Interdisciplinary Conference on Cybercrime

Dr. Johannes M. Bauer

Modeling the Diversity of Cyberattacks

Abstract: Economic models have provided a powerful framework for understanding the information security problems in the Internet ecosystem. Research has shown that misaligned incentives of service providers, equipment manufacturers, software developers, and users go a long way to understand security breaches. As information security has positive cost, this research has also argued that accepting some level of vulnerability is economically rational. One potential weakness of these approaches is that they are based in a narrow view of the motives of attackers as primarily financially motivated. This presentation will explore whether the findings of the economics of cybersecurity hold for other types of attackers, such as ideologically motivated players. Based on a framework rooted in institutional economics, it will develop a typology of attackers and discuss its theoretical and practical implications.

Bio: Johannes M. Bauer is a Professor in the Department of Media and Information at Michigan State University. Since January 2013 he also serves as the Department Chair. He is trained as an engineer and economist, holding MA and PhD degrees in economics from the Vienna University of Economics and Business Administration, Austria. His experience at MSU is complemented by extended stays as a visiting professor at the Technical University of Delft, Netherlands (2000-2001), the University of Konstanz, Germany (Summer 2010), and most recently the University of Zurich, Switzerland (2012). His research covers a wide range of issues related to innovation in information and communication technology industries (ICT), business models of national and global players, as well as the public policy and governance challenges of harnessing the full benefits of ICT for society. He has developed and used computational methods to examine the effects of governance on advanced communications infrastructure and applied big data analytical methods to problems of information security. He currently serves as member of the boards of the Research Conference on Communication, Information and Internet Policy (TPRC) and the International Telecommunications Society (ITS). He is a frequent speaker at international conferences and has served as an advisor to public and private sector organizations in North and South America, Europe, and Asia.

Adam Bossler

Examining the Impact of Deterrence Perceptions on the Willingness to Commit Politically Motivated Cyber Attacks

Abstract: The Internet connectivity of critical infrastructure systems presents opportunities for attackers living in the United States or abroad to cause significant physical and financial damages. Although these concerns have been raised by scholars for several decades, cybercrime scholars in the social sciences have focused much of their efforts on studying cybercrimes against persons, such as online harassment, rather than cybercrimes against entities. The field has also surprisingly focused little on empirically examining the effect of deterrence in cyberspace rather than speculating on it. In one of the few studies on the topic, Holt and Kilger (2012) examined the factors that affected why college students may engage in politically motivated cybercrime attacks but did not examine deterrence perceptions. We build upon their work by examining whether perceptions of the certainty and severity of sanctions, participation in online personal violence, and peers affect college students’ willingness to participate in politically motivated cybercrime attacks, including attacks against critical infrastructure.

Bio: Dr. Adam Bossler is an Associate Professor in the Department of Criminal Justice and Criminology at Georgia Southern University. He earned his doctorate in criminology and criminal justice from the University of Missouri – St. Louis. His current research primarily focuses on examining the application of traditional criminological theories to cybercrime offending and victimization and how law enforcement responds to cybercrime. He is also currently completing a BJA grant exploring innovative correctional programs and a BJA Smart Policing grant in Evans County, GA evaluating the implementation of technology in rural law enforcement agencies. Finally, he is also currently working with collaborators on a NSF funded grant using real Internet usage data to examine computer deviance in a college sample.

George Burruss

Mirror Mirror: The Promise of Shared Data for Understanding Cybercrime

Abstract: While networked computing devices generate vast amounts of data, the sharing of breach and attack data with academics is rare. The reasons are understandable — such data are often classified, proprietary, or confidential. But until information about victimization and cyberthreats are provided to academics and among cybersecurity professionals, our understanding of the causes and correlates of cybercrime will remain limited. This presentation will consider how social scientists might analyze such data and what it could tell us about the nature of cybercrime. The implications for cybersecurity policy are discussed.

Bio: George W. Burruss is an Associate Professor in the Department of Criminology at the University of South Florida and the Florida Center for Cybersecurity. His main research interests focus on criminal justice organizations, cybercrime, and white-collar crime. He received his doctorate in criminology and criminal justice from the University of Missouri St. Louis. His research has been published in Crime & Delinquency, Justice Quarterly, and Social Science Computer Review.

David E. Connett

Automotive Incident Response

Bio: Not Yet Available

Cassandra Cross

Is online fraud just fraud? Examining professional perspectives on the digital divide

Abstract: Fraud is certainly not a new offence. However, the recent evolution and proliferation of technologies (predominantly the internet) has seen offenders increasingly use virtual environments to target and defraud victims worldwide. Much academic study into this crime type has examined the ways that fraud is perpetrated with a clear demarcation between terrestrial and cyber offences. There are numerous studies which target online fraud (or cyber fraud) specifically and usually exclude more traditional fraudulent approaches. However it is important to consider if there is any utility or benefit to categorising fraud separately depending on the type of environment it is perpetrated in.

This presentation will share insights from thirty professionals who work within the “fraud justice network” across London (UK) and Toronto (Canada). It highlights both the realities faced by professionals in seeking to ether maintain or collapse such a differentiation in their every day jobs. Overall, the presentation considers whether there are benefits to the current digital divide, or whether this actually hinders ongoing work in the area.

Bio: Dr Cassandra Cross is a Senior Lecturer in the School of Justice, Queensland University of Technology. Previously, she worked as a research/policy officer with the Queensland Police Service, where she commenced research on the topic of online fraud. In 2011, she was awarded a Churchill Fellowship to examine the prevention and support of online fraud victims worldwide. Since taking up her position at QUT in 2012, she has continued her research into online fraud, across the policing, prevention and victim support aspects. With colleagues, she has received highly competitive Criminology Research Grants, the first in 2013 to conduct the first Australian study into the reporting experiences and support needs of online fraud victims, and another in 2016 to examine the policing of cybercrime in Australia. She is co-author (with Professor Mark Button) of the book Cyber frauds, scams and their victims published by Routledge in 2017.

Cassandra Dodge

A New Profile of Cybercrime: An Application of Statistical Profiling on Computer-Related Crime

Abstract: This research creates a new criminal profile for computer-related crime by establishing the link among certain offender traits and crime features. Utilizing NIBRS data from 2007 to 2014, a sample of 9,233 computer-related crimes were analyzed using latent class analysis (LCA) to identify underlying groups within the offender and offense characteristics.

Bio: Cassandra Dodge, M.S., is a doctoral student from the University of South Florida with a research focus on cybercrime and technology. She also completed a graduate certificate in Digital Forensics from USF in December of 2017.

Aric Dowling

Overview of the Michigan State Police Cyber Section, Cyber Services, Trends, and Threats with case examples.

Bio: Detective Lieutenant Aric Dowling became a trooper for the Michigan State Police in 2000. He spent the next 12 years in various positions in southeast Michigan, including undercover work as a Detective Trooper in Detroit. He has served as a Sergeant in various technology areas within the Michigan State Police and now serves as an Assistant Commander of the Michigan State Police Cyber Section, overseeing the Computer Crimes Unit, the Internet Crimes Against Children task force and the Michigan Cyber Command Center.

Seth Edgar

Collaborative Security

Abstract: Several groups have attempted shared security models and indicator sharing several times over, but with little to no adoption. This presentation explores workable models for mutually-beneficial security collaboration while incentivizing participation.

Bio: Seth Edgar is the Chief Information Security Officer for Michigan State University. Prior to coming to Michigan State, Seth worked as a security researcher and engineer for the MITRE Corporation and Naval Postgraduate School. Seth’s research work and interests are focused on reverse engineering, malware trends, penetration testing, and digital forensics.

Richard Frank

Hackers hedging bets: A cross-community analysis of online hacking forums

Abstract: Cybercriminals use online discussion forums to learn their illicit trade, purchase the necessary tools and information and conspire to commit offences, like credit card fraud, identity fraud and money laundering. For researchers, capturing and analyzing the content from these hacking forums helps understand how virtual black-market economies work so that this knowledge can be used to disrupt them. In this project, we study the greater hacking community to find prominent players and identify emerging threats by capturing data from multiple online discussion forums simultaneously, merging the data into a single cohesive searchable database, then apply cross-community analysis to understand community overlap. This analysis allows us to identify prominent users across multiple communities, their role and significance in the greater community, and any threats that they pose. By studying users across communities, and not just within a single community, we aim to more clearly understand more accurately the roles these communities in facilitating cybercrime.

