Category Archives: cyber forensics and information security

Highlights: Bitcoin w/ Dr. Werner Kristjanpoller

In case you missed the presentation Bitcoin: A New Paradigm or a Financial Bubble?, here is what was discussed by Dr. Werner Kristjanpoller, our RMU Fall 2017 Rooney International Scholar.

Dr. Werner Kristjanpoller:

  • professor in the Industrial Engineering Department at Universidad Técnica Federico Santa María (UTFSM), in Chile
  • Career Director of Industrial Engineering for UTFSM’s main Campus
  • Director of 3ie – the Business Incubator of UTFSM
  • Ph.D in Business Studies at the Universidad Autónoma de Madrid, in Spain
  • MBA from UTFSM
  • Industrial Engineer
  • Vast research and teaching span includes:
    • finance and economics
    • econometrics
    • application of artificial intelligence to forecast financial assets
  • Published in several journals such as:
    • Expert Systems with Applications
    • Applied Energy
    • Computational Economics
    • Sex Roles
    • Journal of Pension Economics and Finance
    • Emerging Markets Finance and Trade
  • His plans at RMU are to research crypto currency, and develop a hypothesis for returns and volatility of Bitcoin.

The Presentation:

Bitcoin: hot topic – the fundamentals of currency.

Need for currency

  • Barter(good for small civilizations) -> (increased commerce)currency
  • EX: salt, seafood shells, cow, vegetables, stones, etc.
  • Gold: most popular, and silver appeared – prevented currency from expiring. Creation of coins
    • Gold stores – transferred your gold to a paper equivalent; beginning of bills
    • Needed coins/gold to support the money being printed
  • Gold system – all the money of a country needed to be able to be turned into gold that each central bank protected. Since 1930. Money could be changed to gold, and vice versa.
    • Every country has responsibility – but then it was left up to the US dollar to be the standard for all coins.
    • EX: pesos to US dollar
    • 1973: Nixon decided to end the condition of the uS dollar as the standard because we did not have enough gold to support the bills.
      • US was running out of gold needed to support all the circulating dollars.
      • TODAY: no metal support. Money only has value because we trust that it has value. -> essential to the financial value of Bitcoin.

Crypto Currency – 2009; virtual money; seeks decentralization – no central state controlling this; no one has control over the internet.

  • Only generates a number of previously sdefined units, at a rate that is limited by a previously established and publicly known value
  • We have a fixed amount
  • More than 800 currencies have been created – bad
  • Allows you to make purchases internationally and be exchanged for another currency without intermediaries
  • Some think that there will be no tellers, cash registers, queues, or waits;
    • Amazon Go*: no lines – just walkout and receive payment to your amazon account; Dec 2016. Use of virtual currency and algorithms to keep track of what you pick up, and you can just leave.
    • Bank behind transactions.

Bitcoin – virtual currency, which is generated in a consensual network that allows a new payment system.

  • First specificiation of the bitcoin protocol and proof: Satoshi Nakamoto (referred to this as his pseudonym) in 2009 in an email list launched this proof of concept.
  • Numerous developers working on the bitcoin protocol; more people began to grow exponentially into the community of bitcoin: the more people who trust in bitcoin, the more industries will begin accepting bitcoin as a currency.
  • Bitcoin has no owners
  • Bitcoin network shares public accounting called “block chain” – system behind bitcoin

How does bitcoin work:

  • Exchange money electronically like an email or a text
  • Makes sure no one can send money from someone else’s account
  • Signature required based on cryptography – used to create signatures through decryption proving that it is them; signatures cannot be copied because they are different for each transaction
  • Provides a decentralized system
  • Maintainers – keeps personal copy of ledger and updates it
  • Fraud can cause changes in ledgers – vote on which one is the correct ledger using a mathematical formula by having users solve the problem, hand in the answer, each vote has a cost in electricity and computing power.
    • Keeping it fair: each puzzle is based on previous answer before starting
    • Only thing that makes people finish it faster is through having more electricity and computing power.
    • Solving puzzles -> small money; these people are called “miners”; randomly generating new money for the solving of puzzles.
  • Reliability: accurate ledger is found through mathematical probability

Advantages:

  • Ease of payment – send and receive instantaneously
  • Security and control – bitcoin users have complete control over their transactions
  • Very low rates – payment swith bitcoin are currently processed at low rates or at no charge. Can send money from US to Japan with no additional cost instantaneously.
  • Less risk of fraud
  • Neutral and transparent – all people know the quantity of bitcoin in the world – it is open to all; all information is available

