0
00:00:00,334 --> 00:00:03,958
, 00:00:03:22 ,So welcome to the Dark Arts of OSINT.

1
00:00:03,959 --> 00:00:07,500
, 00:00:07:11

2
00:00:07,501 --> 00:00:12,998
, 00:00:12:28 ,This would be Dr. Noah Schiffman, aka Security Freak.

3
00:00:12,999 --> 00:00:17,958
, 00:00:17:22 ,He is the academic of our team, the one who actually finished college.

4
00:00:17,959 --> 00:00:21,750
, 00:00:21:17 ,(laughter) Yes, he is way more intelligent than I am,

5
00:00:21,751 --> 00:00:26,999
, 00:00:26:29 ,a snappy dresser, and an absolutely wonderful guy.

6
00:00:27,000 --> 00:00:30,166
, 00:00:30:03 ,(Ring)    Dude, that's so not cool.

7
00:00:30,167 --> 00:00:37,041
, 00:00:37:00 ,   SKYDOG: Could I have a red shirt kick the shit out of this guy?

8
00:00:37,042 --> 00:00:37,416
, 00:00:37:09

9
00:00:37,417 --> 00:00:39,041
, 00:00:39:00 ,There we go.

10
00:00:39,042 --> 00:00:41,041
, 00:00:41:00 ,Like they didn't tell us that earlier.

11
00:00:41,042 --> 00:00:42,541
, 00:00:42:12

12
00:00:42,542 --> 00:00:46,374
, 00:00:46:08 ,And I'm SkyDog, of course, by the picture there.

13
00:00:46,375 --> 00:00:46,708
, 00:00:46:16

14
00:00:46,709 --> 00:00:50,166
, 00:00:50:03 ,We are part of the Dead Bunny Club.

15
00:00:50,167 --> 00:00:50,708
, 00:00:50:16

16
00:00:50,709 --> 00:00:55,541
, 00:00:55:12 ,It's the pseudophilanthropic arm of everything SkyDog does.

17
00:00:55,542 --> 00:00:57,208
, 00:00:57:04

18
00:00:57,209 --> 00:00:59,166
, 00:00:59:03 ,We got together.

19
00:00:59,167 --> 00:01:03,082
, 00:01:03:01 ,I met you a couple of years ago and we found that we're fast friends

20
00:01:03,083 --> 00:01:05,708
, 00:01:05:16 ,and we have a lot of fun getting together

21
00:01:05,709 --> 00:01:08,249
, 00:01:08:05 ,and getting into trouble.

22
00:01:08,250 --> 00:01:09,625
, 00:01:09:14

23
00:01:09,626 --> 00:01:12,082
, 00:01:12:01 ,   Sometimes a little more than friends.

24
00:01:12,083 --> 00:01:16,998
, 00:01:16:26 ,   We weren't going to talk about that.

25
00:01:16,999 --> 00:01:27,082
, 00:01:27:01 ,I took that out of the presenter notes, dude.

26
00:01:27,083 --> 00:01:28,082
, 00:01:28:01 ,   NOAH: Sorry.

27
00:01:28,083 --> 00:01:33,041
, 00:01:33:00 ,   This is my 11th year, back in the AP days.

28
00:01:33,042 --> 00:01:34,082
, 00:01:34:01 ,Round of applause.

29
00:01:34,083 --> 00:01:35,958
, 00:01:35:22

30
00:01:35,959 --> 00:01:37,875
, 00:01:37:20 ,Everyone's a n00b.

31
00:01:37,876 --> 00:01:43,041
, 00:01:43:00 ,   NOAH: I just heard about DEF CON two weeks ago.

32
00:01:43,042 --> 00:01:43,541
, 00:01:43:12

33
00:01:43,542 --> 00:01:50,833
, 00:01:50:19 ,   SKYDOG: So I get to celebrate, ironically, at my 11th year year.

34
00:01:50,834 --> 00:01:52,875
, 00:01:52:20 ,I've actually been a goon for nine years.

35
00:01:52,876 --> 00:01:58,625
, 00:01:58:14 ,For my 11th year here I get to celebrate three firsts.

36
00:01:58,626 --> 00:01:58,917
, 00:01:58:21

37
00:01:58,918 --> 00:02:01,249
, 00:02:01:05 ,Don't worry, I haven't learned my virginity.

38
00:02:01,250 --> 00:02:06,333
, 00:02:06:07 ,   Don't worry, it will happen soon.

39
00:02:06,334 --> 00:02:08,124
, 00:02:08:02 ,   SKYDOG: I understand I have to talk to a girl, though,

40
00:02:08,125 --> 00:02:10,541
, 00:02:10:12 ,and I'm not ready for that.

41
00:02:10,542 --> 00:02:18,249
, 00:02:18:05 ,(laughter) (applause)    So the first one it was really wonderful.

42
00:02:18,250 --> 00:02:20,998
, 00:02:20:25 ,My son got to participate in DEF CON kids.

43
00:02:20,999 --> 00:02:23,166
, 00:02:23:03 ,I'm old enough now that I have offspring.

44
00:02:23,167 --> 00:02:23,541
, 00:02:23:12

45
00:02:23,542 --> 00:02:24,875
, 00:02:24:20 ,   NOAH: Cooper.

46
00:02:24,876 --> 00:02:24,998
, 00:02:24:26

47
00:02:24,999 --> 00:02:28,625
, 00:02:28:14 ,   SKYDOG: He placed fourth in social engineering and second

48
00:02:28,626 --> 00:02:30,750
, 00:02:30:17 ,in hacker jeopardy.

49
00:02:30,751 --> 00:02:40,875
, 00:02:40:20 ,(applause)    SKYDOG: My second would be my first Mohawk ever.

50
00:02:40,876 --> 00:02:43,333
, 00:02:43:07 ,I got to participate in Mohawk Con this year.

51
00:02:43,334 --> 00:02:44,999
, 00:02:44:29 ,Round of applause for those guys.

52
00:02:45,000 --> 00:02:49,166
, 00:02:49:03 ,(applause)    SKYDOG: I had to leave Vanderbilt

53
00:02:49,167 --> 00:02:52,541
, 00:02:52:12 ,to make that happen.

54
00:02:52,542 --> 00:02:54,998
, 00:02:54:26

55
00:02:54,999 --> 00:02:57,333
, 00:02:57:07 ,This is an honor.

56
00:02:57,334 --> 00:02:57,750
, 00:02:57:17

57
00:02:57,751 --> 00:03:01,416
, 00:03:01:09 ,I did find out they require you to submit a paper.

58
00:03:01,417 --> 00:03:02,082
, 00:03:02:01

59
00:03:02,083 --> 00:03:05,875
, 00:03:05:20 ,I didn't read the fine print, but here we are.

60
00:03:05,876 --> 00:03:08,833
, 00:03:08:19 ,We're talking about our live demo.

61
00:03:08,834 --> 00:03:09,333
, 00:03:09:07

62
00:03:09,334 --> 00:03:15,082
, 00:03:15:01 ,   NOAH: There is this live demo thing that maybe kind

63
00:03:15,083 --> 00:03:18,833
, 00:03:18:19 ,of discussed in the CFP.

64
00:03:18,834 --> 00:03:22,458
, 00:03:22:10 ,Well, I don't know how many people here are familiar

65
00:03:22,459 --> 00:03:26,998
, 00:03:26:26 ,with something called Matlab or R or I don't know, other letters

66
00:03:26,999 --> 00:03:29,124
, 00:03:29:02 ,of the alphabet.

67
00:03:29,125 --> 00:03:29,541
, 00:03:29:12

68
00:03:29,542 --> 00:03:31,708
, 00:03:31:16 ,Yes, what's your favorite letter?

69
00:03:31,709 --> 00:03:31,998
, 00:03:31:23

70
00:03:31,999 --> 00:03:36,917
, 00:03:36:21 ,So I didn't have a licensed copy of Matlab and went with Octave

71
00:03:36,918 --> 00:03:42,958
, 00:03:42:22 ,and got into a battle with Octave and they won and I lost.

72
00:03:42,959 --> 00:03:43,500
, 00:03:43:11

73
00:03:43,501 --> 00:03:46,249
, 00:03:46:05 ,We're doing a different kind of live demo that's sort

74
00:03:46,250 --> 00:03:49,041
, 00:03:49:00 ,of audience participation based.

75
00:03:49,042 --> 00:03:53,708
, 00:03:53:16 ,It will be really fun and everyone will get to meet people sitting

76
00:03:53,709 --> 00:03:55,583
, 00:03:55:13 ,next to you.

77
00:03:55,584 --> 00:03:58,208
, 00:03:58:04 ,It will be a fun icebreaker opportunity no, it's not.

78
00:03:58,209 --> 00:04:00,998
, 00:04:00:28 ,But it's going to be a demo that we can all participate

79
00:04:00,999 --> 00:04:03,374
, 00:04:03:08 ,in and make a point.

80
00:04:03,375 --> 00:04:04,666
, 00:04:04:15

81
00:04:04,667 --> 00:04:06,124
, 00:04:06:02 ,I hate Octave.

82
00:04:06,125 --> 00:04:07,500
, 00:04:07:11 ,I hate it.

83
00:04:07,501 --> 00:04:08,500
, 00:04:08:11 ,Ready?

84
00:04:08,501 --> 00:04:14,374
, 00:04:14:08 ,   SKYDOG: Get loose.

85
00:04:14,375 --> 00:04:15,458
, 00:04:15:10 ,Here we go.

86
00:04:15,459 --> 00:04:19,208
, 00:04:19:04 ,So our talk today is about the Dark Arts of OSINT.

87
00:04:19,209 --> 00:04:22,791
, 00:04:22:18 ,So the path we'll take, we'll talk about what is OSINT?

88
00:04:22,792 --> 00:04:22,998
, 00:04:22:27

89
00:04:22,999 --> 00:04:27,541
, 00:04:27:12 ,We're going to move on to Evan, if you call me again, I'll fucking kill you.

90
00:04:27,542 --> 00:04:27,998
, 00:04:27:23

91
00:04:27,999 --> 00:04:28,998
, 00:04:28:25 ,I swear.

92
00:04:28,999 --> 00:04:29,750
, 00:04:29:17

93
00:04:29,751 --> 00:04:32,998
, 00:04:32:25 ,Fucking kill you.

94
00:04:32,999 --> 00:04:33,998
, 00:04:33:27 ,I digress.

95
00:04:33,999 --> 00:04:35,249
, 00:04:35:05

96
00:04:35,250 --> 00:04:37,833
, 00:04:37:19 ,So we'll speak about what is OSINT.

97
00:04:37,834 --> 00:04:38,082
, 00:04:38:01

98
00:04:38,083 --> 00:04:41,458
, 00:04:41:10 ,We'll talk about some acquisition tools and techniques.

99
00:04:41,459 --> 00:04:41,750
, 00:04:41:17

100
00:04:41,751 --> 00:04:44,750
, 00:04:44:17 ,I am then going to sit down and the guy with the math background

101
00:04:44,751 --> 00:04:47,625
, 00:04:47:14 ,is going to speak with anonymizing data.

102
00:04:47,626 --> 00:04:49,208
, 00:04:49:04

103
00:04:49,209 --> 00:04:51,291
, 00:04:51:06 ,You don't remember?

104
00:04:51,292 --> 00:04:52,999
, 00:04:52:29 ,Uh huh.

105
00:04:53,000 --> 00:04:55,374
, 00:04:55:08 ,I'm going to leave the stage and Noah is going to speak

106
00:04:55,375 --> 00:04:58,583
, 00:04:58:13 ,about anonymizing and de anonymizing data.

107
00:04:58,584 --> 00:04:58,999
, 00:04:58:29

108
00:04:59,000 --> 00:05:00,875
, 00:05:00:20 ,Open source intelligence.

109
00:05:00,876 --> 00:05:05,958
, 00:05:05:22

110
00:05:05,959 --> 00:05:08,458
, 00:05:08:10 ,Thank you for putting the pause in there.

111
00:05:08,459 --> 00:05:10,998
, 00:05:10:23 ,Did you get the transitions in there?

112
00:05:10,999 --> 00:05:12,998
, 00:05:12:28 ,   NOAH: I did some.

113
00:05:12,999 --> 00:05:13,998
, 00:05:13:28 ,I forgot.

114
00:05:13,999 --> 00:05:16,625
, 00:05:16:14 ,   SKYDOG: The cool one that wipes?

115
00:05:16,626 --> 00:05:17,791
, 00:05:17:18 ,   NOAH: It dissolves.

116
00:05:17,792 --> 00:05:19,541
, 00:05:19:12 ,   SKYDOG: You pay for the dissolve.

117
00:05:19,542 --> 00:05:21,374
, 00:05:21:08 ,So what is open source intelligence?

118
00:05:21,375 --> 00:05:24,998
, 00:05:24:23 ,Essentially open source intelligence is anything out there that you can reach

119
00:05:24,999 --> 00:05:27,917
, 00:05:27:21 ,without having to be a Leo or something similar or belong

120
00:05:27,918 --> 00:05:31,999
, 00:05:31:29 ,to a large organization that requires paperwork to get to it.

121
00:05:32,000 --> 00:05:35,708
, 00:05:35:16 ,Anything you can get to online or readily available.

122
00:05:35,709 --> 00:05:35,917
, 00:05:35:21

123
00:05:35,918 --> 00:05:37,750
, 00:05:37:17 ,Why do you care?

124
00:05:37,751 --> 00:05:39,998
, 00:05:39:23 ,You had a picture taken by some jackass with a camera,

125
00:05:39,999 --> 00:05:44,208
, 00:05:44:04 ,not one of our photographers, but someone with a phone or whatever.

126
00:05:44,209 --> 00:05:44,583
, 00:05:44:13

127
00:05:44,584 --> 00:05:49,333
, 00:05:49:07 ,Guess what, you're now hooked up with open source.

128
00:05:49,334 --> 00:05:49,875
, 00:05:49:20

129
00:05:49,876 --> 00:05:51,333
, 00:05:51:07 ,The information is out there.

130
00:05:51,334 --> 00:05:52,583
, 00:05:52:13 ,You appear in a picture.

131
00:05:52,584 --> 00:05:54,833
, 00:05:54:19 ,Now it's something I can catalog and index.

132
00:05:54,834 --> 00:05:55,958
, 00:05:55:22 ,So congratulations.

133
00:05:55,959 --> 00:05:56,998
, 00:05:56:23 ,   NOAH: Prism.