Bio: Richard Frank is Assistant Professor in the School of Criminology at Simon Fraser University (SFU), Canada and Director of the International CyberCrime Research Centre (ICCRC). He is also Associate Editor-in-Chief of Security Informatics. Dr. Frank completed a PhD in Computing Science (2010) and another PhD in Criminology (2013) at SFU. His main research interest is Cybercrime. Specifically, he’s interested in hackers and security issues, such as online terrorism and warfare.

Joshua Gembala

Why technical support can be the best friend or worst enemy of Incident Response

Abstract:Once, not so long ago, it was common for an organization to have a dedicated IT department responsible for all the company’s technology (see The I.T. Crowd). Those days are gone now, and even small businesses have found themselves having to reorganize their teams based on functional roles and specializations. Whether utilizing internal resources, managed services, contractors, or Fiverr, we have become an often-disconnected collection of groups with different, and sometimes conflicting goals. Even if your organization is lucky enough to have an internal incident response (CIRT) they can quickly find themselves at odds with other teams such as the help desk, deployments, or project services teams. Everyone in an organization plays a role in incident response, and it is your job to make them aware of their role, responsibilities, and ensure they have the training and tools to perform it.

Bio: Josh Gembala manages a talented and dedicated team of Security Specialists at ASK. He is passionate about information security and committed to developing cybersecurity services for businesses of all sizes. Josh’s unique approach and attention to detail continues to be instrumental in establishing ASK as a leader in the Cybersecurity Marketplace. In 2014, Josh joined ASK and was the driving force behind the establishment of ASK Enhanced Security Services (ESS). He has established a team of analysts, developers, researchers, and consultants that serve ASK clients through proactive and managed cybersecurity services. ESS process control, operational excellence, and ingenuity has led to ASK’s reputation as an emerging leader in cybersecurity. In addition to cybersecurity, Josh has many years of experience in IT system administration and integrated security.

Dr. Thomas Holt

Examining the factors associated with web defacements

Bio: Dr. Thomas Holt is a Professor in the School of Criminal Justice at Michigan State University specializing in cybercrime, policing, and policy. He received his Ph. D. in Criminology and Criminal Justice from the University of Missouri-Saint Louis in 2005. He has published extensively on cybercrime and cyberterror in outlets such as Crime and Delinquency, Sexual Abuse, the Journal of Criminal Justice, Terrorism and Political Violence, and Deviant Behavior. He has also received multiple grants from the National Institute of Justice and the National Science Foundation to examine the social and technical drivers of Russian malware writers, data thieves, and hackers using on-line data.

Dr. Thomas Hyslip

The challenges of International Cybercrime Investigations and the innovation of law enforcement and criminals.

Abstract: In 2012, a hacktivist group calling themselves Team Digi7al hacked dozens of government and private computer systems, and posted the stolen information online. The victims included the National Geospatial-Intelligence Agency, the U.S. Navy, Los Alamos National Laboratory, Harvard University, the Toronto, Canada Police Department, and the World Health Organization. The crimes were primarily SQL injections, but also included Cross-site Scripting (XSS) attacks. This case study will highlight the challenges faced by law enforcement as cybercrimes become increasingly international in scope, as well as the innovation of both law enforcement and criminals.

Bio: Dr. Thomas Hyslip is currently the Resident Agent in Charge of the Department of Defense, Defense Criminal Investigative Service (DCIS), Cyber Field Office, Eastern Resident Agency. Prior to joining the DCIS in 2007, Dr. Hyslip was a Special Agent with the US Environmental Protection Agency, Criminal Investigation Division, and the US Secret Service. Throughout his 19 years of federal law enforcement, Dr. Hyslip has specialized in cybercrime investigations and computer forensics. Dr. Hyslip has testified as an expert witness on computer forensics and network intrusions at numerous federal, state, and local courts. Dr. Hyslip is also an adjunct Professor at Norwich University. Dr. Hyslip received his Doctor of Science degree in Information Assurance from Capitol College in 2014.

Jay Kennedy

The Role of Technology in Insider White-Collar Crime Commission and Prevention.

Abstract: The increasing scope of technology within the workplace creates a number of opportunities for crime, as well as opportunities for innovative crime prevention initiatives. This presentation will discuss the impact of technology-assisted insider white-collar crimes, as well as the ways in which organizations can increase formal and informal control through existing and emerging technology.

Bio: Dr. Kennedy completed his Ph.D. in Criminal Justice at the University of Cincinnati, where he was Graduate School Dean’s Distinguished Fellow, as well as a Yates Scholar. While at the University of Cincinnati Jay was awarded a Graduate Minority Fellowship from the American Society of Criminology, and received several research grants and awards. A graduate of the MBA program at the Carl H. Lindner College of Business, University of Cincinnati, his research focuses upon the multi-level antecedents of corporate crime, deviance within corporations, employee theft, the role business ethics plays in decision-making, product counterfeiting and intellectual property theft. Prior to attending graduate school, Jay spent just over 8 years working for a number of corporations in the metro Detroit area, including a major non-profit organization, a family-owned automotive supplier, and a Fortune 100 corporation.

Christian Kopacsi

ATT@CKing for better Defense: An Introduction to the MITRE ATT@CK Framework

Abstract: The time before an adversary is detected continues to be excessive, on average, between 6 months to a year. Think about that, 180 days for an adversary to be pillaging your data and doing whatever they want without being detected. While the Information Security community is getting better and has created different frameworks and maturity models, a different approach is needed. The MITRE ATT&CK framework was created to help aid defenders and significantly reduce dwell time (the time an adversary is on the network before being detected). The framework takes an “Assume Breach” stance meaning you’ve already been compromised you just haven’t discovered it yet and introduces detection methods to detect post-compromise tactics and techniques. This talk will focus on an introduction to the MITRE ATT&CK Framework and integration of open-source tools to increase cyber defenses and ensure your Blue Team can detect post-compromise techniques.

Bio: Christian Kopacsi, CISSP, CISM, GCFE, GMON, GCFA, GCIH, CEH

Mr. Kopacsi, Cyber Security Incident Response Team Manager at Consumers Energy has over 20 years’ experience in Information Security. He received his bachelor’s degree from Davenport University in Information Assurance and his master’s degree from Fort Hays State University in Information Security Management.

As part of an Executive on Loan program Christian served as the Chief Security Officer, Deputy Director of Cybersecurity and Infrastructure Protection for the State of Michigan. Prior to joining Consumer’s Energy, Christian was the AVP, IT Security and Architecture at Chemical Bank. Previous to this Christian held various leadership positions in Information security in the Healthcare and financial industries.

In addition Christian has been an adjunct professor at Walsh College and Davenport University teaching in the areas of Information Security and Digital Forensics.

In his spare time Christian enjoys reading, watching movies and home improvement projects. He currently resides in Lansing, MI with his wife and two dogs.

Tim Lauster

The Evolving Cybercrime Threat: An FBI Perspective

Abstract: Technological advances have provided a new toolset to both the cybercriminal and the cyber investigator. SA Lauster will describe how the Federal Bureau of Investigation addresses this evolving cybercrime threat through case studies of recent investigations.

Rutger Leukfeldt

Financial cybercrimes and situational crime prevention

Abstract: Cybercrime poses a serious threat to internet users in current, digitized society. Therefore, it is important to find means by which cybercrimes can be combatted effectively. One possibility for reducing (criminal opportunities to commit) cybercrime is situational crime prevention.

This paper focusses on situational crime prevention measures against financial cybercrimes (i.e., phishing and banking malware). These measures are developed based on 5 years of empirical research by the two authors, including an analysis of police investigations (n = 40), incidents registered in a fraud database of a financial institution (n = 600), interrogations of money mules (n = 190), a victim survey (n = 10,416), two survey studies on internet users (n = 1,200; n = 1,201), and victim interviews (n = 30), which led to 20 peer-reviewed publications.

This paper takes an holistic view on the results and conclusions from these publications. Unique to this endeavor is that the findings are integrated and translated into measures that can be used to create barriers against cybercriminal networks committing financial cybercrimes.

The paper starts by giving a brief overview of processes and actors involved in phishing and banking malware attacks. We first describe the processes of origin and growth of cybercriminal networks; where and how do cybercriminals meet and how do they recruit new members. Second, the crime scripts of networks involved in financial cybercrimes are covered; how do criminals select their targets, how are money mules used to steal money. Third, the behavior of users and suitable targets are studied; are some users more at risk than others?

