Digital intelligence: Preserving evidence integrity in a new maze of data points

Tuesday, 1 October 2019 01:25 -     - {{hitsCtrl.values.hits}}


By Hiyal Biyagamage

During the first session of last week’s Cyber Security Summit 2019, which was themed as ‘Digital intelligence for making the world a safer place’, speakers discussed how organisations need to acquire and apply new knowledge and skills related to digital technologies: social, mobile, analytics, cloud, and cybersecurity. They pointed out that digital intelligence addresses the what, why, where, when, who, how, and how much of digital technology to improve our operational efficiency and outcomes, more than the ability to use digital technologies. 



A myriad of opportunities for cybercriminals 

Speaking at the first session of the Cyber Security Summit 2019, themed ‘Digital intelligence for making the world a safer place’, Dr. Sam Bowne, Founder of InfoSec Decoded Inc. explained the evolution of cybercrimes over the years and cyber warfare – a new chapter of war which is well and truly underway, threatening both developed and developing nations. 

Dr. Bowne has been teaching computer networking and security classes at City College San Francisco (CCSF) since 2000. He has made a name for himself at DEF CON Hacking Conferences, the world’s longest-running and largest underground hacking conference, since 2007 and his body of work encompasses several other conferences such as DEF CON China, HOPE, BSidesSF, BSidesLV, RSA, LayerOne and Toorcon. 

He has many credentials to his name, and among these is a DEF CON Black Badge and Splunk Core Certification. A Certified Ethical Hacker, Prof. Bowne’s continued presence at DEF CON since 2007 has led to important discussions and training being conducted, which include ethical hacking at DEF CON 17, security of Android apps at DEF CON 23, evil DoS attacks and strong defences at DEF CON 21 and data evaporation on SSDs at DEF CON 21.

Addressing the gathering, Dr. Bowne said cybercrime today has become an industry unto itself and with the cybersecurity industry rapidly involving, so does the cybercrime industry. 

“Enterprise data is the foundation of this industry. Cybercriminals are using vulnerabilities, botnets, APTs (Advanced Persistent Threat), ransomware and other evolving tools to generate significant sums of money by attacking organisations and infrastructure. There are readily available underworld market and supply chain for these criminals, and the foundation of this value chain is obstructing access to enterprise data or stealing them,” said Dr. Bowne.

In a world full of increasing opportunities, Dr. Bowne said the combination of dark web and cryptocurrency mechanisms like bitcoin had reduced the transaction costs and threats associated with being a cybercriminal. “Many criminals don’t get caught stealing. They get caught attempting to transact upon what they stole. That is what dark web and bitcoin can do in unison. What this does is that it draws in more actors, leads to increased specialisation and enhances the effectiveness of the entire cybercriminal industry.”

“Fundamental to digital transformation is that enterprises are simply generating more data than ever before. It’s part and parcel of a knowledge-driven economy and how enterprises create and deliver value. All of this data – stored in an ever-shifting array of locations and repositories – presents more opportunity to the cybercrime industry.”

He also discussed the ‘App Economy’ which opens up innumerable ways for attackers to exploit enterprise data. “Apps, which comes in different modes including mobile apps, e-commerce sites and web portals, are fundamental to digital transformation and they are now the defacto approach that enterprises take when it comes to interacting with consumers and businesses. Apps are directly generating a lot of data that translates how enterprises are creating value for their stakeholders. Amid this huge data explosion, the ‘App Economy’ acts as a gateway to enterprise data and expands the potential attack vectors available to cybercriminals, providing more opportunities for them to thrive on,” said Dr. Bowne.

Dr. Bowne carried out several live demos for the audience where he explained about vulnerabilities of Android apps, proper password management, how to use cookies to store data securely and a backgrounder on Android keychains. 



Amid a cyberwarfare 

Dr. Sam Bowne also spoke about the digital battlefield of cyber warfare where high-level cyberattacks have become major news headlines over the years as these attacks were reported against a range of sectors globally. Not only had the sectors been attacked but state-sponsored cyberattacks on critical infrastructure are helping to cripple nations, either by destabilising key economic contributors, stealing valuable data or by disrupting core national services, such as public access to power or healthcare.

“By doing so without having to set foot on the ground, the cost of warfare is drastically reduced, making it very likely this will be a tactic of choice in the years ahead.”

“Another method we have seen unfold is the use of technology to attempt the influence of votes, public opinion or trust in Governments through media manipulation and malicious websites. As alarmingly realistic deep-fakes of key political figures seep into major online platforms, the possibility that such manipulations will become too sophisticated for the public to detect becomes very real. With the US 2020 election campaigns gaining pace, a new wave of manipulated propaganda could be on the horizon,” Dr. Bowne opined further. 

