Tech-Ed-2010 Session Summaries 8: Kai Axford et al on Trends in Cybercrime

Kai Axford’s security talks are consistently well-attended, and he has been presenting on security for a long time. This year he teamed with Allyn Lynd, an FBI special agent. Their talk was long on stories and, truth be told, short on insight relevant to the corporate IT security world, as we will see.

Let’s look at the case studies briefly.

Case Study #1: Phone Phreakers. Lynd does a good job of explaining the defective mentality of people who pull these pranks, and the trivial, trite application of occasional technical savviness. The pranks and scams were ingenious, but pointless. The most egregious was an example of “SWATTing”, an attempt to trick an emergency responder to dispatch a team when no emergency exists, usually through spoofing a phone number. Obviously this can lead to confusion, misunderstanding, loss, and injury. Interesting, but I’m not sure why this is central to a presentation to IT professionals.

Case Study #2: Trusted insider case, someone working the night shift at a hospital. Using his access card, he interfered with hospital HVAC operations, and publicly bragged about it, going so far as to post a youtube video about it (nonetheless, he denied doing it when arrested). Entertaining, but also a few lessons here: carefully screen even low-level staff, and audit, because there’s no such thing as trivial physical access to servers.

Lynd tangentially made the point that social network sites are major sources of risk for penetration and intelligence-gathering, and FBI agents do not create them. Identity theft and theft of trade secrets were also covered, albeit quite briefly with little depth. Then nearly twenty minutes for Q&A.

So afterwards, I was impressed by the intricacy and depth of malice out there, and obviously as a society, we have to wonder what’s going on with our culture that we’re producing sociopaths like the ones featured here. That being said, the relevance of the case study material for organizational IT was not all that strong, and at the end, it is difficult to see why some of this material was chosen. Clearer focus on the likely needs of the audience would have made this a more enlightening presentation.