In response to news Ken Westin from Tripwire commented on the latest hack of celebrity photos in which the hacker accessed more than 570 iCloud accounts.
Ken Westin, senior security analyst with Tripwire (www.tripwire.com) said:
“We are increasingly seeing the consumerization of hacking tools and techniques, which when paired with the vast amount of data available about us in the cloud can have disastrous impact on individuals. Attackers today only need a modicum of technical skill and a bit of malicious intent and they can harvest large quantities of data about individuals, not just public information but also private.”
Ken will be presenting these kinds of “cyber stalker skills” at DEF CON, Las Vegas, Aug. 6-9 (just after Black Hat) – specific day/time of his talk is still TBD
“Confessions of a Professional Cyber Stalker”
Ken Westin Sr. Security Analyst with Tripwire Inc.
For several years I developed and utilized various technologies and methods to track criminals leading to at least two dozen convictions. In the process of recovering stolen devices, larger crimes would be uncovered including drugs, theft rings, stolen cars, even a violent car jacking. Much of the evidence in these cases would be collected by stolen devices themselves, such as network information, photos captured from laptops and cell phones, but often times there was additional data that would need to be gathered for a conviction. In this presentation I will walk through actual real cases and discuss in depth the technologies used and additional processes I went through utilizing open source data and other methods to target criminals. I will also discuss how these same tools and methods can be used against the innocent and steps users and developers can take to better protect privacy.
In this presentation here are a few examples of cases I worked on which I will reveal details of:
- How a theft ring targeting Portland, Oregon schools was unveiled leading to multiple convictions
- How I tracked and recovered $9K worth of stolen camera equipment sold multiple times a year after it was stolen based on data extracted from images online
- How mobile phones stolen from a wireless store were tracked leading to the arrest of a theft ring, leading to the conviction of six people and the recovery of a stolen car
- Embedding of custom designed trojan for thermal imaging devices for theft tracking and export controls
- Tracking of a stolen flash drive to a university computer lab and correlation of security camera and student access ID cards
- Tracking a stolen laptop across state lines and how I gathered mountains of evidence in another theft ring case
- Several other cases….
[su_box title=”About Tripwire Inc.” style=”noise” box_color=”#0e0d0d”]
Tripwire, Inc., a global provider of risk-based security and compliance management solutions, today announced Tripwire® Enterprise™ version 8.3 featuring a new, stand-alone Policy Manager™. Tripwire Policy Manager provides the detailed visibility into system configurations critical to minimizing security risks and ensuring compliance.[/su_box]
Ken Westin, Director, Security Strategy at Cybereason
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.