Pacific Northwest Chapter Report for 2014

The Honeynet Project
2014 Annual Chapter Report
Pacific Northwest Chapter
2014 was a year of transition for the Pacific Northwest Chapter. In 2013 we had been a chapter that was meeting on a semi-regular basis in person in the Seattle area. However, due to personal life changes, our acting President, DC Grant took an academic position in Eastern Washington and we had several key members move out of the area geographically. However, moving forward, DC is returning to the Tacoma area and we should be starting up meetings again very soon.
Dave Dittrich report:
Blog posts:
Response to "How Microsoft Appointed Itself Sheriff of the Internet" (Part 1)
Response to "How Microsoft Appointed Itself Sheriff of the Internet" (Part 2)
Honeynet Project and Code of Conduct mentioned in talks at:
"Ethics in Computer Security Research and Operations," by David Dittrich, UW CSE / Microsoft Research Summer Institute 2014, July 28, 2014
"Protecting Property in Cyberspace Using "Force": Legal and Ethical Justifications," by David Dittrich and Katherine Carpenter, NATO Cyber Defense Center of Excellence Cyberconflict Conference (CyCon) 2014, Strategy and Law track, 04.06.14, Tallinn, Estonia, June 4, 2014.
"The Legal and Ethical Challenges with Aggressive Computer Security Research and Operations Actions," by David Dittrich and Katherine Carpenter, Microsoft Digital Crimes Consortium 2014 meeting, Singapore, Singapore, March 4, 2014.
Panelist, "Botnet Takedowns," Malware, Messaging, and Mobile Anti-Abuse Working Group (M3AAWG) 27th General Meeting, San Francisco, CA, February 20, 2014
Panelist, "Dismantling and disrupting malware-facilitated crime: case studies and future collaboration opportunities," Microsoft Global Cybercrime Enforcement Summit, February 11, 2014
Panelist, "Anatomy of Data Security Breaches: Who is Behind Them,; How Law Enforcement and Targets Respond," with Richard D. Boscovich (Microsoft) and Jenny A. Durkan (US Attorney, Western District of Washington), Cybersecurity Law and Strategies Conference, Seattle, Washington, January 27, 2014
Panelist, "Can Companies Afford an Active Defense Strategy?", with Katherine Carpenter (moderator), Christofer Hoff, Anup Ghosh, Jody Westby, Suits and Spooks 2014, Washington, DC, January 20, 2014
Panelist, "Exploiting End Points, Devices, and the Internet of Things" with Kurt Baumgartner, Remy Baumgarten, Terry McCorkle, Suits and Spooks 2014, Washington, DC, January 20, 2014
DC Grant report:
DC has taken a position with Columbia Basin College teaching and doing research with the IT program there. He has developed curriculum for all aspects of the IT program, including in the areas of Information Assurance and strategies for cybersecurity. DC has served as faculty mentor and sponsor for the GrayHat Club and plans to take the Columbia Basin student team to the Pacific Rim Collegiate Cyber Defense Competition at Highline College in Des Moines, WA.
Dr. Barbara Endicott-Popovsky report:
Barbara has moved operations from the University of Washington’s iSchool in Seattle to the Institute of Technology at the Tacoma campus. She continued her work with the military at JBLM and took over leadership of the Masters in Cybersecurity and Leadership (MCL) program in Tacoma.
Barbara graduated a new PhD student, Nicolai Kuntze, in collaboration with Carsten Bormann from the University of Bremen (Bremen, Germany) with research done in the area of forensic readiness. Professor Bormann is well-known for his research and interests in the area of the security component surrounding protocols used with the Internet of Things (IoT).
Barbara was named Fellow of American Academy of Forensic Scientists for publications and contributions to forensic readiness.