134
00:05:56,999 --> 00:05:57,124
, 00:05:57:02

135
00:05:57,125 --> 00:06:00,998
, 00:06:00:23 ,   SKYDOG: Weren't going to talk about    NOAH: Sorry.

136
00:06:00,999 --> 00:06:04,875
, 00:06:04:20 ,   SKYDOG: And so how can it be optimized?

137
00:06:04,876 --> 00:06:07,082
, 00:06:07:01

138
00:06:07,083 --> 00:06:10,291
, 00:06:10:06 ,We're looking at big data sets and crunching the numbers

139
00:06:10,292 --> 00:06:13,625
, 00:06:13:14 ,and actually extracting some information some interesting

140
00:06:13,626 --> 00:06:17,958
, 00:06:17:22 ,information out of what's available, readily available.

141
00:06:17,959 --> 00:06:24,082
, 00:06:24:01 ,So OSINT comprises many things.

142
00:06:24,083 --> 00:06:27,625
, 00:06:27:14 ,One of them will be text, whether it is e mails that you sent back

143
00:06:27,626 --> 00:06:31,917
, 00:06:31:21 ,in '73 when you were talking about something bizarre?

144
00:06:31,918 --> 00:06:34,249
, 00:06:34:05 ,Did you send anything back?

145
00:06:34,250 --> 00:06:35,625
, 00:06:35:14 ,Never mind.

146
00:06:35,626 --> 00:06:39,750
, 00:06:39:17 ,I've gone back and found things I've done on forums way, way back

147
00:06:39,751 --> 00:06:43,082
, 00:06:43:01 ,in the day using a different name that I was able

148
00:06:43,083 --> 00:06:47,583
, 00:06:47:13 ,to actually find online, things that probably would have shown

149
00:06:47,584 --> 00:06:50,998
, 00:06:50:26 ,me how ignorant I was at the time.

150
00:06:50,999 --> 00:06:54,583
, 00:06:54:13 ,But anyway, you have text that's out there that could be searched for.

151
00:06:54,584 --> 00:06:56,124
, 00:06:56:02 ,You also have imagery.

152
00:06:56,125 --> 00:06:57,333
, 00:06:57:07 ,We have Facebook.

153
00:06:57,334 --> 00:06:59,416
, 00:06:59:09 ,We have appearing at DEF CON, if you don't realize it or not,

154
00:06:59,417 --> 00:07:03,998
, 00:07:03:26 ,you probably had a picture taken of you at some point in time, video.

155
00:07:03,999 --> 00:07:06,166
, 00:07:06:03

156
00:07:06,167 --> 00:07:11,998
, 00:07:11:23 ,I think last night Evan played the VR system and the robot, which

157
00:07:11,999 --> 00:07:16,082
, 00:07:16:01 ,is an absolute hoot, which will appear on YouTube

158
00:07:16,083 --> 00:07:19,875
, 00:07:19:20 ,with some captioning later on.

159
00:07:19,876 --> 00:07:21,166
, 00:07:21:03

160
00:07:21,167 --> 00:07:22,998
, 00:07:22:28 ,The Black Hat robot.

161
00:07:22,999 --> 00:07:24,082
, 00:07:24:01

162
00:07:24,083 --> 00:07:26,124
, 00:07:26:02 ,We have audio.

163
00:07:26,125 --> 00:07:28,082
, 00:07:28:01 ,The video we have here of this presentation

164
00:07:28,083 --> 00:07:31,166
, 00:07:31:03 ,is currently available on DVD later.

165
00:07:31,167 --> 00:07:31,625
, 00:07:31:14

166
00:07:31,626 --> 00:07:36,416
, 00:07:36:09 ,They also put the audio up of that so if you're not into driving and looking

167
00:07:36,417 --> 00:07:40,166
, 00:07:40:03 ,at your iPhone, you can listen to the audio.

168
00:07:40,167 --> 00:07:42,291
, 00:07:42:06 ,And then you have geospatial, which would be

169
00:07:42,292 --> 00:07:45,833
, 00:07:45:19 ,the images you take from a device that's GPS enabled

170
00:07:45,834 --> 00:07:49,999
, 00:07:49:29 ,and records your longitude and latitude and fun things like that,

171
00:07:50,000 --> 00:07:53,291
, 00:07:53:06 ,other information that doesn't always get removed

172
00:07:53,292 --> 00:07:56,666
, 00:07:56:15 ,from imagery when it's put online.

173
00:07:56,667 --> 00:07:58,291
, 00:07:58:06

174
00:07:58,292 --> 00:08:01,249
, 00:08:01:05 ,There is a certain signal to noise ratio.

175
00:08:01,250 --> 00:08:04,458
, 00:08:04:10 ,If you've been online, if you're looking for data,

176
00:08:04,459 --> 00:08:08,998
, 00:08:08:23 ,there may be some really bizarre things.

177
00:08:08,999 --> 00:08:12,291
, 00:08:12:06 ,Noah never lived in Henderson, Nevada, but for some reason my name

178
00:08:12,292 --> 00:08:15,541
, 00:08:15:12 ,and phone number are associated with them.

179
00:08:15,542 --> 00:08:15,998
, 00:08:15:24

180
00:08:15,999 --> 00:08:19,291
, 00:08:19:06 ,There are certain information out there that doesn't really fall

181
00:08:19,292 --> 00:08:21,791
, 00:08:21:18 ,into place correctly.

182
00:08:21,792 --> 00:08:24,249
, 00:08:24:05 ,You have to go through and decrease the noise

183
00:08:24,250 --> 00:08:26,998
, 00:08:26:23 ,to get the true signal.

184
00:08:26,999 --> 00:08:27,082
, 00:08:27:01

185
00:08:27,083 --> 00:08:29,998
, 00:08:29:24 ,So out of that, once you clean up enough data, you're able

186
00:08:29,999 --> 00:08:33,041
, 00:08:33:00 ,to go through and put enough things together, layer them together,

187
00:08:33,042 --> 00:08:36,583
, 00:08:36:13 ,find where the high points and the graph appear.

188
00:08:36,584 --> 00:08:36,875
, 00:08:36:20

189
00:08:36,876 --> 00:08:38,708
, 00:08:38:16 ,You will find actual data.

190
00:08:38,709 --> 00:08:40,958
, 00:08:40:22 ,Anyone in the law enforcement community,

191
00:08:40,959 --> 00:08:45,374
, 00:08:45:08 ,which I am not, anyone who is in that community realizes that when

192
00:08:45,375 --> 00:08:49,750
, 00:08:49:17 ,enough data is collected, it becomes actionable.

193
00:08:49,751 --> 00:08:51,374
, 00:08:51:08 ,Then it becomes intelligence, something that can be used

194
00:08:51,375 --> 00:08:53,458
, 00:08:53:10 ,to actually do something.

195
00:08:53,459 --> 00:08:53,875
, 00:08:53:20

196
00:08:53,876 --> 00:09:01,625
, 00:09:01:14 ,(Prism) Sorry, I got a little cough there.

197
00:09:01,626 --> 00:09:04,583
, 00:09:04:13

198
00:09:04,584 --> 00:09:05,958
, 00:09:05:22 ,Furball.

199
00:09:05,959 --> 00:09:08,998
, 00:09:08:23 ,   NOAH: No, I don't want to drink any more.

200
00:09:08,999 --> 00:09:09,333
, 00:09:09:07

201
00:09:09,334 --> 00:09:11,917
, 00:09:11:21 ,   SKYDOG: Wait until you get on stage.

202
00:09:11,918 --> 00:09:13,875
, 00:09:13:20

203
00:09:13,876 --> 00:09:17,500
, 00:09:17:11 ,Media had newspapers clippings from other parts

204
00:09:17,501 --> 00:09:21,875
, 00:09:21:20 ,of the United States write a report on it.

205
00:09:21,876 --> 00:09:24,416
, 00:09:24:09 ,We moved into the radio age.

206
00:09:24,417 --> 00:09:27,666
, 00:09:27:15 ,Things were transcribed and cataloged and indexed.

207
00:09:27,667 --> 00:09:27,917
, 00:09:27:21

208
00:09:27,918 --> 00:09:31,374
, 00:09:31:08 ,The search time on information like that was a little long, if you want

209
00:09:31,375 --> 00:09:34,500
, 00:09:34:11 ,to claim about more Oracle or mySQL.

210
00:09:34,501 --> 00:09:38,333
, 00:09:38:07

211
00:09:38,334 --> 00:09:42,750
, 00:09:42:17 ,It got compressed down to videotape and things

212
00:09:42,751 --> 00:09:45,124
, 00:09:45:02 ,of that nature.

213
00:09:45,125 --> 00:09:47,917
, 00:09:47:21 ,Like I said, I recently worked for Vanderbilt.

214
00:09:47,918 --> 00:09:50,998
, 00:09:50:25 ,They have the largest compendium of news broadcasts.

215
00:09:50,999 --> 00:09:52,998
, 00:09:52:27 ,They go back farther than anyone else.

216
00:09:52,999 --> 00:09:53,333
, 00:09:53:07

217
00:09:53,334 --> 00:09:56,998
, 00:09:56:24 ,That information can also be searched by metadata.

218
00:09:56,999 --> 00:09:57,249
, 00:09:57:05

219
00:09:57,250 --> 00:10:00,708
, 00:10:00:16 ,Of course, we're down to the Internet age where every

220
00:10:00,709 --> 00:10:04,124
, 00:10:04:02 ,jackass can get out there and dance and then put online

221
00:10:04,125 --> 00:10:07,998
, 00:10:07:24 ,their robot at a large security conference.

222
00:10:07,999 --> 00:10:09,998
, 00:10:09:28 ,That's coming back to haunt you, ass hat.

223
00:10:09,999 --> 00:10:11,249
, 00:10:11:05

224
00:10:11,250 --> 00:10:16,041
, 00:10:16:00 ,So the evolution is new sources, of course, with radio and print.

225
00:10:16,042 --> 00:10:18,998
, 00:10:18:24 ,Then we move to government repositories.

226
00:10:18,999 --> 00:10:21,750
, 00:10:21:17 ,For some reason they decided it would be a good idea

227
00:10:21,751 --> 00:10:25,208
, 00:10:25:04 ,to collect information and store it.

228
00:10:25,209 --> 00:10:26,333
, 00:10:26:07 ,Who knew?

229
00:10:26,334 --> 00:10:26,791
, 00:10:26:18

230
00:10:26,792 --> 00:10:29,998
, 00:10:29:25 ,Then you went to academic publications where

231
00:10:29,999 --> 00:10:33,625
, 00:10:33:14 ,they sorted data and put it together.

232
00:10:33,626 --> 00:10:35,791
, 00:10:35:18 ,Theoretically they anonymized it.

233
00:10:35,792 --> 00:10:35,998
, 00:10:35:23

234
00:10:35,999 --> 00:10:38,041
, 00:10:38:00 ,Now we've moved into the electronic databases where we

235
00:10:38,042 --> 00:10:40,458
, 00:10:40:10 ,know everything about you.

236
00:10:40,459 --> 00:10:41,249
, 00:10:41:05

237
00:10:41,250 --> 00:10:43,166
, 00:10:43:03 ,Those are sexy.

238
00:10:43,167 --> 00:10:43,500
, 00:10:43:11

239
00:10:43,501 --> 00:10:45,917
, 00:10:45:21 ,Those will get you laid, definitely.

240
00:10:45,918 --> 00:10:46,166
, 00:10:46:03

241
00:10:46,167 --> 00:10:49,958
, 00:10:49:22 ,So the current forms and uses of OSINT are definitely tool sets,

242
00:10:49,959 --> 00:10:53,998
, 00:10:53:26 ,websites you can go to, and of course databases you can get your

243
00:10:53,999 --> 00:10:57,998
, 00:10:57:24 ,hands onto, depending on what your flavor is.

244
00:10:57,999 --> 00:10:59,998
, 00:10:59:24

245
00:10:59,999 --> 00:11:02,082
, 00:11:02:01 ,Whoever has used Maltego?

246
00:11:02,083 --> 00:11:03,875
, 00:11:03:20 ,Show of hands.

247
00:11:03,876 --> 00:11:04,875
, 00:11:04:20 ,Cool.

248
00:11:04,876 --> 00:11:05,875
, 00:11:05:20 ,Okay.

249
00:11:05,876 --> 00:11:10,416
, 00:11:10:09 ,So Maltego is basically used you put a click.

250
00:11:10,417 --> 00:11:11,416
, 00:11:11:09 ,Yeah.

251
00:11:11,417 --> 00:11:13,291
, 00:11:13:06 ,Next time I'll let you do this, Bart.

252
00:11:13,292 --> 00:11:18,625
, 00:11:18:14 ,Maltego is used to dig down on an organization.

253
00:11:18,626 --> 00:11:20,666
, 00:11:20:15 ,You can look at whose records and DNS and IP's and e mails

254
00:11:20,667 --> 00:11:22,998
, 00:11:22:25 ,and things of that nature.

255
00:11:22,999 --> 00:11:23,875
, 00:11:23:20

256
00:11:23,876 --> 00:11:26,998
, 00:11:26:27 ,I'll have someone else come up here and stomp your ass, too.

257
00:11:26,999 --> 00:11:27,998
, 00:11:27:23

258
00:11:27,999 --> 00:11:31,917
, 00:11:31:21 ,Maltego is really good for drilling down on a company by looking

259
00:11:31,918 --> 00:11:36,998
, 00:11:36:24 ,at e mail addresses and things to compile a large amount of data.

260
00:11:36,999 --> 00:11:37,666
, 00:11:37:15

261
00:11:37,667 --> 00:11:39,791
, 00:11:39:18 ,Who has used FOCA?

262
00:11:39,792 --> 00:11:40,875
, 00:11:40:20

263
00:11:40,876 --> 00:11:44,208
, 00:11:44:04 ,If you haven't played with FOCA FOCA is a lot

264
00:11:44,209 --> 00:11:47,416
, 00:11:47:09 ,of fun basically it looks at the metadata

265
00:11:47,417 --> 00:11:51,249
, 00:11:51:05 ,in Microsoft Office documents, PDF's.

266
00:11:51,250 --> 00:11:52,998
, 00:11:52:23 ,It will do Open Office.

267
00:11:52,999 --> 00:11:55,999
, 00:11:55:29 ,It looks at the metadata in pictures.

268
00:11:56,000 --> 00:11:57,625
, 00:11:57:14 ,You can begin to compile information just

269
00:11:57,626 --> 00:12:00,791
, 00:12:00:18 ,in the hidden information in all the documents you can get

270
00:12:00,792 --> 00:12:02,208
, 00:12:02:04 ,ahold of.