Although the move to cyber warfare is clear, Dr. Bowne said the human element is still inherent, and necessary for any plan, deployment of strategy or counter. This means people, process and technology are the three crucial components for any cyber warfare defence strategy. He said national mandates, top-level policies and secure frameworks set by the Government are essential to protection efforts. 

Furthermore, he pointed out that many C-level executives are intimidated by technical managers. This is one of the key observations he had come to realise after consulting with several global companies over the years, Dr. Bowne opined. 

“They feel like they have to understand all the detailed technologies underneath them, but I would argue that this is completely untrue. If you are the captain of the ship, your job is to drive the ship, not to fix the engine or identify every bolt and nut. You have your staff to do that, but the staff has this tunnel vision. There is a fundamental rule you need to understand here; nobody will care about breaking laws and destroying the whole company except the people with a ‘C’ in front of their title. When a technical employee tries to destroy the company with malice, they cannot see that they are driving the company off the cliff; only C-level executives could see this and address the issue.”

“That is why they need to ask the hard questions. They have to ask what data you collected, where you stored it, how safe do you think they are, and so forth. And ask the employee not to tell you how complicated the process was to explain it back to you. It is not safe unless your technical manager could explain how it is protected,” he mentioned.

 In such context, Dr. Bowne said the right people are required to implement and manage technologies to prevent and respond to attacks – meaning the role of cybersecurity experts is never more important.



Tackling cybercriminals with digital intelligence

Speaking at the first session, Arthur Veinstein, Managing Director APAC of Cellebrite spoke the importance of digital intelligence for a safer world. 

“Today, everything is connected. In Sri Lanka, I read that there are 20 million people, and the number of mobile connections is 28 million. Every one of us carries our mobile phone with us. If I go to work and have my mobile phone with me, there is no issue. If I forgot to take my mobile, I would return home to retrieve it. The mobile phone has become our life because we store all of our data within it. Guess what? Your data is not secured,” said Veinstein. 

Cellebrite, headquartered in Israel, enables investigators to capture insights in today’s complex, digital world. Their digital intelligence platform provides a complete and objective picture of the evidence, empowering agencies and investigators to solve and close cases faster than ever. Cellebrite’s singular focus is to help law enforcement agencies solve every case and complete every mission. The company came into fame after they offered assistance to unlock an iPhone in 2015 when the Federal Bureau of Investigation recovered an iPhone 5C from one of the shooters who was involved in the December 2015 terrorist attack in San Bernardino, California. 

“Today, law enforcement agencies across the world are trying to fight cybercrimes. The only way to investigate and analyse evidence is by going through mobiles. Through mobile phones, you can access any piece of data the person has, and understand different patterns of how people act and think. It is no secret that there is a significant decline in buying desktop computer and laptops among youth as they prefer to store their data. That is why Cellibrite is fully focusing on mobile devices.”

As Cloud Computing is getting a firm foothold as an IT business solution, Veinstein said it is appealing to more and more organisations as a possible migration route for their IT infrastructure and business model. The centralisation of data in the Cloud has not gone unnoticed by the criminal element among us and as such, data centres and cloud providers have become targets for attack. Traditional digital forensics methodologies and procedures struggle with cloud computing environments as it introduces both remote storage issues as well as other virtualisation storage management technologies. 

“Your Whatsapp messages stored in the cloud. Not only your app data but private and publication information, which includes government information, are continually being backed up to the cloud. In Singapore, all the government authorities sign agreements with the top three cloud vendors to use their cloud capabilities, including the use of their private cloud. I believe these authorities are doing the right thing because those cloud vendors know how to deal with cyber issues. If government authorities were to add their own data storage and data sites, cybercriminals have a real opportunity to hack into these systems,” he said.

According to Veinstein, the seemingly endless supply of anonymous computing resources in the Cloud could provide a potential breeding ground for a new wave of computer crime. The mass of sensitive information stored in the Cloud, such as credit card and social security numbers, images and emails make the cloud an attractive target for cybercriminals. Furthermore, he mentioned that the immense computing power at the disposal of anyone, including cybercriminals, gives access to easy-to-use encryption technology and anonymous communication channels that make it less likely their activities will be intelligible to or intercepted by authorities. 



