Day 1
Tuesday
13th September 2022
9:00am - 4:30pm AEST
Closed-door series of sessions by and for Law Enforcement, Military and Federal agencies to discuss operational lessons learnt, OSINT tradecraft and emerging trends.
In person and virtual*
*Please note some sessions will not be available to the virtual audience at the request of the speaker
OSINT Support to Major Events – How the NZ Police OSINT Team collection supported the response to Wellington’s parliament grounds occupation
More sessions to come!
Proliferation of Online CBR Threats. A Deep and Dark Web OSINT Investigation.
Using OSINT to deanonymize dark web child sex offenders
Indicators & warnings through technical OSINT
9:00 - 9:03am
Welcome and Opening Address
9:03 - 9:45am
OSINT Support to Significant Events – How the OSINT supported staff on-the-ground and in head office during New Zealand’s Convoy protests
Presenter: Peter Tyson
The Police OSINT Team provided important intelligence before, during, and after the New Zealand convoy protest and parliament grounds occupation. We worked with other open source capable staff from around New Zealand to track the groups converging on Wellington, and then during the occupation we provided timely and valuable intelligence on the plans and movements of protesters. OSINT contributed intelligence that helped the deployed staff respond firmly and tactfully to an event which challenged Police at all levels.
9:45 - 10:25am
Proliferation of Online CBR Threats
Presenter: Jacob Hunter
A Deep and Dark Web OSINT investigation into chemical, biological and radiological (CBR) activities, and procurement/distribution of items of concern. Exploring the method of investigation, key findings and vendor case studies, the presentation will demonstrate how OSINT can contribute to better understand various online threats.
10:25 - 10:45am
Morning Tea Break
10:45 - 11:25am
Leveraging OSINT to deliver FININT operational outcomes
Presenter: Zara Webb
As Australia’s financial intelligence unit (FIU), AUSTRAC collects information from the thousands of entities we regulate. Our financial intelligence analysts use that information to identify financial transactions linked to crimes including money laundering, terrorism financing, organised crime, child exploitation and tax evasion. This presentation incudes a case study that demonstrates the value OSINT can bring to a FININT investigation.
11:25am - 12:05pm
Cyber-Physical OSINT: Drone Challenges & Threats
Presenter: Mike Monnik - DroneSec
Drones represent the new frontier – kinetic, internet-connected devices with capabilities that include ferrying narcotics, dropping IEDs and conducting intelligence, surveillance and reconnaissance. In this talk we will review how new techniques in OSINT can aid the compromise sensitive drone data, hijack drone controls, evade law enforcement, disable counter-measures and discover new black markets funneling terrorist supply chains.
12:05 - 12:45pm
IN PERSON ONLY*
Using OSINT to deanonymize dark web child sex offenders
Presenter: Adele Desirs
Argos Victim Identification unit has been targeting producers of child sexual abuse for many years, and their investigative techniques have evolved as new tools and technology arise. This presentation will showcase how various open source techniques and tools including NexusExplore were used to identify a specific child sex offender who was operating on the darknet and sharing his production on a Pedo Tor Board.
*This session is only available to the in-person audience at the request of the speaker
VIRTUAL SESSION
Practical tools for investigators
Speaker: Steven Rappold
As investigators we are faced daily with technology. As Technology can be a blessing, it can also be a curse at times. This session will give tool ideas, ways to make your investigations better, and most importantly forensically sound.
12:45 - 1:30pm
Lunch Break
1:30 - 2:10pm
IN PERSON SESSION
Opes Cyber Security and DXC National Security
Presenters: Aaron Breban and Steve Berichon
-
RFI services, exploitation of PII – managing attribution
-
Digital footprint assessment for Commercial Exec’s – aggregation
-
Developing trade-craft to interact with, store and ultimately exploit PII
-
Leveraging the noise. Utilising the significant digital and commercial footprint of global organisations for obfuscation.
-
Managing attribution. Challenges of “breaking” an SI’s internal governance & commercial structures
-
Sticking to competencies. Leverage an eco-system of competent partners as the environment is too expansive and dynamic to “own”
VIRTUAL SESSION
No session will run virtually
2:10 - 2:50pm
IN PERSON SESSION
Opes Cyber Security and DXC National Security
Presenters: Aaron Breban and Steve Berichon
-
RFI services, exploitation of PII – managing attribution
-
Digital footprint assessment for Commercial Exec’s – aggregation
-
Developing trade-craft to interact with, store and ultimately exploit PII
-
Leveraging the noise. Utilising the significant digital and commercial footprint of global organisations for obfuscation.
-
Managing attribution. Challenges of “breaking” an SI’s internal governance & commercial structures
-
Sticking to competencies. Leverage an eco-system of competent partners as the environment is too expansive and dynamic to “own”
VIRTUAL SESSION
OSINT: The Past, Present & Future
Presenter: Nico Dekens
This talk by Nico Dekens will go into the history of OSINT, look at the present state of OSINT but most importantly will look at the future of OSINT.
Nico will cover how OSINT has evolved and has been adopted by the Intelligence community, the journalism world and how online sleuths have embraced OSINT.
Nico will talk about the current state and challenges within OSINT and will take a deep look into what to anticipate in the near and distant future when it comes to OSINT gathering & analysis.
2:50 - 3:30pm
OSINT in criminal intelligence practice: Using open sources to geolocate online offenders
Presenter: Jimmy Aitken
Time and time again, criminal intelligence practitioners are asked to answer three key questions about an online offender: what’s their true identity, who’s in their inner circle - and most importantly - where are they located. This session will briefly describe how OSINT methods - with particular focus on geolocation – were used to find answers and drive successful investigations, when routine law enforcement enquires alone could not.
3:30 - 4:00pm
Wrap up
Day 2
Wednesday
14th September 2022
Symposium
9:00am - 4:00pm AEST
Networking event
4:00pm - 6:00pm
Open-door series of sessions by industry professionals to discuss OSINT, share valuable knowledge and foster greater public-private partnerships in Australia. Networking sessions with drinks to end the day.
In person and virtual
Using OSINT to Counter Foreign Interference
Protecting your Online Footprint
More session to come!
Geojournalism: How to Use Satellite Imagery to Verify Information and Uncover New Investigations
Future pathways for Open-Source Intelligence in government
Protecting your Online Footprint
The Devil Is In The Data: Sports betting investigations through the prism of open-source intelligence
9:00 - 9:03am
Welcome and Opening Address
9:03 - 9:45am
Using OSINT to Counter Foreign Interference
Presenter: Ben Cornish
Foreign Interference is becoming an increasingly relevant risk consideration for governments, industry and organisations, particularly those connected to Critical Infrastructure. But it is not just the responsibility of government or security agencies to protect us from foreign interference activities.
In this presentation, Ben will discuss why organisations need to be proactive in identifying, assessing and managing Foreign Interference Risks and explore, using various case studies, how OSINT can be used illuminate these risks and enable the implementation of mitigations strategies.
9:45 - 10:25am
Teaching OSINT Through Hands-on Activities
Presenters: Micah Hoffman and Griffin Glynn
Many of us have seen OSINT and geolocation challenges posted on social media. You know, "Tell me where I was when I took this picture." or "What plane is flying in this image?" One-off challenges like these can be great methods of learning or testing a skill but lack the growth opportunities that larger, organized, Capture The Flag (CTF) events.
10:25 - 10:45am
Morning Tea Break
10:45 - 11:25am
Future pathways for Open-Source Intelligence in government
Presenter: Adam Calver
Open-source intelligence collection is a relatively new capability within most of New Zealand’s governmental agencies. As a small nation, with an even smaller intelligence community, how do we best create a collective operating environment with the intent to promote professional excellence?
Adam, Principal Open-Source Analyst at the NZ Ministry of Business, Innovation & Employment, will discuss future pathways for open-source tradecraft and training in government; the recently launched open-source hub ‘Te Whakaara’ that is working to evolve New Zealand’s OSINT environment, with an emphasis on the practitioner; and the potential success that comes from outsourcing training to an external service provider.