271
00:12:02,209 --> 00:12:02,750
, 00:12:02:17

272
00:12:02,751 --> 00:12:05,500
, 00:12:05:11 ,Randy from accounting puts out some sort of a document and

273
00:12:05,501 --> 00:12:08,917
, 00:12:08:21 ,inside that it contains information about where it's stored

274
00:12:08,918 --> 00:12:11,458
, 00:12:11:10 ,on the local network, and it actually makes it

275
00:12:11,459 --> 00:12:14,958
, 00:12:14:22 ,to the outside world and gives me some information about how

276
00:12:14,959 --> 00:12:17,583
, 00:12:17:13 ,the interior network is built.

277
00:12:17,584 --> 00:12:20,791
, 00:12:20:18 ,So that one's a really nice fun one to play with.

278
00:12:20,792 --> 00:12:21,708
, 00:12:21:16

279
00:12:21,709 --> 00:12:22,998
, 00:12:22:28 ,SearchDiggity.

280
00:12:22,999 --> 00:12:23,249
, 00:12:23:05

281
00:12:23,250 --> 00:12:24,666
, 00:12:24:15 ,Anyone use that one?

282
00:12:24,667 --> 00:12:27,124
, 00:12:27:02 ,   NOAH: Not in my backyard.

283
00:12:27,125 --> 00:12:30,666
, 00:12:30:15 ,   SKYDOG: Do what?

284
00:12:30,667 --> 00:12:34,999
, 00:12:34:29 ,Apparently SearchDiggity isn't used as much as everyone would like.

285
00:12:35,000 --> 00:12:39,124
, 00:12:39:02 ,It basically is another form of being able to sift through data.

286
00:12:39,125 --> 00:12:44,500
, 00:12:44:11 ,It takes information from Bing and Google and compiles it

287
00:12:44,501 --> 00:12:49,166
, 00:12:49:03 ,into a nice interface to get to it.

288
00:12:49,167 --> 00:12:49,416
, 00:12:49:09

289
00:12:49,417 --> 00:12:52,416
, 00:12:52:09 ,A lot of nice pieces of software.

290
00:12:52,417 --> 00:12:52,791
, 00:12:52:18

291
00:12:52,792 --> 00:12:55,041
, 00:12:55:00 ,Anyone heard of Recorded Future?

292
00:12:55,042 --> 00:12:55,998
, 00:12:55:23

293
00:12:55,999 --> 00:12:57,416
, 00:12:57:09 ,This is one of those that makes you kind

294
00:12:57,417 --> 00:12:59,333
, 00:12:59:07 ,of cringe a little bit.

295
00:12:59,334 --> 00:13:02,166
, 00:13:02:03 ,It's a temporal analysis engine.

296
00:13:02,167 --> 00:13:02,500
, 00:13:02:11

297
00:13:02,501 --> 00:13:06,416
, 00:13:06:09 ,It forecasts and does analysis to predict future events based

298
00:13:06,417 --> 00:13:10,249
, 00:13:10:05 ,on information from social networks and patterns that

299
00:13:10,250 --> 00:13:12,333
, 00:13:12:07 ,they can find.

300
00:13:12,334 --> 00:13:14,666
, 00:13:14:15 ,They're able to go in and put some information

301
00:13:14,667 --> 00:13:17,458
, 00:13:17:10 ,in and actually determine what could possibly happen based

302
00:13:17,459 --> 00:13:20,458
, 00:13:20:10 ,on information that's flowing right now.

303
00:13:20,459 --> 00:13:22,666
, 00:13:22:15

304
00:13:22,667 --> 00:13:25,124
, 00:13:25:02 ,Of course there's Facebook.

305
00:13:25,125 --> 00:13:29,082
, 00:13:29:01 ,Who has put their music preferences on who uses Facebook?

306
00:13:29,083 --> 00:13:31,082
, 00:13:31:01 ,It's all right, we're among friends.

307
00:13:31,083 --> 00:13:32,416
, 00:13:32:09 ,You can raise your hands.

308
00:13:32,417 --> 00:13:32,875
, 00:13:32:20

309
00:13:32,876 --> 00:13:34,333
, 00:13:34:07 ,Big mistake.

310
00:13:34,334 --> 00:13:36,208
, 00:13:36:04 ,Could we get a picture of that?

311
00:13:36,209 --> 00:13:37,374
, 00:13:37:08

312
00:13:37,375 --> 00:13:41,583
, 00:13:41:13 ,So if you've put onto Facebook, hey, I like REO Speedwagon.

313
00:13:41,584 --> 00:13:44,708
, 00:13:44:16 ,For all the young guys in the crowd, that's a rocking band.

314
00:13:44,709 --> 00:13:46,998
, 00:13:46:23

315
00:13:46,999 --> 00:13:49,998
, 00:13:49:26 ,Well, I can go back in with graph search now and say, hey,

316
00:13:49,999 --> 00:13:52,998
, 00:13:52:23 ,I want to know anyone who lives in Tennessee who likes

317
00:13:52,999 --> 00:13:54,791
, 00:13:54:18 ,REO Speedwagon.

318
00:13:54,792 --> 00:13:55,041
, 00:13:55:00

319
00:13:55,042 --> 00:13:59,082
, 00:13:59:01 ,And then I can mine some data out, and I guess give you a jingle and say,

320
00:13:59,083 --> 00:14:02,082
, 00:14:02:01 ,hey, why don't you sit around and listen to records,

321
00:14:02,083 --> 00:14:05,166
, 00:14:05:03 ,at which point you would probably run.

322
00:14:05,167 --> 00:14:06,958
, 00:14:06:22

323
00:14:06,959 --> 00:14:10,124
, 00:14:10:02 ,There are things are actually being put out there now for you to be able

324
00:14:10,125 --> 00:14:13,374
, 00:14:13:08 ,to look at the data and try to grind through it.

325
00:14:13,375 --> 00:14:16,998
, 00:14:16:24 ,There are other websites, social mentions, Spokio,

326
00:14:16,999 --> 00:14:22,500
, 00:14:22:11 ,I have my own personal preferences on what to use.

327
00:14:22,501 --> 00:14:25,416
, 00:14:25:09 ,Johnny Long isn't here, but who has ever seen

328
00:14:25,417 --> 00:14:28,208
, 00:14:28:04 ,the Google hacking database?

329
00:14:28,209 --> 00:14:28,708
, 00:14:28:16

330
00:14:28,709 --> 00:14:29,917
, 00:14:29:21 ,Okay.

331
00:14:29,918 --> 00:14:33,875
, 00:14:33:20 ,So a bunch of things that people have put together.

332
00:14:33,876 --> 00:14:34,998
, 00:14:34:24 ,If you're looking for certain types of information,

333
00:14:34,999 --> 00:14:38,041
, 00:14:38:00 ,they've put query structures together for you to use.

334
00:14:38,042 --> 00:14:42,041
, 00:14:42:00

335
00:14:42,042 --> 00:14:46,541
, 00:14:46:12 ,This is what it's like to hang out with Noah and at any point in time.

336
00:14:46,542 --> 00:14:49,374
, 00:14:49:08

337
00:14:49,375 --> 00:14:53,374
, 00:14:53:08 ,Basically you have three different types of public data.

338
00:14:53,375 --> 00:14:55,124
, 00:14:55:02

339
00:14:55,125 --> 00:14:58,998
, 00:14:58:25 ,You have cooperatively provided data, which would be this is my name

340
00:14:58,999 --> 00:15:01,998
, 00:15:01:23 ,and this is what I like, which is social networking,

341
00:15:01,999 --> 00:15:04,583
, 00:15:04:13 ,it's what I put on Facebook.

342
00:15:04,584 --> 00:15:07,500
, 00:15:07:11 ,I like REO Speedwagon and Smurfs.

343
00:15:07,501 --> 00:15:14,333
, 00:15:14:07

344
00:15:14,334 --> 00:15:17,082
, 00:15:17:01 ,It's things that you put out there that your personal

345
00:15:17,083 --> 00:15:20,374
, 00:15:20:08 ,preferences or posts that you can make that can be mined to look

346
00:15:20,375 --> 00:15:23,374
, 00:15:23:08 ,at but you've willingly given it up.

347
00:15:23,375 --> 00:15:25,249
, 00:15:25:05 ,Did I say that right?

348
00:15:25,250 --> 00:15:26,249
, 00:15:26:05 ,   NOAH: Yes.

349
00:15:26,250 --> 00:15:27,249
, 00:15:27:05 ,   SKYDOG: Okay.

350
00:15:27,250 --> 00:15:28,249
, 00:15:28:05 ,Just checking.

351
00:15:28,250 --> 00:15:31,208
, 00:15:31:04 ,Things that are confidentially provided, a session ID.

352
00:15:31,209 --> 00:15:34,541
, 00:15:34:12 ,I had to log in to give that information.

353
00:15:34,542 --> 00:15:37,249
, 00:15:37:05 ,I filled out a questionnaire or survey.

354
00:15:37,250 --> 00:15:41,998
, 00:15:41:24 ,I said, "Yes, I'm more than happy to allow you to look at this information."

355
00:15:41,999 --> 00:15:44,333
, 00:15:44:07 ,I put something in there enough that it's very

356
00:15:44,334 --> 00:15:48,416
, 00:15:48:09 ,identifiable, be it my address, my phone number, my credit card,

357
00:15:48,417 --> 00:15:50,917
, 00:15:50:21 ,things of that nature.

358
00:15:50,918 --> 00:15:54,875
, 00:15:54:20 ,So you have to actually it's a site with a privacy policy where you say

359
00:15:54,876 --> 00:15:56,791
, 00:15:56:18 ,I agree to it.

360
00:15:56,792 --> 00:15:56,998
, 00:15:56:26

361
00:15:56,999 --> 00:15:59,958
, 00:15:59:22 ,So you've given that information up and you've agreed

362
00:15:59,959 --> 00:16:02,998
, 00:16:02:23 ,to their legal statement there.

363
00:16:02,999 --> 00:16:03,124
, 00:16:03:02

364
00:16:03,125 --> 00:16:05,416
, 00:16:05:09 ,Then you have the unknowingly provided

365
00:16:05,417 --> 00:16:08,958
, 00:16:08:22 ,or where did they get this from?

366
00:16:08,959 --> 00:16:12,458
, 00:16:12:10 ,It's the DMV records.

367
00:16:12,459 --> 00:16:14,082
, 00:16:14:01 ,It's other information.

368
00:16:14,083 --> 00:16:15,998
, 00:16:15:25 ,Maybe it's your medical records or how the fuck did

369
00:16:15,999 --> 00:16:18,291
, 00:16:18:06 ,they get my APGAR scores?

370
00:16:18,292 --> 00:16:19,458
, 00:16:19:10

371
00:16:19,459 --> 00:16:23,291
, 00:16:23:06 ,He was slow at birth and it never got better.

372
00:16:23,292 --> 00:16:24,833
, 00:16:24:19

373
00:16:24,834 --> 00:16:28,917
, 00:16:28:21 ,Government and academia whoever participated in something

374
00:16:28,918 --> 00:16:31,999
, 00:16:31:29 ,in college where you paid $20 for an ass probe

375
00:16:32,000 --> 00:16:34,998
, 00:16:34:24 ,or something for research.

376
00:16:34,999 --> 00:16:35,875
, 00:16:35:20

377
00:16:35,876 --> 00:16:38,541
, 00:16:38:12 ,So they take that data and they put it into a database and

378
00:16:38,542 --> 00:16:40,541
, 00:16:40:12 ,they put it online.

379
00:16:40,542 --> 00:16:43,124
, 00:16:43:02 ,Theoretically your name's not associated with it.

380
00:16:43,125 --> 00:16:47,291
, 00:16:47:06

381
00:16:47,292 --> 00:16:50,124
, 00:16:50:02 ,So who publishes these data sets?

382
00:16:50,125 --> 00:16:51,958
, 00:16:51:22 ,A lot of times it's government.

383
00:16:51,959 --> 00:16:53,998
, 00:16:53:23 ,There's academia.

384
00:16:53,999 --> 00:16:58,583
, 00:16:58:13 ,There is a commercial market for data that's been pieced together.

385
00:16:58,584 --> 00:16:59,374
, 00:16:59:08

386
00:16:59,375 --> 00:17:04,208
, 00:17:04:04 ,For a certain fee, you can go in and cruise through that data.

387
00:17:04,209 --> 00:17:04,583
, 00:17:04:13

388
00:17:04,584 --> 00:17:06,998
, 00:17:06:27 ,The more you pay, the more granular your data becomes

389
00:17:06,999 --> 00:17:09,750
, 00:17:09:17 ,and the more revealing it is.

390
00:17:09,751 --> 00:17:10,958
, 00:17:10:22

391
00:17:10,959 --> 00:17:13,875
, 00:17:13:20 ,Why are these data sets published?

392
00:17:13,876 --> 00:17:18,249
, 00:17:18:05

393
00:17:18,250 --> 00:17:20,998
, 00:17:20:24 ,For statistical analysis, we want to go back and look

394
00:17:20,999 --> 00:17:24,082
, 00:17:24:01 ,at the information and do some predictions.

395
00:17:24,083 --> 00:17:26,998
, 00:17:26:28 ,Looking for trends and patterns that are out there.

396
00:17:26,999 --> 00:17:27,333
, 00:17:27:07

397
00:17:27,334 --> 00:17:29,875
, 00:17:29:20 ,Retrospective outcomes.

398
00:17:29,876 --> 00:17:32,500
, 00:17:32:11

399
00:17:32,501 --> 00:17:37,333
, 00:17:37:07 ,We struggle trying to find the proper example of this.

400
00:17:37,334 --> 00:17:37,833
, 00:17:37:19

401
00:17:37,834 --> 00:17:42,416
, 00:17:42:09 ,We decided on which is better, Viagra or Cialis.

402
00:17:42,417 --> 00:17:42,791
, 00:17:42:18

403
00:17:42,792 --> 00:17:45,917
, 00:17:45:21 ,We look at the information and see the satisfaction I guess that's not

404
00:17:45,918 --> 00:17:47,875
, 00:17:47:20 ,the right terminology.

405
00:17:47,876 --> 00:17:49,458
, 00:17:49:10 ,   NOAH: I said Viagra.

406
00:17:49,459 --> 00:17:50,998
, 00:17:50:23

407
00:17:50,999 --> 00:17:55,291
, 00:17:55:06 ,   SKYDOG: A buddy of mine, I swear, said Cialis.

