2014 ICC Speakers

Dr. Gail Joon Ahn

Malware Forensics: Secret Extraction and Social Dynamics

Abstract: As promising results have been obtained in defeating code obfuscation techniques, malware authors have adopted protection approaches to hide malware-related data from analysis. Consequently, the discovery of internal cipher-text data in malware is now critical for malware forensics and cybercrime analysis. In addition, considering the popularity and wide adoption of social network systems and the competitive edge these systems provide, there has been a rapid growth in use of these systems to access, store, and exchange malware information in distributed and/or federated environments and this trend is expected to continue. This talk presents ongoing research results and findings related to (a) secret extraction from malware and (b) analytic intelligence for understanding and discovering social dynamics.

Bio: Gail-Joon Ahn, Ph.D, CISSP is a Professor of Computer Science and Engineering Program in the School of computing, Informatics and Decision Systems Engineering (CIDSE) at Arizona State University and Director of Laboratory of Security Engineering for Future Computing (SEFCOM: http://sefcom.asu.edu). Prior to ASU, he was the Founding Director of Center for Digital Identity and Cyber Defense Research (DICyDER) at UNC Charlotte.

His research foci include access control, secure information sharing, vulnerability and risk management, identity and privacy management, security-enhanced computing platforms, security architecture for network and distributed systems, and modeling for computer security. His research has been supported by NSF, NSA, DoD, ONR, DoE, DoJ, Bank of America, CISCO, GoDaddy, Hewlett Packard, Google, Microsoft and Robert Wood Johnson Foundation.
He is currently the information director of ACM Special Interest Group on Security, Audit and Control (SIGSAC) and he is a recipient of US Department of Energy Early Career Principal Investigator Award, Educator of the Year Award from Federal Information Systems Security Educators’ Association (FISSEA) and Best Researcher Award from CIDSE. Also, he serves as Associate Editor-in-Chief of IEEE Transactions on Dependable and Secure Computing and Associate Editor of ACM Transactions on Information and Systems Security. He is also the Steering Committee Chair of ACM Symposium on Access Control Models and Technologies.

Dr. Adam M. Bossler

Implications of Criminological Research on Cybercrime Policies

Abstract: Criminological research has clear policy implications on reducing various forms of cybercrime, including, but not limited to, hacking, piracy, and online harassment. Unfortunately, it is unclear how often policy makers and practitioners use cybercrime research to create cybercrime policies. In this presentation, the speaker discusses policies and practices that can be followed by parents, schools, and law enforcement that are directly derived from criminological research. In addition, he discusses the implications of research evaluating traditional criminological programs (e.g., DARE; Scared Straight) for cybercrime policy.

Bio:  Dr. Adam Bossler is an Associate Professor of Criminal Justice and Criminology at Georgia Southern University. He currently serves as the Interim Chair of the Department of Criminal Justice and Criminology. He earned his doctorate in criminology and criminal justice from the University of Missouri – St. Louis. His current 2 research focuses on examining the application of traditional criminological theories to cybercrime offending and victimization, how law enforcement responds to cybercrime, and exploring innovative correctional programs. The three federal grants that he is currently working on examine: (1) innovative and/or effective programs, services and management strategies for special needs correctional populations; (2) application of criminological theories to hacking behaviors; and (3) the effectiveness of Smart Policing. His most recent publications can be found in Crime & Delinquency, Deviant Behavior, Youth & Society, American Journal of Criminal Justice, Policing, and Journal of Criminal Justice.

Professor Susan Brenner

Threat Morphing in Cyberspace: Crime, Terrorism and War

Abstract: To survive and prosper, societies must maintain a baseline level of order; as failed states demonstrate, when order erodes it becomes increasingly difficult for the members of a society to carry out the tasks that are essential to their survival and that of the society. Threats to order fall into two categories: internal (crime and terrorism) and external (warfare). The categories differ in terms of origin (internal versus external) and in terms of the source of the threat (individuals commit crime and terrorism, sovereigns commit warfare). Over the millennia, societies have developed strategies for controlling each type of threat: law enforcement deals with crime and terrorism; the military deals with warfare. This threat control model assumes (i) stable national boundaries and (ii) that threats fall into the categories noted above. Cyberspace erodes the validity of these assumptions and, in so doing, erodes the efficacy of the current threat control model. Cybercriminals can attack targets in other countries with essential impunity; transnational attacks are no longer the exclusive province of sovereigns. And a state’s military hackers can commit what would be transnational cybercrime if it was carried out by and on behalf of civilians . . . but is something else, something that may not be encompassed by the current threat classification and control model. The threat control model’s viability is further eroded by the difficulties that can arise with regard to identifying the point of origin of an attack and the person(s) responsible for it. The model assumes activity in the physical world and, as a result, assumes that point of attack origination and certain “markers” of the attack will explicitly or inferentially indicate the motive (personal gain versus political goal) and the perpetrator(s) (individual(s) or sovereign state), which will determine the appropriate response (law enforcement versus military). These assumptions are to an increasing extent inapplicable to threat activity mediated through cyberspace, which means the current threat control model is increasingly irrelevant in this context. States, therefore, must either modify the current threat control model so it can deal effectively with cyberthreats or devise a new, cyber-specific model of threat control, which would supplement the current model. The presentation will explore how such a model could be constructed.

Bio:  Susan W. Brenner is a Professor and the Samuel A. McCray Chair in Law at the University Of Dayton School Of Law in Dayton, Ohio. She has spoken at numerous events, including Interpol Cybercrime Conferences, the Middle East IT Security Conference, the American Bar Association’s National Cybercrime Conference and the Yale Law School Conference on Cybercrime. She spoke at the Department of Homeland Security’s Global Cyber Security Conference and at a meeting on cyberthreats organized by the U.S. Department of State Bureau of Intelligence and at a NATO Workshop on Cyberterrorism in Bulgaria. Professor Brenner has published a number of articles dealing with cybercrime, including Cybercrime Metrics, University of Virginia Journal of Law & Technology (2004), Cyber-Threats and the Limits of Bureaucratic Control, 14 Minnesota Journal of Law Science and Technology 137(2013) and Offensive Economic Espionage, 54 Harvard International Law Journal 92 (2013).  She has also published books dealing with law and technology, which Cyber Threats: Emerging Fault Lines of the Nation-States (Oxford University Press 2009) and Cybercrime: Criminal Threats from Cyberspace (Praeger 2010). In fall of 2012 the University Press of New England published Cybercrime and the Law: Challenges, Issues and Outcomes.

Dr. Sriram Chellappan

Combating Cyber Crimes via Human Behavior Assessment

Abstract: College students are increasingly becoming victims of behavioral problems. Since college students are active users of the Internet today, investigating associations between behavioral abnormalities and Internet usage is an active area of research. While existing studies do provide critical insights, they are limited due to the fact that Internet usage of subjects is characterized by means of self-reported surveys only, which are limited in terms of volume of collected data, social desirability biases and limited dimensionality. In this talk, we present details and our findings on several experiments conducted in a college campus on associations between human behavior and Internet usage using real Internet data collected continuously, unobtrusively and preserving privacy. To the best of our knowledge, these are the first studies associating human behavior with real Internet data. Applications of the study to cyber security are immediate and will be elaborated in the talk.

Bio:  Sriram Chellappan is an Assistant Professor in The Department of Computer Science at Missouri University of Science and Technology, where he directs the SCoRe (Social Computing Research) Group. The group’s interests lie in many aspects of how Society and Technology interact with each other, particularly within the realms of Cyber Security, Mobility and Human-Computer Interactions. The group’s research is supported by grants from National Science Foundation, Department of Education, Army Research Office, National Security Agency, DARPA and Missouri Research Board. Sriram received the PhD degree in Computer Science and Engineering from The Ohio-State University in 2007. He received the NSF CAREER Award in 2013.

Dr. Hsinchun Chen

COPLINK, Dark Web, and Hacker Web: A Research Path in Security Informatics

Abstract: In this talk I will provide a review of an Intelligence & Security Informatics research framework. Based on a decade of federally funded research, I will present our research and development experiences relating to COPLINK (crime data mining) and Dark Web (terrorism informatics). Lastly I will discuss our recent research in Hacker Web, which aims to collect international open source hacker community contents and develop advanced multi-lingual malware attribution techniques and models.

Bio: Dr. Hsinchun Chen is University of Arizona Regents’ Professor and Thomas R. Brown Chair in Management and Technology in the Management Information Systems (MIS) Department. He received the Ph.D. degree from the New York University. Dr. Chen is director of the Artificial Intelligence Lab which has received more than $35M in federal funding (half from NSF) and has served as a faculty of the UA MIS department (ranked #3 in MIS) since 1989. He had served as a Scientific Counselor/Advisor of the National Library of Medicine (USA), Academia Sinica (Taiwan), and National Library of China (China). Dr. Chen is a Fellow of IEEE and AAAS. He received the IEEE Computer Society 2006 Technical Achievement Award, the 2008 INFORMS Design Science Award, the MIS Quarterly 2010 Best Paper Award, the IEEE 2011 Research Achievement and Leadership Award in Intelligence and Security Informatics, and UA 2013 Technology Innovation Award. He is author/editor of 20 books, 280 SCI journal articles, and 150 refereed conference articles covering Web computing, search engines, digital library, intelligence analysis, biomedical informatics, data/text/web mining, and knowledge management. His H-index is 68 (the highest in MIS), with more than 15,000 citations. Dr. Chen’s COPLINK system (funded by NSF and NIJ), which has been quoted as a national model for public safety information sharing and analysis, has been adopted in more than 3500 law enforcement and intelligence agencies. He is the founder of the Knowledge Computing Corporation (KCC), which merged i2, the industry leader in intelligence analytics and fraud detection, in 2009. The combined i2/KCC company was acquired by IBM in 2011 for $500M. Dr. Chen’s Dark Web project (funded by NSF and DOD) has generated one of the largest databases in the world about extremist/terrorist-generated Internet content. Dark Web research supports link analysis, content analysis, web metrics analysis, multimedia analysis, sentiment analysis, and authorship analysis of international terrorism contents. Dr. Chen recently received additional major NSF Secure and Trustworthy Cyperspace (SaTC) program funding ($5.4M) for his Hacker Web research and Cybersecurity Analytics fellowship program.

Richard Frank

No information was provided.

Billy Henson

No information was provided.

Dr. Thomas Holt

Exploring the Risk Reduction Strategies of Data Thieves

Bio: Dr. Thomas Holt is an Associate Professor in the School of Criminal Justice at Michigan State University specializing in cybercrime, policing, and policy. He received his Ph. D. in Criminology and Criminal Justice from the University of Missouri-Saint Louis in 2005. He has published extensively on cybercrime and cyberterror with over 35 peer-reviewed articles in outlets such as Crime and Delinquency, Sexual Abuse, the Journal of Criminal Justice, Terrorism and Political Violence, and Deviant Behavior. He has published multiple edited books, including Corporate Hacking and Technology-Driven Crime with coeditor Bernadette Schell (2011), Crime On-Line: Correlates, Causes and Context, now in its 2nd Edition, and a co-author of Digital Crime and Digital Terror, 2nd edition (2010). He has also received multiple grants from the National Institute of Justice and the National Science Foundation to examine the social and technical drivers of Russian malware writers, data thieves, and hackers using on-line data. He has also given multiple presentations on computer crime and hacking at academic and professional conferences, as well as hacker conferences across the country.

Dr. Alice Hutchings

Organised crime and co-offending in the online environment

Abstract:  This research applies Choo and Smith’s (2008) typology of organised crime groups in cyberspace to a predominantly Australian sample of hackers and computer fraudsters. This qualitative analysis draws from interviews with self-identified offenders, law enforcement officers who investigate these offenses, and court documents. The focus of this presentation is the extent that offenders are involved in organised crime, and the nature of the relationship between co-offending, initiation and knowledge transmission. By providing insight through the lens of offenders, law enforcement officers and the judiciary, this work provides a unique understanding of organised crime in the online environment.

Bio:  Dr Alice Hutchings is a Senior Research Analyst with the Australian Institute of Criminology’s Transnational and Organised Crime Program. Alice has extensive experience working across all tiers of government, as well as the academic and private sectors. Alice obtained her PhD from Griffith University, where she was based at the ARC Centre of Excellence in Policing and Security. Her PhD tested existing sociological theories of crime to determine how they explain computer crimes that compromise data and financial security. Alice has undertaken cybercrime-related research since 2007 when she examined risk factors for phishing victimisation. More recent work has examined criminal and security risks in the cloud, how online offenders perceive victims and select targets, consumer fraud, computer security risks for small businesses, and security and privacy issues relating to computer chip identification systems. Alice is currently working on a number of projects, including an analysis of organised cybercrime offenders, the misuse of information and communication technology in the public sector, and exploring the relationship between the use of child exploitation materials, the use of internet-enabled technologies to procure children, and contact sexual offending against children.

Dr. Max Kilger

Nation State Versus Kids Who Skate: The Role of Social Scientists in Identifying and Understanding Emerging Cyberthreats

Abstract: As the cyberthreat matrix continues to grow, it is becoming clear that by itself, understanding the technical mechanisms and vectors associated with new cyberattacks is unlikely to provide a sufficient and effective defense. As information technology continues to be integrated into our military, critical infrastructure and everyday lives, the rate at which vulnerabilities within these structures grow far outpaces the ability of defenders to protect them. In this discussion we examine how encouraging a partnership between information security specialists and social scientists with expertise in understanding the relationship between people and technology can help identify potential cyberthreats before they emerge, assist in focusing technical resources where they are needed most and support traditional digital defenders in developing more effective risk assessments.

