CyberCrime 2014 Symposium CALL TO ACTION: Steps You Can Take Now November 11–12, 2014 Portsmouth Harbor Events & Conference Center | Portsmouth, NH

Hosted by: CyberCrime 2014 Symposium all To Action DAY ONE AGENDA: Tuesday, November 11, 2014 Program is subject to change.

Registration: 11:30 a.m. – 12:00 p.m. Afternoon Session I: 1:45 p.m. – 2:45 p.m. DBIR: Nine Basic Attack Patterns Welcome and Opening Remarks: 12:00 p.m. – 12:30 p.m. Speaker: Bob Rudis, Security Data Scientist, Cybersecurity Call To Action Research & Innovation at Verizon Enterprise Solutions Speaker: Sari Stern Greene If there’s one security report everyone should read every year, Sage Data Security Host Representative it is the Verizon Data Breach Incident Report (DBIR). Based on actual data breaches rather than unreliable surveys, the DBIR With this year’s theme, paints a realistic picture of the state of cybercrime. The 2014 “Call To Action,” our annual Data Breach Investigations Report (DBIR) casts new light on Cybercrime Symposium – threats — taking 10 years of forensic data and finding that 92% including a powerful CyberAttack of these can be categorized into nine basic attack patterns. Incident Response Exercise on Day Notable trends include rising corporate espionage, more frequent 2 – is committed to providing you ATM compromises, and improved hack detection. This session with actionable takeaways your will focus on the findings – and importantly the top takeaways – organization can put into effect right organizations can use to strengthen their security. away. Buckle up, it’s sure to be a bracing Call to Action for all of us. Bob Rudis has over 20 years of experience using data to help defend global Fortune 100 companies, and is a Security Data Sari Stern Greene (@sari_greene), CRISC, CISM, CISSP is the Scientist at Verizon. Bob is a serial tweeter (@hrbrmstr), avid founder of Sage Data Security and chair of the CyberCrime blogger (rud.is), author (Data-Driven Security), speaker, and regular Symposium. She is a recognized leader in the field of information contributor to the open source community (github.com/hrbrmstr). security, and the author of Security Program and Policies: He currently serves on the board of directors for the Society of Principles and Practices, used in undergraduate and graduate Information Risk Analysts, is on the editorial board of the SANS programs nationwide. Sari advises Senior Management and Securing The Human program and was co-chair of the 2014 Directors on information security issues and strategic planning. Metricon security metrics/analytics conference. He holds a bachelor’s degree in computer science from the University Lunch Keynote: 12:30 p.m. – 1:30 p.m. of Scranton. The Inside Story of Organized Cybercrime Speaker: Brian Krebs, Author of SPAM NATION Afternoon Session II: 3:00 p.m. – 4:30 p.m. and Editor, KrebsonSecurity.com Passwords: Challenges and Replacements Investigative journalist and cybersecurity expert Brian Krebs Speaker: Per Thorsheim, Founder, PasswordsCon returns to the Cybercrime Symposium to unmask the criminal masterminds driving some of the biggest spam and hacker We’ve seen massive data breaches over the past few years, operations targeting Americans and their bank accounts. His and most included millions of passwords. Users are blamed for talk will trace the rise, fall, and alarming resurrection of the digital choosing dumb passwords, and reusing them across multiple mafia behind the two largest spam pharmacies – and countless services. Based on his 15+ years of worldwide involvement into viruses, phishing, and attacks. As an added bonus, password research and development across private, public and Brian will take us into the world of the dark web payment card academic sectors, Per Thorsheim will go from the small examples trading economy. to the global perspectives of password security. Based on personal experience, he will also tell you why you should write Brian Krebs (@briankrebs) is the author of SPAM NATION down your passwords. (release date Nov. 2014) and the editor of KrebsonSecurity.com, a daily blog dedicated to in-depth cyber security news and Per Thorsheim (@thorsheim) is the founder and main organizer investigation. For the fourth year running, KrebsonSecurity.com of PasswordsCon, the world’s first conference exclusively about was voted the blog that best represents the security industry by passwords and digital authentication. Now in its fifth year, the judges at the 2014 RSA Conference. In 2013, he was presented conference is held twice a year, in Norway and Las Vegas. He with the RSA “Security Bloggers Hall of Fame Award,” alongside has been working with security for more than 20 years; his noted security expert Bruce Schneier. Krebs worked as a reporter interest in passwords began when, during a penetration test, he for The Washington Post from 1995 to 2009, where he covered compromised a Fortune 500 company in one day, simply because Internet security, cybercrime and privacy issues for the newspaper an administrator was using “Password” as his password. He and the website. His stories and investigations have also have received worldwide attention when he revealed Linkedin had been appeared in CNN, , The Wall Street Journal, hacked in June 2012. He currently holds certifications for CISA, MIT Technology Review, CSOonline and Wired.com. Brian was CISM and CISSP-ISSA. He says he knows your next password. recently profiled on NPR’s Fresh Air with Terry Gross. Afternoon Session III: 4:45 p.m. – 5:15 p.m. DAY TWO AGENDA: U.S. Secret Service Update Wednesday, November 12, 2014 Speaker: Matt O’Neil, USSS, 2013 Special Agent of the Year Cybercrime is global and local. 2013 Special Agent of The Breakfast: 7:30 a.m. – 8:00 a.m. Year Matt O’Neil will brief us on cybercriminal activities in New England with a focus on merchant exploits. He will share with Breakfast Keynote: 8:00 a.m. – 9:00 a.m. us how the Secret Service investigates cybercrime, the outcome of the investigative process and the most effective way for 3D Printer Technology and Its Potential Impact organizations to interact with Federal law enforcement agencies. on Physical Security of Lock and Keys Speaker: Marc Weber Tobias, J.D. Matt O’Neill was the USSS Special Agent of the Year for 2013, Ultimately, cyber security relies upon the physical protection of and a finalist for Special Agent of the Year for 2012. Matt joined servers, computers, and other assets, utilizing layers of physical the United States Secret Service in December 1998 and spent security including mechanical and electro-mechanical locks. five years in the New Haven Resident Office. He was assigned to These locks are relied upon as the first line of defense to the Vice President’s Detail from 2003-2007. In December of 2007 unauthorized access, and if they can be compromised then he was transferred to the Manchester, New Hampshire Resident serious ramifications can result. There is an emerging technology Office. Matt has investigated numerous cases of network that may threaten the design of traditional key control measures, intrusions, point of sale terminal compromises, money laundering, which means the potential defeat of certain high security locking bank fraud, counterfeit currency cases, wire fraud, and insurance systems. This development involves two independent disciplines: fraud cases. He travelled to Romania and met with the Romanian 3D printer technology and three dimensional scanning. The Attorney General regarding a specific hacking case of significant combination of these technologies can place conventional and community impact. He also met with Moldovan officials in some high security locks at risk to insider attacks. The presenter Chisinau relating to another network intrusion matter. He has is directing an extensive research project to determine the interrogated hackers from all over the globe. vulnerability of a number of high security lock and key designs that may be replicated, simulated and duplicated by 3D printers, Cocktail Hour: 5:15 p.m. – 6:00 p.m. thereby violating all aspects of key control as presently understood.

