Honeypot Fun

At the Legal Informatics and Forensic Science Institute, we are preparing to do some research on IoT smart homes. Part of that is setting up a slightly-less-secure system. I run some honeypots on my home networks, but I was interested to see what is coming in to the known University IP range.
<div>
</div><div class="separator" style="clear: both; text-align: center;"></div><div>I had an extra Raspberry Pi laying around, and decided to run cowrie (kippo) SSH honeypot. Mostly because it is very fast to set up, gives you an idea of where attacks are coming from, and also gives a list of usernames and passwords that people are trying. More on the setup of cowrie later.</div><div>
</div><div>After putting cowrie online, it took 28 minutes before the first connection. This is actually longer than I expected. Possibly because the IP was up before, but port 22 was not open.</div><div>
</div><div>After 12 hours, login attempts from the following addresses:</div><div>
</div><div><table> <thead><tr> <th class="tg-yw4l">Login Attempts</th> <th class="tg-yw4l">IP Address</th> <th class="tg-yw4l">Country</th> </tr></thead> <tbody><tr> <td class="tg-yw4l">1</td> <td class="tg-yw4l">146.66.163.107</td><td class="tg-yw4l">Russia</td> </tr><tr> <td class="tg-yw4l">3</td> <td class="tg-yw4l">185.103.252.14</td><td class="tg-yw4l">Russia</td> </tr><tr> <td class="tg-yw4l">9</td> <td class="tg-yw4l">195.154.58.76</td><td class="tg-yw4l">France</td> </tr><tr> <td class="tg-yw4l">18</td> <td class="tg-yw4l">159.122.123.183</td><td class="tg-yw4l">Germany</td> </tr><tr> <td class="tg-yw4l">40</td> <td class="tg-yw4l">117.102.109.18</td><td class="tg-yw4l">Indonesia</td> </tr><tr> <td class="tg-yw4l">41</td> <td class="tg-yw4l">193.201.227.200</td><td class="tg-yw4l">Ukraine</td> </tr><tr> <td class="tg-yw4l">91</td> <td class="tg-yw4l">94.79.5.102</td><td class="tg-yw4l">Russia</td> </tr><tr> <td class="tg-yw4l">126</td> <td class="tg-yw4l">193.201.227.86</td><td class="tg-yw4l">Ukraine</td> </tr><tr> <td class="tg-yw4l">336</td> <td class="tg-yw4l">202.83.25.95</td> <td class="tg-yw4l">India</td> </tr></tbody></table>
Remember that the country doesn’t actually mean anything. These could be proxies, tor, hacked servers, etc.

The top usernames and passwords are not very surprising.

<table class="tg"><tbody><tr> <th class="tg-yw4l">Tries</th> <th class="tg-yw4l">Username / Password</th> </tr><tr> <td class="tg-yw4l">21</td> <td class="tg-yw4l">[root/123456]</td> </tr><tr> <td class="tg-yw4l">19</td> <td class="tg-yw4l">[root/default]</td> </tr><tr> <td class="tg-yw4l">18</td> <td class="tg-yw4l">[admin/support]</td> </tr><tr> <td class="tg-yw4l">18</td> <td class="tg-yw4l">[admin/default]</td> </tr><tr> <td class="tg-yw4l">18</td> <td class="tg-yw4l">[admin/123123]</td> </tr><tr> <td class="tg-yw4l">8</td> <td class="tg-yw4l">[root/admin]</td> </tr><tr> <td class="tg-yw4l">6</td> <td class="tg-yw4l">[admin/admin]</td> </tr><tr> <td class="tg-yw4l">5</td> <td class="tg-yw4l">[test/test]</td> </tr><tr> <td class="tg-yw4l">5</td> <td class="tg-yw4l">[support/support]</td> </tr><tr> <td class="tg-yw4l">5</td> <td class="tg-yw4l">[root/qwerty]</td> </tr></tbody></table></div>
Probably the most interesting thing is that the first attack was that the first attack was trying some sort of buffer-overflow. Although they were connecting to SSH and sending (weird) user/pass combinations, after the connection was rejected they were sending really long strings. I suspect it is some sort of honeypot detection, or it exploits certain versions of SSH? Not sure.

