Video and Materials
- Cybercrime: The Actors, Their Actions, and What They're After
- To Catch (and Prosecute) a Spammer
- Cold-Boot Attacks Against Disk Encryption
J Alex Halderman
- Some Tricks For Defeating SSL In Practice
- Book: New School of Information Security
Verizon Business Security Solutions
Cybercrime: The Actors, Their Actions, and What They're After
Based on forensic evidence collected while investigating some of the largest data breaches in history, Wade Baker will present a rare view into the world of corporate cybercrime. Over the last five years, Baker and his colleagues have investigated and compiled data on nearly 600 confirmed breaches. They have helped agencies like the U.S. Secret Service identify and prosecute criminals from all over the world. Their research has been used by thousands of organizations to evaluate and improve their security program. The presentation will discuss the evolution of cybercrime and delve into the people, methods, and motives that drive it today.
Wade Baker is the director of Risk Intelligence for Verizon Business. In this role, he oversees the collection, analysis, and distribution of all internal and external data relevant to better understanding and managing information risk. The output from these activities is used to improve Verizon’s services, inform personnel and clients, and provide credible influence to the constant evolution of security planning.
Baker has nearly 15 years of experience in the IT and security industries. His background spans the technical-managerial spectrum from system administration and web development to risk management and corporate decision-making. Since joining Verizon Business (and previously with Cybertrust and TruSecure), Baker has led a team in building one of the largest repositories of information security risk metrics in the world. He has innovated several offerings and methodologies for Verizon Business and is the creator, author, and primary analyst for the Data Breach Investigations Report series.
Prior to his tenure at Verizon Business, Baker spent 5 years on the faculty of two major research universities, most recently in the Pamplin College of Business at Virginia Tech. He also ran a consulting firm providing IT services to companies and educational institutions. In what seems like a former life, he began his professional career as an environmental scientist in Mississippi.
Baker has a bachelor’s degree in business development and a master’s degree in information technology from the University of Southern Mississippi. He is in the final phase of obtaining his Ph.D. in Business Information Technology at Virginia Tech; his doctoral dissertation examines the challenges of managing information risk in the extended enterprise and provides a model for improved decision support.
A researcher at heart, Baker’s work on various topics has been published in a number of highly-rated academic journals, professional magazines, and books. His research for the President’s Information Technology Advisory Council was featured in the 2005 Report, "Cyber Security: A Crisis of Prioritization." He frequently speaks at academic and trade conferences as well as corporate events around the world.
US Dept of Justice
To Catch (and Prosecute) a Spammer
This is a case study of the federal investigation and prosecution of Alan M. Ralsky's illegal spamming organization. Alan Ralsky was at one time one of the world's most notorious illegal spammers, and had been dubbed "the King of Spam." In January of 2008, a federal Grand Jury in the Eastern District of Michigan returned a 41-count indictment charging Ralsky and ten others with operating a spamming and stock "pump and dump" scheme that made millions of dollars through spam-driven stock manipulation. All of the defendants except one, who is a Russian national, have now pleaded guilty, acknowledged their responsibility, and will be sentenced this year. How the evidence was developed, what investigative steps were taken, how the charges were brought, and what legal and factual circumstances lead to the recent convictions and upcoming sentences of Ralsky and eight of his co-defendants will be discussed in some detail.
Terrence Berg became the United States Attorney for the Eastern District of Michigan on August 15, 2008.
A career federal prosecutor, Mr. Berg joined the United States Attorney’s Office in 1989 as an Assistant United States Attorney. Mr. Berg worked in the General Crimes Unit, the Controlled Substances Unit, and the Economic Crimes Unit, where he tried a large number of cases, eventually specializing in complex white-collar fraud, computer crime, and intellectual property cases. While in the Controlled Substances Unit, Mr. Berg prosecuted one of the earliest cases in the United States involving the Controlled Substance Analogue statute, which made certain kinds of designer drugs illegal, and resulted in the statute being found constitutional by the Sixth Circuit Court of Appeals. He also successfully co-tried a high profile environmental crimes prosecution, United States v. Rapanos, which was a landmark wetlands case.
In 1999, Berg was appointed by Michigan Governor (then Attorney General) Jennifer M. Granholm as Chief of the Michigan Attorney General’s High Tech Crime Unit. Under Mr. Berg’s leadership, the High Tech Crime Unit brought a variety of cases of first impression in the area of computer crime and child exploitation on the Internet, including the first prosecution of the sale of precursors for the date-rape drug , GHB, over the Internet. Berg also served as the Attorney General’s “computer crime fellow,” assigned to work on a one-year detail at the U.S. Department of Justice’s Computer Crime and Intellectual Property Section, 1999-2000.
Mr. Berg returned to the United States Attorney’s Office in 2003, where he directed the office’s computer crime program. In 2004, Berg brought the first case under the new federal CAN-SPAM statute, which targets illegal spam e-mail, resulting in conviction and a three-year prison sentence.
