Conference:  Defcon 31

Authors: Katitza Rodriguez Policy Director for Global Privacy Electronic Frontier Foundation, Bill Budington Senior Staff Technologist Electronic Frontier Foundation

2023-08-01

Heads up DEF CON! The future of hacking, cybersecurity, and human rights are at risk as the United Nations negotiates a draft UN cybercrime treaty that has the potential to substantively reshape anti-hacking law around the world. The proposed Treaty could change the game for security researchers and coders like you. With Russia and China playing an initial role in pushing for this treaty, the future for security researchers’s rights could be at risk. Join us as we deep dive into the murky waters of these negotiations, exploring its risks for security and human rights, including the universal criminalization of network and device intrusion without any protections for legitimate security research. The lack of legal shield for security researchers could hinder bug bounties, responsible vulnerability disclosure, and pentesting. We'll discuss the geopolitical complexities, and the vital role you can play. EFF has been on the front lines in Vienna, attending the negotiations and representing the interests of our members since the start, and we need your help. Your insights and experiences are crucial. Together we will review the text, identify new challenges that you may face so we can better understand the community concerns. Let’s champion together a future where security research and human rights can thrive!

Conference:  Defcon 31

Authors: Joe Sullivan CEO of Ukraine Friends

2023-08-01

The federal criminal case of United States v. Joseph Sullivan, NDCA 3-20-CR-337 WHO, has been covered and debated quite publicly since I was fired by the new Uber CEO in November 2017, a year after the incident. Most discussion has focused on questions of my guilt or innocence, the culpability of other executives at the company, and the implications of the case for other security executives. Less has been written about the guilt or innocence of those who accessed Uber’s AWS environment in October 2016 and triggered an incident response by emailing me and asking for payment. After we met them, my team and I did not consider those 19- and 20-year-old kids to be criminal actors and treated them as security researchers. Yet both also faced federal criminal charges. During my talk I will review the extraordinary investigation done by my team at Uber and put it into the context of other historical cases we and I had worked on. Whether or not you consider them to be security researchers, there are many lessons to be learned related to the dynamics between researchers and companies and the dynamics between companies and the government.

Conference:  Defcon 31

Authors: winn0na Hacker, Policy @DEF CON

2023-08-01

Be a member of the jury as two lawyers prosecute and defend a hacker (live on the stand) in a made up scenario. You, the audience, will decide if the hacker was caught in the act, or if the attribution was all a false flag. Learn through the trial what evidence you don’t want to leave behind in an op, what D&R can and should collect, and how criminals who conduct cybercrime actually get prosecuted.

Conference:  Transform X 2022

Authors: Dan Shiebler

2022-10-19

Abnormal Security builds ML products that help protect systems against cyber attacks. Dan Schiebler, Head of Machine Learning at Abnormal Security, discusses best practices for building cybercrime detection algorithms. In this session, Schiebler covesr how to design, monitor, and launch resilient ML systems and how to train ML models on production issues. He talks about the different types of problems that production ML systems can encounter, including features that become unavailable because of upstream data issues, distribution changes, or features that become stale. Schiebler addresses the different types of iteration loops in most companies—online vs offline—and how that plays into testing and training, as well as the company’s ablity to tolerate risk. Historical logs and data also play a key role. Before joining Abnormal, Schiebler worked at Twitter: first as an ML Researcher working on recommendation systems, and then as the Head of Web Ads Machine Learning. Before Twitter, he built smartphone sensor algorithms at TrueMotion.