Charles Costarella report:
Having had taken a position as a Fulltime Lecturer at the University of Washington Tacoma after graduation with my MSCSS in 2013, I taught Networking, Routing and Switching, System Administration, and some C# Programming using ASP.Net MVC as part of my duties during 2014. I continue to integrate elements of security in each of the classes that I teach, including lectures and labs involving honeynet technology. The Networking and Routing and Switching courses are a much more natural integration, but the C#, and MVC programming materials I use also have some good examples of application level security issues that allow me to demonstrate cross site scripting and other common attacks and their mitigations, that I emphasize.
Spring 2014 – Helped develop a Mobile Digital Forensics Program. During Spring Quarter, UW Tacoma’s Institute of Technology formalized an agreement with Tacoma Police Department to work together to develop a new curriculum in Mobile Digital Forensics. Patterned after the forensics program at Marshall University, I helped designed and developed the curriculum for a 3 course series collaborating with Tacoma PD Homicide Detective John Bair. Det. Bair is a world’s expert in cell phone forensics and has been teaching courses for Access Data (FTK) and Cellebrite (UFED etc.) for several years. UW Tacoma offered the first pilot course in spring, which I attended as a student and Det. Bair taught. This first pilot course covered the material of all 3 courses in an accelerated manner. Normally, students in our IT program will take the 3 course series in a year, and earn a certificate from Cellebrite. We didn’t get sufficient numbers registered for a start in the fall due to some missing deadlines but we made it on the books in Winter 2015, so I will report that next year. The exiting part is that myself and one other educator form the school will be allowed to travel to Switzerland and participate in Cellebrite’s training which is normally restricted to law enforcement only. We will go as Det. Bair’s guests. A part of this plan (and the ultimate goal) is to eventually build a lab facility that would include a highly specialized machine that does “chip-off” technology to the phones. This is the only known reliable way to get data off of some phones without destroying evidence due to solder and heat variables.
Summer 2014 – I sponsored a group of 6 students in an in depth Network Security Independent study where I had a chance to cover some botnet tracking, sniffing, and we covered some basic Honeynet curriculum taken from David Watson’s Introduction to the Honeywall course that I had attended.
August 2014 – The University of Washington Tacoma sent me to training in Dallas, Texas, where I received Cisco certifications (CCNA Routing and Switching and CCNA Security) to support my teaching.
Autumn 2014: I took over as faculty advisor to the campus Gray Hat Security group. We will be participating in a number of Microsoft sponsored CTF competitions as well as the Pacific Rim Collegiate Cyber Defense Competition in the Spring Quarter.
Research – Submitted abstract to ICCSM 2015 Conference to be hosted at UW Tacoma. Paper is titled:  Hardening a Honeynet against Honeypot-Aware Botnet Attacks: Toward Secure Cloud. This is a collaborative effort between myself, Dr. Sam Chung, University of Southern Illinois, and Dr. Barbara Endicott-Popovsky, who is chairing the Conference. The Conference will be at UW Tacoma in October 2015.
Ray Pompon report:
Ray has received certification from SANS GIAC Law of Data Security & Investigations. Additionally, he has published a couple of articles on outsourcing security in the Financial Industry:
Article: Can Outsourcing Handle Cybersecurity’s Complexity?
Article: Staying Ahead of the Looming InfoSec Crunch
Mike Simon report:
Mike joined the faculty at UW Tacoma in the Masters in CyberSecurity and Leadership program. The MCL is a joint effort between the Institute of Technology and the Milgard Business School. Purpose is to train business and organizational leaders to be able to deal effectively and intelligently with cybersecurity in all aspects that could affect the organization. Mike teaches a class on incident response and developing a cybersecurity strategy for Incident Response.
Mike has worked with Dr. Bryan Goda, Dr. Yan Bai, and others at the University to design and develop a turnkey Cybersecurity lab device that would serve as a student learning tool for cybersecurity education. Originally conceived for the MCL program at UWT, the device would actually have a wide range of uses, including training in the areas of virtualization, networking, network defense, honeynets, honeypots, and other network-centric security topics.