Logius international seminar 2020

Phishing is a way of social engineering, its success depends on human factors. As a high-profile public-sector organisation, the Dutch Tax and Customs Administration deals with criminals claiming to be their representatives and contacting the public with phishing e-mails every day. A technique has been developed to identify phishing attacks that are carried out under the disguise of the Dutch Tax and Customs Administration. This technique is universally applicable. The framework gives more insight in phishing attacks conducted under the disguise of an organisations name. During this session we will inform you about this technique, which could lead to a significant decrease of phishing e-mails.

In cooperation with the German national cyber security authority 'Bundesamt für Sicherheit in der Informationstechnik (BSI)' and the Dutch 'National Cyber Security Centre (NCSC)', the Dutch Standardisation Forum initiated an EU government community regarding modern e-mail security standards (MESSEU). The community organises workshops for EU member states and aims to accelerate the implementation of modern e-mail security standards in Europe. In this session, BSI and Standardisation Forum will also inform you about these e-mail security standards, their experiences with thriving adoption, and the importance of sharing best practices.

Rogue mobile apps are counterfeit apps designed to duplicate those of trusted organisations. For example, a citizen might download a tax return app thinking it was issued by their national tax authority. The rogue app can contain malware, used to steal personal details and commit identity fraud (phishing).

Public sector organisations are increasingly using mobile as a preferred channel to provide secure services to their citizens. From a security perspective, they are adopting Secure Development Lifecycle (SDLC) practices and increasing the amount of testing for many of their important apps. But what happens to those mobile apps once they are uploaded to app stores?

As inventory intermediaries step in and grab apps from official stores and re-deploy them to secondary stores, the threat of those apps being exploited, attacked or copied increases. While Google Play and the Apple App Store capture a significant part of the market, there are hundreds of other competing app stores out there looking to promote their brand; carrier branded stores, handset manufacturer branded stores, e-merchant branded stores, regional stores, etc. The result is a complex network with multiple delivery mechanisms for the proliferation of apps. Fraudulent actors are increasingly leveraging mobile as a distribution channel for malware, especially on the Android platform.

In this interactive session we will provide an up to date look at the worldwide app store ecosystem; primary, secondary and affiliate app stores, and how inventory makes its way through this ecosystem. We’ll also examine recent examples of malware, app repackaging, data leakage and intellectual property violations presented by fraudulent and unauthorized apps.

Identity theft is a serious crime that can have damaging and far-reaching effects for its victims. By stealing your identity, a person may access your bank account or wrongly claim government benefits in your name. Unlike a robbery or burglary, identity theft often occurs without the victim's knowledge. Most identity theft victims only find out after they see strange charges on their credit card statements or apply for a loan.

After detecting possible identity theft, data analysts can investigate the case by searching the data. By analysing they discover patterns and characteristics, which can be used for preventive and proactive analysis. And also helps law enforcement to investigate and identify criminal perpetrators.

We should always try to prevent fraud from remaining unnoticed. Monitoring, mapping and recognizing threats are therefore essential. Based on real-life examples and interesting data analyses and visualizations, we will explain how logging can be used for detecting digital identity theft.

Florian Bierhoff is the author and co-author of several technical guidelines on the security of modern technologies, released by the German Federal Office for Information Security (BSI). He started working at BSI in the field of official documents and electronic identification (eID) after finishing his studies of applied computer science at South Westphalia University of Applied Science in 2007. Since then he has developed guidelines for applications, like Secure E-Mail Transport and Secure Broadband Routers, from their conception to implementation.

Terry has over 20 years of experience in IT Security & Networking working with both private and public sector organisations to deploy and manage security solutions, in both technical and leadership roles. His experience ranges from the endpoint to enterprise wide monitoring for security and compliance. Terry is currently EMEA Technical Director at RiskIQ, delivering a unique approach to security, providing an outside in view of its customers external attack surface.

Arnold Hölzel is a senior security consultant working at SMT, a data-driven solution provider in the Benelux, and is mostly operating within the governmental SOC’s. He is been doing all sorts of security related work for about 15 years low, but sees it more as an out-of-control hobby. He loves to analyze and dig through multiple terabytes of data each day, to find that one outliner of hidden treasure. He always tries to broaden his knowledge, either through training or self-study.

Karl is the Technical Lead of the Security Operations Center (SOC) of the Dutch Tax and Customs Administration. He must ensure that the security analysts of the SOC can do their job well in the technical field. In addition, he is responsible, among other things, for strengthening the network of governments and companies, so that the right information is quickly available in the event of threats and incidents. Karl obtained the title Master of Security in Information Technology (MSIT) at Eindhoven University of Technology. He completed the post-graduate course Judicial Expert at Leiden University, holds several GIAC certificates and furthered his knowledge in the field of ICT and security through courses such as Splunk, Taranis and Information Technology Architecture. He loves technology and has seven RFID / NFC chips implanted in his body, including a creditcard.

Steven is Clustermanager fraud and data expertise. He is responsible, among other things, for analysing and handling reports on identity fraud. This also means taking care of fraud investigations and working with chain partners.

Chris has over 20 years’ experience of Complex Financial Crime Investigations , Digital Forensics, Cybercrime & Information Security within government and the financial industry.