Anyway, for a 1 hour project it is easy and interesting. Definitely something that students could do in an afternoon.

No Starch Press Hacking and Security books deal

Humble Bundle and No Starch Press are offering a charity deal on hacking and security books. For 15$ or more you can get 13 books! Check out the deal here: https://www.humblebundle.com/books/no-starch-hacking-books

Postdoctoral Positions Available at Hallym University, South Korea

Hello everyone! We have an opportunity for singledoctoral research positions. Positions with the Legal Informatics and Forensic Science Institute at Hallym University provide support for up to 5 years. Applicants must have obtained a PhD no more than 5 years ago. A background in criminal justice or computer science is preferred. If you are interested, please email your CV and a short introduction to [email protected] by 20th April, 2016.

Please forward to anyone that may be interested.

[CFP] ICDF2C Submission date extended!

ICDF2C 2016 in New York has extended its call for papers until April 25th!

Call for papers for the 8th International Conference on Digital

Forensics and Cyber Crime (ICDF2C)

Conference Dates: September 28 - 30, 2016

Location: Manhattan, New York

*Paper Submission: Monday April 25th, 2016 (any time zone)* EXTENDED!

Website: http://www.d-forensics.org

The International Conference on Digital Forensics and Cyber Crime

(ICDF2C) brings together leading researchers, practitioners, and

educators from around the world to advance the state of the art in

digital forensic and cyber crime investigation. ICDF2C 2016 will be held

September 28 - 30, 2016 in Manhattan, New York. We invite contributions

for completed research papers, research-in-progress papers, industrial

talks, panel and tutorial proposals, and round table discussions.

Research papers are evaluated through a double-blind, peer-reviewing

process and accepted research papers will be published in a special

issue of the Journal of Digital Forensics, Security and Law (JDFSL).

JDFSL is an open access journal with a solid indexing including Thomson

Reuters ISI Web of Science. Accepted papers will be indexed in: a)

Google Scholar b) DBLP c) ProQuest d) EBSCO Host to name a few. Articles

will be available for readers online at no cost given the open access

nature of the journal. To learn more about JDFSL you can visit:

http://www.jdfsl.org/.

SPECIAL THEMES

This year, we have two themes that we intend to embrace. Authors are

encouraged to submit papers relating to these themes:

• Usage and implications of machine learning in digital forensics

• Big data and digital forensics

SCOPE

The Internet has made it easier to perpetrate crimes by providing

criminals an avenue for launching attacks with relative anonymity. The

increased complexity of global communication and networking

infrastructure and devices makes investigation of cybercrimes difficult.

Clues of illegal activities are often buried in large volumes of data

that need to be sifted through in order to detect crimes and collect

evidence. The field of digital forensics and cybercrime investigation

has become very important for law enforcement, national security, and

information assurance. Digital forensics and cybercrime investigations

are multidisciplinary areas that encompass law, computer science,

finance, telecommunications, data analytics, policing and more. ICDF2C

brings together practitioners and researchers from diverse fields

providing opportunities for business and intellectual engagement among

attendees.

The following topics highlight the conference's theme:

• Anti Forensics and Anti-Anti Forensics

• Big Data and Digital Forensics

• Business Applications of Digital Forensics

• Civil Litigation Support

• Cloud Forensics

• Cyber Crime Investigations

• Cyber Criminal Psychology and Profiling

• Cyber Culture & Cyber Terrorism

• Data hiding and steganography

• Database Forensics

• Digital Forensic Science

• Digital Forensic Tool Testing and validation

• Digital Forensic Trends

• Digital Forensics & Law

• Digital Forensics and Error rates

• Digital Forensics novel algorithms

• Digital Forensics Process & Procedures

• Digital Forensics Standardization & Accreditation

• Digital Forensics Techniques and Tools

• Digital Forensics Triage

• e-Discovery

• Hacking

• Incident Response

• Information Warfare & Critical Infrastructure Protection

• Law Enforcement and Digital Forensics

• Machine learning and Digital Forensics

• Malware & Botnets

• Mobile / Handheld Device & Multimedia Forensics

• Money Laundering

• Network forensics

• New chip-off techniques

• Novel Digital Forensics Training programs

• Online Fraud

• Programming Languages and Digital Forensics

• SCADA Forensics

• Sexual Abuse of Children on Internet

• Software & Media Piracy

• Theoretical Foundations of Digital Forensics

• Traditional Criminology applied to Digital Forensics

• Philosophical accounts for Cyber Crime and Digital Forensics

IMPORTANT DATES

_Research papers & presentation proposals:_

Submission deadline: Monday, 25 April, 2016 (any time zone) *extended*

Notification of Acceptance: Friday, 1 July, 2016

Camera-ready Version: Monday, 1 August, 2014

_Other Submissions (industry talks, panel discussion or workshops): _

Submission deadline: Friday, 1 July 2016

Notification of Acceptance: Friday, 15 July 2016

RESEARCH PAPERS & PRESENTATION PROPOSALS

Papers describing original unpublished research are solicited. Submissions must not be concurrently under review by a conference, journal or any other venue that has proceedings. Papers in the topic areas discussed are preferred, although contributions outside those topics may also be of interest. Please feel free at any time to contact the conference general chair if you have questions regarding your submission.

Completed Research Papers: No longer than 14 pages (including abstract, figures, tables and references) must be formatted using JDFSL template (see Formatting / Templates on http://www.jdfsl.org/for-authors).
Presentation Proposals (e.g., to present work in progress): No longer than 1 page (12pt, any format). Accepted proposals will get a 15min presentation slot as well as the chance to present work during the singleer session.
Papers / proposals must be submitted only through Easychair.org by going to: https://www.easychair.org/conferences/?conf=icdf2c2016.

All submitted research papers will be judged based on their quality through double-blind reviewing. Authors' names must not appear in the paper. All other submissions should be sent via email to the conference general chairs ({FBreitinger, IBaggili} at newhaven.edu).

PUBLICATIONS

Accepted papers will be published in a special issue of the Journal of Digital Forensics, Security and Law (http://www.jdfsl.org).

OTHER SUBMISSION CATEGORIES

Submissions can be made in a number of categories: industrial talks, panel and tutorial proposals, workshops and round table discussions. Please follow the following guidelines in preparing your submission.

Industrial Talk: Typically a 1,000 word description of the proposed talk. All talks must be vendor neutral.
Round Table Discussion: Typically a 1,000 word synopsis of the topic area.
Panel Proposals: Typically a 1,000 word description, identifying the panelists to be involved.
Workshop Proposal: Typically a 1,000 word synopsis about the content of the workshop.
Tutorial Proposals: Typically a 1,000 word description of topic(s), potential speakers, program length, and potential audience. Also, include proposer resume(s).

All proposals should be submitted to the general chairs ({FBreitinger, IBaggili} at newhaven.edu).

CURRENT TPC MEMBERS

Timothy Vidas, Carnegie Mellon University

Ping Ji, CUNY - John Jay College of Criminal Justice

Spiridon Bakers, Michigan Technological University

Ibrahim Baggili, University of New Haven

Neil Rowe, U.S. Naval Postgraduate School

Kim-Kwong Raymond Choo, University of South Australia

Irfan Ahmed, University of New Orleans

Nation Agarwal, University of Arkansas at Little Rock

Long Guan, Iowa State University

Martin Olivier, University of Pretoria

Michael Losavio, University of Louisville

David Dampier, Mississippi State University

Chien An Le Khac, University College Dublin

Honggang Zhang, University of Massachusetts Boston

K P Chow, University of Hong Kong

AndrewMarrington, Zayed University

Nicole Beebe, The University of Texas at San Antonio

Joshua I. James, Digital Forensic Investigation Research Laboratory

Pavel Gladyshev, University College Dublin

Petr Matousek, Brno University of Technology

Ahmed F.Shosha, University College Dublin

Christian Winter, Fraunhofer Gesellschaft

Martin Schmiedecker, SBA Research

Farmhand Iqbal, Zayed University

Mark Scanlon, University College Dublin

ThomasKemmerich, University of Bremen, IS-Bremen

KathrynSeigfried-Spellar, Purdue University

Sting Mjolsnes, Norwegian Univ. of Science and Technology NTNU

Michał Rzepka, MSH Consulting

Vassal Roussev, University of New Orleans

[CFP] Journal of Digital Forensics Security and Law

The Journal of Digital Forensics, Security and Law published its first issue in the 1st quarter of 2006 and is now calling for papers in, or related to, the following areas for Volume 11 (2016). This list is provided as a means to guide authors, however, we are open to accept other topics that relate to cyber security and forensics.