Leaving digital traces

Veinstein said that cybercriminals are getting more sophisticated every day. “They are using multiple phones and aliases, and all these cybercriminals are using online forums for conversations rather than meeting in public places. They are leveraging cloud-based apps and increasingly use encryption methods. Companies like Cellebrite are constantly working to mitigate these sophisticated attacks by providing more state-of-the-art cybersecurity solutions. We help law enforcement agencies across the globe to extract data out of cybercriminals’ mobile devices and help relevant parties to analyse information and understand who the culprits are. Today, we are the only company who could unlock any iPhone or Android smartphone, and we offer this service to only law enforcement agencies and governments.”

He also spoke about fraudsters leaving digital footprints after committing a crime. Through digital technology, fraudsters leave behind their digital footprint, whether by Tweets, emails, logins, downloads or card swipes – and this footprint is exponentially harder to cover up than a paper trail. Deleting or encrypting are no safeguards, and will still provide evidence to the fraud examiner through the mountains of metadata that are available anytime we take action online.

“The answer of where to look for digital footprints is simple, yet complicated – look everywhere. Investigators have to answer five questions to figure out what has happened – where, when, why, what and who. Cybercriminals may be smart, but they tend always to leave a print. Tracking and identifying these traces will be crucial to prevent the next cyberattack.”

Veinstein went onto explain about Cellibrite’s Digital Intelligence Platform, which is the only end-to-end digital forensics solution in the world. He said, “To help create a safer world, you need to harness digital data to accelerate investigations. 85% of relevant evidence is now digital because that is so much of all our lives; it should be helping. More information means more leads and more ways to resolve cases but it also means a whole new maze of data points to navigate and understand. It can seem impossible to find your way through at all; let alone move as fast as you need, especially when criminals are mastering and exploiting this digital world at lightning speed.”

“It is time to turn digital evidence into digital intelligence. The holistic approach to data that helps you eliminate the noise, quickly identify the essential information and streamlines staff to finish processes so you can safeguard everything you are responsible to protect. To do this, you need tools that help you swiftly access data and collected in forensically sound ways to preserve evidence integrity. You need solutions with advanced algorithms and machine learning to pinpoint critical pieces of digital evidence to facilitate efficient and effective collaboration so you can complete more investigations faster than ever. For this, you need digital intelligence, whether it’s matching the right resources to your existing investigative workflows or creating new ones. Cellebrite will be here to partner with you and make the world a safer place with our comprehensive Digital Intelligence Platform,” concluded Veinstein. 



Thoughts from panellists

Ayesh Ariyasinghe, Deputy Director of the Financial Crimes Unit (FCU) of the Central Bank and Conrad Dias, Chief Executive Officer of LOLC Technologies Ltd. joined the session as panel members alongside Dr. Bowne and Veinstein. Ayesh Ariyasinghe commented on FCU’s approach to using different technology to mitigate financial frauds.

“The Central Bank heavily focuses on financial intelligence, not necessarily the investigation part. If you look at the financial intelligence aspect of any particular area, cybercrime activities fall into the gamuts of money laundering and terrorist financing. Because of cybercrimes falling within the unlawful activity scenario, financial and non-financial institutions of Sri Lanka need to identify cyber threats and alert the FCU of the Central Bank. The fact that how soon a complaint comes to us and in what manner it reaches us will be crucial for us to investigate a scenario. The timeframe of such an investigation depends on how we receive information, in what way we can access the information and how fast we can retrieve time-critical information without diluting the crux of it. It will help the investigators to go to the source of the crime,” said Ariyasinghe.

Conrad Dias weighed in his thoughts as a panellist on how a critical coding error would impact an organisation.

“If you look at today’s topic which is ‘Making the world a better and safer place’, it is crucial to look at the digital adoption since every organisation is going through the process. It is a real challenge for an IT unit of a financial services company, and it is not only about safer coding. Today, we are training our youth to become excellent coders but what is essential is to develop a pool of developers who understand the fundamentals of software development. Because of the pace of growth, we have forgotten about simple things.”   “My personal view is that we are fighting against a unique set of people as far as money laundering and terrorist financing are concerned. The collaboration between financial institutions to mitigate cyber threats needs to happen sooner. In my view, some of the high-end tools to tackle cyberattacks should be avialbale on a collaborative basis,” Dias opined. 

The strategic partners of 2019 Cyber Security Summit were Cisco and Visa, and the Co-Sponsor was Cellebrite. Other partners included official payment network, LankaPay; insurance partner Sri Lanka Insurance; official printing partner, Lake House Printers and Publishers; hospitality partner, Cinnamon Grand; creative partner, Triad; and electronic media partner, TV Derana.


Pix by Upul Abeyasekara and Ruwan Walpola