The XBOX 360 and Steganography: How Criminals and Terrorists Could Be Going Dark

Video game consoles have evolved from single-player embedded systems with rudimentary processing and graphics capabilities to multipurpose devices that provide users with parallel functionality to contemporary desktop and laptop computers. Besides offering video games with rich graphics and multiuser network play, today\u27s gaming consoles give users the ability to communicate via email, video and text chat; transfer pictures, videos, and file;, and surf the World-Wide-Web. These communication capabilities have, unfortunately, been exploited by people to plan and commit a variety of criminal activities. In an attempt to cover the digital tracks of these unlawful undertakings, anti-forensic techniques, such as steganography, may be utilized to hide or alter evidence. This paper will explore how criminals and terrorists might be using the Xbox 360 to convey messages and files using steganographic techniques. Specific attention will be paid to the going dark problem and the disjoint between forensic capabilities for analyzing traditional computers and forensic capabilities for analyzing video game consoles. Forensic approaches for examining Microsoft\u27s Xbox 360 will be detailed and the resulting evidentiary capabilities will be discussed. Keywords: Digital Forensics, Xbox Gaming Console, Steganography, Terrorism, Cyber Crim

CybHER: A Method for Empowering, Motivating, Educating and Anchoring Girls to a Cybersecurity Career Path

There are challenging problems to solve in cybersecurity. We must engage women as an untapped resource in our national effort to protect our country and critical infrastructure. Developing original ways to engage young women serves to address this recognized national need for recruitment through security education at the K-12 and undergraduate level. This would further address the widening gap between the availability and demand for qualified and diverse security professionals. Designing security iterations that are creative, socially relevant, and accessible to an underrepresented population in cybersecurity is a challenge that informs how education and outreach can be performed within other contexts. This research will discuss the CybHER model for engaging and supporting young women in cybersecurity while anchoring them to this field. By providing 5 different interventions, CybHER seeks to empower, motivate, educate, and anchor girls to cybersecurity. Further, existing CybHER outreach activities and lessons will be discussed

Testing Data Sanitization Practices of Retired Drives with The Digital Forensics Data Recovery Project

There are several empirical studies that have focused on the analysis of retired digital media on the secondary market which has had historical impact on not only the technology community, but the business community alike. This research will introduce the Digital Forensics Recovery (DFDR) study, where five key industries-government, education, businesses, electronic recycle centers, and individual home users were targeted to test effectiveness of data sanitization practices with used media. While previous work analyzed any device, the DFDR study aims to analyze on media in which due diligence has been taken to ensure data privacy

A Practitioners Guide to the Forensic Investigation of Xbox 360 Gaming Consoles

Given the ubiquitous nature of computing, individuals now have nearly 24-7 access to the internet. People are not just going online through traditional means with a PC anymore, they are now frequently using nontraditional devices such as cell phones, smart phones, and gaming consoles. Given the increased use of gaming consoles for online access, there is also an increased use of gaming consoles to commit criminal activity. The digital forensic community has been tasked with creating new approaches for forensically analyzing gaming consoles. In this research paper the authors demonstrate different tools, both commercial and open source, available to forensically analyzing gaming consoles, specifically the Xbox 360. Used Xbox 360 gaming consoles were purchased online through popular auction sites for the purpose of this research. Keywords: Digital Forensics, Identity Theft, Xbox 360 Gaming Console, Cyber Crim

Reverse Engineering a Nit That Unmasks Tor Users

This paper is a case study of a forensic investigation of a Network Investigative Technique (NIT) used by the FBI to deanonymize users of a The Onion Router (Tor) Hidden Service. The forensic investigators were hired by the defense to determine how the NIT worked. The defendant was ac- cused of using a browser to access illegal information. The authors analyzed the source code, binary files and logs that were used by the NIT. The analysis was used to validate that the NIT collected only necessary and legally authorized information. This paper outlines the publicly available case details, how the NIT logged data, and how the NIT utilized a capability in flash to deanonymize a Tor user. The challenges with the investigation and concerns of the NIT will also be discussed. Keywords: Tor, NIT, deanonymization, Tor Hidden Services, flas

Personal Denial of Service (PDOS) Attacks: A Discussion and Exploration of a New Category of Cyber Crime

The growth of the Internet has created a corresponding growth in Internet-based crimes and online misbehavior, particularly among younger computer-savvy people. Younger generations have grown up in a world where internet access, social networking, e-commerce and smartphones are commonplace. Given this fact, they have learned how to use, and how to abuse, technology. This leads us to define a new category of cybercrime called a Personal Denial of Service attack (PDOS). A PDOS is a cyber-crime in which an individual deliberately prevents the access of another individual or small group to online services such as email or banking. Due to the nature of a PDOS, these acts can be overlooked by law enforcement and organizations that operate Internet infrastructure, such as universities. Our motivation for this work is twofold: to stress the need for cyber ethics education at the university level, and to illustrate how a previously uncategorized type of cyber crime is easily perpetrated in such an environment. To achieve these goals, we define a PDOS attack and discuss how it differs from other categories of attacks. We also examine the motivation for a PDOS attack in the context of the Routine Activities Theory of criminal justice. We further discuss a proof of concept survey administered at four different universities to ascertain their attitudes towards online account breaches as related to a PDOS attack. The survey provides initial evidence that account breaches, which are an integral part of a PDOS attack, are a worrisome threat on university campuses and further points to a need for cyber ethics training

Identity Theft and Used Gaming Consoles: Recovering Personal Information from Xbox 360 Hard Drives

Traditionally, when individuals wanted online access they connected their PCs to the internet. Now, non-traditional devices such as cell phones, smart phones, and gaming consoles serve as common means of online access. Gaming consoles, just like PCs need proper sanitization processes to help fight identity theft. Individuals understand you cannot simply throw away a computer that has your personal data on it without some sort of sanitization process; gaming consoles are no different. Simply returning your console back to “factory state” will not do the trick, you need to take things one step further.In this research paper the authors aim to bring awareness to the gaming public, researchers and practitioners that improperly discarding used consoles without proper sanitization practices can inadvertently release personal data which can result in identity theft. The researchers will demonstrate through a case study how easy it is to steal an identity through a discarded Xbox. Finally, the researchers will demonstrate how gamers can sanitize their game consoles when upgrading their systems to ensure their identity is not at risk when the used device is retired

Experimental NGN Lab Testbed for Education and Research in Next Generation Network Technologies

Abstract. The main evolution trends of NGN architecture towards unified service control based on IMS principles are presented in the article. The actual implementation of NGN testbed platform including extensions and integration of application is described. We also provide an overview of the ongoing incorporation and integration of IMS core elements within the actual architecture. The existing NGN solution includes communication, collaborative community and e-learning applications and highlights the benefits of our experience in the integration of those applications and the usability in education process. We explain also the main NGN technology issues and topics for possible future research and education activities planed for the NGN Lab testbed