The XBOX 360 and Steganography: How Criminals and Terrorists Could Be Going Dark

Video game consoles have evolved from single-player embedded systems with rudimentary processing and graphics capabilities to multipurpose devices that provide users with parallel functionality to contemporary desktop and laptop computers. Besides offering video games with rich graphics and multiuser network play, today\u27s gaming consoles give users the ability to communicate via email, video and text chat; transfer pictures, videos, and file;, and surf the World-Wide-Web. These communication capabilities have, unfortunately, been exploited by people to plan and commit a variety of criminal activities. In an attempt to cover the digital tracks of these unlawful undertakings, anti-forensic techniques, such as steganography, may be utilized to hide or alter evidence. This paper will explore how criminals and terrorists might be using the Xbox 360 to convey messages and files using steganographic techniques. Specific attention will be paid to the going dark problem and the disjoint between forensic capabilities for analyzing traditional computers and forensic capabilities for analyzing video game consoles. Forensic approaches for examining Microsoft\u27s Xbox 360 will be detailed and the resulting evidentiary capabilities will be discussed. Keywords: Digital Forensics, Xbox Gaming Console, Steganography, Terrorism, Cyber Crim

CybHER: A Method for Empowering, Motivating, Educating and Anchoring Girls to a Cybersecurity Career Path

There are challenging problems to solve in cybersecurity. We must engage women as an untapped resource in our national effort to protect our country and critical infrastructure. Developing original ways to engage young women serves to address this recognized national need for recruitment through security education at the K-12 and undergraduate level. This would further address the widening gap between the availability and demand for qualified and diverse security professionals. Designing security iterations that are creative, socially relevant, and accessible to an underrepresented population in cybersecurity is a challenge that informs how education and outreach can be performed within other contexts. This research will discuss the CybHER model for engaging and supporting young women in cybersecurity while anchoring them to this field. By providing 5 different interventions, CybHER seeks to empower, motivate, educate, and anchor girls to cybersecurity. Further, existing CybHER outreach activities and lessons will be discussed

Reverse Engineering a Nit That Unmasks Tor Users

This paper is a case study of a forensic investigation of a Network Investigative Technique (NIT) used by the FBI to deanonymize users of a The Onion Router (Tor) Hidden Service. The forensic investigators were hired by the defense to determine how the NIT worked. The defendant was ac- cused of using a browser to access illegal information. The authors analyzed the source code, binary files and logs that were used by the NIT. The analysis was used to validate that the NIT collected only necessary and legally authorized information. This paper outlines the publicly available case details, how the NIT logged data, and how the NIT utilized a capability in flash to deanonymize a Tor user. The challenges with the investigation and concerns of the NIT will also be discussed. Keywords: Tor, NIT, deanonymization, Tor Hidden Services, flas

A Practitioners Guide to the Forensic Investigation of Xbox 360 Gaming Consoles

Given the ubiquitous nature of computing, individuals now have nearly 24-7 access to the internet. People are not just going online through traditional means with a PC anymore, they are now frequently using nontraditional devices such as cell phones, smart phones, and gaming consoles. Given the increased use of gaming consoles for online access, there is also an increased use of gaming consoles to commit criminal activity. The digital forensic community has been tasked with creating new approaches for forensically analyzing gaming consoles. In this research paper the authors demonstrate different tools, both commercial and open source, available to forensically analyzing gaming consoles, specifically the Xbox 360. Used Xbox 360 gaming consoles were purchased online through popular auction sites for the purpose of this research. Keywords: Digital Forensics, Identity Theft, Xbox 360 Gaming Console, Cyber Crim

Personal Denial of Service (PDOS) Attacks: A Discussion and Exploration of a New Category of Cyber Crime

The growth of the Internet has created a corresponding growth in Internet-based crimes and online misbehavior, particularly among younger computer-savvy people. Younger generations have grown up in a world where internet access, social networking, e-commerce and smartphones are commonplace. Given this fact, they have learned how to use, and how to abuse, technology. This leads us to define a new category of cybercrime called a Personal Denial of Service attack (PDOS). A PDOS is a cyber-crime in which an individual deliberately prevents the access of another individual or small group to online services such as email or banking. Due to the nature of a PDOS, these acts can be overlooked by law enforcement and organizations that operate Internet infrastructure, such as universities. Our motivation for this work is twofold: to stress the need for cyber ethics education at the university level, and to illustrate how a previously uncategorized type of cyber crime is easily perpetrated in such an environment. To achieve these goals, we define a PDOS attack and discuss how it differs from other categories of attacks. We also examine the motivation for a PDOS attack in the context of the Routine Activities Theory of criminal justice. We further discuss a proof of concept survey administered at four different universities to ascertain their attitudes towards online account breaches as related to a PDOS attack. The survey provides initial evidence that account breaches, which are an integral part of a PDOS attack, are a worrisome threat on university campuses and further points to a need for cyber ethics training

Reverse Engineering a Nit That Unmasks Tor Users

This paper is a case study of a forensic investigation of a Network Investigative Technique (NIT) used by the FBI to deanonymize users of a The Onion Router (Tor) Hidden Service. The forensic investigators were hired by the defense to determine how the NIT worked. The defendant was accused of using a browser to access illegal information. The authors analyzed the source code, binary files and logs that were used by the NIT. The analysis was used to validate that the NIT collected only necessary and legally authorized information. This paper outlines the publicly available case details, how the NIT logged data, and how the NIT utilized a capability in flash to deanonymize a Tor user. The challenges with the investigation and concerns of the NIT will also be discussed

Personal Denial of Service (PDOS) Attacks: A Discussion and Exploration of a New Category of Cyber Crime

The growth of the Internet has created a corresponding growth in Internet-based crimes and online misbehavior, particularly among younger computer-savvy people who learned the technical skills necessary for such activities throughout their entire lives. We define a new category of cyber crime called a Personal Denial of Service attack (PDOS). A PDOS is a cyber crime in which an individual deliberately prevents the access of an individual or small group to online services such as email or banking. Due to the nature of a PDOS, these acts can be overlooked by law enforcement and organizations that operate Internet infrastructure such as universities. We analyze a PDOS attack in the context of the Routine Activities Theory of criminal justice. We also surveyed university students to ascertain their attitudes towards online account breaches as related to a PDOS attack.  Our motivation for this work is twofold: to stress the need for cyber ethics education at the university level, and to illustrate how a previously uncategorized type of cyber crime is easily perpetrated in such an environment