The paper continues by applying the five strategies of situational crime prevention of Cornish and Clarke (2003) to cybercriminal networks. Examples of situational crime prevention measures against cybercriminal networks that commit financial cybercrimes include: making users more cyber aware (increase the effort of crime); extending guardianship to financial institutions (increase the risk of crime); frustrating online crime markets (reduce the rewards of crime); preventing online hacking subculture from emerging (reduce provocations that invite criminal behavior); and educating potential money mules about their role in the crime script (remove excuses for criminal behavior). Although not all of the five strategies seem to be perfectly suitable to create barriers against cybercriminal networks, our analyses clearly show that situational crime prevention provides a useful framework for cybercrime.

Tom Lintemuth

You Stole My Password, So What?

Abstract: Fraud utilizing Account takeover is increasing in prevalence, time to detect, and expense for consumers as well as financial institutions/corporations. Properly deployed technology helps businesses and consumers take steps to combat and prevent ATO fraud.

David Maimon

Environmental Cues and their Impact on Public Wi-Fi Users’ Privacy Behaviors

Abstract: The recent growth of Wi-Fi in public places (public Wi-Fi) has facilitated users accessing the Internet from virtually anywhere, anytime. In most cases, to facilitate ease of use these wireless networks do not require any form of user authentication or identification to use them. This dearth of both virtual (access to a protected network) and physical (access to a protected building) security provisions expose users of these public networks to a wide range of both online (for example man-in-the-middle attacks) and offline (for example shoulder surfing) attacks. Therefore, security experts encourage users of these networks to employ different methods to protect their computers and their data from abuse. One way to nudge people into applying self-protective behaviors when using these public networks is through the introduction of relevant security cues in the physical environment. However, scant research exists that provides evidence to show that users are even aware of either their surroundings or the cues that exist in those surroundings, when using public Wi-Fi. This paper addresses this gap in the literature and examines whether public Wi-Fi users are aware of the presence (situational awareness) of other people when using public Wi-Fi networks. It then investigates whether this situational awareness is associated with computer users’ decisions to use public Wi-Fi, and if so, whether this awareness determines public Wi-Fi users’ adoption of both offline and online self-protective behaviors on these networks. We use both survey and experimental methodologies to answer these questions.

Bio: David Maimon is an Associate Professor in the department of Criminology and Criminal Justice at the University of Maryland. He received his Ph.D. in Sociology from the Ohio State University in 2009. David’s research interests include theories of human behaviors, cyber-enabled and cyber-dependent crimes and experimental research methods. In 2015 he was awarded the “2015 Young Scholar Award” from the “White-Collar Crime Research Consortium of the National White-Collar Crime Center” for his cybercrime research. His current research focuses on computer hacking and the progression of system trespassing events, computer networks vulnerabilities to cyber attacks, and decision-making process in cyber space. He is also conducting research on intellectual property and cyber fraud.

Fatima Mawani

Designing the Canadian Survey on Cyber Security and Cybercrime

Abstract: Despite a trend of declining police-reported crime rates, little is known about cybercrime as offences typically go unreported to police. Indeed, The Cost of Cybercrime to Canadian Businesses: Measurement Feasibility Study confirmed that most people report cybercrimes to businesses instead of the police. Building on this work, Public Safety has partnered with Statistics Canada to develop the Canadian Survey of Cyber Security and Cybercrime (CSoCC), to collect data on the impact of cyber incidents to Canadian businesses and their activities to mitigate the effects for reference year 2017. This survey will sample approximately 12,000 Canadian businesses across industries to report on themes of business characteristics and resiliency; cyber security environment, readiness, incidents, reporting, and costs. As an emerging issue, data of this type has not been collected by the Government of Canada previously on this scale. Data from this survey is intended to support the development of evidence-based policy in Canada, better understand the impact of cybercrime on Canadian businesses, and for the study of cyber security and cybercrime within industries. The survey methodology will be discussed in the presentation.

Bio: Fatima Mawani is currently a Senior Research Analyst with Public Safety Canada. She earned her Masters of Arts in Public Administration, in collaboration with the Women’s Studies program from the University of Ottawa in 2006. She also holds her Bachelor of Arts (Honours) in Criminology, with a specialization in Sociology from Carleton University. She has research experience in a range of law enforcement and policing areas, including leading projects related to cybercrime and cyber security metrics and cannabis seizure data collection. Other research areas she has contributed to include sexual assault investigations, human trafficking, child sexual exploitation, and marginalized advocacy coalitions. When Fatima is not busy researching, she can be found playing hockey, bodybuilding at the gym, or posting pictures of her cat on social media.

Rob McCurdy

Collaborative Security

Abstract: Several groups have attempted shared security models and indicator sharing several times over, but with little to no adoption. This presentation explores workable models for mutually-beneficial security collaboration while incentivizing participation.

Bio: Rob McCurdy is the Chief Information Officer (CIO) of Michigan State University (MSU), responsible for primary leadership of strategic, financial, and policy initiatives affecting information technology (IT) at the university. MSU IT provides technology solutions that enable MSU to excel in research, education, and outreach.

McCurdy has achieved improvements in security, operations and academic technology, including the design and construction of a new data center, the implementation of a new electronic health record system and deployment of a university-wide collaboration platform. Through partnerships with university stakeholders, McCurdy accelerated adoption of standard IT services and integrated dispersed IT teams across the university.

McCurdy previously served as the first Chief Information Security Officer (CISO) of MSU, leading the development of a cohesive IT security strategy, standing up a team of IT security specialists and rapidly deploying security services across the organization.

Prior to joining MSU, McCurdy served as the CISO of Farmers Insurance. McCurdy focused on consolidating dispersed business aligned teams into a single security team, providing a higher level of business service through global information security functions and technology. McCurdy also consulted with Fortune 100 companies on the design, build, and assessment of security solutions and programs.

McCurdy earned his Bachelor of Science from Michigan State University in Computer Science and Engineering. He also has completed courses for Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Information Technology Infrastructure Library version 3 Foundations (ITILv3), Courion Identity and Access Management, CA Identity Management, HIPAA and PCI.

Tim Mielak

Innovating in Spite of Oneself – Using progressive thinking and technology to transform conventional cyber security paradigms in the financial sector.

Abstract: Every day, security professionals race the clock as exploits are handed down from sophisticated actors to commodity actors at faster and faster rates. How can we get an edge when everything about our security programs is dictated to us by regulators and conventional wisdom? How can we build an effective defense as control costs rise and qualified people become harder to find?

Bio: Timothy Mielak serves as the Chief Information Security Officer (CISO) at Michigan State University Federal Credit Union (MSUFCU). As CISO, he is responsible for developing and executing strategies to protect the Credit Union from internal and external information security threats and ensures the integrity of member and organizational data. Joining MSUFCU in 2016, Dr. Mielak was previously the Enterprise Security Officer at Alaska USA Federal Credit Union as well as an Adjunct Professor at the University of Alaska, teaching Computer and Network Security.Dr. Mielak received a Bachelor of Arts (BA) in Liberal Arts and Sciences from the University of Illinois, a Master of Arts (MA) in Music from Washington State University, and a Doctor of Musical Arts (DMA) in Computer Music Composition from the University of Missouri at Kansas City. His professional memberships include: InfraGard, Information Systems Security Organization (ISSA), and the Information Systems Audit and Control Association (ISACA).

Jason Miller

Visible and Invisible Attack Vectors.

Abstract: A criminal hacker can use attack vectors, a path or means by which to gain access to a computer or network server or endpoint in order to deliver a payload or malicious outcome. These attack vectors are both visible exploitable system vulnerabilities, and invisible vectors, including the human elements.

Bio: Jason Miller began his IT career in 1998 and has spent the last 19 years focusing on network, system administration and cloud technologies. Miller is passionate about helping businesses embrace the next generation of technology including cloud adoption and high performance scaling software. Miller was part of a successful cloud ERP start-up and has additional experience with solution architecture, virtual CTO leadership, innovation direction and software defined architecture. His ability to reinvent and articulate the necessary steps for creating a dynamic environment has made him a sought out leader in his field. With the constant technical changes organizations face, Miller knows that empowering the people who power the software is the most effective tactic. Miller accomplishes this by listening and helping adopt innovative methods so businesses can make proper decision.

Specialties include: public/private cloud, datacenter, lean operations, DevOps, cyber security, software-as-a-service, infrastructure-as-a-service and digital business transformation.