408
00:17:55,292 --> 00:17:57,750
, 00:17:57:17

409
00:17:57,751 --> 00:18:00,082
, 00:17:59:29 ,   NOAH: It was a friend of mine, too.

410
00:18:00,083 --> 00:18:01,625
, 00:18:01:14 ,   SKYDOG: No, no, it wasn't.

411
00:18:01,626 --> 00:18:02,625
, 00:18:02:14 ,   NOAH: Evan?

412
00:18:02,626 --> 00:18:03,998
, 00:18:03:27 ,   SKYDOG: Where did Evan go?

413
00:18:03,999 --> 00:18:04,998
, 00:18:04:27 ,He's hiding.

414
00:18:04,999 --> 00:18:06,082
, 00:18:06:01 ,That's good.

415
00:18:06,083 --> 00:18:10,208
, 00:18:10:04 ,So of course this information is used for decision making

416
00:18:10,209 --> 00:18:14,875
, 00:18:14:20 ,for future things, maybe it is product design or coming

417
00:18:14,876 --> 00:18:18,998
, 00:18:18:24 ,up with something new, whether it's actually going

418
00:18:18,999 --> 00:18:23,291
, 00:18:23:06 ,to be popular in any way, shape, or form.

419
00:18:23,292 --> 00:18:23,791
, 00:18:23:18

420
00:18:23,792 --> 00:18:27,998
, 00:18:27:27 ,A lot of the things that are using here, the tools on the websites,

421
00:18:27,999 --> 00:18:30,208
, 00:18:30:04 ,I don't do the math.

422
00:18:30,209 --> 00:18:30,458
, 00:18:30:10

423
00:18:30,459 --> 00:18:32,998
, 00:18:32:25 ,That's this gentleman's side of things.

424
00:18:32,999 --> 00:18:33,333
, 00:18:33:07

425
00:18:33,334 --> 00:18:36,041
, 00:18:36:00 ,Occasionally I get asked to find things.

426
00:18:36,042 --> 00:18:39,998
, 00:18:39:26 ,Who in the crowd, who finished high school?

427
00:18:39,999 --> 00:18:41,750
, 00:18:41:17 ,Show of hands.

428
00:18:41,751 --> 00:18:42,750
, 00:18:42:17 ,It's okay.

429
00:18:42,751 --> 00:18:44,166
, 00:18:44:03 ,All right.

430
00:18:44,167 --> 00:18:45,249
, 00:18:45:05 ,Who went to college?

431
00:18:45,250 --> 00:18:45,999
, 00:18:45:29

432
00:18:46,000 --> 00:18:48,124
, 00:18:48:02 ,Now, who finished college?

433
00:18:48,125 --> 00:18:48,998
, 00:18:48:23

434
00:18:48,999 --> 00:18:50,041
, 00:18:50:00 ,Okay.

435
00:18:50,042 --> 00:18:50,374
, 00:18:50:08

436
00:18:50,375 --> 00:18:52,082
, 00:18:52:01 ,This is your crowd.

437
00:18:52,083 --> 00:19:00,750
, 00:19:00:17 ,So anyway (laughter) Do you want to do that?

438
00:19:00,751 --> 00:19:01,750
, 00:19:01:17 ,No.

439
00:19:01,751 --> 00:19:05,750
, 00:19:05:17 ,So I did not finish college.

440
00:19:05,751 --> 00:19:10,082
, 00:19:10:01 ,I had a hell of a lot of fun while I was there, per my GPA,

441
00:19:10,083 --> 00:19:18,249
, 00:19:18:05 ,but what I did not learn while I was at college is what you can and can't do.

442
00:19:18,250 --> 00:19:18,791
, 00:19:18:18

443
00:19:18,792 --> 00:19:22,958
, 00:19:22:22 ,It was not taught out of me, oh, you can't do it that way.

444
00:19:22,959 --> 00:19:24,625
, 00:19:24:14 ,So I never heard that before.

445
00:19:24,626 --> 00:19:27,249
, 00:19:27:05 ,And I don't pay attention to it, so it makes it a lot easier for me

446
00:19:27,250 --> 00:19:30,666
, 00:19:30:15 ,to do some things like drill data on somebody.

447
00:19:30,667 --> 00:19:33,708
, 00:19:33:16 ,Occasionally I'll get a phone call and I'll get a couple pieces of criteria,

448
00:19:33,709 --> 00:19:35,998
, 00:19:35:26 ,and they say "find someone."

449
00:19:35,999 --> 00:19:36,124
, 00:19:36:02

450
00:19:36,125 --> 00:19:39,833
, 00:19:39:19 ,And I've become very a dept at doing that using the open source.

451
00:19:39,834 --> 00:19:43,291
, 00:19:43:06

452
00:19:43,292 --> 00:19:45,583
, 00:19:45:13 ,Is anyone staying at the Bellagio?

453
00:19:45,584 --> 00:19:47,998
, 00:19:47:26

454
00:19:47,999 --> 00:19:52,666
, 00:19:52:15 ,Cabana by the refrigerated pool.

455
00:19:52,667 --> 00:19:52,999
, 00:19:52:29

456
00:19:53,000 --> 00:19:55,541
, 00:19:55:12 ,If at any point in your lifetime you can make that

457
00:19:55,542 --> 00:19:57,917
, 00:19:57:21 ,happen, definitely do it.

458
00:19:57,918 --> 00:19:59,082
, 00:19:59:01 ,I'm in the sun.

459
00:19:59,083 --> 00:20:01,333
, 00:20:01:07 ,I've got the Mac Book Air with me.

460
00:20:01,334 --> 00:20:03,833
, 00:20:03:19 ,I'm trying to get on the shitty wireless there that doesn't

461
00:20:03,834 --> 00:20:07,625
, 00:20:07:14 ,work, and there's a gentleman to my immediate right.

462
00:20:07,626 --> 00:20:11,917
, 00:20:11:21 ,He notices I have a computer, which for all of us is the sticking point to,

463
00:20:11,918 --> 00:20:15,791
, 00:20:15:18 ,yeah, dude, my computer at home doesn't work.

464
00:20:15,792 --> 00:20:16,958
, 00:20:16:22

465
00:20:16,959 --> 00:20:19,333
, 00:20:19:07 ,Whoever has answered that question?

466
00:20:19,334 --> 00:20:19,666
, 00:20:19:15

467
00:20:19,667 --> 00:20:24,833
, 00:20:24:19 ,I'm in a swimsuit by the pool and a guy starts talking to me.

468
00:20:24,834 --> 00:20:25,833
, 00:20:25:19 ,Okay.

469
00:20:25,834 --> 00:20:26,833
, 00:20:26:19 ,I'll bite.

470
00:20:26,834 --> 00:20:27,833
, 00:20:27:19 ,No problem.

471
00:20:27,834 --> 00:20:31,416
, 00:20:31:09 ,So we start discussing China, politics, the economy, fun things like that

472
00:20:31,417 --> 00:20:34,041
, 00:20:34:00 ,to really make you happy.

473
00:20:34,042 --> 00:20:34,249
, 00:20:34:05

474
00:20:34,250 --> 00:20:36,374
, 00:20:36:08 ,We have a few drinks.

475
00:20:36,375 --> 00:20:38,999
, 00:20:38:29 ,And he says, "You know, so, you're in Vegas.

476
00:20:39,000 --> 00:20:40,666
, 00:20:40:15 ,Are you here for business or pleasure?"

477
00:20:40,667 --> 00:20:43,875
, 00:20:43:20 ,And I said, "Currently for pleasure."

478
00:20:43,876 --> 00:20:46,374
, 00:20:46:08 ,I would think that's the case if I'm by the pool.

479
00:20:46,375 --> 00:20:50,166
, 00:20:50:03 ,And he says, "So you're here for pleasure.

480
00:20:50,167 --> 00:20:51,166
, 00:20:51:03 ,That's good."

481
00:20:51,167 --> 00:20:53,416
, 00:20:53:09 ,And I said, "Well, actually, in two or three weeks I'm coming back

482
00:20:53,417 --> 00:20:58,416
, 00:20:58:09 ,out to the largest hacker conference in the United States called DEF CON."

483
00:20:58,417 --> 00:20:58,833
, 00:20:58:19

484
00:20:58,834 --> 00:21:01,374
, 00:21:01:08 ,And you could hear his asshole pucker in the seat.

485
00:21:01,375 --> 00:21:05,082
, 00:21:05:01

486
00:21:05,083 --> 00:21:07,750
, 00:21:07:17 ,(laughter) That's one of those things where who

487
00:21:07,751 --> 00:21:11,500
, 00:21:11:11 ,in the crowd hasn't had to explain what that means?

488
00:21:11,501 --> 00:21:11,791
, 00:21:11:18

489
00:21:11,792 --> 00:21:13,958
, 00:21:13:22 ,Put your hand down, ass hat.

490
00:21:13,959 --> 00:21:14,541
, 00:21:14:12

491
00:21:14,542 --> 00:21:17,998
, 00:21:17:26 ,So I began to explain what DEF CON is.

492
00:21:17,999 --> 00:21:22,166
, 00:21:22:03 ,Since we didn't have the documentary, it was very interesting

493
00:21:22,167 --> 00:21:24,998
, 00:21:24:26 ,to explain it to him.

494
00:21:24,999 --> 00:21:25,082
, 00:21:25:01

495
00:21:25,083 --> 00:21:27,082
, 00:21:27:01 ,   NOAH: It's the hearing impaired con.

496
00:21:27,083 --> 00:21:30,666
, 00:21:30:15 ,   SKYDOG: I got to explain to him what we do and why we get

497
00:21:30,667 --> 00:21:33,291
, 00:21:33:06 ,together for all that.

498
00:21:33,292 --> 00:21:33,833
, 00:21:33:19

499
00:21:33,834 --> 00:21:36,541
, 00:21:36:12 ,And then his jackass friend shows up.

500
00:21:36,542 --> 00:21:41,541
, 00:21:41:12 ,He had come to Vegas to go to the Pawn Stars place downtown.

501
00:21:41,542 --> 00:21:43,750
, 00:21:43:17 ,And he said, "Dude, I got to meet Hoss.

502
00:21:43,751 --> 00:21:48,583
, 00:21:48:13 ,Okay, let's go get a steak."

503
00:21:48,584 --> 00:21:52,166
, 00:21:52:03

504
00:21:52,167 --> 00:21:57,833
, 00:21:57:19 ,We're going to head off to get a steak at so and so place, nice meeting you.

505
00:21:57,834 --> 00:21:57,998
, 00:21:57:25

506
00:21:57,999 --> 00:21:58,998
, 00:21:58:26 ,Later.

507
00:21:58,999 --> 00:22:00,833
, 00:22:00:19

508
00:22:00,834 --> 00:22:03,917
, 00:22:03:21 ,I said your name is Brian, and your family owns

509
00:22:03,918 --> 00:22:07,998
, 00:22:07:27 ,a civil construction firm in Seattle, Washington.

510
00:22:07,999 --> 00:22:08,458
, 00:22:08:10

511
00:22:08,459 --> 00:22:11,166
, 00:22:11:03 ,And the guy says, "Yeah."

512
00:22:11,167 --> 00:22:14,166
, 00:22:14:03 ,And I said, "I'll send you an e mail to your work e mail

513
00:22:14,167 --> 00:22:16,708
, 00:22:16:16 ,within the next 48 hours."

514
00:22:16,709 --> 00:22:17,082
, 00:22:17:01

515
00:22:17,083 --> 00:22:19,208
, 00:22:19:04 ,Again, you could hear his asshole pucker.

516
00:22:19,209 --> 00:22:20,708
, 00:22:20:16

517
00:22:20,709 --> 00:22:24,291
, 00:22:24:06 ,And I said, "Don't worry, I'm gonna show you.

518
00:22:24,292 --> 00:22:26,500
, 00:22:26:11 ,I have two bits of information on you.

519
00:22:26,501 --> 00:22:28,082
, 00:22:28:01 ,I don't have your last name.

520
00:22:28,083 --> 00:22:30,998
, 00:22:30:26 ,I don't have much more than that, but I'm gonna send you an e mail

521
00:22:30,999 --> 00:22:33,750
, 00:22:33:17 ,and show you what's possible."

522
00:22:33,751 --> 00:22:34,041
, 00:22:34:00

523
00:22:34,042 --> 00:22:38,208
, 00:22:38:04 ,So we went out and had a nice dinner, went out to the pool the next day.

524
00:22:38,209 --> 00:22:41,333
, 00:22:41:07 ,At some point I thought, I got to go find Brian.

525
00:22:41,334 --> 00:22:44,166
, 00:22:44:03 ,So I sit down on the bed and fire up the laptop.

526
00:22:44,167 --> 00:22:47,708
, 00:22:47:16 ,In 45 minutes, I owned this guy.

527
00:22:47,709 --> 00:22:47,998
, 00:22:47:25

528
00:22:47,999 --> 00:22:49,708
, 00:22:49:16 ,I have where he lives.

529
00:22:49,709 --> 00:22:51,998
, 00:22:51:25 ,Pictures of his house, what he paid for.

530
00:22:51,999 --> 00:22:53,998
, 00:22:53:23 ,Pictures of all of his relatives.

531
00:22:53,999 --> 00:22:54,041
, 00:22:54:00

532
00:22:54,042 --> 00:22:56,998
, 00:22:56:23 ,I then took it upon myself to scan the exterior of his network

533
00:22:56,999 --> 00:23:00,458
, 00:23:00:10 ,and tell his system administrator you probably should change this;

534
00:23:00,459 --> 00:23:03,124
, 00:23:03:02 ,it's not good to have this open.

535
00:23:03,125 --> 00:23:03,625
, 00:23:03:14

536
00:23:03,626 --> 00:23:06,999
, 00:23:06:29 ,Brian never responded to the e mail, oddly enough.

537
00:23:07,000 --> 00:23:08,875
, 00:23:08:20

538
00:23:08,876 --> 00:23:12,082
, 00:23:12:01 ,I didn't send him an invoice.

539
00:23:12,083 --> 00:23:14,208
, 00:23:14:04 ,I did it gratis.

540
00:23:14,209 --> 00:23:17,082
, 00:23:17:01 ,But that's a good example of I had two bits of information

541
00:23:17,083 --> 00:23:18,958
, 00:23:18:22 ,on the guy.

542
00:23:18,959 --> 00:23:20,998
, 00:23:20:24 ,Fortunately, one of them was unique enough,

543
00:23:20,999 --> 00:23:23,583
, 00:23:23:13 ,it allowed me to find him.

