Loading ...
Sorry, an error occurred while loading the content.

ATTN: NYC-area colleagues -- NYC Investigator and Security training next weekend

Expand Messages
  • S.R.
    ... (NOTE: if you are receiving this message directly into your e-mailbox, and not via a listserv, it is because you are, at your request, on my NY area
    Message 1 of 1 , Jul 7 7:29 PM
    • 0 Attachment
      >>>PLEASE REPOST.

      (NOTE: if you are receiving this message directly into your e-mailbox,
      and not via a listserv, it is because you are, at your request, on my
      "NY area notify" list. This will be the only direct email that you
      will receive.

      Please read this entire message for info re next weekend's H.O.P.E.
      conference.)



      Dear Colleagues:

      I am writing this as the Education Committee Chairman of the Society
      of Professional Investigators (SPI). SPI is a 56 year old fraternal
      organization of investigative, law enforcement, security and forensic
      specialists (more info: www.spionline.info). As many of you may
      already be aware, SPI has established a NYC-based educational and
      credentialing program.

      Expanding, and building upon, SPI's monthly lectures and guest
      speakers, SPI has been developing what I think is a world-class
      collection of upcoming training opportunities for Investigators and
      security professionals, including:

      - Hard-Core Computer-Aided Investigation

      - The Digital Case File (Audio, Video, Scanning, Encryption,
      Smartphones and Mobile Digital)

      - International and Multi-Jurisdictional Investigation

      - Military Records

      - After The Badge (transitioning from public law enforcement to
      private investigation and security)

      - Handling The Media (panel and roundtable)

      - Insurance Investigation

      - Understanding DNA

      - Basic Photography Skills for the Investigative and Security
      Professional

      - Advanced Crime Scene and Event Photography

      - Understanding Polygraph

      - Bugging and De-bugging ("Understanding TSCM")

      - Undercover Investigations (including panel and roundtable)

      - Social Engineering and Pretexting Within The Law (including panel
      and roundtable)

      SPI has secured the use of a impressive training facility in midtown
      Manhattan, and classes will begin in September.

      In the meantime, SPI wants to make our colleagues aware of The Ninth
      H.O.P.E. Conference, a unique event and training opportunity next
      weekend in midtown Manhattan (at the Hotel Pennsylvania) which, though
      not our event, SPI has incorporated into it's recommended training list.

      Every two years approximately 3,000 computer enthusiasts, technology
      professionals and "hackers" gather at the Hotel Pennsylvania for an
      event known as H.O.P.E. ("Hackers On Planet Earth", see:
      www.hope.net). This event is the East Coast equivalent of Defcon, and
      a large number of investigative / security / IT security and law
      enforcement personnel also attend.

      We feel that a number of the HOPE seminars are of interest to, and a
      unique training opportunity for, investigative and security
      professionals (see recommended list below). The below-listed HOPE
      sessions (and none other) are also approved by SPI for credit toward
      our new credentialing program. Additionally, I am speaking at
      H.O.P.E., and my seminar, "Privacy - A Postmortem", is also approved
      for three (3) Continuing Education hours / credits.

      To obtain credit for attending any of the below H.O.P.E. sessions,
      attendees will need to complete a speaker review form (approved by the
      NASBA) for each session. They will also need to include in that form a
      code word that will be announced at each approved session (as proof of
      attendance).

      To advance-purchase tickets for H.O.P.E. - strongly recommended! -
      please go to: http://store.2600.com/hopenumbernine.html

      For more information about anything in this post, please feel free to
      contact me offlist.

      For more information about SPI, you may contact me or SPI's President,
      Bruce Sackman (bruces@...).

      Members of the media desiring Press passes for H.O.P.E. should contact
      H.O.P.E.'s staff directly (or, based on past experience, just show up
      and they will accommodate you).

      SPI especially welcomes ALDONYS, NJLPIA, ACFE and ASIS members, and we
      strongly support those organizations.

      Thank you,

      Steven.

      (Steven Rambam, CFE, CPP, PSP, PCI, CSAR, Director.)
      (for: Pallorium, Inc.)

      direct email: rambam@...