Steve Motts

ATT@CKing for better Defense: An Introduction to the MITRE ATT@CK Framework

Abstract: The time before an adversary is detected continues to be excessive, on average, between 6 months to a year. Think about that, 180 days for an adversary to be pillaging your data and doing whatever they want without being detected. While the Information Security community is getting better and has created different frameworks and maturity models, a different approach is needed. The MITRE ATT&CK framework was created to help aid defenders and significantly reduce dwell time (the time an adversary is on the network before being detected). The framework takes an “Assume Breach” stance meaning you’ve already been compromised you just haven’t discovered it yet and introduces detection methods to detect post-compromise tactics and techniques. This talk will focus on an introduction to the MITRE ATT&CK Framework and integration of open-source tools to increase cyber defenses and ensure your Blue Team can detect post-compromise techniques.

Bio: 20+ years of IT experience, with the last 15+ dedicated to cyber-security. Coder, red/blue-teamer, and a passion for cyber-security, by no means an expert but will give my 2 cents on anything cyber (right or wrong).

Kevin Steinmetz

Subverting Security with a Smile: An Exploration of Social Engineering

Abstract: Social engineering is concept that emerged from the hacker and security communities. It describes a process of manipulating, deceiving, or influencing the people involved in information security as a means to gaining access to otherwise secure information or computer systems. This presentation briefly traces the history of social engineering and discusses initial findings from an NSF-funded study of social engineering. Specifically, results from interviews with social engineers and security auditors will be presented. Cursory conceptual and theoretical ruminations on social engineering and information security will also be explored.

Bio: Kevin F. Steinmetz is an Associate Professor of Sociology at Kansas State University. He earned his Ph.D. in Criminal Justice from Sam Houston State University in 2014. While he works in multiple areas, most of his research has been centered on cybercrime. His most recent research involves a National Science Foundation-funded study of social engineering. His work has appeared in multiple peer reviewed journals including Theoretical Criminology, The British Journal of Criminology, and Deviant Behavior. He has also published two books including Hacked: A Radical Approach to Hacker Culture and Crime (NYU Press) and a co-edited volume entitled Technocrime and Criminological Theory (Routledge).

Shawn Swartout

Bio:Shawn Swartout,, CISSP, is the Director of TIAA’s Cyber Investigation’s function where he leads a team that aims to protect TIAA resources, employees and customers from cyber related threats. Shawn has over fifteen years of security and risk management experience within the financial services, department of defense, and technology industries. Prior to joining TIAA, Shawn evaluated, managed, and evolved clients’ security programs, as a member of Leviathan Security Group, by developing strategic plans, threat models, and assessments of organizational security posture. As a security director, Shawn formally directed and executed the security, fraud, Bank Secrecy Act (BSA), and anti-money laundering compliance programs within Sterling Bank, a former super-regional financial institution. Shawn presented at a number of conferences, client briefings and professional chapter meetings including the American Bankers Association Risk Forum, Association for Financial Professionals and the Association of Certified Fraud Examiners. Shawn holds a Bachelor of Science in Business Information Systems and is a Certified Information Systems Security Professional (CISSP) and a Certified Information Security Manager (CISM).

Andrew Woodard

Case Study: Carving out a NIST 800-53 High Compliant System within a Shared SaaS Environment

Abstract: Within the healthcare market, customers often require more security restrictions than are mandated by State or federal regulations (such as HIPAA). Certain customers, such as federal agencies, may require even higher levels of security, on par with the U.S. Department of Defense. Such requirements can be expensive enough in a dedicated environment devoted solely to those customers. It can become cost-prohibitive, however, when these requirements must be applied throughout the organization’s environment across multiple customers. When this happens, the security team must collaborate with the prospective customer to realistically refine the system boundaries.

Bio: Andrew Woodard, Director, Chief Information Security Officer. Mr. Woodard joined Delta Dental in February 2015. He is the HIPAA Security Officer and is responsible for the overall IT security program, including strategic direction and day-to-day operations. Prior to joining Delta Dental, Mr. Woodard spent almost 12 years at Truven Health Analytics (formerly Thomson Reuters, currently an IBM company), with a focus on compliance and security, with promotions to Manager and then Director of Security Management. Prior to joining Truven Health Analytics, Mr. Woodard spent five years at EDS (now HP). Mr. Woodard holds an MBA from the New York Institute of Technology, a Graduate Certificate in Information Systems from Eastern Michigan University and a bachelor’s degree from Lake Superior State University. Mr. Woodard also holds two industry security certifications – Certified Information Systems Security Professional (CISSP) and Certified Information Systems Auditor (CISA).

Dr. Gail Joon Ahn

Modeling the Diversity of Cyberattacks

Abstract: In this talk, we discuss a multi-dimensional approach to (a) understand net-centric attacks including malware investigation with on and off-line assessment, reverse engineering, and dynamic analysis, (b) discover distribution chain based on computer mediated communications (CMCs) that not only allows adversaries to identify easy-to-use or high quality tools, but also obfuscates the creation of malware by taking credit for a tool that was created by someone else, the diverse range of social communications platforms available on-line make it exceedingly difficult to understand and identify the resources used and abused by deviant groups on-line, and (c) correlate attack attributions from malware investigation and social dynamics to produce a comprehensive and effective intelligence. Our goal is to develop a comprehensive and effective intelligence and this vision is a complex and highly sophisticated one that requires ongoing research and analysis to continue concurrently with the changing role and face of digital information creation and usage in CMCs.

Bio: Gail-Joon Ahn, Ph.D, CISSP is a Professor of Computer Science and Engineering Program in the School of Computing, Informatics and Decision Systems Engineering (CIDSE) at Arizona State University and Director of Laboratory of Security Engineering for Future Computing (SEFCOM: sefcom.asu.edu). Prior to ASU, he was the Founding Director of Center for Digital Identity and Cyber Defense Research (DICyDER <http://dicyder.uncc.edu/>) at UNC Charlotte. His research foci include security analytics and big data driven security intelligence, vulnerability and risk management, access control and security architecture for distributed systems, identity and privacy management, cybercrime analysis, security-enhanced computing platforms, and formal models for computer security device. His research has been supported by NSF, NSA, DoD, ONR, DoE, DoJ, Bank of America, CISCO, GoDaddy, Hewlett Packard, Google, Microsoft and Robert Wood Johnson Foundation. He is currently the information director of ACM Special Interest Group on Security, Audit and Control (SIGSAC) and he is a recipient of US Department of Energy Early Career Principal Investigator Award, Educator of the Year Award from Federal Information Systems Security Educators¹ Association (FISSEA) and Best Researcher Award from CIDSE. Also, he serves as Associate Editor-in-Chief of IEEE Transactions on Dependable and Secure Computing, Associate Editor of ACM Transactions on Information and Systems Security and Editorial Board of Computers & Security. He is also the Steering Committee Chair of ACM Symposium on Access Control Models and Technologies.

Dr. Adam M. Bossler

Thunderdome II: Internet usage data vs. survey data

Abstract: At the 2014 MSU Interdisciplinary Conference on Cybercrime, Bossler noted that criminologists are making a modest impact in shaping cybercrime policy and this can partially be attributed to the lack of cybercrime publications in top tier journals. Bossler suggested a proverbial Thunderdome approach – “Two will enter, one will leave” – may provide a foundation for moving the field ahead. In this presentation, Bossler summarizes strengths of using real Internet usage data in comparison to survey data to explain cybercrime offending as well as how internet usage data has been used in the field of criminology. Preliminary analyses will provide insight into which type of data may eventually leave the Thunderdome.

Bio:  Dr. Adam Bossler is an Associate Professor in the Department of Criminal Justice and Criminology at Georgia Southern University. He earned his doctorate in criminology and criminal justice from the University of Missouri – St. Louis. His current research primarily focuses on examining the application of traditional criminological theories to cybercrime offending and victimization and how law enforcement responds to cybercrime. He is also currently completing a BJA grant exploring innovative correctional programs and a BJA Smart Policing grant in Evans County, GA evaluating the implementation of technology in rural law enforcement agencies. Finally, he is also currently working with collaborators on a NSF funded grant using real Internet usage data to examine computer deviance in a college sample.