Marc Weber Tobias, J.D. is an Investigative Attorney and Dinner: 6:00 p.m. – 6:30 p.m. Physical Security Specialist. He leads a research team that consults with many of the largest lock manufacturers in the Dinner Keynote: 6:30 p.m. – 8:00 p.m. world. Marc has been involved in many high-level security Bitcoin Cryptocurrency Crash Course investigations that have involved some of the most complex and secure lock designs that are presently available. His team Speaker: Andreas M. Antonopoulos, Technologist is responsible for developing covert methods of compromise of Bitcoin is the first successful digital currency. It is instant, global, mechanical, electro-mechanical, and electronic locks, and then frictionless, is changing money forever. Bitcoin is still in its assisting design engineers in their redesign to make them secure infancy, and yet it has already spawned an economy valued at against such attacks. He has been granted five U.S. and several nearly $2 billion that is growing exponentially. Established companies foreign derivative patents regarding bypass tools and techniques like PayPal are considering adding Bitcoin as a payment method, for opening or protecting locks, and has published multiple police and investors are funding a flurry of new startups aiming to stake and security textbooks. Marc served as Director of the Organized claims in a new industry that may rival the Internet in terms of scale Crime Unit, Office of Attorney General in South Dakota, and has and impact on daily life. At the same time, criminals are exploring also been a polygraph examiner for the past 25 years. ways of exploiting this currency. Andreas will take us from the basic use of a Bitcoin wallet to buy a cup of coffee to collaboratively Morning Session I: 9:15 a.m. – 10:15 a.m. building new secure financial innovations that will transform our understanding of currency and credit. Should Online Reputation Attacks Be Considered Cybercrimes? Speaker: Chris Dufour, Director White Canvas Group Andreas M. Antonopoulos (@aantonop) is a noted security, Bitcoin and cryptocurrency expert, coder, entrepreneur, and Today’s Internet has evolved into a free-for-all playground where author of Mastering Bitcoin. He is also the host of the syndicated adversaries can use social media to attack their targets through talk show “Let’s Talk Bitcoin.” More than 200 of his articles on subversion, embarrassment, and falsity...not just via the technical security, cloud computing and data centers have been published means that constitute our collective understanding of “cybercrime.” in print worldwide. As a Bitcoin entrepreneur, Andreas has founded Never has it been easier for the digital attacker to single-handedly three Bitcoin businesses and launched several community humiliate Fortune 500 companies, respected media outlets, and open-source projects. Andreas serves on the advisory boards noble organizations. So why don’t we consider digital attacks of several Bitcoin startups and serves as the Chief Security Officer on reputation a cybercrime? This talk showcases compelling of Blockchain. Andreas holds U.S. Patents for System and Method examples of reputation-based attacks and fosters a discussion for Securing Virtualized Networks, and System and Method for on how organizations can begin thinking about linking their Dynamic Management of Network Device Data. reputational security to their cyber security.