      ------------------


      APPROVED H.O.P.E. SESSIONS:


      Advanced Handcuff Countermeasures
      Ray
      Handcuffs always have been a special kind of challenge to lockpickers.
      This talk will cover advanced manipulation techniques including
      improvised tools, hidden and 3D-printed keys, and exploiting design
      weaknesses of various handcuff models. Also, the newest handcuffs
      produced in the United States and Europe will be shown and explained,
      some of which haven�t even been introduced to police forces yet.
      Friday 1800 Sassaman

      Anti-Censorship and Anti-Surveillance Tools - Improving the Landscape
      James Vasile
      Every day, world news informs us of more and greater threats to free
      communication. Nations increasingly restrict network traffic at their
      borders. Surveillance is omnipresent in almost every country and also
      via companies who defend ubiquitous spying as �best practices.� This
      mass privacy intrusion has spurred development of a number of open
      source tools even as that development has revealed a need to address
      common obstacles faced by circumvention tools projects. This talk
      describes some of those common obstacles and current work to fix them
      on a community-wide basis.
      Sunday 1700 Sassaman

      Cell Site Location Data and Nontrespassory Surveillance after U.S. v.
      Jones
      Hanni Fakhoury
      With the rise of smartphones, the government�s use of cell site
      location data to pinpoint our exact location has grown more widespread
      (and precise) over time. For years, courts permitted the government to
      get this location data without a search warrant. And judges that
      fought against the government�s attempts at getting this data were met
      with an unfortunate reality of Fourth Amendment jurisprudence: we
      don�t have any privacy in data we turn over to third parties, like
      cell phone providers. The U.S. Supreme Court�s recent decision in U.S.
      v. Jones however, presented a �sea change� in the law of warrantless
      surveillance, calling into question the future viability of the third
      party doctrine. This talk will review the law of location data, go in
      depth into how Jones calls this law into question, and conclude with
      the steps we need to take in the future in order to safeguard our
      privacy.
      Sunday 1500 Dennis

      Computer Forensics: Possibility, Probability, Opinion, and Fact
      Joe Cicero
      How easy is it to end up with illegal content on your computer? How
      expensive is it to prove you didn�t know about it? What is it like for
      someone who is arrested for a computer crime? How long do these cases
      go on for? What does the prosecution provide your attorney and
      forensic examiner with? This presentation will cover these questions
      and more, based on experiences as a defense forensic expert.
      Friday 2300 Sassaman

      Countermeasures: Proactive Self Defense Against Ubiquitous Surveillance
      Lisa Shay, Greg Conti
      >From governments fighting terrorists to companies hawking products
      to free online services where you are the product, it seems that
      everyone wants a piece of you and your personal information. This talk
      begins with the current state of our surveillance society and delves
      deeply into countermeasures you and society at large can employ to
      maintain and protect your right to privacy. Lisa and Greg will
      deconstruct a surveillance system and examine techniques for defeating
      or degrading each component. They�ll cover technical countermeasures,
      but also present techniques for influencing policy, law, and the
      incentives underpinning surveillance activities. Left unconstrained,
      the problems of the emerging surveillance society will only get worse
      as more and more sensors and tracking applications invade the physical
      and digital worlds. You�ll leave this talk with a clear understanding
      of how to protect yourself and with strategies to deflect the
      trajectory of our surveilled future.
      Sunday 1000 Sassaman

      Crimeware Tools and Techniques of 2012: Past, Present, and Future
      Alexander Heid
      Much has evolved in the brief 24 months that have passed since the
      last presentation on this topic, which included a comprehensive
      overview of the Zeus and SpyEye trojans, popular exploits being used
      in the wild, and cash out methodologies of the digital crime actors at
      the time. Today, new digital currencies have emerged, vulnerabilities
      in popular crimeware kits have been made public, black market credit
      card trades have become automated, popular crime forums have been
      hacked and dumped, and the industry based around digital crime
      analysis and counterintelligence has grown exponentially. In spite of
      recent arrests of a few individuals, malicious actors are still
      numerous and able to keep ahead of the law by adapting to the changing
      environment and hardening their operations. This presentation will go
      over these developments, as well as the latest digital crime tools,
      techniques, and methodologies that are currently in use during the
      present day. The talk will also assess where the current trends will
      be heading in the future.
      Friday 1300 Nutt

