Concepts of Behavioral & Cyber Profiling: My Experience as the FBI’s first Cyber Profiler
-
Upload
ec-council -
Category
Technology
-
view
157 -
download
0
Transcript of Concepts of Behavioral & Cyber Profiling: My Experience as the FBI’s first Cyber Profiler
ConceptsofBehavioral&CyberProfiling:My
ExperienceastheFBI’sfirstCyberProfiler
SteveBongardtTheGyges Group
FirstTenetofBehavioralProfilingPeoplewillbelievewhattheywantorneedtobelieveinspiteofallevidenceandinformationtothecontrary
TheGygesGroup,LLC
SecondTenetofBehavioralProfilingThenumberonepredictoroffuturebehaviorispastbehavior.
TheGygesGroup,LLC
Behavioral&CyberProfilingPurpose&KeyConcepts
SOURCE:MomentumPartners athttp://momentum.partners/docs/Cybersecurity_Market_Review_Q1_2016.pdf
Cyberprofiling
Anassessment(ofanunauthorizedaccesstoaninformationsystem)fromabehavioral,investigativeandforensicperspectivetoassistintheprioritizationofresources,andinanoftenhighlytechnicalinvestigation,provideanindicationthatattemptsatattributionarefocusinginadirectionconsistentwithwhatisknownaboutbehavior(inthecontextoftheunauthorizedaccess).
TheGygesGroup,LLC
“Traditional”CriminalProfiling– AreasofFocus
VictimologyInitialContactVictimControlContentAnalysisVictimDisposalBehavioralSignature=ModusOperandi+RitualTypologyMixedCrimeScene
TheGygesGroup,LLC
“Traditional”CriminalProfiling– AreasofFocus
VictimologyInitialContactVictimControlVictimDisposalBehavioralSignature=ModusOperandi+RitualTypologyMixedCrimeScene
ApplyingCyberProfilingProactively:AUniqueWayofAssessingyourSecurityStackand theAttackKillChainatthe
sametime
TheGygesGroup,LLC
"Despitetheindustry’stwenty-yearfocusonmalwaredetectionandprevention,itturnsoutthatonce
attackersgainaccesstoanetwork,thevastmajorityofactivitymakesuseofbenignprocessesandtools,notmalware.Inresearchingthisreport,weidentified1,109totaluniquetoolsresponsibleforattackbehavior,and
themajorityofthosetoolswerenotmalicious"
Source:Lightcyber.com "CyberWeapons2016Report"availableathttp://lightcyber.com/wp-content/uploads/2016/06/
Typology
Typology
Aconstructdevelopedempiricallyorexperientially,usedintheanalysisofanoffenseorseriesofoffensesofaspecifictype,whichaidsthebehavioralanalysttoevaluatethebehaviormeasuredorobservedwithintheoffense(s)withthegoalofinferringtraitsorcharacteristicsoftheoffender(s)
TheGygesGroup,LLC
SexualHomicide
Organized vs Disorganized
ChildContactOffenses
Preferential vs Situational/Opportunistic
CyberAttackTypology
TheGygesGroup,LLC
MixedBreach/UnauthorizedAccess
TheGygesGroup,LLC
Training&Education
Application/Hire
Employee
Exit/Termination
InsiderRiskThreat(InsRT)Program
TheGygesGroup,LLC
ManandConformity
•PlatonicDialogues• TheRepublic
• BookII,verse359b• Glaucon’s retorttoSocratesonthenatureofinjusticeandman• “Eventhosewhopracticeit(justice)dosounwillingly”
• Tellsthestoryofthe“RingofGyges”
http://mises.org/images4/AthenianSteps.jpg
TheGygesGroup,LLC
“Traditional”CriminalProfiling– AreasofFocus
VictimologyInitialContactVictimControlVictimDisposalBehavioralSignature=ModusOperandi+RitualTypologyMixedCrimeScene
ApplyingCyberProfilingProactively:AUniqueWayofAssessingyourSecurityStackand theAttackKillChainatthesame
time
TheGygesGroup,LLC
BehavioralorPsychologicalProfilingTheories
• RetrospectiveProfiling• A“behavioralcomposite”ofpossiblepersonalitytraitsandcharacteristicsofaspecificoffenderbasedonaspecificcrimeorseriesofcrimescanbeconstructed.• “Crime”orspecificbehavior• Thisisalsocalled“HOMOLOGY”(theprimaryororiginaltheoryofprofiling)
• ProspectiveProfiling• Bystudyingpastoffendersofspecifictypesandcategoriesofcrime,wecanpredict,inageneralsense,thetraitsandcharacteristics,behavioralandsocio-demographic,offutureoffendersofthosetypesandcategoriesofcrime.
• BehavioralConsistency• Thereissomeprobabilitythatanindividualwillrepeatedlycommitsimilartypesofoffensesanddosoinsimilarways.• >>>“Linkage”
TheGygesGroup,LLC