Chris Dufour (@Du4) is an expert in employing digital strategy Twitter Hashtag: #CCSYM and technologies for defense, intelligence, and diplomacy. www.cybercrimesymposium.com

As a program manager in irregular warfare, Chris managed development of near-time tracking of its infrastructure and what the R&D portfolio for strategic communications, public diplomacy can be learned in order to manage new threats as they emerge. support, information operations, and psychological operations at the Combating Terrorism Technical Support Office. He has Lance James, the author of Phishing Exposed and a co-author advised, led, and participated in several studies of social to Emerging Threat Analysis, is currently Head of Cyber networking phenomena for government, academia, and Intelligence at Deloitte. With over a decade of experience with industry. Presently, “@Du4” (his Twitter handle) is a Director programming, network security, digital forensics, for the White Canvas Group, where he currently manages research, cryptography design and cryptanalysis, attacking social media strategy and training projects for the U.S. Special protocols and a detailed expertise in information security, Lance Forces community. He has trained over 1,000 people in has provided consultation to numerous businesses ranging from advanced uses of social media and social media safety. small start-ups and governments (both national and international) to Fortune 500s and America’s top financial institutions. He has Morning Session II: 10:30 a.m. – 12:15 p.m. spent the last few years devising techniques to prevent, track, Cyber Attack Incident Response Exercise and detect phishing and malware attacks. He is actively engaged Speaker: Mike Webber, BitSec/Sage with two new book projects, The Threat Intelligence Handbook Participants in this year’s Cyber Security Incident Response (No Starch Press) and Hacking Back: Offensive Cyber Exercise will find themselves responding to a politically Counterintelligence (Mcgraw-Hill). motivated cyber-attack. A scripted series of events will unfold rapidly during this highly-interactive session, testing Afternoon Session I: 2:00 p.m. – 2:45 p.m. participants’ abilities to work as a team, communicate, Building the Next Generation coordinate resources, and make decisions in a timely manner; of Cyber Defenders – Wounded minimizing financial, operational and reputation damage to both their employer and their customers. Warrior Cyber Academy The mission of the Wounded Warrior Cyber Combat Academy As Director of Sage’s Cyber Intelligence Unit, Mike manages (W2CCA) is “To Build the Next Generation of Cyber Defenders cybersecurity education, digital forensics, and threat reporting by Cross-Training the League of Wounded Warriors to help for Sage Data Security. Prior to joining Sage, he founded Protect and Defend the Nation’s Information Systems.” Learn BitSec Global Forensics where he regularly assisted law firms, what your organization can do to support this worthy mission. major corporate Fortune 500 companies, financial institutions, and U.S. Government agencies with issues related to cyber Afternoon Session II: 2:45 p.m. – 3:00 p.m. security. For the past 10 years, Mike has also served as a senior cyberterrorism consultant to the U.S. State Department, Community Nominated Solutions Showcase traveling throughout the Middle East, Africa, South America, All previous Symposium attendees were invited to nominate the Caribbean and Southeast Asia. There he consults with a security service, product or vendor to be showcased with government institutions to help them acquire the skills the objective of sharing best-of-breed solutions. We will be needed to detect, prevent, and investigate incidents introducing the three top nominated solutions. Each of the related to cyber terrorism and cyber crime. nominees will present a five minute introduction and will be available to speak with attendees at the conclusion of the Symposium. Lunch: 12:15 p.m. – 12:45 p.m.

Lunch Keynote: 12:45 p.m. – 1:45 p.m. The New Scourge of : A Study of CryptoLocker and Its Friends

Speaker: Lance James, Head of Cyber Intelligence at Deloitte Protecting Ensuring Fighting Ransomware isn’t a new threat; however, it introduced new Information Assets. Regulatory Compliance. Cybercrime. life with CryptoLocker, the very first variant to perform Founded in 2002, Sage serves as a strategic security encryption correctly, thus significantly inhibiting security partner for financial institutions, healthcare providers, researchers and their typical countermeasures. Due to its government agencies and businesses nationwide. Sage unique nature, CryptoLocker is one of the few current malware offers an award-winning portfolio of Advisory, Assessment campaigns that spawned its own working group focused and Incident Detection & Response services designed to around remediation. As time progressed, other ransomware protect information assets and ensure regulatory compliance. copycat campaigns emerged, some of which got media attention even though they were nothing but vaporware. For more information, visit www.sagedatasecurity.com This presentation will focus on what the threat intelligence and www.ndiscovery.com community did in response to this threat, including the