The Bad Guys Are Using IT. Are You?

The Bad Guys Are Using IT. Are You?

Hong-‐Eng Koh

Vice President (Corporate) The Society for the Policing of Cyberspace (POLCYB)

VisiEng Researcher

China Public Security University

@he_koh

Copyright © 2014 Oracle and/or its affiliates. All rights reserved. |

Safe Harbor Statement The following is intended to outline our general product direcEon. It is intended for informaEon purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or funcEonality, and should not be relied upon in making purchasing decisions. The development, release, and Eming of any features or funcEonality described for Oracle’s products remains at the sole discreEon of Oracle.

2


Physical Security And Video Surveillance Market Influencers: 2014 Results •  David Humphrey, CTO Video HP Autonomy

•  Erica Wood a.k.a The Security Girl, American Fire & Security in Dayton Ohio

•  Fredrik Nilsson, GM Axis CommunicaEons North America

•  John Honovich, Founder IPVM

•  Larry Newman, Axis CommunicaEons: Director Of Sales US Sales

•  Mike Maaa, CEO Solink

•  Richard Brent, CEO Louroe Electronics

•  Scoa Dunn, Director of Business Development Axis CommunicaEons:

•  Steve Gorski, CSO Scallop Imaging

•  Vaidhi Nathan, President and Founder IntelliVision Technology Corp

•  Victoria Ferro, President Micro Key SoluEons

3

hap://www.securityhive.com/industry-‐influencer-‐profiles/industry-‐influencer-‐profile-‐hong-‐eng-‐koh/

August 15, 2014


Global JusEce & Public Safety (JPS) Team

4

Jorge Medina

Cindy Schwimer Tim Wallace Jeff Penrose

David Shepherd Udi Nessimyan Hong-‐Eng Koh

Global Lead Director Industry Strategy & MarkeEng

Bert Oltmans

Twitter Gives Occupy Wall Street Tweets To New York Judge 14 Sep 2012

“We talk on the Internet about what happened in Egypt, about our structure, about our organizaEon, how to organize a flash mob, how to organize a sit-‐in”

Ahmed Maher, one of the founders of Egypt’s Facebook RevoluEon on 6 Apr 08,

on advising the Occupy acEvists 5

Why BlackBerry Messenger was rioters' communication method of choice 7 Dec 2011

“Everyone in edmonton e n f i e l d w o o d g r e e n everywhere in north link up at enfield town station at 4 o clock sharp!!!!” “Ah, who wants to buy rioting kits? Gloves, masks, petrol bombs: £5” Crime-Sourcing

6

New York gangs rounded up thanks to Twitter code words

5 Apr 2013

Open Coded Communication

7

Handler: “See, the media is saying that you guys are now in room no. 360 or 361. How did they come to know the room you guys are in?...Is there a camera installed there? Switch off all the lights...If you spot a camera, fire on it...”

Intelligence-led Terrorism

8

Social Media’s Role in Ya’an Earthquake Aftermath is Revealing 22 Apr 2013

9

New Witness Behavior

US Government Agency Compromised by Social Engineering 4 Nov 2013

2009: “Robin Sage” (The Security Blogger)!Information and intelligence obtained from US military personnel!

2011: “Emily Williams”!“What else can happen outside of data being leaked over social networks?”!

Emily Williams Social Engineering 10

“Free this week for a quick gossip/prep before I go and destroy America?” “3 weeks today, we’re totally in LA pissing people off on Hollywood Blvd and diggin’ Marilyn Monroe up!”

11

16 Apr: Boston Police confirming explosion at marathon finish line with injuries. Boston Police looking for video of the finish line BPD asking for Eps Family members looking for info relaEve to individuals injured during the incident are encouraged to call (617) 635-‐4500.

Boston Police looking for video of the finish line 17 Apr: Airlines and hotels are waiving cancellaEon & trip change fees for people traveling to Boston. 19 Apr: Do you recognize these individuals? Contact 1-‐800-‐CALL-‐FBI (1-‐800-‐225-‐5324)

20 Apr: CAPTURED!!! The hunt is over. The search is done. The terror is over. And jusIce has won. Suspect in custody.

Social-enabled Policing

12

13

Man Attacks NYC Police With Hatchet; Authorities Probe Possible Terror Ties

Social-Enabled Terrorism ?

“Helicopters, big military will be useless on their own soil. They will not be able to defeat our people if we use guerilla warfare. Aaack their weak flanks…”

Suspect’s posEng:

23 Oct 2014


JusEce & Public Safety (JPS) A Very Fragmented and Siloed Government FuncIons

One Crime, One Civil Disorder, One Terrorist Act, One Border, One Emergency Many Agencies, Many Silos

Police & Law Enforcement

Judiciary CorrecIons ImmigraIon & Border Control

Emergency Management

Various Intelligence Agencies 14


Intelligence Hub & Alerts

Integrated Policing PlaVorm Integrated Judiciary Management

Integrated CorrecIons PlaVorm

Integrated Border Management Emergency Management Cyber Intelligence PlaVorm Intelligent Video Surveillance & Management

Oracle JusEce & Public Safety (JPS) SoluEons

15



16

Oracle Policy AutomaIon

Big Data Appliance, Exadata, Exalogic, ExalyIcs, etc.

