concepts of behavioral & cyber profiling: my experience as the fbi’s first cyber profiler
Post on 11-Apr-2017
157 Views
Preview:
TRANSCRIPT
ConceptsofBehavioral&CyberProfiling:My
ExperienceastheFBI’sfirstCyberProfiler
SteveBongardtTheGyges Group
FirstTenetofBehavioralProfilingPeoplewillbelievewhattheywantorneedtobelieveinspiteofallevidenceandinformationtothecontrary
TheGygesGroup,LLC
SecondTenetofBehavioralProfilingThenumberonepredictoroffuturebehaviorispastbehavior.
TheGygesGroup,LLC
Behavioral&CyberProfilingPurpose&KeyConcepts
SOURCE:MomentumPartners athttp://momentum.partners/docs/Cybersecurity_Market_Review_Q1_2016.pdf
Cyberprofiling
Anassessment(ofanunauthorizedaccesstoaninformationsystem)fromabehavioral,investigativeandforensicperspectivetoassistintheprioritizationofresources,andinanoftenhighlytechnicalinvestigation,provideanindicationthatattemptsatattributionarefocusinginadirectionconsistentwithwhatisknownaboutbehavior(inthecontextoftheunauthorizedaccess).
TheGygesGroup,LLC
“Traditional”CriminalProfiling– AreasofFocus
VictimologyInitialContactVictimControlContentAnalysisVictimDisposalBehavioralSignature=ModusOperandi+RitualTypologyMixedCrimeScene
TheGygesGroup,LLC
“Traditional”CriminalProfiling– AreasofFocus
VictimologyInitialContactVictimControlVictimDisposalBehavioralSignature=ModusOperandi+RitualTypologyMixedCrimeScene
ApplyingCyberProfilingProactively:AUniqueWayofAssessingyourSecurityStackand theAttackKillChainatthe
sametime
TheGygesGroup,LLC
"Despitetheindustry’stwenty-yearfocusonmalwaredetectionandprevention,itturnsoutthatonce
attackersgainaccesstoanetwork,thevastmajorityofactivitymakesuseofbenignprocessesandtools,notmalware.Inresearchingthisreport,weidentified1,109totaluniquetoolsresponsibleforattackbehavior,and
themajorityofthosetoolswerenotmalicious"
Source:Lightcyber.com "CyberWeapons2016Report"availableathttp://lightcyber.com/wp-content/uploads/2016/06/
Typology
Typology
Aconstructdevelopedempiricallyorexperientially,usedintheanalysisofanoffenseorseriesofoffensesofaspecifictype,whichaidsthebehavioralanalysttoevaluatethebehaviormeasuredorobservedwithintheoffense(s)withthegoalofinferringtraitsorcharacteristicsoftheoffender(s)
TheGygesGroup,LLC
SexualHomicide
Organized vs Disorganized
ChildContactOffenses
Preferential vs Situational/Opportunistic
CyberAttackTypology
TheGygesGroup,LLC
MixedBreach/UnauthorizedAccess
TheGygesGroup,LLC
Training&Education
Application/Hire
Employee
Exit/Termination
InsiderRiskThreat(InsRT)Program
TheGygesGroup,LLC
Thankyou!
?Questions?SteveBongardtTheGyges Group
sbongardt@thegygesgroup.com703.851.2663
ManandConformity
•PlatonicDialogues• TheRepublic
• BookII,verse359b• Glaucon’s retorttoSocratesonthenatureofinjusticeandman• “Eventhosewhopracticeit(justice)dosounwillingly”
• Tellsthestoryofthe“RingofGyges”
http://mises.org/images4/AthenianSteps.jpg
TheGygesGroup,LLC
“Traditional”CriminalProfiling– AreasofFocus
VictimologyInitialContactVictimControlVictimDisposalBehavioralSignature=ModusOperandi+RitualTypologyMixedCrimeScene
ApplyingCyberProfilingProactively:AUniqueWayofAssessingyourSecurityStackand theAttackKillChainatthesame
time
TheGygesGroup,LLC
BehavioralorPsychologicalProfilingTheories
• RetrospectiveProfiling• A“behavioralcomposite”ofpossiblepersonalitytraitsandcharacteristicsofaspecificoffenderbasedonaspecificcrimeorseriesofcrimescanbeconstructed.• “Crime”orspecificbehavior• Thisisalsocalled“HOMOLOGY”(theprimaryororiginaltheoryofprofiling)
• ProspectiveProfiling• Bystudyingpastoffendersofspecifictypesandcategoriesofcrime,wecanpredict,inageneralsense,thetraitsandcharacteristics,behavioralandsocio-demographic,offutureoffendersofthosetypesandcategoriesofcrime.
• BehavioralConsistency• Thereissomeprobabilitythatanindividualwillrepeatedlycommitsimilartypesofoffensesanddosoinsimilarways.• >>>“Linkage”
TheGygesGroup,LLC
top related