11:25am - 12:05pm
Protecting your Online Footprint
Presenter: Ritu Gill
One of the keys to online research is finding the digital breadcrumbs that people leave behind online. That said, this talk covers online privacy mistakes people often make that leave them vulnerable to bad actors. Ways to minimize the risk will be discussed including talking about OPSEC and basic tips everyone can use to protect their online footprint.
12:05 - 12:45pm
The Devil Is In The Data: Sports betting investigations through the prism of open-source intelligence
Presenter: Jack Kerr
The explosive growth of online gambling in recent years has been mirrored by a huge increase in match fixing, with one in every 200 games now believed to be fixed. Money launderers have also welcomed this new way of betting, and both these problems are exacerbated by the illegal status of the majority of gambling websites.
The fuel that feeds these sites is live sports data, and in this presentation, I will show how I used computer-assisted OSINT techniques in my latest cross-border investigation. By tracking flows of data around the globe, we not only mapped out the scale of the European football betting market but also showed that the companies producing and selling this live data are the same ones entrusted by sports to protect them from match-fixers.
12:45 - 1:30pm
Lunch Break
1:30 - 2:10pm
Presenter: Emerald Sage
In 2017 a London-based photographer named Mia Ash used LinkedIn to contact multiple male employees of a Middle Eastern company. She stated this contact was part of an exercise to reach out to people around the world. Over the next few days, Mia and these individuals exchanged messages about their professions, photography, and travels. Mia encouraged these employees to add her as a friend on Facebook and continue their conversation there. Over time, trust was established, and Mia eventually convinced one of these employees to open a Microsoft Excel attachment on his work laptop. The attachment promptly launched a malicious macro and attempted to install malware.
Security researchers working with the Middle Eastern company assessed Mia Ash as a fake persona deployed by Advanced Persistent Threat (APT) actors known as COBALT GYPSY – a group associated with Iranian government-directed cyber operations. The Mia Ash online persona was unique in its sophistication; however, catfishing unsuspecting individuals to exploit their privileged access is not unique. This Tactic, Technique and Procedure (TTP) has been used by several APT actors since at least 2016.
In our talk we will demonstrate how Open Source Intelligence (OSINT) tools and techniques can reconstruct the APT actor playbook for engineering and executing catfishing facilitated attacks. We will analyse their methodologies and TTPs, and demonstrate how you can apply this knowledge to identifying possible APT catfishing profiles operating within your social media environment.
2:10 - 2:50pm
Use of OSINT to source and analyse procurement data to inform on global issues - Examining the PCR Purchasing Report Wuhan China
Presenter: David Dennison - Internet 2.0
2:50 - 3:30pm
Geojournalism: How to Use Satellite Imagery to Verify Information and Uncover New Investigations
Presenter: Ben Strick
This presentation takes journalists and analysts through practical case studies from Russia/Ukraine, South East Asia and Africa to show the basics of satellite imagery, geographical data, and using imagery in storytelling to verify information and make new findings.
The main fields attendees will learn in this session is: how do image-based investigations look in a story, what data is available and how can we actually use satellite imagery and geospatial information to boost our investigative and research capacity.
3:30 - 4:00pm
Wrap up
4:00 - 7:00pm
Networking Drinks
Day 3
Thursday
15th September 2022
Virtual Only
Investigating Corporate Structures and Website OSINT
During the first part of our Training Day, we will explain the different databases in which we can leverage information and begin to understand the structure and key people within corporations and businesses. We will then dive further to get a deeper understanding behind the scenes by conducting a website investigation (DNS, IPs, technology builds, domain enumeration and documents) as well as looking at the browser developer tools and webpage source code to locate hidden information of value.
Dark Web
Investigations
During the second part of our Training Day, we will explore the Dark Web. Dark Web is defined as the part of the World Wide Web that is only accessible via special software such as The Onion Router (Tor), allowing users and website operators to remain anonymous or untraceable. There is a widespread misunderstanding of how the Dark Web works and how it can be investigated or researched, so this training is designed to increase participant knowledge on how it works, who uses it, how it can be investigated and monitored, as well as the risks involved.
Our Trainers
Chris Poulter
CEO and Founder - OSINT Combine
Jacob Hunter
Head of Training - OSINT Combine