Hal Berghel is currently Professor of Computer Science at the University of Nevada, Las Vegas where he has previously served as Director of the School of Computer Science and Associate Dean of the College of Engineering. He is also the founding Director of the Identity Theft and Financial Fraud Research and Operations Center. His research interests are wide-ranging within the binary and digital ecosystem, ranging from logic programming and expert systems, relational database design, algorithms for non-resolution based inferencing, approximate string matching, digital watermarking and steganography, and digital security (including both computer and network forensics), Since the mid-1990's he has applied his work in digital security to law enforcement, particularly with respect to digital crime, cyberterrorism, and information warfare. His research has been supported by both industry and government for over thirty years. His most recent work in secure credentialling technology was funded by the Department of Justice. In addition to his academic positions, Berghel is also a popular columnist, author, frequent, talk show guest, inventor, and keynote speaker. For nearly fifteen years he wrote the popular Digital Village column for the Communications of the ACM.

Berghel is a Fellow of both the Institute for Electrical and Electronics Engineers and the Association for Computing Machinery, and serves both societies as a Distinguished Visitor and Distinguished Lecturer, respectively. He has received the ACM Outstanding Lecturer of the Year Award four times and was recognized for Lifetime Achievement in 2004. He has also received both the ACM Outstanding Contribution and Distinguished Service awards. He is also the founder and owner of Berghel.Net, a consultancy serving business and industry, and co-owner of BC Innovations Management, a startup company in IP and DRM.

The Stuxnet Experience: insights into the world of network forensics

This talk will discuss the tools of the network forensics practitioner by means of the recent Stuxnet attack that was so effective in disabling the Iranian Natanz uranium enrichment centrifuges. The discussion begins with an overview of malware profiling and the art of Internet forensics. We then look at Stuxnet from an evolutionary point of view, tracing it's development from the initial PLC MC7 hack through the Windows OS vulnerabilities, to the process injection sequence, to the method of flying under the anti-malware radars, and finally to the actual exploit itself. Several conjectures of the source of Stuxnet modules will be covered. A flowchart of the Stuxnet infection flow will be presented. This talk may also include other network hacks as exemplars of Internet forensics tools and strategies.

Secure Credentialing: a new direction in mobile, secure, authenticable identification systems (that actually works and doesn't still respects the individual's right to privacy)

We discuss several new methods for the creation of secure credentials, including some of those for which the speaker holds patents. These methods include those that work with conventional identification media (mag stripe cards, smart cards, RFID cards, etc.) as well as newer applications that use digital displays (e.g., on iPhones and PDAs). These methods will be presented in the context of a variety of business, government, law enforcement and military applications. Our methods integrate biometrics (fingerprint, iris scan, bone scan, capillary/palm scan, photographic images, etc.) to provide at least four points of authentication. Industry standard encryption (e.g., AES and Blowfish) is added in a variety of ways to provide security. The result is a self-validating credential that operates on a mobile platform with equipment that may be found in most office equipment retail stores. One of our systems, CardSleuth, will be demonstrated. Although CardSleuth takes advantage with elecrical power and network access, it requires neither for full functionality. The software runs on any Windows computer, PDA, phone, etc. for both the generation and recognition, as well as authentication and validation of IDs. The robustness of these methods are compared with recent government efforts such as RealID and the WHTI Pass Card. (100 slides; 45-50 minutes plus Q&A: categories: digital credentials, security, encryption, biometrics)

Phactors in Phish Pharming

This talk will focus on the latest manifestations and mutations of phishing attacks. Topics will include the art of perception management and social engineering; various forms of technical subterfuge; "core" phishing tactics; obfuscation techniques; delivery techniques; client-side vs. server-side vulnerabilities; anti-phishing weaponry, legal issues, etc. Several current phishing expeditions will be analyzed and compared for effectiveness. (100 slides; 45-50 minutes plus Q&A. categories: phishing, digital crime, digital fraud, email fraud, hacking)

Macro and Micro Themes in Digital Money Laundering

This talk investigates several types of digital money laundering, characterised by source (failed states, state-aware, keptocratic states, terrorists, extremeists, and individuals), means (credit- and debit-card exploits, international funds transfers, clepto-banks, "gift-card" exploits), and purpose (terrorism, narco-trafficking, electronic crime, internet fraud). These catagories are introduced by their identifying events-of-interest. Iimplications on shadow economies, degrees of sophistication, and case studies are discussed.  Each crime will be explicitly linked geographically and politically to sources, and may include discussion of actual cases. Several micro- and macro-level mitigation strategies will be discussed. (100 slides; 45-50 minutes plus Q&A. categories: money laundering, digital crime, digital fraud, narco-trafficking, terrorism, internet fraud. No part of this presentation may be recorded!)

Crime.Com: post-modern criminal behavior

This talk begins with an overview of the role of crime in general, and digital crime in particular, in the shadow economies of the world. It illustrates this via a sequence of specific criminal activities that have been studied by the author.This talk will explain the latest digital crime scene in terms of sources, modus operandi, and the digital techniques involved. Examples will be drawn from actual case files and published media reports, and the techniques will be explained and in some cases actually demonstrated. Exploits include: bank card skimming, ATM hacking, digital gas pump hijacking, phishing scams, bank card brokering and internet dumpsites, hotel room invasions, physical counterfeiting (e.g., Superdollar), digital counterfeiting and some brute-force techniques as well. If your organization is interested in the latest digital exploits of the denizens of digital darkness, this talk is for you. (100 slides; 45-50 minutes plus Q&A. categories: digital crime, electronic crime, shadow economies, computer crime, hacking, bank fraud, Internet fraud. No part of this presentation may be recorded!)

Speaker will bring media to the venue on a USB memory stick and will require digital projection connected to a Windows Vista or Windows 7 computer with Office 2007).