Concepts of Behavioral & Cyber Profiling: My Experience as the FBI’s first Cyber Profiler

23
Concepts of Behavioral & Cyber Profiling: My Experience as the FBI’s first Cyber Profiler Steve Bongardt The Gyges Group

Transcript of Concepts of Behavioral & Cyber Profiling: My Experience as the FBI’s first Cyber Profiler

Page 1: Concepts of Behavioral & Cyber Profiling: My Experience as the FBI’s first Cyber Profiler

ConceptsofBehavioral&CyberProfiling:My

ExperienceastheFBI’sfirstCyberProfiler

SteveBongardtTheGyges Group

Page 2: Concepts of Behavioral & Cyber Profiling: My Experience as the FBI’s first Cyber Profiler
Page 3: Concepts of Behavioral & Cyber Profiling: My Experience as the FBI’s first Cyber Profiler

FirstTenetofBehavioralProfilingPeoplewillbelievewhattheywantorneedtobelieveinspiteofallevidenceandinformationtothecontrary

TheGygesGroup,LLC

Page 4: Concepts of Behavioral & Cyber Profiling: My Experience as the FBI’s first Cyber Profiler

SecondTenetofBehavioralProfilingThenumberonepredictoroffuturebehaviorispastbehavior.

TheGygesGroup,LLC

Page 5: Concepts of Behavioral & Cyber Profiling: My Experience as the FBI’s first Cyber Profiler

Behavioral&CyberProfilingPurpose&KeyConcepts

Page 6: Concepts of Behavioral & Cyber Profiling: My Experience as the FBI’s first Cyber Profiler
Page 7: Concepts of Behavioral & Cyber Profiling: My Experience as the FBI’s first Cyber Profiler

SOURCE:MomentumPartners athttp://momentum.partners/docs/Cybersecurity_Market_Review_Q1_2016.pdf

Page 8: Concepts of Behavioral & Cyber Profiling: My Experience as the FBI’s first Cyber Profiler

Cyberprofiling

Anassessment(ofanunauthorizedaccesstoaninformationsystem)fromabehavioral,investigativeandforensicperspectivetoassistintheprioritizationofresources,andinanoftenhighlytechnicalinvestigation,provideanindicationthatattemptsatattributionarefocusinginadirectionconsistentwithwhatisknownaboutbehavior(inthecontextoftheunauthorizedaccess).

TheGygesGroup,LLC

Page 9: Concepts of Behavioral & Cyber Profiling: My Experience as the FBI’s first Cyber Profiler

“Traditional”CriminalProfiling– AreasofFocus

VictimologyInitialContactVictimControlContentAnalysisVictimDisposalBehavioralSignature=ModusOperandi+RitualTypologyMixedCrimeScene

TheGygesGroup,LLC

Page 10: Concepts of Behavioral & Cyber Profiling: My Experience as the FBI’s first Cyber Profiler

“Traditional”CriminalProfiling– AreasofFocus

VictimologyInitialContactVictimControlVictimDisposalBehavioralSignature=ModusOperandi+RitualTypologyMixedCrimeScene

ApplyingCyberProfilingProactively:AUniqueWayofAssessingyourSecurityStackand theAttackKillChainatthe

sametime

TheGygesGroup,LLC

Page 11: Concepts of Behavioral & Cyber Profiling: My Experience as the FBI’s first Cyber Profiler

"Despitetheindustry’stwenty-yearfocusonmalwaredetectionandprevention,itturnsoutthatonce

attackersgainaccesstoanetwork,thevastmajorityofactivitymakesuseofbenignprocessesandtools,notmalware.Inresearchingthisreport,weidentified1,109totaluniquetoolsresponsibleforattackbehavior,and

themajorityofthosetoolswerenotmalicious"

Source:Lightcyber.com "CyberWeapons2016Report"availableathttp://lightcyber.com/wp-content/uploads/2016/06/

Page 12: Concepts of Behavioral & Cyber Profiling: My Experience as the FBI’s first Cyber Profiler