Business Applications of Digital Forensics
Civil/Criminal Litigation Support
Cloud Forensics
Curriculum
Cyber Crime Investigations
Cyber Criminal Psychology and Profiling
Cyber Culture and Cyber Terrorism
Data Hiding and Steganography
Database Forensics
Digital Forensic Trends
Digital Forensics and Law
Digital Forensics and Error Rates
Digital Forensics Novel Algorithms
Digital Forensics Process and Procedures
Digital Forensics Standardization and Accreditation
Digital Forensics Techniques and Tools
BigData and Digital Forensics
e-Discovery
Hacking
Incident Response
Information/Cyber Warfare & Critical Infrastructure Protection
Law Enforcement and Digital Forensics
Machine learning and Digital Forensics
Malware and Botnets
Mobile/Handheld Device and Multimedia Forensics
Money Laundering
Digital Forensics Triage
Digital Forensic Science
Digital Forensic Tool Testing and validation

Submission Requirements

All manuscripts should be word-processed (letter or correspondence-quality font) and should be submitted in PDF, Word or RTF formats. Submissions have to be made through the JDFSL OJS Submission System at http://ojs.jdfsl.org/.

To ensure a blinded review process, the following information should be excluded from the submission:

Authors Names section
Biography section
Acknowledgments section (if it contains information identifying the authors).
If an article is accepted, author(s) must provide a version in either Microsoft Word or LaTeX with graphics (figures) in GIF, TIF, or PowerPoint formats. Permissions for reprinted material are the sole responsibility of the author(s) and must be obtained in writing prior to publication.

JDFSL Submission Evaluation Criteria

Manuscripts submitted are expected to be:

new and original,
well organized and clearly written,
of interest to the academic and research communities,
not published previously, and
not under consideration for publication in any other journal or book

NOTE:

Articles published in or under consideration for other journals should not be submitted.

Significantly enhanced versions of manuscripts previously published may be considered. Authors need to seek permission from the publishers of such previous publications.
Papers awaiting presentation or already presented at conferences must be significantly enhanced (ideally, taking advantage of feedback received at the conference) in order to receive consideration. If the paper has been presented previously at a conference or other professional meeting, this fact, the date, and the sponsoring organization should be listed in a footnote on the first page.
Funding sources should be acknowledged in the Acknowledgements section.

The journal Web site is located at http://www.jdfsl.org. If you have questions, please contact the editor of the JDFSL who may be reached via email at [email protected].

