At GovSec 2011, mobile command vehicles mix with social engineering

Some highlights from Day 2 of GovSec 2011 conference at the Washington Convention Center in downtown D.C.

Mobile Platform does not usually do security issues, at least not cybersecurity issues that do not have to do with some type of smart phone or tablet. But my editors needed me to come to downtown D.C. this Wednesday to take a look around GovSec, the security conference being hosted by our siblings over on the 1105 Events side.

For those of you who followed my CTIA Wireless coverage last week, I am spending the month of March getting to know the awesome variety of convention centers on the East Coast.

It has been good.

In the morning I spent some time listening to the end of a presentation given by David Morgan, a cyber intrusion analyst from Booz Allen Hamilton and Jon Stevenson, the chief of the counterintelligence cyber analysis branch of the Defense Security Service. They were outlining some of the more basic problems with advanced persistent threats such as distributed-denial-of-service (DDOS) attacks and botnets as well as some solutions to keep from having your systems be compromised. The takeaway here, as always, is that people (usually your own employees) are the biggest threat to your data and computers. Education is the cheapest and most effective way of keeping your networks safe.

I then wandered into the show floor on my way to another panel. On the way I ran into a mobile command center, parked right in the middle of the convention center floor. This one was from Lynch Diversified Vehicles and was just a show model but it can be configured to specific specifications to deliver cellular and satellite connectivity and a variety of other functions. If you remember the GCN print issue cover story from our first March issue, Reality Mobile could set up capabilities for officers and stakeholders in the field to deliver photos, video and data to such a command center. I took some pictures, check out the slideshow below.

Next it was on to the panel. The topic was “social networking investigations for threat assessment” delivered by private investigator Bruce Anderson from a company called Rexxfield and ReputationDefenseOnline.com and a very animated gentleman named Johnny Lee of Peace At Work, a company that attempts to identify the next person at your office or school who could go total psychopath and come into the office toting a AK-47. Kalashnikovs aside, there is some interesting work being done on threat assessment through the use of social media.

The basic steps involved in social media threat assessment are: Define the threat, get a basic profile of the threat and his social network and real world network connections, footprint his/her various online presences, investigate and document the threat and his/her moves online. There are a variety of ways to track somebody of interest such as Spokeo, Addict-o-matic, Namechk, Radaris, Google Blog Search and BoardReader and software called Maltego that is good for social footprints.

“An important question is if the threat has access and knowledge of how to use a firearm,” Lee said at one point, showing a YouTube video of a Finnish person pointing a gun at a camera and saying, “You’re next.” Apparently, the day after making the video he shot 18 people. I would find the YouTube video but frankly I am kind of frightened by it.

Anderson described some techniques to track and capture threats, what he calls social engineering. That could be posing as somebody else with a Facebook profile or using “honey pots” to lure threats and predators in.

“As a private investigator, on Facebook it is against the TOS [terms of service] to set up a profile that is not you. I have several – 'pretty girl to catch guys,' for example. If Facebook catches you, just delete the profile and set another one up,” Anderson said.

Facebook would probably not appreciate this practice, but so it goes.

After the presentation, I was in another presentation by deputy chief Eddie Reyes of the Alexandria, Va. police department on “4G mobile broadband applications for public safety.” This has a lot to do with law enforcement and how police departments use mobile data to assist in law enforcement activities? Sound juicy? It is, hence I will be writing a larger story on it later for our May print issue of GCN. Stay tuned.