Typology

Page 13: Concepts of Behavioral & Cyber Profiling: My Experience as the FBI’s first Cyber Profiler

Typology

Aconstructdevelopedempiricallyorexperientially,usedintheanalysisofanoffenseorseriesofoffensesofaspecifictype,whichaidsthebehavioralanalysttoevaluatethebehaviormeasuredorobservedwithintheoffense(s)withthegoalofinferringtraitsorcharacteristicsoftheoffender(s)

TheGygesGroup,LLC

Page 14: Concepts of Behavioral & Cyber Profiling: My Experience as the FBI’s first Cyber Profiler

SexualHomicide

Organized vs Disorganized

ChildContactOffenses

Preferential vs Situational/Opportunistic

Page 15: Concepts of Behavioral & Cyber Profiling: My Experience as the FBI’s first Cyber Profiler

CyberAttackTypology

TheGygesGroup,LLC

Page 16: Concepts of Behavioral & Cyber Profiling: My Experience as the FBI’s first Cyber Profiler

MixedBreach/UnauthorizedAccess

Page 17: Concepts of Behavioral & Cyber Profiling: My Experience as the FBI’s first Cyber Profiler

TheGygesGroup,LLC

Page 18: Concepts of Behavioral & Cyber Profiling: My Experience as the FBI’s first Cyber Profiler

Training&Education

Page 19: Concepts of Behavioral & Cyber Profiling: My Experience as the FBI’s first Cyber Profiler

Application/Hire

Employee

Exit/Termination

InsiderRiskThreat(InsRT)Program

TheGygesGroup,LLC

Page 20: Concepts of Behavioral & Cyber Profiling: My Experience as the FBI’s first Cyber Profiler

Thankyou!

?Questions?SteveBongardtTheGyges Group

[email protected]

Page 21: Concepts of Behavioral & Cyber Profiling: My Experience as the FBI’s first Cyber Profiler

ManandConformity

•PlatonicDialogues• TheRepublic

• BookII,verse359b• Glaucon’s retorttoSocratesonthenatureofinjusticeandman• “Eventhosewhopracticeit(justice)dosounwillingly”

• Tellsthestoryofthe“RingofGyges”

http://mises.org/images4/AthenianSteps.jpg

TheGygesGroup,LLC

Page 22: Concepts of Behavioral & Cyber Profiling: My Experience as the FBI’s first Cyber Profiler

“Traditional”CriminalProfiling– AreasofFocus

VictimologyInitialContactVictimControlVictimDisposalBehavioralSignature=ModusOperandi+RitualTypologyMixedCrimeScene

ApplyingCyberProfilingProactively:AUniqueWayofAssessingyourSecurityStackand theAttackKillChainatthesame

time

TheGygesGroup,LLC

Page 23: Concepts of Behavioral & Cyber Profiling: My Experience as the FBI’s first Cyber Profiler

BehavioralorPsychologicalProfilingTheories

• RetrospectiveProfiling• A“behavioralcomposite”ofpossiblepersonalitytraitsandcharacteristicsofaspecificoffenderbasedonaspecificcrimeorseriesofcrimescanbeconstructed.• “Crime”orspecificbehavior• Thisisalsocalled“HOMOLOGY”(theprimaryororiginaltheoryofprofiling)

• ProspectiveProfiling• Bystudyingpastoffendersofspecifictypesandcategoriesofcrime,wecanpredict,inageneralsense,thetraitsandcharacteristics,behavioralandsocio-demographic,offutureoffendersofthosetypesandcategoriesofcrime.