In 2005, Berg was appointed First Assistant United States Attorney by former United States Attorney (now U.S. District Judge) Stephen J. Murphy. As First Assistant, Berg was responsible for managing the office, setting priorities and implementing programs, while maintaining a caseload in his area of expertise – computer crime, intellectual property, trade secret offenses, identity theft, and complex white collar crime.
Berg has served as an adjunct professor for the University of Detroit-Mercy School of Law, where he taught courses on Computer Crime and Trial Practice. He has also taught courses at the U.S. Department of Justice’s National Advocacy Center, in Columbia, South Carolina, the FBI Academy in Quantico, Virginia, and the Prosecuting Attorney’s Associations of Michigan, Ohio, North Carolina, and Utah. He has spoken at conferences sponsored by the National Association of Attorneys General, in Washington, D.C., the National White Collar Crime Center, in Fairmont, West Virginia, and the National Center for Justice and the Rule of Law, at the University of Mississippi, Oxford, Mississippi. Berg was featured in Michigan Super Lawyers and Rising Stars 2008, “The Top Attorneys in Michigan,” Criminal Prosecution, at 32. His publications include, The Changing Face of Cybercrime, Michigan Bar Journal (June 2007); Practical Issues in Searching and Seizing Computers, The Thomas M. Cooley Journal of Practical and Legal Issues, vol. 7, issue 1 (2004); The Impact of the Internet on State Power to Enforce the Law, 2000 B.Y.U. Law Rev. 1305 (2000); and Criminal Jurisdiction in Cyberspace: Is There a Sheriff on the Electronic Frontier?, 79 Michigan Bar Journal 659 (June 2000).
Dr. J. Alex Halderman
University of Michigan
Cold-Boot Attacks Against Disk Encryption
Many people, even security experts, have assumed that dynamic RAM, the main memory in modern computers, loses its contents almost immediately when a computer is powered off. Actually, memory chips retain stored information for several seconds after power is lost, even if it is removed from a motherboard. I will discuss how this phenomenon limits software's ability to protect cryptographic keys from an attacker with physical access to a machine. It poses an especially severe threat to laptop users who rely on disk encryption, and I will show how it can be used to compromise several popular disk encryption products. I will describe tools that colleagues and I developed to bypass operating system security and acquire full system memory images. I will discuss several strategies for mitigating these risks, though no simple remedy eliminates them.
J. Alex Halderman is a professor of electrical engineering and computer science at the University of Michigan. His research spans applied computer security and tech-centric public policy. Dr. Halderman has studied topics ranging from passwords, data privacy, electronic voting, digital rights management, and cybercrime to technological aspects of intellectual property law and government regulation. In 2008, he was the lead author of the study that introduced the cold-boot attack. He is also widely known for his investigation of the Sony CD-DRM "rootkit," in which he examined how DRM can be a threat to users' security, and his security analysis of the Diebold AccuVote touch-screen voting machine, which demonstrated the first voting machine virus.
Institute for Disruptive Studies
Some Tricks For Defeating SSL In Practice
This talk will cover a few tricks for defeating SSL/TLS as it is commonly implemented and deployed. While TLS as a protocol has proved resilient to most attempts at cryptanalysis, a number of implementation details and deployment particulars have proven quite deadly in defeating it. From BasicConstraints vulnerabilities, to SSL stripping, to null-prefix attacks on X.509 certificates, this talk will cover the ways these details can be exploited.
Moxie Marlinspike, a fellow at the Institute for Disruptive Studies, has more than thirteen years of experience attacking networks. He is the author of sslsniff, used by the MD5 Hash Collision team to deploy their rogue CA cert; and sslstrip, which implements Moxie's deadly "stripping" technique for rendering communication insecure. His tools have been featured in many publications including Hacking Exposed,Forbes, The Wall Street Journal, The New York Times, and Security Focus as well as on international TV.
Senior Program Manager, Security Development Lifecycle Team
Book: New School of Information Security
"Information security faces a crisis. As a discipline, as a profession and as a passion, the challenges we face seem overwhelming. Cyber-criminals are organizing and making vast sums of money. Management never seems to want to cough up enough funding. Practitioners are exhausted. What's causing this crisis, and how can we break out?"
Adam Shostack is senior program manager in Microsoft’s Trustworthy Computing Group. Within Microsoft's Security Development Lifecycle team, he is responsible for security design analysis techniques including threat modeling.
Shostack has an extensive background in security. Before joining Microsoft in 2006, he was a leader in a number of successful start-ups in vulnerability scanning, privacy and program analysis. He also helped start the Common Vulnerabilities and Exposure (CVE) project, is a founder of the Privacy Enhancing Technologies Symposium, and has been a technical advisor to companies such as Counterpane and Debix.
He has published in industry and academic venues, and is also co-author of the widely-acclaimed book, The New School of Information Security (Addison-Wesley, 2008).