RECON VILLAGE - 1983: I'm born 2018: I'm Cathing the Bad Guys

Video thumbnail (Frame 0) Video thumbnail (Frame 1385) Video thumbnail (Frame 2052) Video thumbnail (Frame 7490) Video thumbnail (Frame 8825) Video thumbnail (Frame 10402) Video thumbnail (Frame 14303) Video thumbnail (Frame 15327) Video thumbnail (Frame 17018) Video thumbnail (Frame 17380) Video thumbnail (Frame 17881) Video thumbnail (Frame 18311) Video thumbnail (Frame 18668) Video thumbnail (Frame 19505) Video thumbnail (Frame 20093) Video thumbnail (Frame 21275) Video thumbnail (Frame 24644) Video thumbnail (Frame 25372) Video thumbnail (Frame 25885) Video thumbnail (Frame 26951)
Video in TIB AV-Portal: RECON VILLAGE - 1983: I'm born 2018: I'm Cathing the Bad Guys

Formal Metadata

RECON VILLAGE - 1983: I'm born 2018: I'm Cathing the Bad Guys
Alternative Title
1983 Im born 2018 Im taking on the bad guys
Title of Series
CC Attribution 3.0 Unported:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor.
Release Date

Content Metadata

Subject Area
“I’m not a programmer. I’m not a hacker‚Ķin the traditional sense. But yet I was born in 1983, so surely that makes me a perfect fit for the DEF CON theme this year. Not enough? Ok, well how about the fact that I’m currently using open source tools, techniques and methodologies to combat modern slavery, wildlife trafficking, terrorism and just about every serious organized crime the world is currently battling from a desk in the middle of the London financial district. Interested in hearing from a different viewpoint and perspective, then this is your talk. While you might not walk away with a new tool for your toolbox, you will gain an understanding into how the smallest contribution can end up the most profound and how combining open source resources can take on much bigger problems that you’ve maybe never considered. During my talk, I will cover a few examples of recent Open Source investigations conducted by myself, including details regarding the methodologies and tools which were used. We actively follow the person not the digital fingerprint to begin to understand and put a face to some of the most prevalent and serious organized crimes facing the world today.
Statistics Angle Code Software testing Mass Event horizon
Software engineering Suite (music) Game controller Multiplication sign Programmable read-only memory Maxima and minima Branch (computer science) Online help Disk read-and-write head Wave packet Facebook Coefficient of determination Different (Kate Ryan album) Core dump Gastropod shell Software testing Hill differential equation Traffic reporting Information security Address space Cybersex Email Nuclear space Plastikkarte Basis <Mathematik> Line (geometry) Degree (graph theory) Inclusion map Data management Personal digital assistant Password Cycle (graph theory) Astrophysics Spacetime
Open source Decision theory Fitness function Extreme programming Proper map Declarative programming Connected space Data management Uniform resource locator Coefficient of determination Internet forum Cuboid Software testing Form (programming)
Email Email Identifiability Key (cryptography) Information Multiplication sign Electronic mailing list Image registration Public key certificate Number Facebook Number Voting Different (Kate Ryan album) Website Software testing Moving average Information security Intercept theorem Traffic reporting Address space Row (database) Address space
Web page Information Transport Layer Security Fitness function Device driver Device driver 1 (number) Social engineering (security) Social engineering (security) Web 2.0 Facebook Goodness of fit Uniform resource locator Software Term (mathematics) Software testing Condition number
Information Software Multiplication sign
Information Twitter
Type theory Facebook Uniform resource locator Different (Kate Ryan album) Content (media) Line (geometry) Twitter Number
Ocean current Facebook Goodness of fit Profil (magazine) Different (Kate Ryan album) Direction (geometry) Moment (mathematics) Authorization Bounded variation Number
Email Dynamical system Workstation <Musikinstrument> Combinational logic Water vapor Login Number Wave packet Twitter Web 2.0 Frequency Personal digital assistant Different (Kate Ryan album) Integrated development environment Office suite Family Associative property Multiplication Address space Address space
Web page Facebook Building State of matter Set (mathematics)
Open source Information Software Weight Multiplication sign 2 (number)
I've introduced everyone by the wrong name for the past two days I thought I had to do it to myself as well okay so my talk is on 1983 I'm born I went thoroughly with the theme of the event of Def Con and 2018 I'm catching the bad guys so I've got lightning talk so that's why I've already started and probably going to race through this kind of quickly I've got a few caveats though I'm not a pen tester at all I can't code I can't do any of this I do or don't we come for a very different purpose so commit things from a very very different angle than 99% of the talks I've actually introduced and hosted here the next one is I am suffering massive impostor syndrome and have been for the past three days I once again I've kind of come here going what the hell am I doing here and then I've introduced everyone stat then gone yeah you fine and then stood here myself and going what on earth am i doing so if you're ever suffering that by all means just kind of do this and let's see how it goes the next one is I
really run with the 1983 theme the 1980s were not the best decade for fashion if you weren't having to suffer the shell suits in the u.s. then you certainly were in the UK really sticking on the 1983 theme it was my birthday on Wednesday so I get to really thoroughly celibate but the fact that is in 1983