      Destroying Evidence Before It�s Evidence
      Hanni Fakhoury
      Covering your tracks out of fear of getting caught with your hands in
      the digital cookie jar can sometimes get you in more trouble than
      whatever crime the feds think you may have committed in the first
      place. This presentation identifies three specific scenarios where the
      act of trying to cover your digital footprints - oftentimes in
      innocuous and legal ways - can get you into trouble: the nebulous
      crime of �anticipatory obstruction of justice,� which can cover
      something as mundane as deleting an email before you�re even suspected
      of committing (let alone charged with) a crime; the ever-expanding
      Computer Fraud and Abuse Act, which has been stretched to cover things
      that are neither fraudulent nor abusive; and the potential problems
      with encryption. The presentation will conclude with some ways you can
      protect yourself that can help minimize claims that you obstructed
      justice.
      Friday 1700 Sassaman


      Digital Security in Health Care Institutions
      Jorge Cortell, Alvaro Gonzalez
      Health care institutions usually have a large number of digital
      devices, networks, and databases. Lots of data goes through them, but
      are you aware of how much data that is? And how secure is it? How
      easily can this data be captured? How easy is it to access those
      medical devices? Can this be done without being detected? After six
      years of involvement in health care IT projects, Jorge and Alvaro have
      some stories and details to share.
      Friday 1900 Nutt


      DUI/DWI Testing - A Hacker�s View of the Technology and Process Behind
      the BAC and Standard Field Sobriety Test
      WJ, Alex Muentz
      This talk will look behind the process, techniques, and technology (or
      lack thereof) used by law enforcement to identify suspected
      intoxication. What most people don�t know is that there is little in
      the way of scientific process or technology that is used during the
      testing of intoxication. The process relies on a strategy of
      behavioral cues and coercion often geared towards leading an
      individual to admit wrongdoing. The technology and instruments used by
      law enforcement for determining sobriety has changed little over the
      years. Some of these technologies are inherently flawed or misleading.
      This presentation will take a closer look at the most common
      techniques and equipment including the Breathalyzer, Horizontal Gaze
      Nystagmus (HGN), and the instruction led Standardized Field Sobriety
      Test (SFST). There will be a discussion of how each of these processes
      works and an enumeration of potential flaws or tactics one should be
      aware of to ensure fair and unbiased treatment.
      Sunday 1200 Dennis


      Explosive Steganography
      Eric Davisson
      Encryption makes information secret, steganography hides the
      information in plain sight. We fancy hiding it in a �pile� that most
      people would avoid. This talk explores hiding steganography in mediums
      such as archive exploders, file carving exploders, and virus files.
      There will be a release of the open source tools eZIPlode/asour,
      magicbomb/-asour and hivasour/hivsneeze.
      Sunday 1600 Dennis


      Hackers and Media Hype or Big Hacks That Never Really Happened
      Space Rogue
      Media will often report �hacks� that either never actually happened or
      have extremely flimsy evidence. They then become major news stories
      through media hype while the reality is seldom reported at the same
      level. This talk will closely examine several instances of such
      stories and compare the hype with the reality. Examples will include
      Kevin Mitnick�s compromise of NORAD, the use of steganography by Al
      Qaeda, the electrical blackout in Brazil, the failure of a water pump
      in Illinois, and others. Close attention will be paid to the media�s
      role in presenting these stories and how they morphed from purely
      circumstantial to quoted facts. The structure of a hyped story will be
      examined so that it can be easily identified and methods of combating
      the hype will be discussed.
      Sunday 1100 Sassaman


      Legal Processes As Infrastructure Attacks
      Alex Muentz
      Law enforcement and lawmakers have been showing much more of an
      interest in regulating the Internet. The hacker community needs to
      understand how certain legal methods work like IT infrastructure
      attacks. This talk will explain legal processes such as subpoenas,
      search warrants, and e-discovery as IT infrastructure attacks, as well
      as how to talk to lawyers. This is an evolving topic as the
      environment has been constantly changing and, of course, has become
      more complicated. Also included: a discussion on the recent Megaupload
      and other domain seizures, forced IP and search engine blocking, and a
      question and answer session on related matters.
      Friday 1600 Sassaman

