Hack3rCon in Today's Charleston Daily Mail

There is a nice story about Hack3rCon in today's Charleston Daily Mail with info about the conference and interviews with me and Rob Dixon. Being a former journalist it is ofter uncomfortable to be the subject of an interview, but Paul Fallon does a pretty good job of not misquoting me.

For more information about Hack3rCon visit http://hack3rcon.org/. A portion of the proceeds will benefit Hackers for Charity.

Welcome to Hack3rCon 2010 from The 304 Geeks on Vimeo.

Hack3rCon

The 304Geeks will be hosting "Hack3rCon", the first of its kind Information Security Conference in this State!


http://www.hack3rcon.org

Register Now!


Events:
Ethical Hacking Workshops with the guys that created, teach and develop Backtrack, the most widely distributed open source penetration testing toolkit.

We have a full day of special gust discussion on everything from advanced password cracking in 2010 to detecting and stopping intruders to hands on hacking lads.

That is right, we will be holding a hacking village all weekend. Get hands on experience on our private network. Experience mentor will be on hand to guide you through the exercises. Prizes***

We will also be hold a Hacker's Capture the Flag event! Go against other ethical hackers in an attempt to get all the flags first!!!

*****WINNER GETS A NETBOOK PREINSTALLED WITH BACKTRACK!!!

Special Guests:

Dave Kennedy a.k.a. Rel1k Creator of SET
Adrian Crenshaw a.k.a. Irongeek - Security Researcher
Dennis Boas - **Classified**
Martin Bos a.k.a Purehate - Core Developer Backtrack-Linux
Lee Baird a.k.a. LeeRock - Security Consultant, Ciphent
Mark Baggett - SANS Instructor, Security Blogger - Pauldotcom


$10 Hack3rCon All Access Weekend Pass when you purchase a CharCon weekend pass. (requires pre-registration before the event)

Keep an eye out for technology driven events and contest that will be host by the 304geeks!!

The 304Geeks is a local technology group here in Charleston. It was founded in 2009 by Rob Dixon and myself.

More on Hack3rCon to come!!

Appalachian Institute of Digital Evidence First Annual Conference

Appalachian Institute of Digital Evidence
First Annual Conference
July 27- 30, 2010
Marshall University Forensic Science Center


Seating is limited. To reserve a seat, email John Sammons at sammons17@marshall.edu with name, agency and contact information.

July 27 - 0800 to 1600 Cyber Security & Network Forensics

Schedule coming soon!

July 28 - 0800 to 1600 Law Enforcement


Today's Smoking Gun: An Introduction to Digital Evidence
John Sammons, Assistant Professor, Marshall University

Are you leaving evidence behind? Computers are everywhere and as such, they need to be considered as a vital source of potential evidence. Valuable digital evidence may be discovered in nearly any case, not just child pornography and identity theft. Homicide, robbery, drug violations are just a few of the cases that could be solved with digital evidence.

In this course learn the fundamentals of digital evidence, how it's different, how it's collected and how it could benefit your investigations.


Internet Investigations
Josh Brunty
Marshall University Forensic Science Center

Investigating a cybercrime and/or cybercriminal can be one of the most complex tasks facing the law enforcement professional today and requires a multidisciplinary approach supported by technical expertise that was once not needed with traditional crime. This session will focus on investigations and operations centered on the use of the internet and its many communities that are being exploited for criminal activity.

This session will teach investigators how to retrieve and/or extract such evidence using a variety of tools and techniques.

These two classes have already been submitted and approved for LET credit (4 hrs per).



July 29 0800 – 1600 – Digital Forensics

Windows 7 Forensics and USB Device Tracking

This technically intensive class is designed for the experienced digital forensic investigator. This class will provide an introduction to the Windows 7 operating system from a forensic standpoint. It will also cover the techniques used to track USB devices. The course is taught by Dustin Hurlbut, an Instructor from AccessData. AccessData is the world's largest provider of digital forensic software.

NOTE: LET credit approval pending


July 30 0800 – 1600 – Electronic Discovery

“Zubulake Revisited” - 2010 Guidance on Preservation Obligations and Spoliation
Douglas Crouse
(50 min.)

Tips For Developing an E-Discovery Response Action Plan
Matthew A. Kelly
(50 min.)

“Cull,” “Image,” “Early Case Assessment,” and Other Key Vocabulary
Jill McIntyre
(25 min.)

How to Assess Reasonable Accessibility
Jill McIntyre
(25 min.)

eDiscovery Collection
Dustin Hurlbut
(50 min.)

eDiscovery Analysis
Dustin Hurlbut
(50 min.)

Reforms of Civil Pretrial Discovery on the Horizon
Jill McIntyre
(50 min.)

Data as Evidence: Issues Governing the Admissibility of Electronically
Stored Information at Trial and in Summary Judgment Practice
Douglas Crouse
(50 min.)

Controlling E-Discovery Costs in Litigation
Jill McIntyre
(50 min.)

A Chilling Article About Law Firms Becoming Targets of Cyber Criminals

I have long said that law firms are lucrative targets for hackers. Today a story appears on page DC - 1 of the San Francisco Chronicle called "Law firms are lucrative targets of cyberscams".

Last spring, a Long Beach law firm received an e-mail from a Hong Kong businessman seeking help collecting debts from American customers. An attorney with the firm saw it as a great opportunity to reel in more business during the economic downturn and agreed to help.

After a month of signing paperwork and exchanging telephone calls with his client, the attorney received word from one debtor who sent a $200,000 cashier's check to pay off his balance. The attorney deposited it in his firm's account, subtracted his $10,000 fee and wired the remaining amount to his Hong Kong client.

An hour-and-a-half later, the attorney's bank called and told him the check bounced. Fortunately, the bank was able to prevent the wire transfer from reaching its destination. He almost had been duped out of $190,000.

"They send me a nice, big, worthless check," said the attorney, who asked to remain anonymous. "Needless to say that was not a fun day. They were the hardest 24 hours of my life.

The threat has been very real for a long time. Scammers have moved from just scamming "rich americans" and have moved on to targeting "rich american lawyers". The best defense against these sorts of scams are a good spam filter and user education.

If you don't have a user education program at your firm, start one. Your IT staff should be trained in security as well. Something like the CompTIA Security+ certification is a good start. Even the MCSE has track has security some great security components to it. You should also probably have a CEH or a CISSP on staff as well, or at least a security professional you can bring in to consult on a contract basis.

...Alex Stamos, a founding partner at iSEC Partners, a San Francisco security consulting firm that recently published research identifying about 100 organizations hit by the attack, said that law firms are on the list of organizations most at risk of being targets in the future.

"Most law firms are going to be in trouble if this is the level of adversary they're going to deal with," he said. "It's impossible even for the largest law firms to have a dedicated security team that can hold their own against these people."

This threat isn't going away anytime soon. Be alert and be careful. The threat is no long the 14 year old in the basement. It's organized crime.

How Cybercriminals Steal Money

Two Great Novels

Daemon and its sequel, FreedomTM may be the best novels I have ever read. Below is a video of the author, Daniel Suarez, speaks on "Bot-Mediated Reality".

Bots, or hardware and software robots, are already a large part of human life. Including botnets used to send spam or generally threaten the Internet.

The Internet is Evil John Strand Louisville Infosec Conference Video

I had to miss Louisville InfoSec, but Irongeek comes to the recuse with videos from the conference.

Below is a talk by Law Firm IT favorite John Strand. John is a SANS instructor and a member of the PaulDotCom crew, called "The Internet is Evil". Thanks to Irongeek for taking the time to record, post and host these on his site.