Professor Susan Brenner

Threat Morphing in Cyberspace: Crime, Terrorism and War

Abstract: To survive and prosper, societies must maintain a baseline level of order; as failed states demonstrate, when order erodes it becomes increasingly difficult for the members of a society to carry out the tasks that are essential to their survival and that of the society. Threats to order fall into two categories: internal (crime and terrorism) and external (warfare). The categories differ in terms of origin (internal versus external) and in terms of the source of the threat (individuals commit crime and terrorism, sovereigns commit warfare). Over the millennia, societies have developed strategies for controlling each type of threat: law enforcement deals with crime and terrorism; the military deals with warfare. This threat control model assumes (i) stable national boundaries and (ii) that threats fall into the categories noted above. Cyberspace erodes the validity of these assumptions and, in so doing, erodes the efficacy of the current threat control model. Cybercriminals can attack targets in other countries with essential impunity; transnational attacks are no longer the exclusive province of sovereigns. And a state’s military hackers can commit what would be transnational cybercrime if it was carried out by and on behalf of civilians . . . but is something else, something that may not be encompassed by the current threat classification and control model. The threat control model’s viability is further eroded by the difficulties that can arise with regard to identifying the point of origin of an attack and the person(s) responsible for it. The model assumes activity in the physical world and, as a result, assumes that point of attack origination and certain “markers” of the attack will explicitly or inferentially indicate the motive (personal gain versus political goal) and the perpetrator(s) (individual(s) or sovereign state), which will determine the appropriate response (law enforcement versus military). These assumptions are to an increasing extent inapplicable to threat activity mediated through cyberspace, which means the current threat control model is increasingly irrelevant in this context. States, therefore, must either modify the current threat control model so it can deal effectively with cyberthreats or devise a new, cyber-specific model of threat control, which would supplement the current model. The presentation will explore how such a model could be constructed.

Bio:  Susan W. Brenner is a Professor and the Samuel A. McCray Chair in Law at the University Of Dayton School Of Law in Dayton, Ohio. She has spoken at numerous events, including Interpol Cybercrime Conferences, the Middle East IT Security Conference, the American Bar Association’s National Cybercrime Conference and the Yale Law School Conference on Cybercrime. She spoke at the Department of Homeland Security’s Global Cyber Security Conference and at a meeting on cyberthreats organized by the U.S. Department of State Bureau of Intelligence and at a NATO Workshop on Cyberterrorism in Bulgaria. Professor Brenner has published a number of articles dealing with cybercrime, including Cybercrime Metrics, University of Virginia Journal of Law & Technology (2004), Cyber-Threats and the Limits of Bureaucratic Control, 14 Minnesota Journal of Law Science and Technology 137(2013) and Offensive Economic Espionage, 54 Harvard International Law Journal 92 (2013).  She has also published books dealing with law and technology, which Cyber Threats: Emerging Fault Lines of the Nation-States (Oxford University Press 2009) and Cybercrime: Criminal Threats from Cyberspace (Praeger 2010). In fall of 2012 the University Press of New England published Cybercrime and the Law: Challenges, Issues and Outcomes.

Joshua M. Dalman 

Bio:  Joshua M. Dalman is a second generation digital forensic examiner. Mr. Dalman has nearly a decade of digital forensics experience and has worked in a number of different roles. Mr. Dalman is an accomplished instructor who has designed classroom material and taught members of the Federal Law Enforcement and Department of Defense community. Mr. Dalman earned recognition for going to great lengths to support student achievement. In addition, Mr. Dalman has managed a digital forensics lab at a fortune 100 company and is currently serving as a cyber-security specialist within a highly regarded incident response team. Mr. Dalman has Master of Science degree in Digital Forensics from the University of Central Florida, and earned his Bachelor of Arts degree from Michigan State University. Mr. Dalman maintains a number of industry certifications such as the AccessData Certified Examiner (ACE), EnCase certified examiner (EnCE), Certified Computer Examiner (CCE), Certified Forensic Computer Examiner (CFCE), and the Department of Defense Forensic Examiner (DFE).

Dr. Thomas Holt

Discerning Signal From Noise in Cybercrime Markets and Cybercrime Research

Abstract: Researchers from both the social and technical sciences are increasingly examining the market for stolen data, where hackers and cybercriminals dispose of information acquired through phishing, mass data breaches, and hacking attempts. These studies demonstrate that markets are influenced by seller reputation based on positive and negative feedback provided by customers, and the influence of social connectivity on a seller’s reputation in the market. Few of these studies have considered the relationship between the feedback sellers receive from customers and the market dynamics of a forum, such as the language of its users, the payment methods they accept, and the customer service resources sellers provide to prospective buyers. Thus, this study will attempt to address this issue through an analysis of threads from 13 active Russian and English language forums involved in the sale of stolen data. The relationships between the social and market practices of the forums will be considered relative to the positive or negative feedback individuals selling dumps and eBay and PayPal credentials receive. The implications of this study for law enforcement and criminological theory will be considered in detail.

Bio: Dr. Thomas Holt is an Associate Professor in the School of Criminal Justice at Michigan State University specializing in cybercrime, policing, and policy. He received his Ph. D. in Criminology and Criminal Justice from the University of Missouri-Saint Louis in 2005. He has published extensively on cybercrime and cyberterror in outlets such as Crime and Delinquency, Sexual Abuse, the Journal of Criminal Justice, Terrorism and Political Violence, and Deviant Behavior. He has also received multiple grants from the National Institute of Justice and the National Science Foundation to examine the social and technical drivers of Russian malware writers, data thieves, and hackers using on-line data.

Lance James, Allison Nixon, and J.B. O’kane

The chaotic adolescent actor: Pay attention, and change the channel

Abstract: Currently, a great deal of attention is paid to nation sponsored actors and criminal actors, while the chaotic actor is discounted as too unskilled and unfocused to inflict much harm. Despite this prevailing attitude, our experience in researching online groups and advising the business community suggests that chaotic actors do in fact inflict significant damage to unsuspecting business targets. For this presentation, we focus on chaotic actors undergoing an intriguing transitional stage of physical and psychological human development – adolescence. Our applied research follows a dual approach. On a group level, we seek to understand delinquent online peer group formation. On an individual level, we target a specific form of impulsivity, sensation seeking – a behavior that rises dramatically during adolescence and increases risks to healthy development. We present a few recent case studies in order to frame and explore some of the observed behaviors, motives and typical backgrounds of the “chaotic adolescent” actor(s). On the solution side, we reference recent findings from developmental neuroscience that suggest lack of experience with novel adult behavior poses a much greater risk to adolescents than structural deficits in brain maturation (Romer, 2010). This view of adolescent risk taking helps to explain why educational interventions designed to change adolescents’ knowledge, beliefs, or attitudes have been largely ineffective, and suggests that changing the contexts in which risky behavior occurs may be more successful than changing the way adolescents think about risk (Steinberg, 2007). Consistent with this reasoning, we propose ideas for handling incidents involving such actors and offer a few context-changing strategies that could be piloted in order to serve and protect such at-risk youth as they transition to adulthood.

Floor Jansen

Rat-plague in Europe or: how to combat criminals with high tech IT skills?

Abstract: A real rat-plague seems to take over Europe. Or at least European computers. What does it take to locate these rats and what do we do with them? Is the legal system capable of handling this form of crime? Is the police force, as we know it, fitted for this task? Floor Jansen will present the latest trends and challenges for law enforcement in combating cybercrime. She’ll argue that the police needs close cooperation with scientific researchers and that combining IT knowledge and criminology is crucial in understanding cybercriminals.

Bio: Floor Jansen is a criminologist who has been working for the Dutch police for seven years. After working on the combat of drug smuggling and human trafficking she swopped pills and powders for bits and bytes and THC for THTC. For two years now she works as a strategic advisor for the Team High Tech Crime. She’s an ambassador for applied criminology within the police and tries to connect the team with academia and universities where and whenever possible.

Keith J. Jones

Bio:  Keith J. Jones has been called the “expert’s expert” by numerous domestic and international clients. Mr. Jones provides Computer Forensics, Litigation Support, Expert Witness Services and Training to commercial and government clients. Mr. Jones is very well known for tackling the hard problems and getting them done on or under time and budget, tackling the hard issues in litigation and demonstrating to the judge and jury in layman terms the truth, and generally being able to take on any forensic case involving computers that his deep hardware and software development experience has given him. Mr. Jones is an internationally industry-recognized expert in computer security with two decades of experience in computer forensics and incident response. He is a co-chair of the American Bar Association’s Litigation Section’s Expert Witness Committee on Computer forensics and he has also served as the President of The Consortium of Digital Forensic Specialists (CDFS). His expertise also includes information security consulting, application security, software analysis/design and image/video/audio analysis. Mr. Jones has been an expert witness on behalf of the federal government on several high-profile criminal cases, such as US v Duronio, US v Raisley, and US v Zhu. Mr. Jones is an accomplished instructor and has trained computer forensics and security to thousands of students including the FBI, Secret Service, NSA, RCMP, Assistant U.S. Attorneys, private classes for clients, and public classes to the masses. Not only does Mr. Jones train, but he also develops the material for his and other trainers’ classes.

