How one BlueCat is contributing to the cybersecurity community
We know every October is Cybersecurity Awareness Month. Companies remind us how to spot phishing emails and create better passwords. The media tells us how we can navigate the internet safely. But let’s be honest, that’s a narrow scope of awareness. There’s a growing community of security professional and enthusiasts and hackers that are making cybersecurity relevant in an unexpected way.
This year, we’re shining the spotlight on one of our very own, Adrian Korn. Our Senior Data Security Analyst is also the Director, OSINT Operations & Strategic Initiatives at Trace Labs and part of the DEFCON Toronto leadership team. As an active member of the security community, this month Adrian took his passion and efforts to an international scale.
The @AustCyber and @TraceLabs team with @Erin_Molan @nataliejpeters of @2GB873! Was great chatting with them on our National Australian Missing Persons Hackathon!#AUMissingCTF2019 #AUCyberWeek2019 pic.twitter.com/r2J1vTgORO
— Trace Labs (@TraceLabs) October 14, 2019
Hackers Use Cyber Skills to Help Find Missing People
Trace Labs is a Canadian non-profit with a mission to collect open source intelligence (OSINT) on missing persons and providing that intelligence to law enforcement. What Trace Labs does is open the doors of the cybersecurity community for a greater cause. They want the public to know that “even if you have a little bit of tech skills, you can actually help make a difference.”
Building upon past capture the flag (CTF) hackathons, Trace Labs worked with the Australian Federal Police, AustCyber Canberra Innovation Node and the National Missing Persons Coordination Centre to host Australia’s first National Missing Persons Hackathon.
The Australian Cyber Week 2019 event brought together 354 ethical hackers from across the country, generating 3912 leads for 12 missing person cases. Over six hours, 96 teams competed to gather and submit intelligence to volunteer judges to evaluate, averaging 10 leads submitted every minute.
That’s a whole lot of numbers. What they really mean is these organizations are strengthening ties between technology and law enforcement. It’s events like these that also reshape law enforcement’s understanding of hackers.
“Sometimes there’s this stigma around hackers. Like black hat hackers, who do illegal things. The reality is that more hackers are on the white hat side, also known as “ethical hackers” and are bettering the world through security research and hackathons like these,” Adrian explains, “what we’re trying to do is bridge the gap between law enforcement and hackers and professionals.
Curious what the power of crowdsourced OSINT can do in just 6 hours for 12 missing persons cases? Checkout the metrics from National Australian Missing CTF event!@AustCyber @CBRNode @AusFedPolice #AUMissingCTF2019 #crowdsourcing #OSINT pic.twitter.com/xClUAO8GBx
— Trace Labs (@TraceLabs) October 22, 2019
Open source intelligence – you’ve probably done it before
In addition to their main mission, Trace Labs offers OSINT training for the public and first responders and drives awareness for missing persons throughout communities. OSINT, or open source intelligence, is data collected from publicly available resources. “If you’ve ever looked up someone’s social media or done research for a school project or work, you’ve inherently done open source intelligence,” Adrian explains.
He also points out “something as small as someone’s email address, phone number or just a username handle can link to essentially all their accounts online.” Plus, with the rise of personal devices, IoT, and the internet in general, people are leaving a larger digital footprint than ever before. It is this new phenomenon where Trace Labs can support law enforcement with missing person cases.
Comment sections of forum/social media posts can be a gold mine for OSINT. One of our contestants just uncovered a comment from an AirBNB operator, stating a missing person stayed at their AirBNB recently! Learn more about leveraging AirBNB for OSINT here: https://t.co/j1xf7nXzqN
— Trace Labs (@TraceLabs) September 14, 2019
The organization has welcomed volunteers from a variety of backgrounds. Beyond security professionals and enthusiasts, Adrian has seen private investigators, researchers, PhD students, and those interested in law enforcement career. “But the best balance is when you have a team of people with diverse backgrounds. We see those teams of people work best because everyone brings something different.”
Passion and profession for a greater cause
From Adrian’s perspective, his involvement with Trace Labs has been a reminder of the lasting impact one person has on the internet. While some people may cringe at the thought of their MySpace page from a decade before, it is breadcrumbs like this that provide new leads for missing person cases.
At BlueCat, he focuses on threat intelligence, which means understanding potential or current attacks organizations face and the risks those attacks pose. He finds his work at BlueCat and Trace Labs quite complimentary. “As [he] becomes more experienced at BlueCat, it helps with Trace Labs and vice versa.”
However, that’s not what Adrian finds most rewarding.
“I had volunteered in the cybersecurity community before, just helping to organize meetups and conferences. That was great for giving back to that community specifically. I never really found anything that gave back to the broader community. It’s really nice to help two causes at the same time.”
“We’re also bringing together so many people of diverse backgrounds around the world for our events. People are networking, people are making new connections for career opportunities, people are working on projects together. And you would never normally see these people group together unless we have an event, which is all super important to me.”
DEFCON: Toronto’s cybersecurity community
Adrian got his start in the cyber community by volunteering at events like conference and meetups. Locally, he’s part of the Toronto chapter of DEFCON and organizes their monthly meetups in Toronto. These feature presentations, workshops, and networking. For the October meetup, the topics are exploiting CSVs and securing neural networks.
Join us tomorrow for our October meetup sponsored by @BlueCatNetworks @securitycompass!
We have Adam Greenhill delivering a talk on “Export to RCE” and Tahseen Shabab presenting on “Securing Neural Networks”#HackerTalks #NeuralNetworks #RCE #Exploitshttps://t.co/IfZ9jzGcSV
— DC416 – Toronto (@defcon_toronto) October 23, 2019
Like Trace Labs, DEFCON promotes ethical hacking and supports the community around it. With the cybersecurity skill gap noted, the organization is a valuable resource for those interested in information security and computer hacking.
One piece of security advice for everyone
We couldn’t end this post without getting some advice from one of our resident security experts. Adrian shares what he thinks is the one thing everyday users can do.
“My number one recommendation to anyone is to get a password manager. Use that to manage all your passwords for all your online accounts and generate a unique password for each account through that. Then just have one very secure but easy to remember password they can use to unlock that every time.”
Password managers store passwords in an encrypted format and secure access to this data through a master password. They’ve become popular among security professionals and are picking up steam among the general public.
Thinking about using a password manager? You should. Here’s why they’re safer than the alternative. https://t.co/urXdkqXx9c by @chrisbhoffman
— How-To Geek (@howtogeek) October 23, 2019
“And the reason I recommend this, and what I tell all my family and friends, is that companies are continuing to get breached. What that means is when they’re breached, typically a hacker can get access to the whole user database. With that, they’re able to typically crack passwords. If you’ve ever used the same username or same password on your Facebook account, your Gmail, maybe your bank accounts now that hacker can have access to all your accounts, just from breaching one company.”
This isn’t exactly news. Adrian’s tip doubles down on something we’ve heard before and hear often. (So take the hint.)
To round off Cybersecurity Awareness Month, Adrian leave us with haunting but wise words: “Assume that your username and passwords have been breached at some point for any service and operate that way.”
Follow Adrian Korn on Twitter!
Check out the Trace Labs website or the DEFCON 416 website to learn more and to see what events are taking place in your area.