544
00:23:23,584 --> 00:23:25,208
, 00:23:25:04 ,I was able to correlate civil construction,

545
00:23:25,209 --> 00:23:28,416
, 00:23:28:09 ,oddly enough, against the YouTube video which I was

546
00:23:28,417 --> 00:23:33,791
, 00:23:33:18 ,able to pick this guy out in, and from there just went to town on him.

547
00:23:33,792 --> 00:23:36,041
, 00:23:36:00 ,So I guess if you get an e mail from a guy that you met

548
00:23:36,042 --> 00:23:39,416
, 00:23:39:09 ,by the pool who is a hacker and he says he has a picture

549
00:23:39,417 --> 00:23:44,041
, 00:23:44:00 ,of the house from the driveway, it might be a little unnerving.

550
00:23:44,042 --> 00:23:46,999
, 00:23:46:29 ,   NOAH: Was that legal?

551
00:23:47,000 --> 00:23:51,583
, 00:23:51:13 ,   SKYDOG: I don't give a shit.

552
00:23:51,584 --> 00:23:52,625
, 00:23:52:14

553
00:23:52,626 --> 00:23:54,541
, 00:23:54:12 ,(laughter) I don't have to have a court order,

554
00:23:54,542 --> 00:23:56,998
, 00:23:56:24 ,and apparently no one else does.

555
00:23:56,999 --> 00:23:58,666
, 00:23:58:15

556
00:23:58,667 --> 00:24:01,998
, 00:24:01:23 ,(laughter) Anyhow, the open source side of it can be

557
00:24:01,999 --> 00:24:03,958
, 00:24:03:22 ,a lot of fun.

558
00:24:03,959 --> 00:24:06,500
, 00:24:06:11 ,One of the things that Noah is going to discuss is finding outliers

559
00:24:06,501 --> 00:24:07,999
, 00:24:07:29 ,in the data.

560
00:24:08,000 --> 00:24:08,249
, 00:24:08:05

561
00:24:08,250 --> 00:24:10,917
, 00:24:10:21 ,Brian had enough for me to be able to find.

562
00:24:10,918 --> 00:24:13,625
, 00:24:13:14 ,Had he said my name is John, it would probably be

563
00:24:13,626 --> 00:24:16,500
, 00:24:16:11 ,a little bit more difficult.

564
00:24:16,501 --> 00:24:24,333
, 00:24:24:07 ,If he says, yeah, I work at Starbucks, not as much of an outlier,

565
00:24:24,334 --> 00:24:32,041
, 00:24:32:00 ,but it took me about 45 minutes to track him down.

566
00:24:32,042 --> 00:24:32,291
, 00:24:32:06

567
00:24:32,292 --> 00:24:35,666
, 00:24:35:15 ,If you ever get bored and you're by the pool at Bellagio, just wait

568
00:24:35,667 --> 00:24:37,791
, 00:24:37:18 ,for someone to come by.

569
00:24:37,792 --> 00:24:38,875
, 00:24:38:20 ,It's a lot of fun.

570
00:24:38,876 --> 00:24:43,166
, 00:24:43:03 ,   NOAH: You like talking to guys at pools, don't you?

571
00:24:43,167 --> 00:24:45,999
, 00:24:45:29

572
00:24:46,000 --> 00:24:49,917
, 00:24:49:21 ,(laughter)    SKYDOG: Have you ever been given a wedgy on stage?

573
00:24:49,918 --> 00:24:51,998
, 00:24:51:24

574
00:24:51,999 --> 00:24:54,374
, 00:24:54:08 ,(laughter)    SKYDOG: You take the microphone.

575
00:24:54,375 --> 00:24:56,166
, 00:24:56:03

576
00:24:56,167 --> 00:24:58,666
, 00:24:58:15 ,   NOAH: Wow.

577
00:24:58,667 --> 00:25:00,500
, 00:25:00:11

578
00:25:00,501 --> 00:25:04,791
, 00:25:04:18 ,(laughter)    NOAH: Sky claimed that I'm gonna talk about a lot

579
00:25:04,792 --> 00:25:08,082
, 00:25:08:01 ,of things that I don't know where he got that from,

580
00:25:08,083 --> 00:25:12,082
, 00:25:12:01 ,but    SKYDOG: You were really, really drunk.

581
00:25:12,083 --> 00:25:19,208
, 00:25:19:04 ,   NOAH: I know a little bit of math, some basic addition, subtraction stuff.

582
00:25:19,209 --> 00:25:19,833
, 00:25:19:19

583
00:25:19,834 --> 00:25:22,833
, 00:25:22:19 ,I'm not going to talk about anything hard in advance,

584
00:25:22,834 --> 00:25:25,625
, 00:25:25:14 ,because that's for smart people.

585
00:25:25,626 --> 00:25:27,500
, 00:25:27:11 ,A lot of these slides hello?

586
00:25:27,501 --> 00:25:28,500
, 00:25:28:11 ,Hello?

587
00:25:28,501 --> 00:25:29,500
, 00:25:29:11 ,Where is the echo.

588
00:25:29,501 --> 00:25:32,917
, 00:25:32:21 ,I don't like that echo.

589
00:25:32,918 --> 00:25:36,041
, 00:25:36:00 ,   SKYDOG: I picked them out of other people's sets.

590
00:25:36,042 --> 00:25:37,041
, 00:25:37:00 ,Have fun.

591
00:25:37,042 --> 00:25:39,791
, 00:25:39:18 ,   NOAH: Dammit.

592
00:25:39,792 --> 00:25:40,833
, 00:25:40:19 ,Okay.

593
00:25:40,834 --> 00:25:41,166
, 00:25:41:03

594
00:25:41,167 --> 00:25:46,374
, 00:25:46:08 ,These slides are semi new to me, but I think I did make them.

595
00:25:46,375 --> 00:25:47,791
, 00:25:47:18 ,So let's go through them.

596
00:25:47,792 --> 00:25:48,998
, 00:25:48:24 ,Data science.

597
00:25:48,999 --> 00:25:52,917
, 00:25:52:21

598
00:25:52,918 --> 00:25:55,875
, 00:25:55:20 ,The science of data.

599
00:25:55,876 --> 00:25:57,958
, 00:25:57:22 ,Science has been around for a long time.

600
00:25:57,959 --> 00:25:58,166
, 00:25:58:03

601
00:25:58,167 --> 00:26:00,082
, 00:25:59:29 ,Data has been around for a long time.

602
00:26:00,083 --> 00:26:04,998
, 00:26:04:26 ,You put them together and it's (laughter) it's emerged mostly

603
00:26:04,999 --> 00:26:10,291
, 00:26:10:06 ,over the past decade to be really the real data science,

604
00:26:10,292 --> 00:26:13,500
, 00:26:13:11 ,information scientists.

605
00:26:13,501 --> 00:26:16,166
, 00:26:16:03 ,It's been the past decade kind of thing.

606
00:26:16,167 --> 00:26:16,583
, 00:26:16:13

607
00:26:16,584 --> 00:26:20,583
, 00:26:20:13 ,It sort of came out of the whole business analytics

608
00:26:20,584 --> 00:26:23,541
, 00:26:23:12 ,competitive intelligence.

609
00:26:23,542 --> 00:26:24,082
, 00:26:24:01

610
00:26:24,083 --> 00:26:26,291
, 00:26:26:06 ,Like everything else, driven by big business,

611
00:26:26,292 --> 00:26:29,999
, 00:26:29:29 ,because they're just looking out for our best interest.

612
00:26:30,000 --> 00:26:31,291
, 00:26:31:06

613
00:26:31,292 --> 00:26:38,917
, 00:26:38:21 ,So all of a sudden people who were data mining and mathematical analysis

614
00:26:38,918 --> 00:26:44,998
, 00:26:44:25 ,are very valuable to big businesses and other entities that

615
00:26:44,999 --> 00:26:49,291
, 00:26:49:06 ,like to analyze large data sets.

616
00:26:49,292 --> 00:26:49,750
, 00:26:49:17

617
00:26:49,751 --> 00:26:52,291
, 00:26:52:06 ,Are there other entities that collect lots of data?

618
00:26:52,292 --> 00:26:53,999
, 00:26:53:29 ,   SKYDOG: None that I've heard of.

619
00:26:54,000 --> 00:26:56,166
, 00:26:56:03 ,   NOAH: I haven't heard of any either.

620
00:26:56,167 --> 00:26:58,875
, 00:26:58:20 ,But I'm sure there are organizations out there that are collecting lots

621
00:26:58,876 --> 00:27:01,833
, 00:27:01:19 ,of data and doing something with this.

622
00:27:01,834 --> 00:27:02,958
, 00:27:02:22

623
00:27:02,959 --> 00:27:06,998
, 00:27:06:28 ,   SKYDOG: Purely for benevolent reasons.

624
00:27:06,999 --> 00:27:08,249
, 00:27:08:05 ,   NOAH: Yeah, exactly.

625
00:27:08,250 --> 00:27:08,458
, 00:27:08:10

626
00:27:08,459 --> 00:27:11,333
, 00:27:11:07 ,But it's mostly to enhance our shopping

627
00:27:11,334 --> 00:27:13,750
, 00:27:13:17 ,experience; right?

628
00:27:13,751 --> 00:27:17,666
, 00:27:17:15 ,Like other people who bought this also bought this.

629
00:27:17,667 --> 00:27:18,998
, 00:27:18:24

630
00:27:18,999 --> 00:27:24,625
, 00:27:24:14 ,Statistics, just you're given data, try to come up with a model, probability,

631
00:27:24,626 --> 00:27:28,998
, 00:27:28:25 ,given a model, let's try to predict the data.

632
00:27:28,999 --> 00:27:29,166
, 00:27:29:03

633
00:27:29,167 --> 00:27:30,333
, 00:27:30:07 ,Simple concept.

634
00:27:30,334 --> 00:27:31,374
, 00:27:31:08 ,Okay.

635
00:27:31,375 --> 00:27:33,541
, 00:27:33:12

636
00:27:33,542 --> 00:27:38,416
, 00:27:38:09 ,Here is a little graphic demonstrating what I just said, and it's useless.

637
00:27:38,417 --> 00:27:38,833
, 00:27:38:19

638
00:27:38,834 --> 00:27:40,249
, 00:27:40:05 ,Historic data model, ignore.

639
00:27:40,250 --> 00:27:40,999
, 00:27:40:29

640
00:27:41,000 --> 00:27:43,998
, 00:27:43:23 ,Data sources.

641
00:27:43,999 --> 00:27:44,998
, 00:27:44:24 ,Okay.

642
00:27:44,999 --> 00:27:45,124
, 00:27:45:02

643
00:27:45,125 --> 00:27:51,291
, 00:27:51:06 ,These are some random examples of readily available public data sets.

644
00:27:51,292 --> 00:27:51,998
, 00:27:51:25

645
00:27:51,999 --> 00:27:55,666
, 00:27:55:15 ,We've actually gone from, like, having database information

646
00:27:55,667 --> 00:28:00,583
, 00:28:00:13 ,to databases that are cataloging the databases of information.

647
00:28:00,584 --> 00:28:00,875
, 00:28:00:20

648
00:28:00,876 --> 00:28:03,124
, 00:28:03:02 ,It's increasing exponentially.

649
00:28:03,125 --> 00:28:04,541
, 00:28:04:12

650
00:28:04,542 --> 00:28:09,082
, 00:28:09:01 ,My favorite was Free Base I came across when I was searching

651
00:28:09,083 --> 00:28:13,998
, 00:28:13:27 ,for something else, but apparently it's a database.

652
00:28:13,999 --> 00:28:15,541
, 00:28:15:12

653
00:28:15,542 --> 00:28:17,791
, 00:28:17:18 ,(laughter) I also like Info Chimps.

654
00:28:17,792 --> 00:28:22,958
, 00:28:22:22

655
00:28:22,959 --> 00:28:24,791
, 00:28:24:18 ,Big data.

656
00:28:24,792 --> 00:28:24,998
, 00:28:24:26

657
00:28:24,999 --> 00:28:27,541
, 00:28:27:12 ,Not just any data, but big data.

658
00:28:27,542 --> 00:28:27,998
, 00:28:27:23

659
00:28:27,999 --> 00:28:31,458
, 00:28:31:10 ,Buzz word, who thinks it's a buzz word?

660
00:28:31,459 --> 00:28:35,917
, 00:28:35:21

661
00:28:35,918 --> 00:28:40,541
, 00:28:40:12 ,Some other people think it's a legitimate, real thing?

662
00:28:40,542 --> 00:28:42,208
, 00:28:42:04 ,That's cool.

663
00:28:42,209 --> 00:28:43,291
, 00:28:43:06 ,I don't judge.

664
00:28:43,292 --> 00:28:43,999
, 00:28:43:29

665
00:28:44,000 --> 00:28:47,917
, 00:28:47:21 ,Well, I don't know.

666
00:28:47,918 --> 00:28:48,333
, 00:28:48:07

667
00:28:48,334 --> 00:28:51,999
, 00:28:51:29 ,It's hard to define what that really means,

668
00:28:52,000 --> 00:28:57,249
, 00:28:57:05 ,big data, like is it big data is it in the Cloud?

669
00:28:57,250 --> 00:28:59,666
, 00:28:59:15 ,   SKYDOG: It's a large type face.

670
00:28:59,667 --> 00:29:03,208
, 00:29:03:04 ,   NOAH: What's the cutoff for being big?

671
00:29:03,209 --> 00:29:03,750
, 00:29:03:17

672
00:29:03,751 --> 00:29:05,249
, 00:29:05:05 ,8 inches?

673
00:29:05,250 --> 00:29:06,249
, 00:29:06:05 ,10 inches?

674
00:29:06,250 --> 00:29:08,833
, 00:29:08:19 ,What does it become really big?

675
00:29:08,834 --> 00:29:08,998
, 00:29:08:24

676
00:29:08,999 --> 00:29:10,875
, 00:29:10:20 ,Sky, how big is your data.

677
00:29:10,876 --> 00:29:12,082
, 00:29:12:01 ,   SKYDOG: My data is huge.

678
00:29:12,083 --> 00:29:16,291
, 00:29:16:06 ,   NOAH: I work with a very small data set,

679
00:29:16,292 --> 00:29:19,998
, 00:29:19:28 ,and I'm okay with that.

680
00:29:19,999 --> 00:29:21,082
, 00:29:21:01 ,(laughter)    SKYDOG: And at this point this

681
00:29:21,083 --> 00:29:25,833
, 00:29:25:19 ,is yet another presentation we cannot put in our portfolio for public speaking.

682
00:29:25,834 --> 00:29:27,999
, 00:29:27:29 ,   NOAH: Oh, boy, that's true.