      Nymwars: Fighting for Anonymity and Pseudonymity on the Internet
      Eva Galperin
      The last year has seen an Internet-wide debate over real names,
      pseudonyms, and anonymity online, especially on social networks and in
      the comment sections of blogs and newspapers. Facebook has required
      users to use their real names from the very beginning and newspapers
      have increasingly embraced the same requirement for commenting on
      their websites. Proponents of real name policies cite increased
      civility and quality of content. But pseudonymity and anonymity have a
      long history in public discourse, and they are essential for privacy
      and speaking truth to power. This talk will examine the debate over
      anonymity and pseudonymity online, with a focus on Facebook and the
      Arab Spring, and Google Plus and Nymwars.
      Friday 1900 Sassaman


      Privacy - A Postmortem
      (or Cell Phones, GPS, Drones, Persistent Dataveillance, Big Data,
      Smart Cameras and Facial Recognition, The Internet of Things, and
      Government Data Centers Vacuuming Google and Facebook, Oh My!)
      Steven Rambam
      With a few keystrokes, it is now possible for an investigator to
      determine a target�s location, activities, finances, sexual
      orientation, religion, politics, habits, hobbies, friends, family,
      their entire personal and professional histories... even accurately
      predict what they will do and where they will go in the future.
      Without leaving the office, a government agent can surveil a subject
      and �watch� their activities 24/7/365: where they drive, when they
      walk down the street, if they attend a church or synagogue or mosque
      or a demonstration or visit an abortion clinic or a �known criminal
      activity location� or meet with a �targeted person� or a disliked
      political activist. There is no longer any place to hide.
      Since the very first HOPE conference, private investigator
      extraordinaire Steven Rambam�s lectures on privacy have kept attendees
      ten years ahead of the curve regarding surveillance technologies,
      investigative techniques, and the assaults upon personal privacy by
      government�s Big Brothers and private industry�s even bigger Big
      Sisters. His lectures described cell phone �pinging� eight years
      before it was used by the FBI and �Google Glasses� four years before
      they were announced. The past two years have seen the largest
      expansion of surveillance technologies ever and, in a wide ranging
      three hour lecture packed as always with dozens of real-world examples
      and case studies, Steven will provide a terrifying update on our
      absolute loss of privacy. His lecture is not for the weak of heart -
      or for those afraid of drones.
      Saturday 1700 Dennis (3 hours)


      Protecting Your Data from the Cops
      Marcia Hofmann
      What should you do if the police show up at your door to seize your
      computer? If they ask for passwords or passphrases, do you have to
      turn them over? Can they search your phone if they arrest you during a
      protest? What about when you�re crossing the border? Your computer,
      phone, and other digital devices hold vast amounts of sensitive data
      that�s worth protecting from prying eyes - including the government�s.
      The Constitution protects you from unreasonable government searches
      and seizures, but how does this work in the real world? This talk with
      help you understand your rights when officers try to search the data
      stored on your digital devices, or keep it for further examination
      somewhere else. The constitutional protections that you have in these
      situations, and what their limits are will be discussed, along with
      technical measures you can take to protect the data on your devices.
      Saturday 1100 Dennis


      The Smartphone Penetration Testing Framework
      Georgia Weidman
      As smartphones enter the workplace, sharing the network and accessing
      sensitive data, it is crucial to be able to assess the security
      posture of these devices in much the same way we perform penetration
      tests on workstations and servers. However, smartphones have unique
      attack vectors that are not currently covered by available industry
      tools. The smartphone penetration testing framework, the result of a
      DARPA Cyber Fast Track project, aims to provide an open source toolkit
      that addresses the many facets of assessing the security posture of
      these devices. This talk will look at the functionality of the
      framework including information gathering, exploitation, social
      engineering, and post exploitation through both a traditional IP
      network and through the mobile modem, showing how this framework can
      be leveraged by security teams and penetration testers to gain an
      understanding of the security posture of the smartphones in an
      organization. You will also learn how to use the framework through a
      command line console, a graphical user interface, and a smartphone-
      based app. Demonstrations of the framework assessing multiple
      smartphone platforms will be shown.
      Friday 1000 Sassaman