Bio:  Max Kilger received his doctorate from Stanford University in Social Psychology in 1993. He has written and co-authored research articles and book chapters in the areas of influence in decision-making, the interaction of people with technology, motivations of malicious online actors, understanding the changing social structure of the computer hacking community and the nature of emerging cyberthreats. He is a founding and former board member of the Honeynet Project – a ten year old not-for-profit international information security organization that serves the public good. Max was also a member of the National Academy of Engineering’s Combating Terrorism Committee, which was charged with recommending counterterrorism methodologies to Congress and relevant federal agencies. He is a frequent national and international speaker to law enforcement, the intelligence community and military commands as well as information security forums.

Fernando Miro Llinares

Victimization in Economic Instrumental Cybercrime and Routine Activities in Cyberspace

Dr. David Maimon

30 Days “Free” Honey: Empirical Evidence for the Relevance of Restrictive Deterrence in the Study of System Trespassing

Abstract: System trespassing has been the focus of public attention during the last few decades. However, while extensive research investigates technological aspects of this crime, only few interdisciplinary research initiatives have been launched in an effort to better understand the human players that drive this phenomenon (i.e. victims, offenders and IT managers). In this talk, I will emphasize the importance of insights on offenders’ on-line behaviors for generating a more complete understanding of the etiology of system trespassing. Moreover, I will discuss the relevance of Gibbs’s (1975) conceptualization of “restrictive deterrence” for system trespassing related research. Findings from a series of studies I conducted with my colleagues from the James Clark’s School of Engineering at the University of Maryland will be presented. These findings support the consideration of “soft science” perspectives for designing more sophisticated security solutions and recommending new policy guidelines in an effort to mitigate the damage caused by system trespassers’activities.

Bio: David Maimon is an Assistant Professor in the department of Criminology and Criminal Justice at the University of Maryland. He received his Ph.D. in Sociology from the Ohio State University in 2009. David’s research interests include theories of human behaviors, computer crimes and communities and crime. His current research focuses on computer hacking and the progression of system trespassing events, computer networks vulnerabilities to cyber attacks, susceptibility to malware victimization, and decision-making process in cyber space.

Dr. Marcus Rogers

Using Internet Artifacts to Answer Behavioral Related Investigative Questions

Abstract:  The presentation will discuss work done on the development of a process model that can be used to develop insight into behavioral and personality characteristics of offenders from Internet Artifacts. Internet Artifacts such as browser histories, web cache and cookies can be a rich source of data for investigators. This data can also be used to develop an understanding of the motivation, intent, and interests of the suspected offender. An overview of the author’s process model will be provided, as well as examples of how this model has been used in actual investigations.

Bio:  Marcus K. Rogers, Ph.D., CISSP, CCCI, DFCP, ACE is the Director of the Cyber Forensics Program in the Dept. of Computer and Information Technology at Purdue University. He is a Professor-Associate Dept. Head Computer & Information Technology, University Faculty Scholar, Fellow of the Center for Education and Research in Information Assurance and Security (CERIAS) and Fellow of the American Academy of Forensic Sciences (AAFS). He is the past International Chair of the Law, Regulations, Compliance and Investigation Domain of the Common Body of Knowledge (CBK) committee, and Chair – Planning Committee Digital & Multimedia Sciences Section – American Academy of Forensic Sciences. Dr. Rogers was the Editor-in-Chief of the Journal of Digital Forensic Practice and sits on the editorial board for several other professional journals. He is also a member of other various national and international committees focusing on digital forensic science and digital evidence. Dr. Rogers is the author of books, numerous book chapters, and journal publications in the field of digital forensics and applied psychological analysis. His research interests include applied cyber forensics, psychological digital crime scene analysis, and cyber terrorism.

Dr. Mark Stockman

Cyberdeviance: who, when, why, and why not? A study in life-course Cybercriminology

Abstract: An exploratory study of cyberdeviance using self-report data from college undergraduates sets the groundwork towards an age-graded theory of cybercrime. Oversampling computing students who presumably have more opportunity to engage in hacking-type activities; the author presents data about the profile of individuals who have participated in cyberdeviance, ages of onset/peak/desistance, and motivations for hacking, desistance, or lack of involvement. The application of criminological theory for cyberdeviance in light of these data will also be discussed.

Bio: Mark Stockman is an Associate Professor at the University of Cincinnati serving as a faculty member for the Networking/System Administration specialization in the Information Technology (IT) degree program. His research interests include cybersecurity, systems administration, data center operations, server virtualization, cloud computing management, and IT pedagogy. With recent study into traditional criminology and crime prevention, Mark is currently investigating the applicability of criminological theories in the digital realm or cybercriminology.