrusion. Reverse and social engineering. Thinking outside the box. Lateral thinking. Possible missed opportunities. Profile building and manhunts through device footprints, speed and movement.
14:15-15:05
Open Source Tools, PART 1. Resources, tradecraft and techniques - highlighting the best free tools and resources"Just google it" doesn't work anymore. A look at good tradecraft, practice and methodology in profiling, tracking and tracing digital footprints and shadows on the internet, by means of best available tools. A look at a selection of 200+ tools available on Mark's open source law enforcement tools website, that search engines can’t see, with login and password provided during the session. Do's and do nots. Best tools for best results. When was the last time you 'googled' something in an investigation, and it returned 5 results, all specifically relating to your suspect? This session will teach you how. PART 2 on the final day with free tools to download and keep
Seminar #3
08:30-09:20Understanding Mobile 2G, 3G, 4G & 5G NSA Infrastructure and Law Intercept for Technical Investigators
Presented by: Dr. Jerry Lucas, President, TeleStrategiesThis session addresses the infrastructure evolution of 2G to 3G to 4G to 5G NSA and the impact on lawful interception. Specifically;
Network Architecture Evolution from 2G to 3G, 3G to 4G, 4G to 5G regarding radio technology (TDMA, CDMA, OFDM and MIMO), network core from CSFB to VoLTE and SS7 to Diameter.
Encryption, Target Identification and Location: SIM and eSIM cards, IMSI and Target ID, encryption algorithms (A3, A5, A8 and Ki) and basically how user authentication and traffic encryption is accomplished.
Target Location Tracking with CDR analysis, MAC address farming, MITM attacks, SS7 access, IMSI catchers and IT intrusion.
4G to 5G Transition Specifics Understanding 5G Non Stand Alone (NSA) vs. SA 5G, the IMSI catcher issue (myth vs. realities), 5G Cryptography (ECC, SUPI, SUCI), 5G target location enhancement and LTE/NR Internetworking and Co-existance.
5G Spectrum What can 5G deliver with mid vs. high frequency spectrum and what new spectrum bands are soon to be auctioned off
SA 5G Infrastructure Features: NFV, SDN, Edge/Cloud Computing and Network Slicing
Seminar #4
09:25-10:15Understanding 5G Stand Alone NFV, Edge Computing and Network Slicing
Presented by: Matthew Lucas (Ph.D, Computer Science), VP, TeleStrategiesCellular market analysts collectively have identified 5G services deployed in over 400 cities spread over 30 or so countries. The one common feature of all these operations is that they are providing 5G services with a 4G/5G hybrid network infrastructures or so called non-Stand Alone (NSA) architecture. This session addresses the trasition to 5G standalone.
In reality lawful interception of non-standalone is not any different from 4G interception regarding new LI feature additions. The next LI challenge will be for 5G SA. This webinar addresses the technical challenges facing law enforcement, 5G operators and ISS vendors. Specifically the four transitions are:
- 5G Network Challenges Identifiers: How are law enforcement going to grab 1gbps traffic streams; backhaul to monitoring centers and filter non-important traffic of interest.
- 5G Edge Cloud Computing: How do you intercept on a 5G operators IT systems, deal with proprietary system protocols, e2e encryption and localized content
- 5G Virtual Network Core: How complicated will this be regarding LI, VoIP on virtual devices and what LI barriers has the IETF created
- 5G Network Slicing: Is this 5G feature restricted to private enterprises or will 5G MVNO’s provide public mobile wireless services, How will law enforcement interconnect with 5G OSS provisioning systems and what is the LI point of interconnection?
Seminar #5
10:35-11:25Understanding Advanced Techniques to Defeat (or Work Around) Encrypted Third Party Services, Bitcoin Anonymity, TOR/HS and iPhone Encryption
Presented by: Matthew Lucas (Ph.D, Computer Science), VP, TeleStrategiesYou can’t defeat today’s encryption (at least not that we know of) but law enforcement and the government intelligence community can “Work around encryption” for a price. Once you identify a target using commercially available encryption products or services (and with enough resources or money) government can defeat the target near 100% of the time.
This session:
- Analyses the top third party encrypted serves (Telegram, Silent Circle, WhatsApp, Skype, Viber,TOR, TOR/HS); the cryptography deployed; why criminals and terrorists choose one over the other; and related LI challenges.
- Presents the common techniques for defeating the encryption deployed in these services, and their success/weakness, including:
- Man in the Middle Attacks
- IT Intrusion (Installing Malware)
- Exploiting bugs in SSL/TLS
- Connecting the “metadata” dots between known targets and communication patterns
- Case studies working around third party encryption case studies, e.g. how was it done!
- TOR / DarkNets (TOR/HS)
- Bitcoin Traceback
- Mobile phone/encryption cracking
- Future Directions in cryptography presenting new challenges for law enforcement and the government intelligence community.
Seminar #6
11:30-12:20Locating and Tracking Devices by MAC Addresses and App-Based SDKs plus Privacy Measures by Apple & Google
Presented by: Matthew Lucas (Ph.D, Computer Science), VP, TeleStrategiesThursday, 8 June 2023
Seminar #7
13:00-14:00(THIS SESSION IS ONLY OPEN TO LEA AND GOVERNMENT ATTENDEES)
Open Source Tools, Part 2. Top 20 FREE Open Source Tools (OSINT) Used in Cybercrime Investigations
Presented by: Mark Bentley, Communications Data Expert, National Cyber Crime Law Enforcement, UK PoliceA must see presentation of the best and most dynamic tools available to the investigator- and they’re all free. A download link will be provided during this session with 100 tools to take away