Disadvantages:

  • Degree of acceptance – many people still do not know Bitcoin; “big barrier to jump”
  • Volatility – the total value of bitcoins in circulation and the number of businesses using bitcoin are very small compared to what it may become.
    • volatitlity can be used to as an advantage in some cases
    • Bitcoin: keeps increasing in price, lowering in price, coming up to $6,000 per Bitcoin soon.
    • Financial battle: because it continues to change
  • Developing System – still in the beta phase with many incomplete features in development.
    • “Déjà vu” – “what is internet” (1994) “why would you buy a computer” “bitcoin”(made in 2009) – designed to be self-stabilizing.
    • Bitcoin is no longer a scam? Goldman Sachs boss Lloyd Blankfeind said his bank was considering bitcoin.
    • Howard Marks – billionaire investor; referred to it as a fad but has now accepted it as having the most valuable characteristic – people believe in and trust bitcoin as a currency.

Is bitcoin a threat?

  • Fear about crypto currency because it implies to lost power – loss of state power – loss of centralization.
  • Several industries can be negatively affected with the break-in of Bitcoin
  • Several governments have been forced to regulate their use or ban it.
  • Several governments have been pushing cashless
    • If all transactions are done by card or transfers with banks, the govt could lose power
  • Some banks in Japan want to launch their own crypto currency – J coin.
    • Japanese government could be accepting
    • Against economy’s basis in Japan to reject Bitcoin.
    • If japan launches J-coin; and you have to choose one – you are more likely to choose J coin over Bitcoin due to the fact that J coin is centrally supported by an entire country.

Bitcoin behavior:

  • Research in progress “Forecasting the Bitcoin Volatility
  • Kristjanpoller & Minutolo 2017.
  • Mixing econometrics model with networking
  • Generate bitcoin volatility for a week, weeks, and a month.

Q&A:

A question was asked about the legal implications of the court trying to define Bitcoin (property/currency/both?)

  • Report gains in bitcoin as gains in property
  • Federal government’s legal system is trying to see how to view it as well as how the IRS should view it.
  • IRS – asset not taxed; official policy that it is property and should be taxed as such and not currency creates an inefficiency in the market.  Smart companies will trade capitol in Ireland to bitcoin and then bring it back to the US because it will get taxed differently.  If not seen as a currency, then it cannot be taxed as currency.
  • J coin is an attempt to change the tax on that earnings.

Recommended readings/videos:

  • The Aisles have Eyes
  • The rise and mine of Bitcoin
  • Money: the Unofficial Biography

Highlights: Splunk Presentation with U.S. Steel’s James Wolfe

This event was held October 26th, and in case you missed it, here are some of the highlights to be taken away from the presentation.  So, if you were in class and regretted now skipping class for this, we have got you covered!

Main Points:

  • Searches – he discussed how when you use the search bar, it is important to understand its format:
    • [general code] | [less general] | [continually more specific search]
    • as you can tell, the idea is that there are commands that you use that are processed from left to write, and each command is separate by the |(pipe).
  • Save searches! – with there being so many different ways to slice all of the network traffic that Splunk is managing, having different frequented searches saved is very convenient to insure more time searching network traffic, and not google for Splunk commands.
  • Statistics – in order for anomaly detection to work, there needs to be an idea of what is normal.  One person’s smile could be another person’s bad-day face.  It is important to judge off of what is normal for the network traffic, much like judging someone’s behavior off of what is normal for that person.  The statistics generated are what determines what falls within normal behavior for their network.
  •  Real-time Graphs & Charts – generating graphs and charts that will actually change and adjust in real time are super important.  It allows an easy way to understand what is going on in the network – instantaneously.  Wolfe stressed that bosses will love something so clean, visually appealing, and content-specific.