Dr. Alex X. Liu

TCAM Based Deep Packet Inspection

Abstract: Regular expression (RegEx) matching is a core component of deep packet inspection in modern networking and security devices. Prior RegEx matching algorithms are either software-based or FPGA-based. Software-based solutions have to be implemented in customized ASIC chips to achieve high-speed, the limitations of which include high deployment cost and being hard-wired to a specific solution and thus limited ability to adapt to new RegEx matching solutions. Although FPGA-based solutions can be modified, resynthesizing and updating FPGA circuitry in a deployed system to handle RegEx updates is slow and difficult. In this talk, we present the first hardware-based RegEx matching solution that uses Ternary Content Addressable Memories (TCAMs), which are off-the-shelf chips and have been widely deployed in modern networking devices for packet classification. There are three main reasons why TCAM-based RegEx matching works well. First, a small TCAM is capable of encoding a large Deterministic Finite Automata (DFA) with carefully designed algorithms leveraging the ternary nature and first-match semantics of TCAMs. Second, TCAMs facilitate high-speed RegEx matching because TCAMs are essentially high-performance parallel lookup systems: any lookup takes constant time (i.e, a few CPU cycles) regardless of the number of occupied entries. Third, because TCAMs are off-the-shelf chips that are widely deployed in modern networking devices, it is easy to design networking devices that include our TCAM based RegEx matching solution.

Bio: Alex X. Liu received the Ph.D. degree in computer science from The University of Texas at Austin, Austin, TX, USA, in 2006. His research interests focus on networking and security. He is an Editor of the IEEE/ACM TRANSACTIONS ON NETWORKING and the Journal of Computer Communications. He is the TPC Co-Chair of ICNP 2014. Dr. Liu received the IEEE & IFIP William C. Carter Award in 2004, an NSF CAREER Award in 2009, and the Michigan State University Withrow Distinguished Scholar Award in 2011. He received Best Paper Awards from ICNP 2012, SRDS 2012, LISA 2010, and TSP 2009.

Dr. David Maimon

Surveillance Banner and its’ Influence on Risk-Averse and Risk-Seeking Hackers’ Behaviors During theProgression of System Trespassing Events

Abstract:  Extensive psychological and criminological research indicates that individuals are ‘ambiguity adverse’ (i.e. prefer to gamble with known risks as opposed to uncertain ones), and as a consequence, tend to comply with the law in the presence of ambiguous low-certainty sanction threats. Unfortunately, only scant research has examined this principle in the context of online deviant behaviors. We attempt to bridge this empirical gap by examining how the presence of a surveillance banner in an attacked computer system influences the online behaviors of risk-averse and risk-seeking system trespassers during the progression of system trespassing events. To assist in this investigation, we designed a randomized controlled trial and deployed a series of virtual target computers with known vulnerabilities into the computer network of a large public university in the U.S. The target computers were set to either display or not display a surveillance banner once system trespassers infiltrated them. Results indicate that risk-aversive system trespassers were less likely to enter ‘clean’ and ‘reconnaissance’ commands in attacked computer-systems that had surveillance banner installed on. Risk-seeking system trespassers, on the other hand, were more likely to enter ‘make new directories’ and ‘change password’ commands in attacked computer-systems that had surveillance banner installed on. These findings offer further support for the integration of psychological and criminological concepts in the study of system trespassing.

Bio: David Maimon is an Assistant Professor in the department of Criminology and Criminal Justice at the University of Maryland. He received his Ph.D. in Sociology from the Ohio State University in 2009. David’s research interests include theories of human behaviors, computer crimes and communities and crime. His current research focuses on computer hacking and the progression of system trespassing events, computer networks vulnerabilities to cyber attacks, susceptibility to malware victimization, and decision-making process in cyber space.

Brian McManus 

Bio:  Brian McManus is currently a Supervisor in the Computer Crimes Section with NW3C, the National White Collar Crime Center. He has 30 plus years of experience in law enforcement and 10 years in computer forensic investigations. He is a Certified Forensic Computer Examiner (CFCE) through the International Association of Computer Investigative Specialists (IACIS). Prior to NW3C, Brian worked as a police officer with Lansing Community College in Lansing, Michigan, and was assigned to the Michigan Internet Crimes Against Children Task Force investigating crimes against children. He continued as a contract forensic examiner for the Michigan State Police on a federally funded grant before to joining NW3C as an instructor in 2013.

Dr. Stefan Savage

Demonetizing Advertising-Based eCrime

Abstract:  Advertising-based e-crime monetizes a vector (e.g., spam, search, OSN abuse, adware) by convincing consumers to pay for some good or service (eg., pharmaceuticals, pirated software, FakeAV, counterfeit consumer goods etc.) Ultimately it is these payments, typically via popular card brands such as Visa and Mastercard, that monetize the resulting ecosystem, including bots, bullet-proof hosting, domain sales, malware and so on. In this talk, I will briefly explain how this works, the role of ISOs, PSPs and acquiring banks, and how why the financial component is uniquely vulnerable to disruption. In particular, I will report on two years of activity in which key brandholders, working with financial services, have focused on shutting down fraudulent merchant accounts and the effective this has had on the associated criminal ecosystems. I will describe what is necessary to use this tool most effectively and finally, I’ll describe the operational challenges required to map the relationships between affiliate programs and payment networks and how this conflict is likely to evolve.

Bio: Stefan Savage is a professor of Computer Science and Engineering at the University of California, San Diego. He received his Ph.D. in Computer Science and Engineering from the University of Washington and a B.S. in Applied History from Carnegie Mellon University. Savage’s research interests lie at the intersection of distributed systems, networking, and computer security, with a current focus on embedded security and the economics of cybercrime. He currently serves as director of UCSD’s Center for Network Systems (CNS) and as co-director for the Center for Evidence based Security Research (CESR), a joint effort between UCSD and the International Computer Science Institute. Savage is a Sloan Fellow and an ACM Fellow, but is fairly down-to-earth guy and only writes about himself in the third person when asked.

Dr. Johan Van Wilsem

Moving targets: cybercrime victimization and routine activities in a dynamic perspective

Abstract: Cybercrime victimization for hacking, fraud and harassment is related to people’s routine activities on the Internet, due to the fact that these activities unintendedly lead to exposure to offenders. However, most empirical research in the routine activity domain offers a static picture, with cross-sectional tests of the relation between criminal opportunities and victimization. This situation has ignored the fact that people can respond to victimization by changing their routine activities–either in ways to prevent future victimization, or, in contrast, in risk-seeking ways due to maladaptive coping. These changes may subsequently affect risks for future victimization. This presentation will focus on the relation between victimization and re-victimization for several types of cybercrime, and the dynamics of online routine activities in between. For this purpose, a representative Dutch victimization survey (the LISS panel) will be used, covering the behavior of approximately 4,000 respondents between 2008 and 2010.

Bio: Dr Johan van Wilsem is an associate professor of Criminology at Leiden University and an expert in cybercrime victimization. He has published on a diverse range of topics, such as receiving online threats, experiencing Internet consumer fraud and being hacked, in international journals such as the European Sociological Review, European Journal of Criminology and Journal of Contemporary Criminal Justice. He has received grants to collect large-scale, representative, longitudinal data on these subjects among the Dutch population. Currently, he is principal investigator in a research project on identity fraud victimization, which has been granted by the Dutch national police.

Dr. Gail Joon Ahn

Malware Forensics: Secret Extraction and Social Dynamics

Abstract: As promising results have been obtained in defeating code obfuscation techniques, malware authors have adopted protection approaches to hide malware-related data from analysis. Consequently, the discovery of internal cipher-text data in malware is now critical for malware forensics and cybercrime analysis. In addition, considering the popularity and wide adoption of social network systems and the competitive edge these systems provide, there has been a rapid growth in use of these systems to access, store, and exchange malware information in distributed and/or federated environments and this trend is expected to continue. This talk presents ongoing research results and findings related to (a) secret extraction from malware and (b) analytic intelligence for understanding and discovering social dynamics.