okay so really quickly kind of given my background because this is why I approach things in a really different manner I've got 35 years experience of doing stuff and I kind of sat there and thought well how can I run everyone through my background and I thought the best way to do it was in a time line of dinosaurs to DEFCON now this is my great timeline in which I start really close to the dinosaurs of 1983 being born I promise you 1983 theme will now stock from then 1990 to 2001 I went to an all-girl school in the UK all-girls schools brilliant they basically trained just to think a very specific way so that we all kind of came out the same they wanted doctors they wanted lawyers and we were allowed to do whatever we thought so on that basis of doctors and lawyers in 2001 I went to London and I did a master's degree in astrophysics didn't really fit the mold but I thought well hey let's go and do this I was the kid who wanted to be an astronaut I graduated with my masters when I was 21 and then it was a case of what am i doing next where am I gonna go do I want to know PhD in astrophysics nope I went and joined the Air Force and thought hang on a second now go and do something different if you think you're about to hear a reconnaissance briefing from someone who's been in any intelligence branch that's not me I didn't do any intelligence training I'm not a pen tester I was a narrow space battle manager I was a weapons controller so for three years I spent I spent all my time basically in the desert controlling aircraft over Afghanistan fun fact I'm the only person to have controlled all of the airspace in Afghanistan and I'll walk with that the whole way through my career so in 2012 I bought out the Air Force they offered me another 12 years and I thought do I do this and I thought you know what no I'm gonna go and I'm gonna do yet another master's degree in yet another capital city and I moved to DC I thought I know what to do I'm kind of smart I've got the military experience I'll go to DC and help educate people on the hill because they'll want to listen and be educated three and a half years I tried to educate people on the hill I stood there when the 3d going got printed and told them don't panic they panicked ballistic missile defense every single summer was the topic that we were talking but it just keeps on going around on the same old cycle so in 2015 I decided enough was enough I moved back to the UK and I ended up falling into an ardent research post in King's College University now the others in post was basically looking counter-proliferation nuclear proliferation can you learn about behaviour of nation-states online so that you can really kind of see and predict whether they are going to go nuclear or not we were doing that on behalf of the United Nations and that's kind of where I kind of realized that the skills that I've got even though I didn't have any training and my excessive amount of Facebook stalking really could kind of filter into what we do I got really tired really quickly in academia because things move far too slowly so in 2016 I make the bold move and I joined a cyber security company didn't know what I was doing and start next to a pen test of seven months writing his reports because he didn't want to and that was the best way that I learnt what I ended up kind of sitting there and doing though is going well why are you only wanting to find out somebody's email address why are you doing that why are you looking for their email address in a dump that makes no sense if you look for their kids the passwords likely to be something to do with that or a dog or something else so I kind of twisted things in my company which is then kind of where I'm still there now it's also one they had a research once again I've got no intelligence training and I'm sitting in the head of research in an arson company that's why I do that
so what pays the bills I've got to be serious here these are what I do i do employee screening through wasn't I do investment due diligence I did fit and proper tests the senior managers if you don't know what this is in the UK we basically now are making or senior managers and banks do a fit and proper test to say that they're trustworthy and honest it is a self declaration form how do you thought well I'm with you so what actually drives me with what I do and everything that I kind of do that pays the bills the rest this stuff kind of comes into this and I will cover this in the examples I work a lot with modern slavery charities to really try and see what we can kind of do through open sources to bring the fight so then I obviously with my background I've got a lot counterterrorism it's so dressing extremism online is a huge thing for me and uncovering fraud and crime moving forward so how do I
actually do this the first thing that I do and everything that I do is all about the person I don't go for URLs I don't go for open port I don't go for everything else I've sat there and heard about today yeah they may be useful but everything I do is about the person now the really interesting thing about this is over the past two days I've heard so many talks as to with gdpr and with this being locked down and with that being locked down well I'm sorry but for one of me you can't lock down your face so once I recognized your face I'm following you as a person so everything that I do follows the person online yes there might be an IP connection but that's just just a tick in a box as a confirmation for me people's behaviors and applying behavioral science to open source is really where you can learn more about a person than anything else it also means that if you end up going onto the dog where people tend to behave the same way we've sat down and looked at people who have the same username on eBay as they do on thought web forums well done kids you're great so the best
