I am honored to be presenting at DEF CON 23 this August in Las Vegas where I will be presenting a session titled “Confessions of a Professional Cyber Stalker." In my talk, I will be discussing various technologies and methods I developed and used to track criminals leading to at least two dozen convictions. Many times in the process of recovering stolen devices, larger crimes would be uncovered, including drugs, theft rings, stolen cars, even a violent car jacking. Much of the evidence in these cases would be collected by stolen devices themselves, such as network information, photos captured from laptops and cell phones but often times, there was additional data that would need to be gathered for a conviction. During the session I will walk through real cases and discuss in depth the technologies used and additional processes I went through utilizing open source data and other methods to target criminals. I will also discuss how these same tools and methods can be used against the innocent and steps users and developers can take to better protect privacy. In this presentation, I will cover and provide example code and tools for:
- Use of USB "friendly" trojans to track, monitor and recover peripheral devices including iPods, flash drives and other devices
- Show how USB based malware is still a threat, particularly in industrial and healthcare environments
- Teaching laptops and smartphones to be informants in their own abduction
- Social engineering with AppleScript as an attack vector targeting Mac users (with a demo)
- Mining the web for EXIF data and searching for stolen cameras and other crimes
- Cyberstalking suspects with social media and OSINT for additional evidence and clues
I will highlight how these various techniques were used in actual cases including:
- Tracking and monitoring stolen phones from a wireless store leading to unveiling of large theft ring
- Tracking of a stolen flash drive with sensitive data to a university computer lab and correlation of other evidence to identify the culprit
- Tracking a stolen laptop across the country leading to unveiling of large theft ring
- Recovering $9K worth of camera equipment for a pro photographer a year after it was stolen
- How another theft ring targeting Portland schools was unveiled and how software tricked them into turning each other in
- Development of USB based persistent trojan for tracking export controlled devices
- Tracking laptop stolen during violent car jacking and car theft in Brazil
Through these case studies and revealing of tools and techniques, I will illustrate the Internet of Things threat lays less in the vulnerability of individual devices, but in the data they harvest. The ability to connect seemingly anonymous points of data and link them to devices which are then linked to individuals allows law enforcement, nation states and criminals alike to create rich profiles of individuals and track them physically, as well as online.