Bio: Gail-Joon Ahn, Ph.D, CISSP is a Professor of Computer Science and Engineering Program in the School of computing, Informatics and Decision Systems Engineering (CIDSE) at Arizona State University and Director of Laboratory of Security Engineering for Future Computing (SEFCOM: http://sefcom.asu.edu). Prior to ASU, he was the Founding Director of Center for Digital Identity and Cyber Defense Research (DICyDER) at UNC Charlotte.

Dr. Adam M. Bossler

Implications of Criminological Research on Cybercrime Policies

Abstract: Criminological research has clear policy implications on reducing various forms of cybercrime, including, but not limited to, hacking, piracy, and online harassment. Unfortunately, it is unclear how often policy makers and practitioners use cybercrime research to create cybercrime policies. In this presentation, the speaker discusses policies and practices that can be followed by parents, schools, and law enforcement that are directly derived from criminological research. In addition, he discusses the implications of research evaluating traditional criminological programs (e.g., DARE; Scared Straight) for cybercrime policy.

Bio:  Dr. Adam Bossler is an Associate Professor of Criminal Justice and Criminology at Georgia Southern University. He currently serves as the Interim Chair of the Department of Criminal Justice and Criminology. He earned his doctorate in criminology and criminal justice from the University of Missouri – St. Louis. His current 2 research focuses on examining the application of traditional criminological theories to cybercrime offending and victimization, how law enforcement responds to cybercrime, and exploring innovative correctional programs. The three federal grants that he is currently working on examine: (1) innovative and/or effective programs, services and management strategies for special needs correctional populations; (2) application of criminological theories to hacking behaviors; and (3) the effectiveness of Smart Policing. His most recent publications can be found in Crime & Delinquency, Deviant Behavior, Youth & Society, American Journal of Criminal Justice, Policing, and Journal of Criminal Justice.

Professor Susan Brenner

Threat Morphing in Cyberspace: Crime, Terrorism and War

Abstract: To survive and prosper, societies must maintain a baseline level of order; as failed states demonstrate, when order erodes it becomes increasingly difficult for the members of a society to carry out the tasks that are essential to their survival and that of the society. Threats to order fall into two categories: internal (crime and terrorism) and external (warfare). The categories differ in terms of origin (internal versus external) and in terms of the source of the threat (individuals commit crime and terrorism, sovereigns commit warfare). Over the millennia, societies have developed strategies for controlling each type of threat: law enforcement deals with crime and terrorism; the military deals with warfare. This threat control model assumes (i) stable national boundaries and (ii) that threats fall into the categories noted above. Cyberspace erodes the validity of these assumptions and, in so doing, erodes the efficacy of the current threat control model. Cybercriminals can attack targets in other countries with essential impunity; transnational attacks are no longer the exclusive province of sovereigns. And a state’s military hackers can commit what would be transnational cybercrime if it was carried out by and on behalf of civilians . . . but is something else, something that may not be encompassed by the current threat classification and control model. The threat control model’s viability is further eroded by the difficulties that can arise with regard to identifying the point of origin of an attack and the person(s) responsible for it. The model assumes activity in the physical world and, as a result, assumes that point of attack origination and certain “markers” of the attack will explicitly or inferentially indicate the motive (personal gain versus political goal) and the perpetrator(s) (individual(s) or sovereign state), which will determine the appropriate response (law enforcement versus military). These assumptions are to an increasing extent inapplicable to threat activity mediated through cyberspace, which means the current threat control model is increasingly irrelevant in this context. States, therefore, must either modify the current threat control model so it can deal effectively with cyberthreats or devise a new, cyber-specific model of threat control, which would supplement the current model. The presentation will explore how such a model could be constructed.

Bio:  Susan W. Brenner is a Professor and the Samuel A. McCray Chair in Law at the University Of Dayton School Of Law in Dayton, Ohio. She has spoken at numerous events, including Interpol Cybercrime Conferences, the Middle East IT Security Conference, the American Bar Association’s National Cybercrime Conference and the Yale Law School Conference on Cybercrime. She spoke at the Department of Homeland Security’s Global Cyber Security Conference and at a meeting on cyberthreats organized by the U.S. Department of State Bureau of Intelligence and at a NATO Workshop on Cyberterrorism in Bulgaria. Professor Brenner has published a number of articles dealing with cybercrime, including Cybercrime Metrics, University of Virginia Journal of Law & Technology (2004), Cyber-Threats and the Limits of Bureaucratic Control, 14 Minnesota Journal of Law Science and Technology 137(2013) and Offensive Economic Espionage, 54 Harvard International Law Journal 92 (2013).  She has also published books dealing with law and technology, which Cyber Threats: Emerging Fault Lines of the Nation-States (Oxford University Press 2009) and Cybercrime: Criminal Threats from Cyberspace (Praeger 2010). In fall of 2012 the University Press of New England published Cybercrime and the Law: Challenges, Issues and Outcomes.

Dr. Sriram Chellappan

Combating Cyber Crimes via Human Behavior Assessment

Abstract: College students are increasingly becoming victims of behavioral problems. Since college students are active users of the Internet today, investigating associations between behavioral abnormalities and Internet usage is an active area of research. While existing studies do provide critical insights, they are limited due to the fact that Internet usage of subjects is characterized by means of self-reported surveys only, which are limited in terms of volume of collected data, social desirability biases and limited dimensionality. In this talk, we present details and our findings on several experiments conducted in a college campus on associations between human behavior and Internet usage using real Internet data collected continuously, unobtrusively and preserving privacy. To the best of our knowledge, these are the first studies associating human behavior with real Internet data. Applications of the study to cyber security are immediate and will be elaborated in the talk.

Bio:  Sriram Chellappan is an Assistant Professor in The Department of Computer Science at Missouri University of Science and Technology, where he directs the SCoRe (Social Computing Research) Group. The group’s interests lie in many aspects of how Society and Technology interact with each other, particularly within the realms of Cyber Security, Mobility and Human-Computer Interactions. The group’s research is supported by grants from National Science Foundation, Department of Education, Army Research Office, National Security Agency, DARPA and Missouri Research Board. Sriram received the PhD degree in Computer Science and Engineering from The Ohio-State University in 2007. He received the NSF CAREER Award in 2013.

Dr. Hsinchun Chen

COPLINK, Dark Web, and Hacker Web: A Research Path in Security Informatics

Abstract: In this talk I will provide a review of an Intelligence & Security Informatics research framework. Based on a decade of federally funded research, I will present our research and development experiences relating to COPLINK (crime data mining) and Dark Web (terrorism informatics). Lastly I will discuss our recent research in Hacker Web, which aims to collect international open source hacker community contents and develop advanced multi-lingual malware attribution techniques and models.

Bio: Dr. Hsinchun Chen is University of Arizona Regents’ Professor and Thomas R. Brown Chair in Management and Technology in the Management Information Systems (MIS) Department. He received the Ph.D. degree from the New York University. Dr. Chen is director of the Artificial Intelligence Lab which has received more than $35M in federal funding (half from NSF) and has served as a faculty of the UA MIS department (ranked #3 in MIS) since 1989. He had served as a Scientific Counselor/Advisor of the National Library of Medicine (USA), Academia Sinica (Taiwan), and National Library of China (China). Dr. Chen is a Fellow of IEEE and AAAS. He received the IEEE Computer Society 2006 Technical Achievement Award, the 2008 INFORMS Design Science Award, the MIS Quarterly 2010 Best Paper Award, the IEEE 2011 Research Achievement and Leadership Award in Intelligence and Security Informatics, and UA 2013 Technology Innovation Award. He is author/editor of 20 books, 280 SCI journal articles, and 150 refereed conference articles covering Web computing, search engines, digital library, intelligence analysis, biomedical informatics, data/text/web mining, and knowledge management. His H-index is 68 (the highest in MIS), with more than 15,000 citations. Dr. Chen’s COPLINK system (funded by NSF and NIJ), which has been quoted as a national model for public safety information sharing and analysis, has been adopted in more than 3500 law enforcement and intelligence agencies. He is the founder of the Knowledge Computing Corporation (KCC), which merged i2, the industry leader in intelligence analytics and fraud detection, in 2009. The combined i2/KCC company was acquired by IBM in 2011 for $500M. Dr. Chen’s Dark Web project (funded by NSF and DOD) has generated one of the largest databases in the world about extremist/terrorist-generated Internet content. Dark Web research supports link analysis, content analysis, web metrics analysis, multimedia analysis, sentiment analysis, and authorship analysis of international terrorism contents. Dr. Chen recently received additional major NSF Secure and Trustworthy Cyperspace (SaTC) program funding ($5.4M) for his Hacker Web research and Cybersecurity Analytics fellowship program.