      Social Engineering
      Emmanuel Goldstein and friends
      Since the very first HOPE conference in 1994, the social engineering
      panel has been a huge draw. We basically round up a bunch of people
      who like to play on the phone, tell some stories, and make live calls
      to strangers who wind up telling us things they really shouldn�t in
      front of a huge crowd of people who are trying very hard not to make
      any noise. It�s all a lesson on how insecure information really is,
      and how you can avoid making the same mistakes that some unsuspecting
      person someplace will inevitably make when this panel randomly calls
      them.
      Saturday 2100 Dennis, Nutt

      Spy Improv: Reality Unfiltered
      Robert David Steele
      Several HOPES ago, Robert Steele started doing separate Q&A sessions
      using his knowledge as a former spy, pioneer of open source
      intelligence, advocate of multinational sense-making, and #1 Amazon
      reviewer for nonfiction. At The Next HOPE (2010), with help from those
      who stayed with him, he set what may be the world record for Q&A,
      eight hours and one minute, from midnight Saturday to 0801 Sunday.
      This year will be strictly limited to two hours in open session, but
      the possibility of a roundtable thereafter will remain open. All
      questions welcome.
      Saturday 2359 Dennis (2 hours)

      Why Names Matter: How Online Identity is Defining the Future of the
      Internet
      aestetix
      As the Internet becomes more public and universal, the world is
      beginning to have an identity crisis. Some big questions are coming
      up: who are we, and how should we be represented online? Originally
      inspired by having his Google Plus account suspended twice during the
      nymwars fiasco, aestetix will explore the deeper nature of how we
      identify ourselves and each other. The talk will look at issues both
      from a technology and social perspective, asking questions like why
      hacker handles are important, and how our notions of privacy have
      changed in the greater scheme. It will also cover the ways in which
      current online social networks try to build upon existing social
      relationships and discuss suggestions for improvement in the future.
      Sunday 1400 Nutt


      WikiLeaks, Whistleblowers, and the War on the First Amendment
      Ben Wizner, Catherine Crump
      The Director of ACLU�s Speech, Privacy, and Technology Project will
      provide an overview of the Espionage Act and the other statutes that
      the government has employed to prosecute leakers and threaten
      publishers. Ben will discuss the ACLU�s litigation on behalf of
      WikiLeaks supporters whose Twitter records have been subpoenaed and
      whose laptops have been seized by government agents, and will place
      the Obama administration�s unprecedented campaign against leakers in
      legal and historical context.
      Friday 2000 Dennis


      Your Cell Phone is Covered in Spiders! (An Overview of Mobile Device
      Security)
      Cooper Quintin
      Smartphones have changed the world. Your calendar, photographs,
      private documents, and communication with your entire social sphere is
      now just a swipe away. We are carrying exponentially increasing
      amounts of highly personal data around with us in our pockets. But are
      we doing enough to safeguard this data? Mobile devices are also
      becoming an important tool for social change, but with this they also
      become a more important target for governments and corporations. With
      so many attack vectors on mobile devices, it is important to know the
      ways that your mobile device can be compromised and how you can
      protect against these attacks. This talk will focus primarily on the
      security of the Android operating system. You will hear about how to
      protect your phone against warrantless search and seizure by law
      enforcement, as well as how much damage malicious apps can actually do
      and how to protect yourself from becoming the victim of malware. You
      will hear about password security concerns on Android and how to
      protect yourself, along with some of the many great security-related
      apps that Android has to offer. This talk will examine the question of
      whether you can protect yourself from the greatest of all threats to
      your phone: The Phone Company.
      Saturday 2300 Sassaman







      Pallorium, Inc.
      P.O. Box 155 - Midwood Station
      Brooklyn, New York 11230 USA
      (001) 212-969-0286
      ____________

      http://www.pallorium.com

      TWITTER: @pallorium and @stevenrambam
      ____________

      * Licensed Investigators * Database Services *

      * U.S.A. Affiliates in New York, Texas, Louisiana and California *

      * IIN * WAD * WIN * NAIS * ION * AIIP * NCISS * BOMP * COIN *
      * ASIS * ACFE * IOA * INTELNET * ALDONYS * TALI * SPI * ACFCS *

      ____________

      Join the "INVESTIGATIONS" group at: www.peoplefinder.net/newsgroup.html
      A private, secure and noncompetitive group for investigative
      professionals.


      P Please consider the environment before printing this email.






      [Non-text portions of this message have been removed]
    Your message has been successfully submitted and would be delivered to recipients shortly.