Oracle Data Integrator / Oracle

GoldenGate Oracle Event Processing

Master Data Management

Ontology-‐based

SemanIc Analysis

Business Intelligence /

Endeca InformaIon Discovery

Oracle SOA / Service Bus

IdenIty & Access M

anagement /

Database Security OpIons



17






Ontology-‐based

SemanIc Analysis




IdenIty & Access M

anagement /




18






Ontology-‐based

SemanIc Analysis




IdenIty & Access M

anagement /




19






Ontology-‐based

SemanIc Analysis




IdenIty & Access M

anagement /




20






Ontology-‐based

SemanIc Analysis




IdenIty & Access M

anagement /



Oracle Business Intelligence (BI) Chicago Police Department – PredicIve Policing

21



Oracle Business Intelligence (BI) Italy Ministry of Interior

22


Deployment vs Crime Analysis

Visibility Crime Search

Deployment Planning

Deployment Analysis

•  Database •  Data Mining •  SpaEal • MapViewer •  OBIEE

Dangerous Area PredicEon


Oracle BI & Endeca InformaEon Discovery Chicago Police Department – PredicIve Policing

•  Data mining model that calculates the probability of a crime or incident for the current day and the next three days

•  What goes into the predicEon: –  Weather –  Contact cards –  Emergency calls, incidents, arrests –  Day of week, date of month

•  Technologies used: –  Oracle Business Intelligence (BI) –  Oracle Data Mining –  Oracle Mapviewer (and ESRI)

23


Oracle Business Intelligence

You know what you don’t know

What if you don’t know what you don’t know?



Intelligence Hub & Alerts Demo

24


Data Center and AnalyEcs (WIP) UAE Abu Dhabi Police

25

•  Endeca •  Big Data Appliance •  Database



ArgenEne Riots, December 2013

26


Social-‐Enabled Policing ArgenIne Federal Police

•  Engage the community as part of community policing

•  Beaer understanding of public senEments

•  Improve crime analysis over social networks

•  Early detecEon of suspicious acEviEes and crime suspects

•  Incorporate new techniques in crime invesEgaEon process

27

•  Endeca •  OBIEE •  ExalyEcs •  Exadata •  Database •  Social Engagement and Monitoring Cloud Service


131 Non-‐Emergency

Call Center

Centralized Video

Surveillance

More on Social-‐Enabled Policing: linkedin.com/in/hekoh


Cloud: Social RelaEonship Management (SRM) Social Engagement & Monitoring

• Advanced Latent SemanEc Analysis (LSA) technology •  700+ million messages daily • Deeper & more precise data • RouEng & auto-‐categorizaEon • Custom topics & indicators • Global languages & data

28

Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | 29


All-‐Hazards InformaEon Fusion Center

30


911 Computer Aided Dispatch

Video Surveillance Other Sensors OSINT/Social Networking

All-‐Hazards InformaEon Fusion Center

Oracle Intelligence Hub & Alerts


•  Uses real-‐Eme analyEcs to solve crime and aaacks

•  Connected to other regional and naEonal intelligence fusion centers

•  Means to interpret prevailing threat levels and provide commensurate protecEve measures

•  Monitors video surveillance, gunshot detecEons and automated license plate recogniEon inputs

•  Facility Incident Management System (FIMS)

31

Chicago Police Crime PrevenEon & InformaEon Center Intelligence Hub & Alerts


Mexico NaEonal Command & Control Center

32


Source: Internet


1.  Maintenance of public order and public peace

2.  CriEcal infrastructure protecEon 3.  NaEonal defense liaison and

coordinaEon 4.  Disaster management

Common Crisis InformaIon Management System (CIMS) -‐ based on NaEonal InformaEon Exchange Model (NIEM)

33

Mexico NaEonal Command & Control Center Intelligence Hub & Alerts

Source: Internet


Mexico NaEonal Command & Control Center Intelligence Hub & Alerts

•  Database •  Databae OpEons •  SpaEal •  Data Mining

• WebLogic •  BPEL •  Data Integrator •  OBIEE

Source: Internet

34


US Customs & Border ProtecEon Automated TargeIng System (ATS)

• Rules based decision support system • Data sources: government and public • Historical data and trends analysis • Deployed for air, land and sea travel • Massive volume of data •  IdenEfy high risk targets •  Faster clearance for low risk traveler/cargo

35


Source: Internet

NaEonal TargeEng Center

•  39 x Exadata •  15 x Expansion Racks •  11 x Exalogic •  3 x ExalyEcs •  8 x ZFS7420 (13.2PB)


US Customs & Border ProtecEon Automated TargeIng System (ATS)

36


Source: Internet

•  39 x Exadata •  15 x Expansion Racks •  11 x Exalogic •  3 x ExalyEcs •  8 x ZFS7420 (13.2PB)


hong-‐[email protected] @he_koh linkedin.com/in/hekoh

The Bad Guys Are Using IT. Are You?

37

Cloud Mobile Social Big Data