So my name is Ken Westin, so today I'm going to be talking about being a professional cyber stalker. I found a company called Gadget Track, kind of fell into it. I was sort of a reluctant hacker and CEO, and I actually learned quite a bit along the way. My basic -- I basically started developing step recovery tools to help recover stolen devices. Kind of got into also the investigation side because law enforcement needed a lot of help, and I'll kind of talk about some of those challenges and things I learned along the way. So I've actually assisted law enforcement with a number of investigations, not just with the tools I developed. A lot of times, they would come to me for other debt recovery tools, and -- or other data they may have, and I'll kind of talk about that too, how to harvest information from social media on other sources as well. I'm not with -- currently senior security analyst at Tripwire. Catching a different type of criminal, dealing with different types of data, but I still -- still get to keep involved in some of this stuff with some of the investigations. So for those of you, hard core justice porn, this is my wall of shame. These are actual cases I've been involved with. You'll see a lot of photos taken by web cameras. I blur their faces out to protect the guilty. And some of these folks actually recovered devices for -- we didn't have photos of them from the web camera. So it's interesting, more than half the time, when I we want to go recover a device the people would go in and they would -- the police would go in. They would find other crimes. A lot of times fencing operations, drugs, people had warrants for other crimes. Even got involved with a very violent carjacking, laptop sort of served as trojan to help us identify and find the people involved. And also, you know, by basically trojanizing devices, it becomes a trojan providing visibility into these larger criminal enterprises. I'll go into detail throughout the presentation. That being said, you can probably imagine some of the work I do. It doesn't have its critics. It's -- folks who don't quite understand the intention or background of the tools. The fact, incredibly -- tools that are much more invasive that are available, nefarious things, rats, malware out there, that people can use if they want to spy on someone. During the process of developing the tools, I was very concerned how the tools might be used, and also concerned about privacy. Actually, investigating some of the other -- recovery tools that were out there, a lot of them had back doors into the systems. They would actually gather more data than they really needed. And so I tried to develop a tool that was both useful for law enforcement investigations but also balance the privacy implications as well. So I also found mobile devices in particular that applications gather a lot more information than what I did, and I'll talk a little bit about that. A lot of things that marketing applications do more scary than some of the information I would gather for theft recovery purposes. I got started with this when I -- when I was working for a company. Specializing in blocking USB devices, a long time ago, 2008, 2008. Exposure security, server administrator, trying to secure ebb with servers -- web servers and managing websites and I got really interested in how these USB-based tools were being used to compromise networks. You know, hacking is hard. Trying to access a network from outside is very difficult. But being a lazy hacker, you know, using USB devices to compromise a system or steal data a lot easier so I started working with these tools and created a website called USBhacks. Some of the cools the community was developing. Started working with some of these myself and it was really interesting. I started getting some interesting inquiries from both sides of the law, first time the FBI gave me a little call. But I think once they understood my intentions, that this was more about raising awareness, but at that time nobody was actually talking about this or providing these tools, and now you know, they -- at least they had those tools to play with, so other administrators can actually test their networks to see how it would react to these particular tools. A lot of researchers actually still ask for those tools, so actually put the URL there just below the title, so if you want to download those, just be careful. Those should be picked up by antivirus, but you can still modify some of the scripts and it will still work. So you know, after I brought it down, I thought about, what if I was able to utilize these tools and actually make them more friendly, right? So instead of taking a trojan and -- damage, what if we turn that into a happy trojan? Right? So you know, the idea, very similar, is that, you know, you plug in a flash drive, utilize auto run capability, you run a binary, and you're able to gather a lot of information. And you know, you can do a lot where you can grab -- you can grab all the stuff but for theft recovery purposes, I figure, IP address, internal network address. We can do some geolocation, just off the IP, so we know what city they're in. But the more useful information was the computer name and then the username of the person that actually is -- is using that system. And through that, I launch this as a free tool. It was actually part of my master's degree, the system I built, and I put it out there for free. I just kind of curious if people would be interested in this. I got on the home page of dig and it got dug to death, 20,000 people registered over the course of two to three days and as you can imagine, this was all coming to a central server, so it actually -- you can actually activate tracking, remotely. And then when the device gets connected, it will then send data to the owner. So I was able to harvest a lot of information about the devices that this was working with, and far beyond USB devices. I found it was working with external hard drives, GPS devices, because that's how you update the maps at the time. It worked with -- also the iPods, so didn't have the right software all the time and you plug in, one of these iPods and you access it, it would get triggered as well, which was pretty interesting. I've gone ahead, and put the actual USB client source code, at least one version of it, up here, so you guys get the slides or you want to download it, it's in C++. But then here's the auto run capability, right? A massive vulnerability that Microsoft put out there and it's still present today. You know, you'll even see a systems that are vulnerable in industrial environments on health care, still going to be running Windows XP and still vulnerable to these types of attacks and I'll kind of show examples of that too. You think -- we would have learned by now that USB devices are -- are bad, but even Black Hat this year, a lot of people they scattered a bunch of flash drives out, hacked into it and had data stolen from systems. I'm not sure innocent bystanders, hopefully it wasn't any of you guys. If it was one of you, get the hell out. The trouble with getting the IP address, we talk about attribution, this attack came from China. Well, you know, IP address, you know, it's very, very difficult to -- to use for attribution. One thing I found, law enforcement don't like paperwork, don't like doing a lot of work. So when you're dealing with IP addresses, they have to do a lot of filing, they have to go through to get a court order, to get that information from an ISP. Some of this process can take anywhere from two weeks to three months, it depends on who you're dealing with. It also doesn't -- it's not identity. It doesn't put the person in front of the computer. So you can go and you can recover that, and it's, like, yeah, that wasn't me. I don't know what you're talking about. Also, you know, it can help with probable cause, but it's increasingly becoming a challenge to use IP address for probable cause. Not accurate as well. Nowadays, mobile hot spots. People at Starbucks, things like that. IP address really isn't working very well and in general takes a really long time. When you're trying to recover a stolen device, it's a major hassle because time is of the essence, especially when these devices are getting fenced. So with this, though, I had the first -- first that I know, the first iPod recovery, it wasn't from IP address. I was getting a lot of these things where a lot of kids were installing on iPods and it was easy because a lot of times these kids would still it and they would go home and they would plug it in, and then it would be the -- like the family, only one kid that had that last name. So the school was able to actually get the iPod back for those kids, so -- it was kind of fun. And I think it was cool too, this time we did this, is this the idea you steal something it can be tracked. So I like to think maybe that had a little bit of an impact on people's wanting to steal these devices. And also through this process, when I learned, all the devices working with, I found it was working with these high end thermal imaging cameras. Approached by a company to develop a custom agent for them where we actually would use this to protect these devices around 3,000 to $300,000 thermal imaging devices. So it was a very similar process. The one thing with this was, they actually wrote the images to an SD card, so, what if someone takes out the SD card? We wrote some custom code in the firmware, puts in a new SD card it will actually write a new agent backed to the SD card, so even if you put a new one in, it's going to block it. What's really interesting too is that they weren't just concerned about theft recovery but also these devices, controlled, and they were finding some of these devices in countries where they shouldn't be. That was another sort of additional measures that they wanted to take. So if one of these cameras ended up somewhere, was connected to a computer in Iran, for example, they would be able to map that back to the resaler who sold it. I -- who sold it. I disguised as a thermal image of a cat. Meow. So this is actually some stuff I was working. Never actually released it. I was looking how to do similar things with -- with OSX. You don't have the auto run capability but you can still trick people. One of the big vulnerabilities I like to exploit is greed and stupidity. But I found some things that were really interesting, is that you know using Apple script, why Apple script? Why not objective C in first I'm a shitty programmer and two, Apple script is trusted. It has a lot of interfaces with a lot of other applications, so if you're targeting an Apple system, you know it's going to have iTunes and interface with this, so I can -- and that's -- leverage. So one thing I found too was that, you know, Apple is a little tricky. It's kind of tiny, you guys can't see that. I disguise the trojan as MP3 file. What's interesting with OSX, if you try to put like a .MP3 on an app, it will throw a .app at the end of it. So they know it's an application. The first rule was to try to trick that, and use what's called a homo glip, looks like a period and Turkish character, if you put that in there instead, it won't throw on the end and looks like a .MP3. I have a demo with this too, I'll try to do at the end if I have time. Further, you can disguise the icon, pretty simple. And I've actually put some of this code up. I'm going to go through some bits of it. There's an object where you can get system nervous. There's also another one you can get where you can get all the applications that are currently running, which is cool. You can then write scripts. They will then interface with those applications and try to steal data. The biggest one was, I was trying to exfiltrate data. Sure you can do things with shell scripts and what not, but sometimes that will throw errors or alerts. So what I did, I just -- I found a way to actually exfiltrate data through iTunes. So I will grab all that data I want and coding I do. Included in the URL here, GitHub page. Full script. And then I'll pass it out through iTunes. So -- and then, iTunes, actually will stream MP3. So you think you're listening to some music while in the background, we're doing some bad stuff. What's neat too, you can actually do shell scripts from Apple script, which is great. I'm not sure if you saw the new -- vulnerability, I threw that in there. Be careful if you run on your system. It's not on the one on GitHub but still review the code, please. I don't want to get in trouble. So -- so you know, USB is still -- it's still an attack vector. Still a threat. You know, we saw that with Stuxnet. We've seen with USB malware. International Space Station. UP power plants actually had -- were infiltrated with employee, accidentally bringing USB sticks. A lot of those systems are still running vulnerable versions of Window, pretty much all now. We saw this again here a Black Hat. Still is a threat. So kind of moving on. You know, IP address. You know, that's a one piece of information, but a lot of times you're going to need a lot of other data. This is a crazy wall, you've seen this in all the CSI shows, trying to track a murder. They have all the evidence and they put these lines, right? And that's kind of the thought process that I follow as well. Tools that make this a lot easier nowadays are Maltego, automates a lot of that process. I'm not sure if you've used it, a pretty great tool and you can actually write all the custom transforms to do all of this work. But basically, I had a case where I was -- flash drive, give you an example. We were able to get the initial IP address, and it was a weird username too. It wasn't something that would actually identify a person, and we mapped the -- and AT & T subscriber. AT & T is going to take three months to track it down and the flash drive, from a professor, and he had some research data on it. But it was still hard to convince law enforcement to use their resources to track the down. But we did start getting connections from a university, and specific computer lab. So that was useful. Because we also get the internal network information, which is useful, so we went to the university IT Department, their campus security and we found that, yeah, so we got a time stamp. We have an internal address, but these are guest computers, so not a student ID when log in, so still not able to get the specific person but I started asking questions, what other data sources do we have here, and come to find out, you have to swipe your student ID card to get in, and so they have logs there, right? So we're able to access those logs. We -- time stamp. Now we have a list of who is in the actual room. Also, a year before, systems actually stolen out of that lab, and so they actually had cameras as well. What's really cool a lot of people don't realize, a lot of these cameras, when actually store the data, also a log file that gets generated so able to correlate that time stamp as well to identify who specifically was in that room and they were able to use this information, found out who it was. You know, had professor, as well as the campus security outside of the guy's classroom the next and he got his device back. All of his information was still there. Yay. So after working with USB devices, I wanted to find ways of, you know, looking how to recover more expensive devices like laptops. I looked at a lot of existing tools and relied heavily on the IP address. As I mentioned before, it takes a lot of time. Some of them -- actually they'll utilize more invasive techniques as well, open up back door to the system, recovery teams that can deploy that. They can install key -- and other things like that, which I found not to be overly intrusive and makes the system more vulnerable. Stuff in the firmware and muck with that, a lot of risks. We don't need to go to that extreme. I think there's other ways of going about it, recovering devices. So I combined utilizing the web camera, and with Wi-Fi-based location. A company already doing the web camera on the MAC, but no one was utilizing Wi-Fi location, this is where I -- when the first iPhone came out, was using. I worked with Skyhook, got that deployed for this. So able to get geolocation, able to get camera information, so this was sort of a game changer, especially for law enforcement. Some challenges with it. The way it worked, you would activate tracking on a remote server, the device would check in to see if it's been stolen, if it's been flagged, supposed to start on gathering evidence and a lot of things to trigger. Moved to new network, IP address changed, log in event. Pretty smart. Would know if it changed location, that it would also check in. And so it would then send information, and at the time I didn't want to manage a server, especially with photos and things like that, so we just had a -- had it go director into Flickr. You register your Flickr account, that way you have control of all your data. You don't have to worry about a third party accessing your information. Or activating your camera and spying on you. I don't trust myself. So laptop would connect, it would get location from Wi-Fi, it would capture photos, and it would do this every 30 minutes and it would do it very quickly, so the green light, it would be just like a blip. You wouldn't even notice it was on. So for location, use Skyhook wireless, a great service. But now geolocation is embedded in all the operating systems, APIs for it, and pretty much every major -- laptop as well as mobile operating systems. You can also get location from the Google map API, here's kind of -- how to go about doing that. So if you want to write your own scripts to track your devices, that's a good way to go. So the first recovery I had was actually with this tool was in New York. A -- I had to work with a New York police officer who was kind of an A hole. He -- he was basically saying -- he was really frustrated, he had to deal with these types of tools before and all pissed off because he's going to have to deal with paperwork. I'm, like, no, you're fine. The location is within ten to 20 meters. He goes, okay, what's that mean? Print out a photo of the guy, go to that location, ask around. He's, like, don't tell me how to do my job, right? [ Laughter ] But then -- and then he did. Right. And they go in, and it was this owner of a tattoo parlor, and if you look at the photo in the background, you're going to see a lot of cool toys. So there's a nice big-screened TV, there's all sorts of cool synthesizers, all kinds of audio equipment and when the police finally went in there, they found the customers, it was an iMac, and they also found three laptops from different cases, and a lot of other stolen property. So this is one of those examples where you trojanize an app and then the trojan app is sort of -- sort of unveils all these different crimes being committed. That one I said we had a 300% recovery rate because the other laptops were recovered. So another case we had was in Portland, Oregon, where I live, there was a group that was repeatedly breaking into schools. So they were targeting a bunch of Portland schools, they would go in and kept stealing laptops. What was really frustrating, they would do this continuously. They would go in, they would steal the laptops. District go and replace laptops, a week later they would come back this and steal again. It was really -- it was, like -- it was like four or five different schools this kept happening to. I approached them, I said, hey, I got an idea. So we deployed this software to a bunch of date laptops and left them out. We didn't put in locked cabinets, let them out there. A week later, got ripped off. So we got the network information, and this was a bit of a challenge. We're getting some photos, and we actually got it to a house that was in Vancouver, Washington, so that's the next state over, right next to Portland. And we got the location to this one -- one particular neighborhood. And again, the location is within ten to 20 meters, so I told them about this, and gave the information, and the detective working on it, he goes there and he thinks it's an exact location. He goes to this one -- it's a duplex and he goes to one side of it and the guy that answers the door, he knows him. It's the guy that works on his roof. He's all pissed off at me, you guys don't know what the hell you're doing. So I was pissed off so I drove out there, and I started actually looking at the wireless. A little street there, I pulled in. And pulled out my laptop and I started looking at the wireless networks in area, make sure accurate. Wireless network, Russia, and I look over and right next to -- on the other side of the duplex there's a car and there's this big, like, Russian pride bumper sticker on the car. And then look in there, girl comes out, starts watching the car. The guy we have a photo of walks out. Oh, shit. He looks at me -- on my laptop, right, like I'm lost. I called the detective and they came out and then finally they -- they were able to continue the investigation. What's interesting with this, they never actually told software was involved in their case. I was an anonymous source, and they ended up arresting six to seven people that were in this case. It was an organized group. They were stealing a lot of other property as well. Some of them were pretty bad dudes, and they got them to think that they'd all ratted on each other. So it was kind of cool. So for some reason, there's a lot of sort of -- these Russian guys that are involved in stealing property in Oregon. I was involved in another case where the laptop was stolen and we didn't get anything for like, two weeks. I'm, like, oh, man, they reformatted the hard drive or something, right? I tracked -- starting getting -- in Missouri, of all places. I'm, like, how the hell did that happen, right? We're getting this, and a guy named Victor, and he -- who was nice enough to change the username on the computer to his full name. Nice of him to do. Really trying to help us out. But I had photos from everywhere. The first one we had, McDonald's. And then at one point he was in a hotel. That was really shady, a girl behind him. Something going on there. But I was able to find -- yeah, I found his Myspace profile, and I was really -- noticed he's into Scion. Car nut. He has a bunch of posts on a lot of different forums on Scion showing off car. He gave me his license plate number. He was also a big eBay seller, he was selling -- he had a store, selling all kinds of car parts. Kind of tell what kind of business he was involved in. And then he was nice too -- not so nice, he sold stolen laptop to his friend, O'Mar, as well as stolen bike. What happened when police went in, the first time we worked with district attorney, he said you guys have given us enough evidence, even if he doesn't have the laptop, we can bust him for possession of stolen property. That was kind of interesting, start making case law. But they -- what was happening is that there's a Russian group that was here in Portland. They would steal a bunch of property. Load it into this big white van and another Russian group in Missouri, and they would swap stolen property. Where's the first place you're going to look when your laptop gets stolen? Craigslist, right. So they're kind of smart there. Not that smart. We got them. Oh, yeah, and Victor too. It was actually his dad who was involved -- it was a birthday present. So his dad, nice guy, gave him a stolen laptop for his birthday. Now he has a criminal record. Thanks, Dad. There was another case where we had -- I was in Brazil, not just the U.S. A little bit of a challenge, working with the Brazilian police, but there was a -- a couple guys that were in their car. And these guys came out with guns, and you know, said, get out of the car, and then the driver, they punched him in the face, knocked him to the ground and kicked him. He had like broken ribs and a broken nose, and then guy who actually installed my software, he left his laptop, was still in the back. So we started getting pings, and then the police were actually really excited about this, but they were -- I guess they did -- quite a bit, right? So they were assaulting a lot of other people as well, stole a lot of vehicles. But just a good example of how this can work internationally as well. It doesn't have to be the U.S. Sometimes it depends on law enforcement, how willing they are to help out. There's ways of convincing them. And here's the customer with his laptop bag. Veterinary student too. Just finished dissertation and didn't have it backed up. So he was really happy to get it back. So then I also moved on to mobile. So mobile is a little challenging, geolocation is easier, I'm in the device itself. But IP addresses becomes much more problematic. We also want to -- we found people really don't care so much about the device as the data. So we built a system for backing up photo and contact information. And I was really concerned about actually doing that, like storing people's photos on a server, you know, first of all, get hacked and someone accesses all of customer's photos, really bad. Contact information as well. We saw this with -- that the risks that are associated with that. And so we built a system so that when you actually install the app, you enter a key, a privacy key, so it will -- it actually encrypts images and contact information before it sends it to the server. I like this too because if we do get hacked, we're -- data is still protected. Also if law enforcement comes to us and they want information, yeah, here you go. Big encrypted blob and they have to go to the customer to get that key. So, umm -- and then you can also do the data wipe and things like that. So I -- I built this tool, and -- and I have a little bit of a video to walk through one of the cases. So I'll -- hopefully the video works. >> Helping track them down. News channel eight, spent last two days with police and investigators on the trail of swiped cell phones. He's live outside the Washington square mall where the theft look place. >> The managers of the Sprint store here say they're very confident tracking software developed only miles away from here and put on their demo phones will lead to an arrest. >> This is a $500 phone. Ended up being a $450 phone. >> Two empty display cradles all remains, after one -- stole, Washington Square Mall. Thought theft on tape, initiated tracking software installed on the stolen phones. >> Able not to only find the GPS location but also we've been able to monitor any activity that happens in the phone. >> That activity turned out to be pictures. Someone took shortly after the phones were stolen. Admit it's a brave new world when pictures taken on cell phones can be told to send back pictures once stolen. >> That has not only peaked the interest of our investigators but in essence appears at this point could be very credible information for us to follow up on. >> The Portland creator of the software tracking, police are on the right track. >> Definitely know who stole it. >> If you look over the head of this man, you'll see in the window an Oregon temporary permit. >> This is it. >> A gadget track investigator on the phone, we tracked to Vancouver apartment complex. There found the permit and -- >> Hi. >> Young woman told us off camera, man called Peter, sent photo this Saturday evening, knew nothing about the phones. Tracked the second cell phone signal to this duplex about eight blocks away. >> Don't have a Samsung epic phone at this location. >> Police were here yesterday looking for it. >> We're back live now outside the Washington Square Mall, obtained within the lawyer, temporary permit. Hope the men in the pictures will contact them soon, so they can explain how their faces ended up on a stolen cell phone. Back to you. >> Thank you, Ed. Teach out. The contractors -- [ Applause ] >> Thank you. So you know, helpful -- we had the footage, again, kind of like I was talking about with the video camera footage that's helpful. Actually see where you caught it. We have some challenges with some of these devices because the -- the -- for some reason, the GPS coordinates with software -- luckily the photos they were taking of themselves, embedded in it. Time stamp as well. Stupidity one of the vulnerabilities that helps us out. Location as well. The trip permit, that's just ridiculous. But they ended up getting these guys, and they -- again, they ended up -- five guys that were involved in this, and actually stealing other property. One of these guys actually had a warrant out for his arrest already. And they also, in the process of investigating this, they also recovered a stolen car, so -- and so what I learned from this too, I started looking at the data that's actually embedded in the images where it's really helpful, so there's a lot of metadata actually embedded in it. You're probably familiar with it. GPS coordinates, time stamp. High digital cameras, embed model and serial number and really good tool here, URL called -- if you want to mess with data and write scripts to do this kind of work you think do that. I also have a tool called -- scan.com, where you can upload an image and you can see what -- if there's GPS coordinates or serial numbers embedded in it. You can do that. And one thing I found is that there's several camera brands that actually will embed that serial number, and many of them are high end cameras, so I wanted to go out and see if I could, you know, use this for tracking stolen cameras, and one thing I found too, I had a reporter that actually asked me, a thing about a celebrities getting nude photos hacked. And the -- the media kept saying, yeah, the phones were hacked, but in actuality, the data revealed actually multiple phones over the course of several years, so the odds of it being one device hacked was very slim. The point of compromise was actually e-mail. Guy named Chris Cheney, just guessing passwords, now serving ten years in jail. So I looked at, like, how can I use this information? There wasn't a way to actually search for it. You can search for a serial number. Sometimes you'll see something on Flickr, but I was, like, I want a database of this data where I can actually go through. And identify that, so I worked an experiment -- and experimented with something. I was actually helping another startup friend of mine. They were doing a thing called CP usage, where you can -- you give up your idle computer time, and they'll give you money for utilizing that, so a punch of computer labs, universities were using this. Sort of like -- but for other projects, right? And then you as researcher could harness the power of thousands. I wanted to go through and mine Flickr. The way it works, wrote scripts that go out and hit the Flickr API. It was very restrictive how many calls you can make. Trying to do that from one system and trying to do it quickly, they're going to block you. Actually talked with a friend of mine who -- who they had some issues, they saw the data and they saw the reports coming through, Yahoo and trying to figure out who this was. And it was me. But we -- so we -- we basically were allowed -- we had about 200 computers at our disposal and went through and mined all of Flickr. It took about three weeks to a month, and it was like 4 billion images, so we had this huge database. And then I put it out there in the media that this was available, and the way that it works, you know, I also mined 500 -- I found other ones, Twitter, some other sites as well. Harvesting some data from there. So the way it was working, we would harvest this information and you can actually put in the serial number of your camera, and then it will show back results all the images that we found. So the idea is that if your camera was stolen and three months later you see a photo get upload to Flickr, you can go recover your camera and a proof of concept, but it worked. We actually -- John Heller, he saw this service. He actually had a camera that was stolen when he was on assignment for Getty Images, $9,000 worth of camera gear gone. A contractor, not going to get that back. It's pretty hurtful here. But he did a search. And then he found an image on Flickr, uploaded, well after it was stolen, and that mapped to Facebook, to another professional photographer, and he was -- had a photo of all of his gear, and there, sure enough, was his camera. The LA PD got involved and what happened was, the thief he stole the camera from him, sold it on Craigslist, and then the guy that bought it from him on Craigslist, sold it on eBay. The person actually had it actually had no idea it was stolen. The police went in, were able to recover it. The guy that got it on eBay, he went to the seller and was able to get his money back, yay, not the other guy -- the other guy, not so much. The year after it was stolen to the apartment, the guy bought on Craigslist, the guy was still there, all kinds of other stolen property. The first recovery of its kind I have ever seen about that. Here's the report there. But, yeah, he got arrested. So had another case where a guy, Craigslist, I'm going to start calling it crime list or something, because that seems to be where all this stuff happening. A bunch of camera gear before he moved, and a guy came with cash in his hand. He wanted to take a look at this camera he was selling. Takes him out to the garage, shows him the box. The guy just pops him one, knocks to the ground and runs off. So -- he actually found images that were mapped to it. Help with this. We got a lot of information about this guy. And all the other photos he was uploading to other social media websites as well, and he was doing some pretty interesting things, you know, taking photos of themselves, speaking weed, driving down the freeway, photo of himself with a gun, showing how hard core he is. And also took a photo of his speedometer, going 110 miles an hour down the freeway while smoking dope and we had the time stamp geolocation and everything, so law enforcement really liked that. [ Laughter ] >> Vulnerability stupidity. And tool was actually used by ICE, really interested in using this in trial exploitation investigations unit. So at the do some really cool work where a lot of these guys that are actually victimizing children, there's some sick forums out there, actually be giving each other advice. Actually upload photos, young girl, I have in my car, and they can actually look at some of the images, the ICE guys, road sign or something like that, to look for some indicators they can go and try to stop this before anything happens. And so they were actually utilizing this tool as well, so the idea is that, you know, Joe Pervert, he's uploading child porn, and maybe he's using the same camera when he goes to Disneyland, photos with family. Image, and you map that and correlate that with a camera on Flickr, for example, that can help them ID a suspect. I'm not sure if it was ever used, caught anybody, they couldn't tell me. I thought it was kind of a cool application of it. So basically what I learned a lot, there's a lot of pieces of information out there that can be used to identify a suspect. This is -- he's the grandfather of forensic science and he has this thing called Locard's exchange principle, every contact leads a trace. Physical crimes. I believe that actually carries over into the digital world as well, from my experience. We have all these pieces of data, IP addresses, I get really worried about all these different breaches that are happening. We have all these data points, and we start to correlate them, we can actually start to create a rich profile of an individual and then we talk about -- all the different places where we can find those indicators from device IDs, things that we may not even think about right now they can identify. Technology can exist a year from now that will allow us to mine that and identify us. And I talk about interaction of things. There's data that's created by us that we're aware of. There's data created for us, that we may not be aware of. There's also data created about us, that correlates all of this information. So I really worry about the marketing groups in particular. And then what I call boogie data. So a lot of people don't realize when you send an SNS message for example, the other person deletes it, there's 20 log files that get generated at least through the carrier. So there's always a trace somewhere, talk about Ashley Madison, things like that, our privacy being protected when in actuality it's not. So I call this boogie data because it's information that's out there, and it's -- it can come back and haunt us later. It -- it's going to hit us really hard. I've been working with a group, privacy century, application, called spyware.b and looking at applications accessing your location and sending that information. We've been doing some really interesting research here, identifying some very popular applications that are actually gathering location, your IMEI -- sending to servers in China, for example. And that's it for my talk here. If you guys have questions, feel free to reach out to me on Twitter or on my e-mail. Do we have more time? Five minutes. Okay. I'm going to do a quick demo. See if this works. Demo gods. Here's the Trojan. Dot app. Another one, MP3. Double click on this, network connection works, we should see it in action. [ Music playing ] Thanks a lot, guys. [ Inaudible ]