683
00:29:28,000 --> 00:29:28,333
, 00:29:28:07

684
00:29:28,334 --> 00:29:32,958
, 00:29:32:22 ,So technically, at least what I found is that it sort of defined

685
00:29:32,959 --> 00:29:38,917
, 00:29:38:21 ,as big data incredibly large amounts of data that are being rapidly generated

686
00:29:38,918 --> 00:29:42,041
, 00:29:42:00 ,and have lots of variability.

687
00:29:42,042 --> 00:29:42,998
, 00:29:42:28

688
00:29:42,999 --> 00:29:44,333
, 00:29:44:07 ,Okay.

689
00:29:44,334 --> 00:29:44,917
, 00:29:44:21

690
00:29:44,918 --> 00:29:46,041
, 00:29:46:00 ,Sure.

691
00:29:46,042 --> 00:29:47,249
, 00:29:47:05

692
00:29:47,250 --> 00:29:50,750
, 00:29:50:17 ,But it's still big at that time.

693
00:29:50,751 --> 00:29:50,958
, 00:29:50:22

694
00:29:50,959 --> 00:29:55,333
, 00:29:55:07 ,But the interesting thing about it, from our perspective, is that

695
00:29:55,334 --> 00:30:00,249
, 00:30:00:05 ,the creation of big data has also sort of brought forth the development

696
00:30:00,250 --> 00:30:05,666
, 00:30:05:15 ,of tools to work with big data to analyze these big data sets.

697
00:30:05,667 --> 00:30:08,958
, 00:30:08:22

698
00:30:08,959 --> 00:30:12,917
, 00:30:12:21 ,All these new mathematical advanced platforms for performing all kinds

699
00:30:12,918 --> 00:30:16,875
, 00:30:16:20 ,of functions on big data, which is of interest to us.

700
00:30:16,876 --> 00:30:19,124
, 00:30:19:02 ,We're going to look at that in a few minutes.

701
00:30:19,125 --> 00:30:19,998
, 00:30:19:23

702
00:30:19,999 --> 00:30:21,041
, 00:30:21:00 ,Okay.

703
00:30:21,042 --> 00:30:22,041
, 00:30:22:00

704
00:30:22,042 --> 00:30:23,416
, 00:30:23:09 ,Terminology.

705
00:30:23,417 --> 00:30:24,291
, 00:30:24:06

706
00:30:24,292 --> 00:30:28,791
, 00:30:28:18 ,That means sort of that of defining words felt.

707
00:30:28,792 --> 00:30:32,999
, 00:30:32:29 ,   SKYDOG: We Googled it back stage.

708
00:30:33,000 --> 00:30:34,541
, 00:30:34:12 ,   NOAH: A lot of Googling.

709
00:30:34,542 --> 00:30:34,999
, 00:30:34:29

710
00:30:35,000 --> 00:30:39,249
, 00:30:39:05 ,Depending on what publication you read

711
00:30:39,250 --> 00:30:45,917
, 00:30:45:21 ,or what book, anonymization, mean the same thing.

712
00:30:45,918 --> 00:30:45,999
, 00:30:45:29

713
00:30:46,000 --> 00:30:52,124
, 00:30:52:02 ,De anonymization kind of mean the same thing.

714
00:30:52,125 --> 00:30:54,333
, 00:30:54:07

715
00:30:54,334 --> 00:30:59,374
, 00:30:59:08 ,Some groups will switch for the purposes of our talk, yeah,

716
00:30:59,375 --> 00:31:02,998
, 00:31:02:25 ,they're synonymous, but sort of antonyms,

717
00:31:02,999 --> 00:31:06,124
, 00:31:06:02 ,opposite meaning antonyms.

718
00:31:06,125 --> 00:31:10,666
, 00:31:10:15

719
00:31:10,667 --> 00:31:14,416
, 00:31:14:09 ,You reverse one of these processes, you revert to the other.

720
00:31:14,417 --> 00:31:15,583
, 00:31:15:13

721
00:31:15,584 --> 00:31:20,998
, 00:31:20:23 ,Anyone with a fifth grade background should be able to do it.

722
00:31:20,999 --> 00:31:21,666
, 00:31:21:15

723
00:31:21,667 --> 00:31:23,917
, 00:31:23:21 ,This is simple stuff.

724
00:31:23,918 --> 00:31:24,291
, 00:31:24:06

725
00:31:24,292 --> 00:31:30,583
, 00:31:30:13 ,Data, when it's initially collected, a lot of times it contains personally

726
00:31:30,584 --> 00:31:34,999
, 00:31:34:29 ,identifiable information, like Social Security number

727
00:31:35,000 --> 00:31:39,458
, 00:31:39:10 ,or address or something else, your name.

728
00:31:39,459 --> 00:31:41,583
, 00:31:41:13 ,That would be personally identifiable.

729
00:31:41,584 --> 00:31:42,082
, 00:31:42:01

730
00:31:42,083 --> 00:31:45,875
, 00:31:45:20 ,So there needs to be some kind of process that takes this data

731
00:31:45,876 --> 00:31:48,708
, 00:31:48:16 ,and makes it sort of anonymous.

732
00:31:48,709 --> 00:31:48,958
, 00:31:48:22

733
00:31:48,959 --> 00:31:50,291
, 00:31:50:06 ,I love you, too.

734
00:31:50,292 --> 00:31:52,458
, 00:31:52:10 ,Oh, what was that?

735
00:31:52,459 --> 00:31:53,082
, 00:31:53:01

736
00:31:53,083 --> 00:31:54,458
, 00:31:54:10 ,Ten.

737
00:31:54,459 --> 00:31:57,082
, 00:31:57:01 ,   SKYDOG: That was ten.

738
00:31:57,083 --> 00:31:58,082
, 00:31:58:01 ,   NOAH: Holy crap.

739
00:31:58,083 --> 00:32:00,208
, 00:32:00:04 ,Oh, dude, you took up all the damn time.

740
00:32:00,209 --> 00:32:00,458
, 00:32:00:10

741
00:32:00,459 --> 00:32:01,500
, 00:32:01:11 ,Damn.

742
00:32:01,501 --> 00:32:02,917
, 00:32:02:21 ,Wow.

743
00:32:02,918 --> 00:32:03,917
, 00:32:03:21 ,Okay.

744
00:32:03,918 --> 00:32:06,458
, 00:32:06:10 ,So we need to find a way to make this personal

745
00:32:06,459 --> 00:32:08,958
, 00:32:08:22 ,information what?

746
00:32:08,959 --> 00:32:09,998
, 00:32:09:23 ,Okay.

747
00:32:09,999 --> 00:32:10,208
, 00:32:10:04

748
00:32:10,209 --> 00:32:12,958
, 00:32:12:22 ,Make it into anonymous public data.

749
00:32:12,959 --> 00:32:14,998
, 00:32:14:24 ,So there's a couple of different ways it can be done

750
00:32:14,999 --> 00:32:18,416
, 00:32:18:09 ,in general, removing variables all together.

751
00:32:18,417 --> 00:32:23,374
, 00:32:23:08 ,A variable that actually is unique enough to be identifying

752
00:32:23,375 --> 00:32:29,374
, 00:32:29:08 ,by itself, like, you know, I've had eight kids and been in porn,

753
00:32:29,375 --> 00:32:32,416
, 00:32:32:09 ,Octomom, remove those.

754
00:32:32,417 --> 00:32:35,082
, 00:32:35:01

755
00:32:35,083 --> 00:32:39,500
, 00:32:39:11 ,Global re coding, local suppression, where re coding certain variables

756
00:32:39,501 --> 00:32:43,416
, 00:32:43:09 ,or suppression certain values in certain columns that are really

757
00:32:43,417 --> 00:32:47,208
, 00:32:47:04 ,identifiable, a whole bunch of different ways.

758
00:32:47,209 --> 00:32:48,249
, 00:32:48:05 ,Okay.

759
00:32:48,250 --> 00:32:49,958
, 00:32:49:22

760
00:32:49,959 --> 00:32:51,666
, 00:32:51:15 ,Anomyzation metrics.

761
00:32:51,667 --> 00:32:54,998
, 00:32:54:26 ,We have to look at the way we no one's data.

762
00:32:54,999 --> 00:32:55,374
, 00:32:55:08

763
00:32:55,375 --> 00:32:56,917
, 00:32:56:21 ,Is this working?

764
00:32:56,918 --> 00:33:02,625
, 00:33:02:14 ,Is it making the data anonymous or at the same time making it usable,

765
00:33:02,626 --> 00:33:08,082
, 00:33:08:01 ,the whole utility, that's a balance right there.

766
00:33:08,083 --> 00:33:13,082
, 00:33:13:01 ,So two matrix, disclosure risks, like revealing data in the public set,

767
00:33:13,083 --> 00:33:18,998
, 00:33:18:24 ,and then information retention, how utility of that data.

768
00:33:18,999 --> 00:33:21,082
, 00:33:21:01 ,So we take away all this information.

769
00:33:21,083 --> 00:33:23,249
, 00:33:23:05 ,Oh, it's anonymous, but is it still usable.

770
00:33:23,250 --> 00:33:25,124
, 00:33:25:02 ,That's a balance you have to strike.

771
00:33:25,125 --> 00:33:25,500
, 00:33:25:11

772
00:33:25,501 --> 00:33:26,666
, 00:33:26:15 ,It's a tough problem.

773
00:33:26,667 --> 00:33:26,998
, 00:33:26:26

774
00:33:26,999 --> 00:33:32,625
, 00:33:32:14 ,You want to minimize disclosure risk, maximize information retention.

775
00:33:32,626 --> 00:33:37,750
, 00:33:37:17 ,Easier said than done, but information Intropy, and not

776
00:33:37,751 --> 00:33:43,998
, 00:33:43:26 ,the entropy from thermodynamics, which I sent a long semester trying

777
00:33:43,999 --> 00:33:46,291
, 00:33:46:06 ,to go through.

778
00:33:46,292 --> 00:33:47,541
, 00:33:47:12

779
00:33:47,542 --> 00:33:50,583
, 00:33:50:13 ,Information theory, so the idea of is ten minutes.

780
00:33:50,584 --> 00:33:51,416
, 00:33:51:09

781
00:33:51,417 --> 00:33:55,041
, 00:33:55:00 ,I have like a million slides to go through.

782
00:33:55,042 --> 00:33:55,917
, 00:33:55:21

783
00:33:55,918 --> 00:34:00,082
, 00:33:59:29 ,Basically the amount of information that can be

784
00:34:00,083 --> 00:34:06,500
, 00:34:06:11 ,the number of states that can reveal the total number of possibilities

785
00:34:06,501 --> 00:34:11,124
, 00:34:11:02 ,for a given state, like the I use an eight sided die

786
00:34:11,125 --> 00:34:16,998
, 00:34:16:26 ,in an example that obviously you can roll and you get, like, one

787
00:34:16,999 --> 00:34:21,998
, 00:34:21:23 ,through eight because it's got eight sides.

788
00:34:21,999 --> 00:34:22,166
, 00:34:22:03

789
00:34:22,167 --> 00:34:26,998
, 00:34:26:24 ,Information will be three bits, yeah, so population of the world,

790
00:34:26,999 --> 00:34:31,750
, 00:34:31:17 ,let's just say 8 billion, that's like 33 bits.

791
00:34:31,751 --> 00:34:34,041
, 00:34:34:00 ,Awesome websites, 33 bits.org.

792
00:34:34,042 --> 00:34:36,541
, 00:34:36:12

793
00:34:36,542 --> 00:34:38,750
, 00:34:38:17 ,I'll cruise over.

794
00:34:38,751 --> 00:34:41,208
, 00:34:41:04

795
00:34:41,209 --> 00:34:43,958
, 00:34:43:22 ,Everyone participate in something real quick.

796
00:34:43,959 --> 00:34:46,124
, 00:34:46:02 ,We got to do something.

797
00:34:46,125 --> 00:34:47,124
, 00:34:47:02 ,Get up and dance.

798
00:34:47,125 --> 00:34:50,291
, 00:34:50:06 ,(applause) Do we have time for this?

799
00:34:50,292 --> 00:34:52,791
, 00:34:52:18 ,   SKYDOG: I think we have all the time we want.

800
00:34:52,792 --> 00:34:53,041
, 00:34:53:00

801
00:34:53,042 --> 00:34:54,791
, 00:34:54:18 ,   NOAH: You got that pull?

802
00:34:54,792 --> 00:34:59,625
, 00:34:59:14 ,   SKYDOG: I didn't do that.

803
00:34:59,626 --> 00:35:00,708
, 00:35:00:16 ,Wrong?

804
00:35:00,709 --> 00:35:03,666
, 00:35:03:15 ,Let me get the radio and get a couple of red shirts in there.

805
00:35:03,667 --> 00:35:04,998
, 00:35:04:24 ,   NOAH: We're on slide 26.

806
00:35:04,999 --> 00:35:07,875
, 00:35:07:20 ,   SKYDOG: We were gonna look at audience participation and kind

807
00:35:07,876 --> 00:35:12,583
, 00:35:12:13 ,of go through and sort people out based on some criteria.

808
00:35:12,584 --> 00:35:13,917
, 00:35:13:21 ,We can skip it, if you want, or if you want to stand

809
00:35:13,918 --> 00:35:15,750
, 00:35:15:17 ,up and raise your hand.

810
00:35:15,751 --> 00:35:18,166
, 00:35:18:03 ,Do you want to do that?

811
00:35:18,167 --> 00:35:18,416
, 00:35:18:09

812
00:35:18,417 --> 00:35:19,875
, 00:35:19:20 ,   NOAH: All right.

813
00:35:19,876 --> 00:35:20,875
, 00:35:20:20 ,Cool.

814
00:35:20,876 --> 00:35:21,875
, 00:35:21:20 ,How about this.

815
00:35:21,876 --> 00:35:22,875
, 00:35:22:20 ,First question.

816
00:35:22,876 --> 00:35:25,541
, 00:35:25:12 ,Everyone here who this is their first time attending DEF CON,

817
00:35:25,542 --> 00:35:27,625
, 00:35:27:14 ,please stand up.

818
00:35:27,626 --> 00:35:29,750
, 00:35:29:17 ,   SKYDOG: Nope, nope, nope, nope, nope.

819
00:35:29,751 --> 00:35:37,999
, 00:35:37:29 ,   NOAH: Come up with west coast, east coast or age cut off?

820
00:35:38,000 --> 00:35:39,500
, 00:35:39:11 ,   SKYDOG: Tell you what.