Splunk application:

This presentation was about Splunk, the security event manager/log aggregation software.  If you have had Paullet’s class and suffered through the wonderfully challenging Enron emails assignment, then you have had a small taste of this software’s capabilities.  Splunk can be used for a wide variety of applications because of its ability to organize/index large sums of information with ease into databases, or indexes.  James Wolfe focused on Splunk’s network security applications.  James Wolfe is a security administrator for U.S. Steel, so his job requires him to focus on network traffic such as IPs, users, or anything that could potentially indicate a point of failure for their network.  Wolfe explained that the beauty of Splunk is that you can start looking without needing to know exactly what it is that you are looking for – exactly how I described my use of Splunk when trying to find incriminating Enron emails.  Because security is the importance of the job, he discussed the commands that would be useful for security.  These things included:

  • dedup – removes duplicates in your search.
    • EX: dedup user, src_ip
  • wineventlog
    • 4625 – this code indicates a failure to log in

A very basic example shown to us to show how the data was being used to detect anomalies was through the ratio or successful to unsuccessful log ins for users.  By creating a baseline formula for the rate of successful logins for each user, the computer can flag any time there is a change in this rate that goes within 1-2 standard deviations.  The data is all producing algorithms and equations based on what you – the user of the Splunk software – deems important.

  • table_raw – views the raw informaiton that splunk pulled the information from for the databases/indexes

This raw information was very education in seeing how convenient the software is, because the raw version was pretty jumbled, messy, and difficult to understand.

Career Advice:

  • Deskside/IT support is a good career start – you learn to troubleshoot
  • Ask as many questions as you can – be willing to do projects; this will make you valuable.
  • CERTIFICATIONS: N+* – basic fundamentals of networking.
  • Government – certifications are legally required
  • CCNA – CISCO; mid-level
  • Maintain a strong work ethic
  • Log into a firewall – download free for home*
  • 2 year schools like ITT tech allows hands on experience
  • 4 year degree preferable, but less hands on – it proves that you are hardworking and willing to put in the time necessary; this ties in greatly with having a strong work ethic.
  • Microsoft imagine account; dream spark; 2016 data center OS worth $3,000 [we get it for free at RMU, so utilize it!]
    • Spin up a DHCE from home
  • All acronyms – know.
  • Splunk: just saying that you have worked with Splunk automatically gives you an edge against the competition for any job in security.
  • Google: useful; know that it really is alright to google what you do not understand when doing anything on the computer.  There is so much to know, and as long as you accept that you will be learning throughout your entire career, you will be able to stay in demand with employers.

Fun Facts:

  • Companies have filters on their employee’s computers preventing them from going on certain sites.  Because you cannot access these through google, users will use Bing as their loophole to sites that they are not supposed to access.
  • U.S. Steel, much like other companies, uses firewall redundancy to prevent any debilitating security errors.
  • Splunk is free to download; free for developers license. All software is free all you need is to buy your own server with 16 gigs – plenty for an at home – of ram.  Buy second NIC. Spin up VMs. Download licenses.

Internship for National Cyber-Forensics & Training Alliance (NCFTA)

The National Cyber-Forensics & Training Alliance (NCFTA) is a Pittsburgh based globally focused non-profit corporation committed to identifying, mitigating and neutralizing cyber crime threats. The NCFTA operates by conducting real time information sharing by analysis and subject matter experts in the public, private and academic sectors. Through these partnerships, the NCFTA proactively identifies cyber threats in order to help its partners take preventive measures to mitigate and neutralize those threats. For more information see http://www.ncfta.net.

The NCFTA offers talented students an innovative work experience in a growing sector that will help them enhance their professional development and academic goals. Our program offers paid internships for undergraduate and graduate degree students. It is an intensive 12-week program that gives rising college seniors or graduate level students the opportunity to work in areas such as intellectual property fraud, financial fraud, and malware and cyber threats in order to build knowledge and skills in the intelligence analysis field. The student will receive training and be part of the team from day one. They will be assigned to a manager and mentor to enable them to quickly learn and acclimate. During their first few weeks on the team, they will participate in the internship orientation to become familiar with the NCFTA’s various resources, policies and procedures.

Role of the Intern:

Selected candidates will work on various organizational program initiatives. Duties will focus on conducting research and data collection using various tools and applications as well as proactive research in open sources to produce a finished product for dissemination. The intern will engage in collaboration with NCFTA partners and peers and be expected to participate in program meetings.

Internships with our Malware & Cyber Threats Program are more technical in nature and, as such, applicants with a sound technical background are desired. These duties may include writing scripts to automate processes (e.g. Python & shell/bash scripts), reviewing and analyzing malicious code (e.g. C, C++, VB.NET, Assembly, Java), and creating databases (MySQL, MS SQLServer, Postgress). Students with working knowledge of Mac OSX may have an opportunity to work on special projects.