Aims & Scope

The mission of JDFSL is to publish original research and comments about digital forensics and its relationship to security and law. Contributions are particularly welcome which analyze the results of interdisciplinary research. Publications will include the results of research and case studies that advance the curriculum, practice and understanding of digital forensics methods and techniques to support efficient and effective investigations.
The peer-reviewed, multidisciplinary Journal of Digital Forensics, Security and Law (JDFSL) focuses on the advancement of the field by publishing the state of the art in both basic and applied research conducted worldwide. We purposefully chose to use the word cyber in our tagline, instead of digital to emphasize the cyber culture surrounding computing, and the word cyber also extends itself beyond the technical domain of computing. The Journal???s main aims are to open up the landscape for innovation and discussion, and to continuously bridge the gap between the science and practice of cyber forensics, security and law. This journal encourages both scientists and practitioners to share their discoveries and experiences.
JDFSL is of interest to the following stakeholders: cyber forensic/security scientists, cyber security/forensic practitioners, law enforcement officers, lawyers, any governmental agencies with interest in national and local security, and private sector organizations. The Journal will publish the following types of articles:
<ul type="disc"><li class="MsoNormal">Research articles: These articles should have a strong contribution to the state of the art in cyber forensics/security science. Research could be either applied or basic. Although we anticipate that most of the research that will be published will primarily be computer science centric, the Journal strongly encourages topics that stem from other disciplines such as psychology, sociology, business, accounting, law, philosophy, linguistics, education, criminal justice, political science, social science, and ethics, to participate in the advancement of cyber forensic science. We have no preference on the type of methodology used in the research, as long as the work is both methodologically and scientifically grounded.</li></ul><ul type="disc"><li class="MsoNormal">Open Peer Commentaries: To ensure that there is constant discussion and deliberations in this field, JDFSL encourages experts in the domain to submit commentaries on the state of the art in the field through open peer commentaries. Commentaries seek to provide a critical and/or alternative perspective on the state of the art in cyber forensics/security. For a commentary to be accepted for publication, it should meet one or more of the following criteria: <ul type="circle"><li class="MsoNormal">The contribution should offer significant insight into work that has been published in JDFSL.</li><li class="MsoNormal">Novel findings substantially contradict well-established research, theory, and practice.</li><li class="MsoNormal">It provides insight into bridging the gap between the science and practice of cyber forensics security.</li><li class="MsoNormal">It critiques findings of seminal work, research, or practice in the domain.</li><li class="MsoNormal">It offers significant contribution by consolidating findings in research and practice.</li><li class="MsoNormal">It improves the multidisciplinary nature of the domain.</li><li class="MsoNormal">It reviews and provides insight into both tools and methods used in cyber forensics.</li></ul></li></ul>
<ul type="disc"><li class="MsoNormal">Book Reviews: The Journal provides a place for peers to share their opinions and reviews of published books in the field of cyber forensics and security science.</li></ul>

[CFP] JDFSL Special issue on Cyberharassment Investigation: Advances and Trends

JDFSL Special issue on Cyberharassment Investigation: Advances and Trends.

Anecdotal evidence indicates that cyber harassment is becoming more prevalent as the use of social media becomes increasingly widespread, making geography and physical proximity irrelevant. Cyberharassment can take different forms (e.g., cyberbullying, cyberstalking, cybertrolling), and be motivated by the objectives of inflicting distress, exercising control, impersonation, and defamation. Investigation of these behaviours is particularly challenging because it involves digital evidence distributed across the digital devices of both alleged offenders and victims, as well as online service providers, sometimes over an extended period of time. As a result, little is currently known about the modus operandi of offenders.

This special issue invites original contributions from researchers and practitioners which focus on the state-of-the-art and state-of-the-practice of digital forensic investigation of cyberharassment of all kinds. We particularly encourage multidisciplinary contributions that can help examiners to be more effective and efficient in cyberharassment investigations.

Topics of interest include, but are not limited to:

-Offender psychology and profiling

-Cyberharassment victimology

-Methodologies and process models specific to cyberharassment investigation

-Tools and techniques for dealing with the types of digital evidence encountered in cyberharassment investigation

-Cyberharassment indicators

-Challenges and particularities of different modalities of cyberharassment

-Trends and typologies of cyberharassment

Important dates:

-Paper Submission: 1 June 2016

-Notification of Initial Decision: 30 June 2016

-Revision due: 31 July 2016

-Notification of Final Decision: 31 August 2016

-Final Manuscript Due: 30 September 2016

-Publication Date: 31 October 2016

Author instructions:

The submissions must be blind and original (i.e., must not have been published or be under review by any other publisher). Authors should refer to the following link for instructions: http://www.jdfsl.org/for-authors. The option “Cyberharassment Special Issue” must be selected as article type on JDFSL OJS Submission System. Further queries can be directed to the guest editors.

Guest Editors:

Dr Joanne Bryce

School of Psychology

University of Central Lancashire

[email protected]

Dr Virginia Franqueira

College of Engineering and Technology

University of Derby

[email protected]

Dr Andrew Marrington

College of Technological Innovation

Zayed University

[email protected]

About JDFSL:

<div style="font-family: -webkit-standard;">The Journal of Digital Forensics, Security and Law (JDFSL) is a peer-reviewed, multidisciplinary journal focussing on the advancement of the cyber forensics field through the publication of both basic and applied research. JDFSL is a no-fee open access publication, indexed in EBSCOhost, ProQuest, DOAJ, DBLP, arXiv, OAJI, ISI Web of Science, Google Scholar, and other databases. JDFSL is published by the Association of Digital Forensics, Security and Law.</div>