821
00:35:39,501 --> 00:35:44,041
, 00:35:44:00 ,Anyone from the east coast stay standing.

822
00:35:44,042 --> 00:35:45,500
, 00:35:45:11 ,Everyone else set down.

823
00:35:45,501 --> 00:35:46,666
, 00:35:46:15

824
00:35:46,667 --> 00:35:49,875
, 00:35:49:20 ,You guys paid the highest airfares, thank you very much.

825
00:35:49,876 --> 00:35:56,082
, 00:35:56:01 ,   NOAH: Anyone here from New Jersey up?

826
00:35:56,083 --> 00:35:57,249
, 00:35:57:05

827
00:35:57,250 --> 00:35:59,249
, 00:35:59:05 ,I didn't say what to do.

828
00:35:59,250 --> 00:36:00,998
, 00:36:00:28 ,I said anyone from New Jersey up?

829
00:36:00,999 --> 00:36:03,374
, 00:36:03:08 ,   SKYDOG: Simon says.

830
00:36:03,375 --> 00:36:04,917
, 00:36:04:21 ,   NOAH: No, you can sit down.

831
00:36:04,918 --> 00:36:05,917
, 00:36:05:21 ,Okay.

832
00:36:05,918 --> 00:36:09,875
, 00:36:09:20 ,   SKYDOG: Have we got seven or eight or ten people?

833
00:36:09,876 --> 00:36:10,625
, 00:36:10:14

834
00:36:10,626 --> 00:36:13,917
, 00:36:13:21 ,   NOAH: What are the states below New Jersey.

835
00:36:13,918 --> 00:36:17,082
, 00:36:17:01 ,   SKYDOG: No, no, no, I was going to say if you have a hangover.

836
00:36:17,083 --> 00:36:19,875
, 00:36:19:20 ,I guess that's not publicly data available.

837
00:36:19,876 --> 00:36:26,833
, 00:36:26:19

838
00:36:26,834 --> 00:36:28,998
, 00:36:28:28 ,If you're female, raise your hand.

839
00:36:28,999 --> 00:36:29,708
, 00:36:29:16

840
00:36:29,709 --> 00:36:31,291
, 00:36:31:06 ,Shitty data set.

841
00:36:31,292 --> 00:36:34,999
, 00:36:34:29 ,   NOAH: No, and actually, that would be the unit.

842
00:36:35,000 --> 00:36:36,041
, 00:36:36:00 ,There we go.

843
00:36:36,042 --> 00:36:37,458
, 00:36:37:10

844
00:36:37,459 --> 00:36:42,998
, 00:36:42:26 ,   SKYDOG: Say 29 years of age or younger.

845
00:36:42,999 --> 00:36:45,166
, 00:36:45:03

846
00:36:45,167 --> 00:36:49,041
, 00:36:49:00 ,All the old fucks in the room, sit down.

847
00:36:49,042 --> 00:36:50,875
, 00:36:50:20

848
00:36:50,876 --> 00:36:52,249
, 00:36:52:05 ,Oh, man.

849
00:36:52,250 --> 00:36:53,917
, 00:36:53:21

850
00:36:53,918 --> 00:36:59,833
, 00:36:59:19 ,   NOAH: Anyone living below North Carolina or South Carolina

851
00:36:59,834 --> 00:37:02,416
, 00:37:02:09 ,border sit down.

852
00:37:02,417 --> 00:37:03,249
, 00:37:03:05

853
00:37:03,250 --> 00:37:05,833
, 00:37:05:19 ,   SKYDOG: Did we do New Jersey and up?

854
00:37:05,834 --> 00:37:08,833
, 00:37:08:19 ,   NOAH: Yeah, we're now North Carolina and jersey.

855
00:37:08,834 --> 00:37:10,998
, 00:37:10:26 ,(laughter) who do we have?

856
00:37:10,999 --> 00:37:14,625
, 00:37:14:14 ,   SKYDOG: You said New Jersey and up.

857
00:37:14,626 --> 00:37:15,208
, 00:37:15:04

858
00:37:15,209 --> 00:37:17,208
, 00:37:17:04 ,You're in the upper quadrant.

859
00:37:17,209 --> 00:37:19,875
, 00:37:19:20 ,   NOAH: I don't know what the fuck I'm doing.

860
00:37:19,876 --> 00:37:21,541
, 00:37:21:12 ,   SKYDOG: We can't do male female.

861
00:37:21,542 --> 00:37:22,998
, 00:37:22:24 ,Who got laid last night?

862
00:37:22,999 --> 00:37:23,458
, 00:37:23:10

863
00:37:23,459 --> 00:37:26,124
, 00:37:26:02 ,That's bad data set, too.

864
00:37:26,125 --> 00:37:26,374
, 00:37:26:08

865
00:37:26,375 --> 00:37:30,291
, 00:37:30:06 ,(laughter)    SKYDOG: So how many people are we up to?

866
00:37:30,292 --> 00:37:31,917
, 00:37:31:21 ,Who is remaining standing?

867
00:37:31,918 --> 00:37:32,917
, 00:37:32:21 ,Count them off.

868
00:37:32,918 --> 00:37:34,708
, 00:37:34:16 ,I can't see for the lights.

869
00:37:34,709 --> 00:37:35,958
, 00:37:35:22

870
00:37:35,959 --> 00:37:38,374
, 00:37:38:08 ,How many people are in the room right now?

871
00:37:38,375 --> 00:37:40,625
, 00:37:40:14 ,7 or 8,000.

872
00:37:40,626 --> 00:37:40,998
, 00:37:40:24

873
00:37:40,999 --> 00:37:46,416
, 00:37:46:09 ,Up to that, we're down to three people remain standing.

874
00:37:46,417 --> 00:37:46,917
, 00:37:46:21

875
00:37:46,918 --> 00:37:48,124
, 00:37:48:02 ,How many questions?

876
00:37:48,125 --> 00:37:50,998
, 00:37:50:24

877
00:37:50,999 --> 00:37:52,333
, 00:37:52:07 ,Like five questions.

878
00:37:52,334 --> 00:37:55,541
, 00:37:55:12 ,   NOAH: Well, it was maybe four or five questions.

879
00:37:55,542 --> 00:38:04,541
, 00:38:04:12 ,The entropy for those questions, west coast/east coast, is one bit.

880
00:38:04,542 --> 00:38:09,625
, 00:38:09:14

881
00:38:09,626 --> 00:38:14,082
, 00:38:14:01 ,   SKYDOG: First time at DEF CON.

882
00:38:14,083 --> 00:38:16,998
, 00:38:16:24 ,   NOAH: Two bits.

883
00:38:16,999 --> 00:38:17,124
, 00:38:17:02

884
00:38:17,125 --> 00:38:23,124
, 00:38:23:02 ,   SKYDOG: Anyone above New Jersey and above?

885
00:38:23,125 --> 00:38:26,999
, 00:38:26:29 ,   NOAH: Pretty much I think all the questions were two bit.

886
00:38:27,000 --> 00:38:27,625
, 00:38:27:14

887
00:38:27,626 --> 00:38:29,541
, 00:38:29:12 ,So five.

888
00:38:29,542 --> 00:38:31,458
, 00:38:31:10

889
00:38:31,459 --> 00:38:34,958
, 00:38:34:22 ,Basically five bits of entropy and we are able

890
00:38:34,959 --> 00:38:39,958
, 00:38:39:22 ,to narrow down the population to three or four people.

891
00:38:39,959 --> 00:38:41,791
, 00:38:41:18 ,And it's all innocuous information.

892
00:38:41,792 --> 00:38:44,875
, 00:38:44:20 ,The point is that the combination of all this innocuous information can

893
00:38:44,876 --> 00:38:47,583
, 00:38:47:13 ,actually be quite identifiable.

894
00:38:47,584 --> 00:38:48,249
, 00:38:48:05

895
00:38:48,250 --> 00:38:50,583
, 00:38:50:13 ,   SKYDOG: Thank you for participating.

896
00:38:50,584 --> 00:38:52,374
, 00:38:52:08 ,A round of applause for yourselves.

897
00:38:52,375 --> 00:38:58,500
, 00:38:58:11

898
00:38:58,501 --> 00:39:01,998
, 00:39:01:25 ,   NOAH: I have 20.

899
00:39:01,999 --> 00:39:16,124
, 00:39:16:02

900
00:39:16,125 --> 00:39:20,708
, 00:39:20:16 ,Outliers, single outliers, easy to pick them up if you have them

901
00:39:20,709 --> 00:39:25,750
, 00:39:25:17 ,in combinations or set or a little bit trickier to detect.

902
00:39:25,751 --> 00:39:27,374
, 00:39:27:08 ,Mathematically possible.

903
00:39:27,375 --> 00:39:27,666
, 00:39:27:15

904
00:39:27,667 --> 00:39:30,041
, 00:39:30:00 ,Graphical example of an outlier.

905
00:39:30,042 --> 00:39:32,333
, 00:39:32:07

906
00:39:32,334 --> 00:39:37,998
, 00:39:37:27 ,Everyone here in the audience was an outlier.

907
00:39:37,999 --> 00:39:40,374
, 00:39:40:08

908
00:39:40,375 --> 00:39:41,917
, 00:39:41:21 ,Data sets.

909
00:39:41,918 --> 00:39:45,791
, 00:39:45:18

910
00:39:45,792 --> 00:39:47,666
, 00:39:47:15 ,You have sets of data.

911
00:39:47,667 --> 00:39:47,998
, 00:39:47:23

912
00:39:47,999 --> 00:39:53,249
, 00:39:53:05 ,You have set A, set B, what's the intersection there?

913
00:39:53,250 --> 00:39:53,333
, 00:39:53:07 ,A.

914
00:39:53,334 --> 00:39:54,374
, 00:39:54:08 ,Look at that A and B.

915
00:39:54,375 --> 00:39:55,998
, 00:39:55:26 ,Amazing.

916
00:39:55,999 --> 00:39:59,998
, 00:39:59:23 ,Now you add C, look what you have.

917
00:39:59,999 --> 00:40:03,041
, 00:40:03:00

918
00:40:03,042 --> 00:40:03,791
, 00:40:03:18 ,A and C, B and C.

919
00:40:03,792 --> 00:40:05,958
, 00:40:05:22 ,What do you have in the middle?

920
00:40:05,959 --> 00:40:06,208
, 00:40:06:04

921
00:40:06,209 --> 00:40:08,166
, 00:40:08:03 ,Holy crap.

922
00:40:08,167 --> 00:40:11,917
, 00:40:11:21 ,Isn't that amazing?

923
00:40:11,918 --> 00:40:15,998
, 00:40:15:27 ,(laughter)    SKYDOG: That's the math thing happening.

924
00:40:15,999 --> 00:40:18,998
, 00:40:18:28

925
00:40:18,999 --> 00:40:21,998
, 00:40:21:23 ,   NOAH: Unique variable overlap.

926
00:40:21,999 --> 00:40:26,791
, 00:40:26:18 ,You know, yeah, if you have outliers for different types of data and

927
00:40:26,792 --> 00:40:30,999
, 00:40:30:29 ,they you know what, just move on mathematical tacts

928
00:40:31,000 --> 00:40:33,708
, 00:40:33:16 ,with three minutes.

929
00:40:33,709 --> 00:40:34,998
, 00:40:34:24 ,   SKYDOG: Slow down.

930
00:40:34,999 --> 00:40:34,999
, 00:40:34:29

931
00:40:35,000 --> 00:40:37,541
, 00:40:37:12 ,Just do it.

932
00:40:37,542 --> 00:40:38,833
, 00:40:38:19 ,Who gives a shit.

933
00:40:38,834 --> 00:40:39,166
, 00:40:39:03

934
00:40:39,167 --> 00:40:40,998
, 00:40:40:25 ,I got it covered.

935
00:40:40,999 --> 00:40:41,999
, 00:40:41:29 ,   NOAH: Sweet.

936
00:40:42,000 --> 00:40:46,666
, 00:40:46:15 ,Inferential analysis, and the example of it, remember

937
00:40:46,667 --> 00:40:51,917
, 00:40:51:21 ,the targeted advertising, the teenage woman who was pregnant

938
00:40:51,918 --> 00:40:56,208
, 00:40:56:04 ,and was getting all this targeted advertising based

939
00:40:56,209 --> 00:41:00,082
, 00:40:59:29 ,on her purchasing behavior to her household,

940
00:41:00,083 --> 00:41:05,333
, 00:41:05:07 ,and then her dad was upset that she was getting targeted ads

941
00:41:05,334 --> 00:41:11,833
, 00:41:11:19 ,for Enfamil and diapers and got all pissed off at the manager.

942
00:41:11,834 --> 00:41:14,124
, 00:41:14:02 ,And she was pregnant and that's not a good way to find

943
00:41:14,125 --> 00:41:19,249
, 00:41:19:05 ,out and tell your parents you're pregnant is through targeted ads.

944
00:41:19,250 --> 00:41:20,998
, 00:41:20:24

945
00:41:20,999 --> 00:41:23,998
, 00:41:23:24 ,That's not how I'll tell my parents.

946
00:41:23,999 --> 00:41:26,998
, 00:41:26:25

947
00:41:26,999 --> 00:41:29,249
, 00:41:29:05 ,The whole Netflix, IMDb.

948
00:41:29,250 --> 00:41:30,750
, 00:41:30:17 ,You all remember that?

949
00:41:30,751 --> 00:41:31,875
, 00:41:31:20

950
00:41:31,876 --> 00:41:38,124
, 00:41:38:02 ,The census, you know they don't come to the door.

951
00:41:38,125 --> 00:41:39,958
, 00:41:39:22

952
00:41:39,959 --> 00:41:42,249
, 00:41:42:05 ,   SKYDOG: I don't answer the door.

953
00:41:42,250 --> 00:41:43,958
, 00:41:43:22 ,Me and my 12 roommates.

954
00:41:43,959 --> 00:41:44,249
, 00:41:44:05

955
00:41:44,250 --> 00:41:48,917
, 00:41:48:21 ,   NOAH: They still come to the door?

956
00:41:48,918 --> 00:41:50,999
, 00:41:50:29 ,Another reason not to answer the door.

957
00:41:51,000 --> 00:41:55,833
, 00:41:55:19 ,Actually, so a researcher in 1990, Latanya Sweeney, using

958
00:41:55,834 --> 00:42:02,998
, 00:42:02:25 ,the information from the census data, date of birth, zip code, 80 percent

959
00:42:02,999 --> 00:42:07,958
, 00:42:07:22 ,of the information was unique, based on principles

960
00:42:07,959 --> 00:42:11,124
, 00:42:11:02 ,of information entropy.

