Prof Benoit Dupont, Scientific Director – Smart Cybersecurity Network (SERENE-RISC), Université de Montréal, Canada
Benoit Dupont is professor of criminology at the Université de Montréal, where he holds the Canada Research Chair in Security and Technology. He is also the Scientific Director of the Smart Cybersecurity Network (SERENE-RISC), one of Canada’s networks of centres of excellence. SERENE-RISC brings together government, industry and academic partners in order to facilitate the mobilization and uptake of evidence-based cybersecurity knowledge. His research interests focus on the governance of security and the use of networked initiatives to enhance offline and online safety, as well as the coevolution of crime and technology, and in particular the social organization of the hacking ecosystem.
Keynote Title: ‘Trust: the hackers’ dilemma’
Online offenders, like any other professional group, have learned to harness information and communication technologies to overcome physical constraints and exploit new economic opportunities. As a result, they are profiting from the automation of fraud and an increased ability to divide labour among highly skilled associates. Global illicit networks operating in this new technological environment have a lower risk of exposure and arrest – due to the malleable nature of online identities and the fragmentation of law enforcement responses – but they must contend with the considerable challenge of establishing and maintaining trust among co-offenders in online communities that lack the traditional social control and signalling mechanisms found in more traditional criminal settings. This presentation will examine two online communities of malicious hackers and the distribution of trust and reputation among their members. The first part of this presentation will analyse 449,478 feedbacks collected over 27 months that rate the trustworthiness of 29,985 individuals belonging to the largest computer hacking forum dedicated to botnets. Of particular interest will be the evolution of trust over time, the reporting bias that seems to affect exchanges, and the motives that trigger assessments of trustworthiness. The second part will present preliminary findings from an elite hacking community of English speaking hackers dismantled in 2015 by the FBI. The selection process to join this invitation-only forum, recruitment patterns, as well as the most valued features advertised by and sought from new members will be analyzed. We will use trust signals to represent the networked structure of this forum and assess the impact of the arrests that followed its takedown.
Dr Thomas J. Holt, Associate Professor, School of Criminal Justice, Michigan State University, USA
Thomas J. Holt is an Associate Professor in the School of Criminal Justice at Michigan State University specializing in cybercrime, policing, and policy. He received his Ph. D. in Criminology and Criminal Justice from the University of Missouri-Saint Louis in 2005. He has published extensively on cybercrime and cyberterror with over 35 peer-reviewed articles in outlets such as the British Journal of Criminology, Crime and Delinquency, the Journal of Criminal Justice, and Terrorism and Political Violence. He has published multiple books, including Cybercrime and Digital Forensics: An Introduction (2015) and Cybercrime in Progress (2016) through Routledge Press. He has also received multiple grants from the National Institute of Justice and the National Science Foundation to examine the social and technical drivers of Russian malware writers, data thieves, and hackers using on-line data. He has also given multiple presentations on computer crime and hacking at academic and professional conferences around the world, including major security events such as Defcon and HOPE.
Keynote Title: Comparing the Practices of Open and Dark Web Markets for Stolen Data
Data breaches have become a prominent issue impacting consumers and industry alike over the last few years. In fact, retailers, health-care providers and the US government have lost hundreds of millions of credit and debit cards as well as sensitive personally identifiable information due to external attackers compromising vital data sources. Recent research from both computer scientists and criminologists have considered the practices of data thieves and their use of illicit on-line markets to sell and buy personal information and facilitate cybercrime. These studies are largely based on data developed from IRC channels and web forums, demonstrating the scope of products sold, as well as the relationships between data sellers and buyers. Few, however, have considered the emergent market for data and cybercrime services operating on Tor-based websites and forums. These encrypted and hidden markets may have different operations and services offered compared to those operating on the open web, though there is minimal empirical data used to address this issue. Thus, this study will attempt to address this gap in our knowledge using a comparison of threads and advertisements for data in a sample of 16 open web forums and 17 Tor-based forums and shops. Differences in the structure and process of the markets will be explored, including payment systems, product reviews, and pricing structures. The implications of this study for our understanding of the open and Dark Web will be explored, along with the implications of this study for law enforcement practice.
Prof Michael Levi, Professor of Criminology, School of Social Sciences, Cardiff University, UK
Prof Michael Levi chairs the Crime, Security and Justice Research Theme at the Cardiff University. He earned the Distinguished Scholar Award from the International Association for the Study of Organized Crime (IASOC) 2013. He is member of a number of learned societies and is very active in other ‘Evidence of Esteem’ eg consultancies, journal editorships, membership of national and international research bodies, advice to government etc.
Keynote Title: Police, third party policing and the dilemmas of responding to economic cybercrimes
Cybercrimes in general, and frauds committed using digital media in particular, pose problems for traditional law enforcement Pursue models. This presentation deconstructs what we know about the cyber components of financial crimes, outlines some of the problems that the police in the UK and elsewhere have experienced in responding, and suggests some possible mixed policing alternatives, including the problem of how to get users to protect themselves better,
Mr Tim McCreight, MSc. CISSP CPP CISA
Tim McCreight is the Director, Advisory Services for Above Security – A Hitachi Group Company. Tim leads the Managing Consultants and Sales Engineers across the Above Security organization, and focuses on delivering information security services to clients around the globe.
Prior to joining Above Security, Tim acquired over 30 years in the security industry with leadership experience in both the physical and information security realms. He held executive positions at a number of organizations, notably as the Chief Information Security Officer (CISO) for the Government of Alberta and as Director, Enterprise Information Security for Suncor Energy Services Inc.
Tim has presented as a keynote speaker at conferences across North America on such diverse topics as enterprise risk management, converged security, and implementing enterprise information security programs. Tim was awarded his Master of Science in Security and Risk Management (with Merit) from the University of Leicester and attained his CISSP, CPP, and CISA security designations.
Tim was interviewed by Canadian Security Magazine in 2011 for his work as CISO with the Government of Alberta, and is a regular columnist for the magazine. Tim is also the international Chair for the Information Technology Security Council with ASIS International.
Keynote Title: It’s not CSI! – Developing a Forensics Program Executives Understand
One of the most difficult decisions an organization can take is to develop its own digital forensics program. Listen to the missteps and successes Tim McCreight endured while developing internal forensic teams throughout his career. While not a technical specialist, Tim managed to “sell” executives on the merit of the program, and learned the hard way that the CSI Bias is alive and well!