Southern California ("SoCal") Chapter Report 2014

ORGANIZATION
There have been no changes to the structure of the Southern California (“SoCal”) Chapter.
http://www.socalhoneynet.org/

Current chapter members:
Cameron H. Malin- Chapter lead; deployment, collection and maintenance; research and development, digital criminalistics, and hoax virus research.
James M. Aquilina- Legal considerations, digital forensic considerations, infrastructure.

DEPLOYMENTS

In 2014, the SoCal chapter continued to focus on Linux malware—specifically, the forensic processes for identification, collection and analysis of malware from compromised Linux systems. This research contributed toward the authoring and publication of the text book “Malware Forensics Field Guide for Linux Systems,” and research toward additional publications.  Further, in collaboration with members of the Spartan Devil Chapter, the SoCal chapter transitioned collection and research efforts to hoax viruses and associated digital hoaxes communications.

In 2015, the SoCal chapter is planning to focus exclusively on hoax viruses and related threats.  Research and analysis will examine various components and facets of hoax virus communications, including but not limited to:

    -Target/Victim Selection;
    -Language;
    -Subject;
    -Context;
    -Extrinsic artifacts and factors;
    -Temporal factors;
    -Relational context;
    -Motivations
    -Breadth of campaign/targeting;
    -Scope of targeting; and
    -Virulence   

RESEARCH AND DEVELOPMENT

1. Research relating to advanced file profiling, malware taxonomy and phylogenetic relationships of Linux malware. Practical analysis techniques documented in, “Malware Forensics Field Guide for Linux Systems,” (Publisher- Syngress), January, 2014.
2. Research into digital criminalistics—bridging digital/malware forensic concepts with traditional forensic/crime scene/investigative concepts and theories. Specific focus on execution trajectory, network trajectory, digital impression evidence (tool marks), network impression evidence and digital trace evidence on Linux Systems. Theory and analysis techniques documented in, "Malware Forensics Field Guide for Linux Systems," (Publisher- Syngress), January, 2014.
3. In 2015, the SoCal Chapter's hoax virus (and associated digital hoaxes communications) research endeavors to examine unsolicited hoax virus communications to discern a myriad of factors about the attacker(s) and the scope of the intended consequences.  The corpus of data includes collected communications and existing corpora of hoax virus and associated Internet-based hoax communications. 

FINDINGS

Findings relating to practical analysis steps for malware phylogeny of Linux malware specimens were documented in, “Malware Forensics Field Guide for Linux Systems," (Publisher- Syngress), January 2014.
Findings relating to digital criminalistics theory and application on Linux systems were documented in, "Malware Forensics Field Guide for Linux Systems," (Publisher- Syngress), January, 2014.

PAPERS AND PRESENTATIONS

1. Publications:
Co-authored a malicious code forensics field guide for Linux systems.
Malin, C., Casey, E., and Aquilina, J., 2014. Malware Forensics Field Guide for Linux Systems, Massachusetts: Elsevier/Syngress.

2. Presentations:

Cameron H. Malin presented:
January, 2014: “Criminal Behavior in Cyberspace” at a U.S. Government Conference.
April, 2014: “Criminal Behavior in Cyberspace” at a U.S. Government Conference.
August, 2014: “Criminal Behavior in Cyberspace” at a U.S. Government Conference.
October, 2014: “Criminal Behavior in Cyberspace” at a U.S. Government Conference.
June, 2014:  “Examining the Cyber Threatscape” at a U.S. Government Conference.
June, 2014:  “Examining the Cyber Threatscape” at a U.S. Government Conference.
June, 2014:  “Examining the Cyber Threatscape” at a U.S. Government Conference.

James M. Aquilina presented:
February 25, 2015 : “The Emerging Cybersecurity Threat Environment” on Access Privacy's Monthly Privacy Call.
January 12, 2015 : “The Anatomy of Data Security Breaches: The Evolving Landscape for Offenders and Law Enforcement Response” at the Second Annual Comprehensive Conference on Cybersecurity Law presented by Law Seminars International.
October 22, 2014 : “The Internet's Own Boy: A Discussion of U.S. V. Aaron Swartz and The Prosecution and Defense of Cyber-Crime” at an American Bar Association White Collar Crime Committee event.
October 6, 2014:  “The 7th Annual Privacy Lecture” at the Berkeley Center for Law and Technology.
July 24, 2014, “Cyber Security: Legal Risks for Asset Managers” at the Institutional Investor Legal Forum.
June 11, 2014 : “The Many Facets of a Data Breach: Incident Response, Remediation and Legal Disclosures” at the Nevada Cybercrime Symposium.
May 19, 2014:  “Private Eyes are Watching You:  How to Avoid Being a Target for Hackers” at Restaurant High Conference.
May 13, 2014:  “Faces of Data Breach:  Threats, Response, Remediation” at California Bankers’ Association 2014 Risk and Security Management Conference.
March 9, 2014 : On a panel entitled, "What the HACK?!" Privacy and Data Security for Business in an Era of NSA Snooping, Cyberattacks, and Data Innovation at the 26th Annual ROTH Conference.

GOALS
Socal Chapter and Spartan Devil Chapter members will include the findings of the hoax virus research in an upcoming publication and a hoax virus analysis instrument that provides insight into attackers':

    -Deception factors;
    -Vectors;
    -Platforms;
    -Vulnerabilities;
    -Motivations/Desired outcome;
    -Methods and means; and
    -Actions/Reactions/Inactions.

MISC ACTIVITIES
Research into malware profiling concepts and attacker behavior.