way that I end up doing this is through primary identifiers and secondary identifier now basically this is kind of for any pen testers out there you're gonna sit there you go oh well my primary it's gonna be this and this and this basically if I've got your name and your date of birth I can pretty much go everywhere a lot of the research I end up starting with is just a name if you've used every user site like jeans reunited or you can get people's birth records their marriage certificates their everything if I can get that I've got your date of birth I've got your mother's maiden name I'm already answering a lot of questions to be able to open a bank account once I thought your address we've just been hearing about the voter register if you can get your thighs and get your of the electoral roll in the UK any company's data or anything else and then moving forward email addresses you all know how to trace them as well phone numbers user names key individuals as well the number of times I'll speak to people it's like it's okay I'm not online and I'm like okay you're not but your kids are everywhere and it won't somebody spouse is everywhere and everything else so having the key individuals there as a primary identifier is one of the key things moving forwards now once I've got those key primary identifier I can do a lot of work with really following somebody and their behaviors to do everything like that the secondary identify is that list is never-ending but I put the bank details at the top for a simple reason for one guy who I actually worked with wrote a report on I was like dude you kind of like put the bank detail or bank details on a website you created for your 30th birthday party because you made people buy tickets and that was like 0.1 how obnoxious 0.2 why have you put your bank details there and he's like what are you gonna do pay me and I was like just watch so he gave me his bank details I knew his full name his date of birth his mother's maiden name I knew his home address I knew from Google Earth exactly where his mailbox was brilliant his wife then happened to post that they were boarding a flight in two days time to go on holiday and all of a sudden I'm sitting there going I can intercept everything I've spoken to a number of different payday loan companies and I was like what information would you actually need and all the information that I would need was already sitting there so the worst that I could do was take a 10,000 pound loan out in his name so that when he came back of holiday he had all those debt collectors already coming after him okay the thing about all of this is and the people are like oh I'm not posting stuff about debt and gdpr and all the information getting locked down the simple fact of the matter is we're sharing more information than ever before and it starts before were even
online how many people are sitting there going oh I've seen this people put the baby scans on Facebook people do this and then those kids born brilliant
you've given me the kids date of birth the full name of the kid the fact that the kids got a sibling if I go through that mom's Facebook page I'm probably gonna get her maiden name as well because maybe it's in the URL that she hasn't changed it or anything else so the person's footprint with a lot of the key identifying information is already there before this kid can even pick up an iPad like we're not kind of sitting there going oh well this is secret and everything else it's already a lot there so the good
the button the ugly and how this information can be used so back to my drivers I think that kind of fits into the good this can be used in a really really negative way let's be honest but if you actually spin it and try and use against some of the biggest crimes that we're facing internationally then you can cop start to build those networks and to actually build this behaviour to try and see what we can combat obviously with social engineering whether you are doing it for pen testing whether you're doing it because you want a really good date I don't know but they got the bad new Glee with they're an extreme Facebook stalking I absolutely mean searching and it is one of those that the fact of the matter is people are reading all of those those terms and conditions people aren't sitting there and going old what on earth do I need to do or anything like that okay so here's a couple of examples that I'm going to end up running through really really briefly we are approached by an insurance company and the guy basically came to us and was like can you find out information being sold online I know it's gonna be on the dark web I just know it why because everyone feared this magical beast and it's definitely where all the information was well we found the information for sale
we found it on LinkedIn it's something that people will use this guy was using his LinkedIn to sell the information and it's just a couple of posts that he was actually doing he'd not been doing it for a short amount of time either this was just a couple of weeks before he'd
actually been doing it this post is for two years earlier and apologies to marketers put in your information on but he was actually using snippet to the data and posting it on to LinkedIn there was a whole network of individuals who then interacted with all these posts to turn around and go oh yeah I'll buy this I'll buy this so before it no it we already know our network of everything
else so we spoke to the insurance company and I was like we found some of your information for sale and everything else and he went can you identify the guy well let me see luckily for him and
his information within his LinkedIn account he had his Twitter handle well that's kind of convenient so I then went
to his Twitter handle if where I then got a location for him I got a pretty obnoxious picture of him and the content within his Twitter basically went off along the lines of a certain type of individual who really isn't up my street but never mind