Required Qualifications:
• Must be legally authorized to work in the United States and be eligible for a U.S. Government security clearance
• Major studies in areas of consideration: International Affairs/Politics/Relations; Intelligence/Security Studies; Computer Science; Information Security; Business Intelligence or related fields. Other majors are considered on a case by case basis.
• Minimum GPA of 3.0
• Excellent writing skills and strong analytical thinking
• Proficiency in Microsoft Office required
• Arabic, Turkish, Russian, Chinese and Eastern European language skills desirable but not required
• Extensive experience with computers and networking highly preferred but not required

Candidate Skills:
While applicants come from a range of academic backgrounds, the most competitive applicants also should possess the following:
• Flexibility and adaptability
• Take initiative and be self-motivated
• Work well with others and have strong interpersonal abilities
• Good judgment and decision-making skills

Locations: Internships are available in Pittsburgh, PA

Application Instructions:

How to Apply: Resumes should be directed to: HumanResources@ncfta.net. Please include:
• Your resume
• A cover letter in which you specify your qualifications for the position and address why you want to intern as an analyst
• Unofficial transcript

Uber Presentation – Wednesday, September 27th

Matt Wood, a member of Uber’s security team, will be presenting on cyber security threats and vulnerabilities as they relate to autonomous cars. The presentation will take place on Wednesday, September 27th, from 4:00PM to 5:30PM in the Wheatley Atrium.

This is a Top Secret Colonials sponsored event. Refreshments will be provided. Students can earn one hour of SET credit for attending the event. A flyer for the event is posted below.

UBER

Dr. Karen Paullet presents NSF-funded research on Mobile Forensics & Security at the RMU Research & Grants Expo

paullet-nsf-grant-expoOn April 24, 2017, RMU held a Research & Grants Expo highlighting a variety of faculty research and grant projects.  All of the RMU campus was invited to attend this event.  Dr. Karen Paullet presented the Mobile Forensics and Security Project, an NSF-funded grant.  Dr. Paullet is the PI on the grant, along with Dr. Jamie Pinchot (Co-PI), Dr. Sushma Mishra (Co-PI), and Dr. Fred Kohun.  Mobile security and forensics is an underrepresented area of study that is increasingly important in our current society.  This research will advance knowledge in the field of mobile cybersecurity and mobile forensics through a train-the-trainer program for 50 faculty members from universities across the United States.  Twenty-five faculty were trained in July 2016 and the remaining half will be trained this year.  Dr. Paullet also highlighted a new online certificate offered by RMU in Mobile Forensics and Security (MFS).  This certificate is now available and you can learn more about it here: Mobile Forensics and Security Certificate Program.

Risk Assessment for TEKsystems

Top Three Skills:
1) Conduct Information Risk Assessments as assigned to the team. Request and analyze documentation necessary to perform appropriate assessment and conduct necessary interviews in order to collect and review relevant materials necessary to produce results of the assessment.
2) Clearly and concisely document and communicate risk assessment results with requestor, security architects and management, as appropriate. (Be able to be that liason between the business and technical people).
3) Conduct and formulate appropriate risk scoring, as it relates to threat, vulnerability, likelihood, impact, security controls/counter-measures, etc. (Rank risk/inherent risk score).

Looking for an individual to come in with an information security background to look at documentation, review findings, and write risk assessments. This person will act as the liason between technical people and the business as they analyze data and rank risk based on their findings. Preferred knowledge of the HITRUST framework is encouraged, not required.

Qualifications:
1) Ability to communicate with technical and non-technical people.
Apply to Brian Jendesky at bjendesk@TEKsystems.com

Cats Being Used in the IT Field

In this year’s Def Con convention this year showcase had a different twist on IT work. One that merged animals and IT working together. It sounds like a crazy combination and a highly unlikely one that would work well but it did. Gene Bransfield used his friend’s cat, he put on the cat’s color a kit that had Spark Core Wi-Fi development board and had Internet connectivity where ever the cat ended up going.

Now this may sound stupid because cats are going to wander around and do whatever they want to do. But the purpose of the experiment was to see how many people had unsecured, or weak Wi-Fi in their homes. In simple terms who could easily access their Internet just from being on their street.

When the cat was sent out, there was 23 Wi-Fi hotspots found and what they found was more interesting. Four of the networks had been completely open with no security what so ever and four using WEP rather than the WPA-2 standard. The purpose of this was to show that people need to be more aware of the fact that when it comes to Internet you have to have the right safety and protective measures when using the Internet. You never know when a cat or dog with a pack on them will be lurking around to see if you have secure Internet.