'Cyber' Who Done It?! Attribution Analysis Through Arrest History

DEF CON 24

Presented by: Jake Kouns
Date: Saturday August 06, 2016
Time: 16:00 - 16:50
Location: Track One

There have been over 20,000 data breaches disclosed exposing over 4.8 billion records, with over 4,000 breaches in 2015 alone. It is clear there is no slowdown at all and the state of security is embarrassing. The total cybercrime cost estimates have been astronomical and law enforcement has been struggling to track down even a fraction of the criminals, as usual.

Attribution in computer compromises continues to be a surprisingly complex task that ultimately isn’t definitive in most cases. Rather than focusing on learning from security issues and how companies can avoid these sorts of data breaches in the future, for most media outlets the main topic after a breach continues to be attribution. And if we are honest, the media have painted an "interesting" and varied picture of "hackers" over the years, many of which have caused collective groans or outright rage from the community.

The Arrest Tracker project was started in 2011 as a way to track arrests from all types of "cyber" (drink!) and hacking related incidents. This project aims to track computer intrusion incidents resulting in an arrest, detaining of a person or persons, seizure of goods, or other related activities that are directly linked to computer crimes.

The Arrest Tracker project currently has 936 arrests collected as of 4/23/2016. How does tracking this information help and what does the data tell us? A lot actually! Who is behind these data breaches and what are the demographics such as average age, gender, and nationality? Which day of the week are you most likely to be arrested? How many arrests lead to assisting authorities to arrest others? How many work by themselves versus part of a group? These observations, and a lot more, paint an interesting picture of the computer crime landscape.

Jake Kouns

Jake Kouns is the CISO for Risk Based Security that provides vulnerability and data breach intelligence. He has presented at many well-known security conferences including DEF CON , Black Hat, DerbyCon, FIRST, CanSecWest, RSA, SOURCE, SyScan and many more. He is the co-author of the book Information Technology Risk Management in Enterprise Environments, Wiley, 2010 and The Chief Information Security Officer, IT Governance, 2011. With all of that said, many people are shocked to find out that he has a CISO title, and many others can’t believe that he has been attending DEF CON since the good old days of Alexis Park! Twitter: @jkouns Risk Based Security


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats