Dan Rowinski's Mobile Platform

By Dan Rowinski

Blog archive

At GovSec 2011, mobile command vehicles mix with social engineering

Mobile Platform does not usually do security issues, at least not cybersecurity issues that do not have to do with some type of smart phone or tablet. But my editors needed me to come to downtown D.C. this Wednesday to take a look around GovSec, the security conference being hosted by our siblings over on the 1105 Events side.

For those of you who followed my CTIA Wireless coverage last week, I am spending the month of March getting to know the awesome variety of convention centers on the East Coast.

It has been good.

In the morning I spent some time listening to the end of a presentation given by David Morgan, a cyber intrusion analyst from Booz Allen Hamilton and Jon Stevenson, the chief of the counterintelligence cyber analysis branch of the Defense Security Service. They were outlining some of the more basic problems with advanced persistent threats such as distributed-denial-of-service (DDOS) attacks and botnets as well as some solutions to keep from having your systems be compromised. The takeaway here, as always, is that people (usually your own employees) are the biggest threat to your data and computers. Education is the cheapest and most effective way of keeping your networks safe.

I then wandered into the show floor on my way to another panel. On the way I ran into a mobile command center, parked right in the middle of the convention center floor. This one was from Lynch Diversified Vehicles and was just a show model but it can be configured to specific specifications to deliver cellular and satellite connectivity and a variety of other functions. If you remember the GCN print issue cover story from our first March issue, Reality Mobile could set up capabilities for officers and stakeholders in the field to deliver photos, video and data to such a command center. I took some pictures, check out the slideshow below.

Next it was on to the panel. The topic was “social networking investigations for threat assessment” delivered by private investigator Bruce Anderson from a company called Rexxfield and ReputationDefenseOnline.com and a very animated gentleman named Johnny Lee of Peace At Work, a company that attempts to identify the next person at your office or school who could go total psychopath and come into the office toting a AK-47. Kalashnikovs aside, there is some interesting work being done on threat assessment through the use of social media.

The basic steps involved in social media threat assessment are: Define the threat, get a basic profile of the threat and his social network and real world network connections, footprint his/her various online presences, investigate and document the threat and his/her moves online. There are a variety of ways to track somebody of interest such as Spokeo, Addict-o-matic, Namechk, Radaris, Google Blog Search and BoardReader and software called Maltego that is good for social footprints.

“An important question is if the threat has access and knowledge of how to use a firearm,” Lee said at one point, showing a YouTube video of a Finnish person pointing a gun at a camera and saying, “You’re next.” Apparently, the day after making the video he shot 18 people. I would find the YouTube video but frankly I am kind of frightened by it.

Anderson described some techniques to track and capture threats, what he calls social engineering. That could be posing as somebody else with a Facebook profile or using “honey pots” to lure threats and predators in.

“As a private investigator, on Facebook it is against the TOS [terms of service] to set up a profile that is not you. I have several – 'pretty girl to catch guys,' for example. If Facebook catches you, just delete the profile and set another one up,” Anderson said.

Facebook would probably not appreciate this practice, but so it goes.

After the presentation, I was in another presentation by deputy chief Eddie Reyes of the Alexandria, Va. police department on “4G mobile broadband applications for public safety.” This has a lot to do with law enforcement and how police departments use mobile data to assist in law enforcement activities? Sound juicy? It is, hence I will be writing a larger story on it later for our May print issue of GCN. Stay tuned.

Posted by Dan Rowinski on Mar 30, 2011 at 12:19 PM


Featured

  • Telecommunications
    Stock photo ID: 658810513 By asharkyu

    GSA extends EIS deadline to 2023

    Agencies are getting up to three more years on existing telecom contracts before having to shift to the $50 billion Enterprise Infrastructure Solutions vehicle.

  • Workforce
    Shutterstock image ID: 569172169 By Zenzen

    OMB looks to retrain feds to fill cyber needs

    The federal government is taking steps to fill high-demand, skills-gap positions in tech by retraining employees already working within agencies without a cyber or IT background.

  • Acquisition
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA to consolidate multiple award schedules

    The General Services Administration plans to consolidate dozens of its buying schedules across product areas including IT and services to reduce duplication.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.