his very first post that he had on to it was him telling me oh by the way I've just set up a LinkedIn account thinking that this LinkedIn account would go to his other LinkedIn account I was like ok let's click away it didn't it went to somebody else in an entirely different name that that account had then been shut down but hang on a second I've now got a different name to work from what ended up then subsequently happening by combining a number of different things basically he'd been trying to sell number plates on LinkedIn as well those number plates he's also tried to find on Facebook and then all of a sudden you find his Facebook and he's standing
there holding a gun this isn't the u.s. kids this is the UK so when I'm sitting there with somebody a Manchester around the corner from me and I'm seeing a picture like this I'm like oh no something bad happened what you can't really see there is his current profile picture which is his - picture of his two baby girls well you've got to change the direction there and everything else he had so many pictures here pictures of
stolen goods he had pictures of his money his name spell out money and everything else and it was one of those moments overall you really oughta leave this stupid yes so we contacted the insurance company and we basically turn around and said okay with this is the guy don't quite know his name because he's seeing a number of different variations but what you want us to do we'll get as much as you can and we'll give that hangar over to the authorities so 24 hours later I went back and this Facebook accounts being deleted he'd been tipped off by somebody in the insurance company to get rid of his footprint well that kind of pissed me off so basically I then turned away it sat there and what what am I gonna do what I ended up handing over to the
police was his full name his date of birth his spouse his kids his addresses for the past 16 years his associates in his contact details why had I done all that because through everything that I'd ended up happening through his Twitter account through his Twitter account logout I knew I had an email address he'd actually gone and done an insurance quote using that email address insurance data when they said you want to share this with third parties they are saving the data that you put in there and all it was the case is going with what hung in a second I've got that email address I've got an address let's do the name of the individual who lived there which ended up being a combination of a number of the different usernames and handles that I'd ended up seeing so we handed that over okay one final kind of thing that I will run through the Nigerian businessman I'm not being stereotypical but these are two guys and it was a multi-million dollar deal I had to kind of just do the seal of approval tell me these two guys are great well this is kinda why I ended again the simple fact of the matter is the two guys ended up being spread across the web under many different names they had self elected each other in two different roles one of them had elected himself into the environmental role who then gave approval to his brothers company to set up this water purifying station who then gave approval but to the other brothers cement company to do the to build the plant who then gave permission back what ended up happening was they poisoned an entire village a number of people actually ended up dying for that and the two of them went underground they didn't go underground they changed their names and they moved to Newcastle in the UK where they set up an entirely other business that kind of went on so in December 2017 this was referred to the UK Serious Fraud Office the deal all obviously fell through and that's kind of where we left it I thought this was such an interesting case that I ended up moving it into my training processes that I end up training my analysts at my company with and I was like you know what here's your trial go ahead and then all of a sudden it didn't and so we go back and we're reviewing it and everything else it's gone to the Serious Fraud Office in December 2017 and in
January 2018 my ex commissioners dead in China he went on a business trip and he's died and everything else at Oval was kind of changed the dynamic of all this only here he is in February on his
Facebook page a brand new picture of his new outfit because he's moved back to Nigeria under a new set of names he's using the same Facebook account though and it's not a soap oh he's just posted a new picture or somebody's posted a picture or anything else could he keeps on going under I
looked at this this morning and he's still actually posting he's like talking about how you can build something great and he's and they're once again trying to be elected in under a different name in the same state that apparently he was a previous death person I don't even know absolutely craziness there okay the
other thing that I do kind of want to finish off in my last three seconds is that I actually work with the charity that does a lot of it the charity that I work with is stop the traffic and basically they've got a center for intelligence-led prevention what they're doing is using open sources to try and learn as much about the methodologies that people involved and everything else it's not about saving people who are trapped in slavery it's not about anything else it's about disrupting those networks from the outside in if we can try and learn more about them than they know about the networks then that's kind of what this is trying to do so if you want any further information on that I spend a lot of my spare time working with them to try and figure out exactly who and what and everything else is recruiting okay I fitted it into use I've told
everybody else stay on time and thank you very much [Applause]