RESET

Description of talk: The UK Biometric Strategy, unveiled in June 2018, has been under consultation by an advisory board and is due to report to the public in June 2019. Currently, UK law only regulates the use of DNA and fingerprints for use by the police only, not by other branches of government and not by the private sector. Nor does the UK have any protections in law around the use of our face or voice data -- both of which can be gathered without our consent or knowledge and used in ways that threaten our privacy, civil liberties and human rights. This talk assesses the shortcomings of the UK Biometrics Strategy and offers solutions so that the United Kingdom regulates the use of biometrics in ways that respects the rights of its citizens and residents. 

 

Biography: Stephanie Hare is a researcher focused on technology, politics and history. Selected for the Foreign Policy Interrupted Fellowship and the BBC Expert Women programme, she shares insights on television and radio and broadcasts on the BBC World Service and Radio 4. She has published in the Harvard Business Review, the Financial Times, Project Syndicate, the Herald, CNN and the Guardian. Previously she has worked as a principal director at Accenture Research, a strategist at Palantir, a senior analyst at Oxford Analytica, and a consultant at Accenture. Hare earned a PhD in International History and a MSc in Theory and History of International Relations from the London School of Economics, and a BA in Liberal Arts (French) from the University of Illinois at Urbana-Champaign. Her media work and publications are available at www.harebrain.co. 

 

Twitter: @hare_brain

Description of talk: Users rely more and more on mobile applications for every day tasks, from checking the weather forecast to consulting travel directions and managing their bank accounts. The average user has 20 to 40 applications installed on their phone. While the design and functionalities of mobile applications has grown significantly over the last decade, their security seems to have taken a step back. We sniffed our own mobile phone traffic and we were surprised with what we have found. This talk will walk you through some of our most important findings.

 

Biography: Veronica is a researcher and intelligence analyst from Argentina. Her research has a strong focus on helping people and involves different areas from wireless and bluetooth privacy issues to malware, botnets and intrusion analysis. She has presented her research on international conferences such as BlackHat, EkoParty, Botconf and others. She is the co-founder of the MatesLab hackerspace based in Argentina, and co-founder of the Independent Fund for Women in Tech. She is currently the director of the CivilSphere project at the Czech Technical University, dedicated to protect civil organizations and individuals from targeted attacks.

 

Twitter: @verovaleros

Description of talk: However, despite a pause and a decrease in sample number were observed, the attacks leveraging the ICEFOG malware did not entirely stop after the exposure. 
 
In the past few years, we observed different attacks which the malware delivered and exploit with different tactic, techniques and procedure (TTP) compare with the campaign reported in 2013. In the recent attack, a new variant of the ICEFOG samples were also discovered. In this talk, I will introduce our finding among different samples discovered across these years and highlight the evolved TTPs that actor applied to evade detection in the new campaign. In addition, I will also introduce and clarify the potential connections between ICEFOG operator and other APT groups.

 

Biography: Chi-en Shen (Ashley) is a senior researcher at FireEye, where she focuses on threat intelligence research. She specializes in threat hunting, malware analysis, reverse engineering, and targeted attacks analysis. For supporting women in InfoSec, Ashley co-founded "HITCON GIRLS" – the first security community for women in Taiwan. Ashley is also a regular speaker at global security conferences, including Black Hat, FIRST, HITB GSEC, CODE BLUE, Troopers, HITCO. etc. Ashley also serves as a review board member of Black Hat Asia, Blue Hat Shanghai and Hack in the Box conferences.

 

Description of talk: Uncovering malicious network campaigns is a major part of threat intelligence research. Alerted by victims, pursuing OSINT leads, or detecting new variations on known malicious behaviour, the results may end up as a complete unravelling of a national intelligence operation. Yet we are inherently limited in our understanding of the context around what we expose, and the results can be an escalating chain of uncontrollable consequences that have global significance. Exposing an operation may not just limit a country's intelligence efforts. It may hinder other ongoing efforts, put people at risk, eliminate a critical view into sensitive targets, alert and inform adversaries, or shake alliances. This talk will explore the many layers of context around network operations by looking at the whiplash effect of their exposure. By examining some key reveals from the last decade and beyond, we will see how the threat intelligence community has made itself a key player in global events, and therefore a threat in its own right. 

 

Biography: Daniel Moore is currently a teaching fellow at the War Studies Department in King's College London, from which he holds a PhD focused on cyber-warfare. He also works as a research and development team lead at Accenture Security, where he designs and builds threat intelligence platforms. Daniel has previously held several private and public positions in cyber-security and intelligence, dating back nearly fifteen years to when he served as an officer in Israeli military intelligence.

 

Description of talk: This talk discusses some of the common myths and misconceptions of social engineering. From understanding Human Behaviour and how it can be manipulated, to the skills required to do an effective and ethical job, to the truth about awareness of the practice and how it might be prevented. This talk touches on what is actually required in higher level social engineering attacks and prevention and discusses how to "level up" from both an offensive and defensive perspective.

 

Biography: A "burglar for hire", lifelong social engineer and investigator, Jenny is the founder of Human Factor Security a firm specialising in Social Engineering and psychological infiltration practices. A well known keynote speaker at industry events, she hosts an award winning podcast and writes, speaks and blogs about all aspects of human based attacks, scams, cons and frauds. Jenny is an expert in influence and persuasion techniques, non-verbal communications and deception detection and was a Hunter on the hit Channel 4 TV show "Hunted." She is frequently featured in the media as an expert on human security topics.

 

Description of talk: This talk will provide the audience with an overview of how cybercrime has evolved over the past 20 years with the overall aim of identifying the fundamental driving forces that has facilitated the transformation. The talk will leverage Darwin's Theory of Evolution to capture the evolutionary moments of cybercrime which will include highlighting those who were successful and those who were not. The talk will close with an overview of the most recent threat landscape and what it means for the near future. 

 

Biography: Michael is currently a Security Principal at iDefense, Accenture Security where he leads the Targeted Attacks Analysis (TAA) team. He is a CREST Certified Threat Intelligence Manager (CCTIM) and holds a PhD in Quantitative Criminology which examines the use of data analytics to drive cybercrime disruption strategies for the NCA. Prior to Accenture, Michael served as a Director in Threat Intelligence Operations at Stroz Friedberg and as a senior threat researcher at PwC and QinetiQ. Thanks for train strikes and a relatively inadequate social life, Michael is also the founder of a non-profit initiative called ThreatMiner.