• BehavioralConsistency• Thereissomeprobabilitythatanindividualwillrepeatedlycommitsimilartypesofoffensesanddosoinsimilarways.• >>>“Linkage”

TheGygesGroup,LLC


Profiler Layouts

Profiler Layouts

Color Profiler

Color Profiler

Unreported Cyber Crime A - DynaSisA great deal of cyber-crime goes unreported, swept under the rug, so to speak. The FBI’s Internal Crime Complaint Center tells us that approximately

Unreported Cyber Crime A - DynaSisA great deal of cyber-crime goes unreported, swept under the rug, so to speak. The FBI’s Internal Crime Complaint Center tells us that approximately

Cell Profiler

Cell Profiler

MassHunter Mass Profiler Software - Agilent is Mass Profiler? 2 Mass Profiler Quick Start Guide Mass Profiler helps you: • Find and extract the molecular features in your sample

MassHunter Mass Profiler Software - Agilent is Mass Profiler? 2 Mass Profiler Quick Start Guide Mass Profiler helps you: • Find and extract the molecular features in your sample

Instructions for P15 surface profiler · Instructions for P-15 surface profiler Surface profiler software Profiler Version 6.41 runs on Windows NT operating system. The program has

Instructions for P15 surface profiler · Instructions for P-15 surface profiler Surface profiler software Profiler Version 6.41 runs on Windows NT operating system. The program has

Nbmag4 Profiler

Nbmag4 Profiler

Profiler 2

Profiler 2

EEEntropic Profiler U Entropic Profiler Untropic Profiler Us ssser …sels.tecnico.ulisboa.pt/ep/UserManual.pdf · 2017. 2. 26. · The “Entropic Profiler” tool is available through

EEEntropic Profiler U Entropic Profiler Untropic Profiler Us ssser …sels.tecnico.ulisboa.pt/ep/UserManual.pdf · 2017. 2. 26. · The “Entropic Profiler” tool is available through

A Review of the FBI’s Trilogy Information Technology ...cs587/notes/CSTB-FBI-VCF-Report.pdfv committee on the fbi’s trilogy information technology modernization program james c.

A Review of the FBI’s Trilogy Information Technology ...cs587/notes/CSTB-FBI-VCF-Report.pdfv committee on the fbi’s trilogy information technology modernization program james c.

EXAMINING THE FBI’S EARLY INSTITUTIONAL HISTORY ON …

EXAMINING THE FBI’S EARLY INSTITUTIONAL HISTORY ON …

FBI’s “White Collar” Umbrella€¦ · 2 FBI’s “White Collar” Umbrella Financial Institution Crime Mortgage Fraud Securities Fraud Corporate Fraud Insurance Fraud Wire

FBI’s “White Collar” Umbrella€¦ · 2 FBI’s “White Collar” Umbrella Financial Institution Crime Mortgage Fraud Securities Fraud Corporate Fraud Insurance Fraud Wire

Ict opportunity profiler

Ict opportunity profiler

Color Profiler Help

Color Profiler Help

Data Profiler

Data Profiler

FraudShare Webinar Series · 22/8/2019  · Proprietary & Confidential Cyber Landscape Law Enforcement Perspective FBI’s 2018 Internet Crime Complaints Center (IC3) Crime Report

FraudShare Webinar Series · 22/8/2019  · Proprietary & Confidential Cyber Landscape Law Enforcement Perspective FBI’s 2018 Internet Crime Complaints Center (IC3) Crime Report

FBI’S FY 2007 Publication

FBI’S FY 2007 Publication

FBI’s InfraGard. Overview n Today’s FBI n The FBI’s role in cyberspace –FBI’s Cyber Division –Critical Infrastructure protection n InfraGard –Overview.

FBI’s InfraGard. Overview n Today’s FBI n The FBI’s role in cyberspace –FBI’s Cyber Division –Critical Infrastructure protection n InfraGard –Overview.

UCL Surname Profiler

UCL Surname Profiler

Profiler - Shaping The Learnershapingthelearner.com/images/...Assessment-Profiler... · DO-IT PROFILER Issue 1 Do-IT Profiler Sept 2016 TYPE TAGLINE HERE IN THIS ISSUE Our school

Profiler - Shaping The Learnershapingthelearner.com/images/...Assessment-Profiler... · DO-IT PROFILER Issue 1 Do-IT Profiler Sept 2016 TYPE TAGLINE HERE IN THIS ISSUE Our school