Richard Frank

No information was provided.

Billy Henson

No information was provided.

Dr. Thomas Holt

Exploring the Risk Reduction Strategies of Data Thieves

Bio: Dr. Thomas Holt is an Associate Professor in the School of Criminal Justice at Michigan State University specializing in cybercrime, policing, and policy. He received his Ph. D. in Criminology and Criminal Justice from the University of Missouri-Saint Louis in 2005. He has published extensively on cybercrime and cyberterror with over 35 peer-reviewed articles in outlets such as Crime and Delinquency, Sexual Abuse, the Journal of Criminal Justice, Terrorism and Political Violence, and Deviant Behavior. He has published multiple edited books, including Corporate Hacking and Technology-Driven Crime with coeditor Bernadette Schell (2011), Crime On-Line: Correlates, Causes and Context, now in its 2nd Edition, and a co-author of Digital Crime and Digital Terror, 2nd edition (2010). He has also received multiple grants from the National Institute of Justice and the National Science Foundation to examine the social and technical drivers of Russian malware writers, data thieves, and hackers using on-line data. He has also given multiple presentations on computer crime and hacking at academic and professional conferences, as well as hacker conferences across the country.

Dr. Alice Hutchings

Organised crime and co-offending in the online environment

Abstract:  This research applies Choo and Smith’s (2008) typology of organised crime groups in cyberspace to a predominantly Australian sample of hackers and computer fraudsters. This qualitative analysis draws from interviews with self-identified offenders, law enforcement officers who investigate these offenses, and court documents. The focus of this presentation is the extent that offenders are involved in organised crime, and the nature of the relationship between co-offending, initiation and knowledge transmission. By providing insight through the lens of offenders, law enforcement officers and the judiciary, this work provides a unique understanding of organised crime in the online environment.

Bio:  Dr Alice Hutchings is a Senior Research Analyst with the Australian Institute of Criminology’s Transnational and Organised Crime Program. Alice has extensive experience working across all tiers of government, as well as the academic and private sectors. Alice obtained her PhD from Griffith University, where she was based at the ARC Centre of Excellence in Policing and Security. Her PhD tested existing sociological theories of crime to determine how they explain computer crimes that compromise data and financial security. Alice has undertaken cybercrime-related research since 2007 when she examined risk factors for phishing victimisation. More recent work has examined criminal and security risks in the cloud, how online offenders perceive victims and select targets, consumer fraud, computer security risks for small businesses, and security and privacy issues relating to computer chip identification systems. Alice is currently working on a number of projects, including an analysis of organised cybercrime offenders, the misuse of information and communication technology in the public sector, and exploring the relationship between the use of child exploitation materials, the use of internet-enabled technologies to procure children, and contact sexual offending against children.

Dr. Max Kilger

Nation State Versus Kids Who Skate: The Role of Social Scientists in Identifying and Understanding Emerging Cyberthreats

Abstract: As the cyberthreat matrix continues to grow, it is becoming clear that by itself, understanding the technical mechanisms and vectors associated with new cyberattacks is unlikely to provide a sufficient and effective defense. As information technology continues to be integrated into our military, critical infrastructure and everyday lives, the rate at which vulnerabilities within these structures grow far outpaces the ability of defenders to protect them. In this discussion we examine how encouraging a partnership between information security specialists and social scientists with expertise in understanding the relationship between people and technology can help identify potential cyberthreats before they emerge, assist in focusing technical resources where they are needed most and support traditional digital defenders in developing more effective risk assessments.

Bio:  Max Kilger received his doctorate from Stanford University in Social Psychology in 1993. He has written and co-authored research articles and book chapters in the areas of influence in decision-making, the interaction of people with technology, motivations of malicious online actors, understanding the changing social structure of the computer hacking community and the nature of emerging cyberthreats. He is a founding and former board member of the Honeynet Project – a ten year old not-for-profit international information security organization that serves the public good. Max was also a member of the National Academy of Engineering’s Combating Terrorism Committee, which was charged with recommending counterterrorism methodologies to Congress and relevant federal agencies. He is a frequent national and international speaker to law enforcement, the intelligence community and military commands as well as information security forums.

Dr. David Maimon

30 Days “Free” Honey: Empirical Evidence for the Relevance of Restrictive Deterrence in the Study of System Trespassing

Abstract: System trespassing has been the focus of public attention during the last few decades. However, while extensive research investigates technological aspects of this crime, only few interdisciplinary research initiatives have been launched in an effort to better understand the human players that drive this phenomenon (i.e. victims, offenders and IT managers). In this talk, I will emphasize the importance of insights on offenders’ on-line behaviors for generating a more complete understanding of the etiology of system trespassing. Moreover, I will discuss the relevance of Gibbs’s (1975) conceptualization of “restrictive deterrence” for system trespassing related research. Findings from a series of studies I conducted with my colleagues from the James Clark’s School of Engineering at the University of Maryland will be presented. These findings support the consideration of “soft science” perspectives for designing more sophisticated security solutions and recommending new policy guidelines in an effort to mitigate the damage caused by system trespassers’activities.

Bio: David Maimon is an Assistant Professor in the department of Criminology and Criminal Justice at the University of Maryland. He received his Ph.D. in Sociology from the Ohio State University in 2009. David’s research interests include theories of human behaviors, computer crimes and communities and crime. His current research focuses on computer hacking and the progression of system trespassing events, computer networks vulnerabilities to cyber attacks, susceptibility to malware victimization, and decision-making process in cyber space.

Dr. Marcus Rogers

Using Internet Artifacts to Answer Behavioral Related Investigative Questions

Abstract:  The presentation will discuss work done on the development of a process model that can be used to develop insight into behavioral and personality characteristics of offenders from Internet Artifacts. Internet Artifacts such as browser histories, web cache and cookies can be a rich source of data for investigators. This data can also be used to develop an understanding of the motivation, intent, and interests of the suspected offender. An overview of the author’s process model will be provided, as well as examples of how this model has been used in actual investigations.

Bio:  Marcus K. Rogers, Ph.D., CISSP, CCCI, DFCP, ACE is the Director of the Cyber Forensics Program in the Dept. of Computer and Information Technology at Purdue University. He is a Professor-Associate Dept. Head Computer & Information Technology, University Faculty Scholar, Fellow of the Center for Education and Research in Information Assurance and Security (CERIAS) and Fellow of the American Academy of Forensic Sciences (AAFS). He is the past International Chair of the Law, Regulations, Compliance and Investigation Domain of the Common Body of Knowledge (CBK) committee, and Chair – Planning Committee Digital & Multimedia Sciences Section – American Academy of Forensic Sciences. Dr. Rogers was the Editor-in-Chief of the Journal of Digital Forensic Practice and sits on the editorial board for several other professional journals. He is also a member of other various national and international committees focusing on digital forensic science and digital evidence. Dr. Rogers is the author of books, numerous book chapters, and journal publications in the field of digital forensics and applied psychological analysis. His research interests include applied cyber forensics, psychological digital crime scene analysis, and cyber terrorism.

Dr. Mark Stockman

Cyberdeviance: who, when, why, and why not? A study in life-course Cybercriminology

Abstract: An exploratory study of cyberdeviance using self-report data from college undergraduates sets the groundwork towards an age-graded theory of cybercrime. Oversampling computing students who presumably have more opportunity to engage in hacking-type activities; the author presents data about the profile of individuals who have participated in cyberdeviance, ages of onset/peak/desistance, and motivations for hacking, desistance, or lack of involvement. The application of criminological theory for cyberdeviance in light of these data will also be discussed.

Bio: Mark Stockman is an Associate Professor at the University of Cincinnati serving as a faculty member for the Networking/System Administration specialization in the Information Technology (IT) degree program. His research interests include cybersecurity, systems administration, data center operations, server virtualization, cloud computing management, and IT pedagogy. With recent study into traditional criminology and crime prevention, Mark is currently investigating the applicability of criminological theories in the digital realm or cybercriminology.