961
00:42:11,125 --> 00:42:12,082
, 00:42:12:01

962
00:42:12,083 --> 00:42:15,082
, 00:42:15:01 ,Exposed healthcare records of the governor of Massachusetts

963
00:42:15,083 --> 00:42:17,998
, 00:42:17:28 ,at the time, which is kind of funny.

964
00:42:17,999 --> 00:42:19,998
, 00:42:19:25 ,And screw you.

965
00:42:19,999 --> 00:42:23,958
, 00:42:23:22

966
00:42:23,959 --> 00:42:27,998
, 00:42:27:24 ,Zip code, there's 43,000 zip codes, birthdate 365.

967
00:42:27,999 --> 00:42:30,541
, 00:42:30:12

968
00:42:30,542 --> 00:42:34,416
, 00:42:34:09 ,Birth year, about 70 different age ranges

969
00:42:34,417 --> 00:42:41,249
, 00:42:41:05 ,of two different genders, 30 bits of entropy includes all the population

970
00:42:41,250 --> 00:42:43,291
, 00:42:43:06 ,in the U.S.

971
00:42:43,292 --> 00:42:44,333
, 00:42:44:07 ,Simple as that.

972
00:42:44,334 --> 00:42:45,208
, 00:42:45:04

973
00:42:45,209 --> 00:42:46,500
, 00:42:46:11 ,PGP.

974
00:42:46,501 --> 00:42:47,750
, 00:42:47:17 ,Ever heard of PGP?

975
00:42:47,751 --> 00:42:49,041
, 00:42:49:00 ,Personal gender project?

976
00:42:49,042 --> 00:42:49,999
, 00:42:49:29

977
00:42:50,000 --> 00:42:54,625
, 00:42:54:14 ,This is where people voluntarily submit all this genetic information

978
00:42:54,626 --> 00:42:56,750
, 00:42:56:17 ,about themselves.

979
00:42:56,751 --> 00:43:03,416
, 00:43:03:09 ,They want to correlate genotype, phenotype to learn about themselves.

980
00:43:03,417 --> 00:43:03,917
, 00:43:03:21

981
00:43:03,918 --> 00:43:05,333
, 00:43:05:07 ,Oh, dude.

982
00:43:05,334 --> 00:43:08,500
, 00:43:08:11

983
00:43:08,501 --> 00:43:10,082
, 00:43:10:01 ,Look, anyway.

984
00:43:10,083 --> 00:43:12,998
, 00:43:12:28 ,Again, this is a project gone bad.

985
00:43:12,999 --> 00:43:17,291
, 00:43:17:06 ,(laughter) No one saw that.

986
00:43:17,292 --> 00:43:19,541
, 00:43:19:12 ,That didn't happen.

987
00:43:19,542 --> 00:43:22,208
, 00:43:22:04

988
00:43:22,209 --> 00:43:23,998
, 00:43:23:26 ,Record linkage.

989
00:43:23,999 --> 00:43:26,998
, 00:43:26:24 ,   SKYDOG: This is a cool background.

990
00:43:26,999 --> 00:43:28,124
, 00:43:28:02 ,   NOAH: Take care of him.

991
00:43:28,125 --> 00:43:29,708
, 00:43:29:16 ,He's stressing me out.

992
00:43:29,709 --> 00:43:31,041
, 00:43:31:00 ,Record linkage.

993
00:43:31,042 --> 00:43:35,833
, 00:43:35:19 ,This is where you have a public data set and a private data set.

994
00:43:35,834 --> 00:43:39,124
, 00:43:39:02 ,Public data set maybe that is metadata that's publicly available

995
00:43:39,125 --> 00:43:42,750
, 00:43:42:17 ,and might have some innocuous but identifying information

996
00:43:42,751 --> 00:43:44,999
, 00:43:44:29 ,in about an individual.

997
00:43:45,000 --> 00:43:47,998
, 00:43:47:26 ,The private data said well, that's got personal information you

998
00:43:47,999 --> 00:43:50,541
, 00:43:50:12 ,don't want people to know.

999
00:43:50,542 --> 00:43:55,208
, 00:43:55:04 ,Through record linkage it's possible to actually correlate the two

1000
00:43:55,209 --> 00:43:58,124
, 00:43:58:02 ,and discover sort of these anonymous

1001
00:43:58,125 --> 00:44:02,998
, 00:44:02:23 ,or so called anonymous traits about a person by combining

1002
00:44:02,999 --> 00:44:05,374
, 00:44:05:08 ,the two data sets.

1003
00:44:05,375 --> 00:44:05,791
, 00:44:05:18

1004
00:44:05,792 --> 00:44:07,374
, 00:44:07:08 ,And I'll get to them mathematically how

1005
00:44:07,375 --> 00:44:11,625
, 00:44:11:14 ,to do that in a second, or not if I get kicked off stage.

1006
00:44:11,626 --> 00:44:12,333
, 00:44:12:07

1007
00:44:12,334 --> 00:44:13,666
, 00:44:13:15 ,All right.

1008
00:44:13,667 --> 00:44:15,082
, 00:44:15:01 ,Flying through these slides.

1009
00:44:15,083 --> 00:44:16,082
, 00:44:16:01 ,Vectors.

1010
00:44:16,083 --> 00:44:18,249
, 00:44:18:05 ,This is where you get into the math.

1011
00:44:18,250 --> 00:44:18,541
, 00:44:18:12

1012
00:44:18,542 --> 00:44:23,583
, 00:44:23:13 ,So either go to sleep or those anyone math torn?

1013
00:44:23,584 --> 00:44:23,998
, 00:44:23:26

1014
00:44:23,999 --> 00:44:24,998
, 00:44:24:27 ,Okay.

1015
00:44:24,999 --> 00:44:25,500
, 00:44:25:11

1016
00:44:25,501 --> 00:44:29,625
, 00:44:29:14 ,Your data points now become a vector.

1017
00:44:29,626 --> 00:44:33,041
, 00:44:33:00 ,Your record, attributes, yeah, boom.

1018
00:44:33,042 --> 00:44:33,291
, 00:44:33:06

1019
00:44:33,292 --> 00:44:34,500
, 00:44:34:11 ,Okay.

1020
00:44:34,501 --> 00:44:36,833
, 00:44:36:19 ,We're now with the dealing with vector math.

1021
00:44:36,834 --> 00:44:38,541
, 00:44:38:12 ,Take it one step further.

1022
00:44:38,542 --> 00:44:45,583
, 00:44:45:13 ,The whole database is a matricy, boom, records people attributes database.

1023
00:44:45,584 --> 00:44:45,958
, 00:44:45:22

1024
00:44:45,959 --> 00:44:46,998
, 00:44:46:23 ,Cool.

1025
00:44:46,999 --> 00:44:46,999
, 00:44:46:29

1026
00:44:47,000 --> 00:44:53,998
, 00:44:53:24 ,Again we now can apply matrices math, inversions, and dot products,

1027
00:44:53,999 --> 00:44:58,999
, 00:44:58:29 ,all kinds of wonderful things like that.

1028
00:44:59,000 --> 00:45:02,124
, 00:45:02:02 ,Actually, so a cosign similarity, measuring the angular differences,

1029
00:45:02,125 --> 00:45:04,791
, 00:45:04:18 ,math, math, math, math, math.

1030
00:45:04,792 --> 00:45:12,374
, 00:45:12:08

1031
00:45:12,375 --> 00:45:15,998
, 00:45:15:27 ,One thing we did was the actual mathematical formula

1032
00:45:15,999 --> 00:45:20,374
, 00:45:20:08 ,for the similarity functioning, in case anyone wants to try it

1033
00:45:20,375 --> 00:45:24,998
, 00:45:24:25 ,at home or see me after class and we'll discuss it.

1034
00:45:24,999 --> 00:45:25,998
, 00:45:25:25 ,Yeah.

1035
00:45:25,999 --> 00:45:28,291
, 00:45:28:06 ,Then diagrams, this is really cool.

1036
00:45:28,292 --> 00:45:33,458
, 00:45:33:10 ,So to be able to visually to understand and identify overlapping

1037
00:45:33,459 --> 00:45:37,333
, 00:45:37:07 ,data sets, you have two at that time sets, A, B,

1038
00:45:37,334 --> 00:45:41,208
, 00:45:41:04 ,multiple variables that were in common that were

1039
00:45:41,209 --> 00:45:44,708
, 00:45:44:16 ,the same descriptive traits.

1040
00:45:44,709 --> 00:45:47,041
, 00:45:47:00 ,Looked at the intersections of them.

1041
00:45:47,042 --> 00:45:47,998
, 00:45:47:23

1042
00:45:47,999 --> 00:45:51,917
, 00:45:51:21 ,Noted here by these little lines across.

1043
00:45:51,918 --> 00:45:52,917
, 00:45:52:21 ,Okay.

1044
00:45:52,918 --> 00:45:57,041
, 00:45:57:00 ,So these data sets independent descriptive variables in common.

1045
00:45:57,042 --> 00:46:03,833
, 00:46:03:19 ,Then we take those little sections that are in common and we VIN the VINs

1046
00:46:03,834 --> 00:46:05,833
, 00:46:05:19 ,as we say.

1047
00:46:05,834 --> 00:46:10,583
, 00:46:10:13 ,So take those and watch this.

1048
00:46:10,584 --> 00:46:12,333
, 00:46:12:07 ,Bam, bam, bam, bam!

1049
00:46:12,334 --> 00:46:12,750
, 00:46:12:17

1050
00:46:12,751 --> 00:46:14,124
, 00:46:14:02 ,Look at that.

1051
00:46:14,125 --> 00:46:17,249
, 00:46:17:05 ,And then based on that we can actually now actually

1052
00:46:17,250 --> 00:46:21,458
, 00:46:21:10 ,the subspace defined by that area is the intersection

1053
00:46:21,459 --> 00:46:25,750
, 00:46:25:17 ,of all of these groups and actually identifies records

1054
00:46:25,751 --> 00:46:32,998
, 00:46:32:25 ,for which all attributes are identical and actually identifies an actual person.

1055
00:46:32,999 --> 00:46:33,291
, 00:46:33:06

1056
00:46:33,292 --> 00:46:36,625
, 00:46:36:14 ,(laughter) Wait.

1057
00:46:36,626 --> 00:46:37,998
, 00:46:37:24

1058
00:46:37,999 --> 00:46:39,082
, 00:46:39:01 ,Okay.

1059
00:46:39,083 --> 00:46:41,041
, 00:46:41:00

1060
00:46:41,042 --> 00:46:44,249
, 00:46:44:05 ,In summation, the dark side of OSINT.

1061
00:46:44,250 --> 00:46:46,999
, 00:46:46:29

1062
00:46:47,000 --> 00:46:50,708
, 00:46:50:16 ,So big data, big problem, big data.

1063
00:46:50,709 --> 00:46:54,416
, 00:46:54:09 ,Lots of tools are being used for analysis and visualization.

1064
00:46:54,417 --> 00:46:57,998
, 00:46:57:24 ,More data sets are being developed and this is the mathematical attacks are

1065
00:46:57,999 --> 00:47:00,998
, 00:47:00:23 ,going to become easier and easier.

1066
00:47:00,999 --> 00:47:04,998
, 00:47:04:28 ,It's another weapon for social engineering tool kits.

1067
00:47:04,999 --> 00:47:07,082
, 00:47:07:01 ,This is information about individuals that we'll able

1068
00:47:07,083 --> 00:47:10,998
, 00:47:10:24 ,to ascertain and they're not going to be aware of it.

1069
00:47:10,999 --> 00:47:14,291
, 00:47:14:06 ,And they're not voluntarily giving this information, but it's going

1070
00:47:14,292 --> 00:47:17,082
, 00:47:17:01 ,to be actually sort of reidentified about them

1071
00:47:17,083 --> 00:47:19,998
, 00:47:19:26 ,from these anonymous data sets.

1072
00:47:19,999 --> 00:47:20,458
, 00:47:20:10

1073
00:47:20,459 --> 00:47:23,208
, 00:47:23:04 ,So cool for us, bad for them.

1074
00:47:23,209 --> 00:47:24,249
, 00:47:24:05

1075
00:47:24,250 --> 00:47:27,124
, 00:47:27:02 ,What can we do to defend against the dark arts?

1076
00:47:27,125 --> 00:47:27,875
, 00:47:27:20

1077
00:47:27,876 --> 00:47:30,999
, 00:47:30:29 ,(laughter) Proper sanitization methods.

1078
00:47:31,000 --> 00:47:34,875
, 00:47:34:20 ,There are not there's no way there's no standards

1079
00:47:34,876 --> 00:47:42,041
, 00:47:42:00 ,to actually implement anonymizing matrix but provide true anonymity.

1080
00:47:42,042 --> 00:47:46,791
, 00:47:46:18

1081
00:47:46,792 --> 00:47:48,999
, 00:47:48:29 ,We need access controls or my recommendation

1082
00:47:49,000 --> 00:47:52,583
, 00:47:52:13 ,is to falsify everything and just make shit up.

1083
00:47:52,584 --> 00:47:54,998
, 00:47:54:23 ,So that's what I would do.

1084
00:47:54,999 --> 00:47:58,833
, 00:47:58:19 ,(applause) In conclusion yeah.

1085
00:47:58,834 --> 00:48:05,998
, 00:48:05:26 ,(applause)    SKYDOG: Questions and answers will be handled at the bar.

1086
00:48:05,999 --> 00:48:06,082
, 00:48:06:01

1087
00:48:06,083 --> 00:48:07,416
, 00:48:07:09 ,You guys are buying!

1088
00:48:07,417 --> 00:48:10,208
, 00:48:10:04 ,   Ladies and gentlemen, the full presentation will be scene

1089
00:48:10,209 --> 00:48:12,998
, 00:48:12:28 ,at SkyDog comma little later.

1090
00:48:12,999 --> 00:48:14,833
, 00:48:14:19

1091
00:48:14,834 --> 00:48:19,750
, 00:48:19:17 ,Thank you for the speaker for letting us go a little long.

1092
00:48:19,751 --> 00:48:23,998
, 00:48:23:24 ,   How can we take out SkyDog and his buddy?

1093
00:48:23,999 --> 00:48:24,791
, 00:48:24:18 ,   Head to the chillout cafe for question and answer

1094
00:48:24,792 --> 00:48:26,625
, 00:48:26:14 ,and more elucidation on the slides.

1095
00:48:26,626 --> 00:48:27,510
, 00:48:31:14