±Forensic Focus Partners

Become an advertising partner

±Your Account


Forgotten password/username?

Site Members:

New Today: 0 Overall: 34077
New Yesterday: 0 Visitors: 69

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

RSS Feed Widget

±Latest Webinars

Predictive Crime Lab (PCL) All-IP

Discussion of forensic issues related to all types of mobile phones and underlying technologies (GSM, GPRS, UMTS/3G, HSDPA, LTE, Bluetooth etc.)
Subforums: Mobile Telephone Case Law
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
Go to page 1, 2  Next 

Predictive Crime Lab (PCL) All-IP

Post Posted: Wed May 10, 2017 6:10 pm

As Switzerland is shutting down its TDM core networks and moving towards All-IP (Swisscom term) we run a tiny simulated private home with Smart Home components and an All-IP communications infrastructure to learn about predictive crime. In short think about a family of father, mother and two kids: girl and boy. They all have smartphones both Android and iOS and integrate more and more all aspects of live towards digital. So the little ecosystem also contains three external hackers: father ebanking, mother zalando odering and teens WhatsApp. 7 players and about 15 digital devices. Important: No PCs, Laptops or Notebooks involved as future crime is on Mobiles.

We now try to define a virtual risk landscape for the family. Not single risks but aggregated to bring-in the risk of Social Engineering.

The challenge is to imagine new forms of Social Engineered Crime (SEC) based on the social vulnerabilities of a family like different time schedules, different levels of technical skills and confused communication during a typical busy workday with little time budget to think, validate, doublecheck or meet and greet.

So its about new - not old. Think outside the box.

What do you think should we take into consideration in our PCL?

What would you do with this little playground?

Be careful. Crime listens here - but still try to collaborate here please.  

Senior Member

Re: Predictive Crime Lab (PCL) All-IP

Post Posted: Wed May 10, 2017 9:04 pm

The risk falls into two categories:

Technical vs Behavioral. Yes technology can be used to limit risk, and although it is never perfect it is getting smarter. The challenge lies in changing the behaviour of the end user, who are almost always too willing to click on a link or fall for "flavour of the hour" scam.

The technology providers ( hardware, ISP, Application) are very cautious in their approach as they don't want to scare off the end user with the reality but choose to take a softly, softly approach to the end users detriment.

My opinion is we need to see the types of awareness campaigns similar to the drink driving, car seat belts, anti-smoking etc campaigns that have proven to be successful, brought over into the online/cyber domain in order to program the caution into the users mindset when it comes to how to operate online.

The connected houses/offices with ever increasing amount of IOT carry an immense risk in itself as the vendors of Lightbulbs, Fridges etc will almost always release a product with a flaw or backdoor that may end up compromising the building from within. Government spy agencies jumped on this early in turning smart TV's into listening devices or turning on the cameras on laptops to spy on the subject and the hackers followed by infecting the home routers firmware.

The challenge of PCL is that with mobile devices that travel out of the house/building and possibly being compromised anywhere. The trusted device is then carried into the "safe" environment and connects to the wifi and infects other devices.

The mobile devices are the weakest point.  

Senior Member

Re: Predictive Crime Lab (PCL) All-IP

Post Posted: Thu May 11, 2017 9:27 am

badgerau: Very sharp analysis and excellent post. Thank you!

From my point of view you are right in all aspects. The challenge in a highly dynamic environment is to structure the chaotic elements to get more transparency. Additional to the layers of Technical and Behavioral we added the Awareness and Risk layers. As four layers are too much we definded the Awareness layer into High Risk if Awareness is low and Low Risk if the awareness is high.

Technical layer

Split into Hard- and Software and User Interaction: HW, SW and UI

Lets assume the HW layer as static and the SW layer as dynamic. Newly added IoT devices e.g. are 'new static'. The SW layer is half a lost domain based on the Android devices. As Android is a three-player-domain: Google, Manufacturer and User. The Manufacturer do nothing to patch Android. In addition Google Play apps are not properly reviewed before online. So we estimate the Android devices as more vulnerable in general. iOS on the other side is a two-player-domain (app developers on both OS platforms excluded). In addition HW and SW are built together. iOS devices SW-based are top in security but the Apple ecosystem is highly synchronized inter-device related which is a higher risk.

Android attack vector: SW and UI
iOS attack vector: UI

Behavioral layer

Split into Information Gathering, Order Processing, Social Interaction: IG, OP, SI

For a long time spearfishing by email-embedded links or docs was the problem #1. As email
declines and messaging rises we expect a shift of spearfishing into messaging: in-chat links.
Still OP is based on order confirmation by email but Over The Top (OTT) players like FaceBook
will force in-chat ads and in-chat OP including mobile payment. One for sure will also bring-in
the aspects of bots. As they are assistants for fully automated consume&pay they already are
a huge problem. But in general. As the user gets out of his hand the decision making and
visual observing potential (redirections, URLs, fake websites especially for bots) if bots are
part of situation they will increase the risk. The trend toward bots is looming so no chance
to avoid.

Android attack vector: OP and SI
iOS attack vector: OP and SI

conclusion: OS not decisive.

Risk layer
High Risk sublayer
Low Riks sublayer

Risk is always related to damage and loss. We defined risk as negative and business related
potential in a positive way (e.g. uncertain but early innovation related to market and demand).

So how to predict the risk of UI? We discussed internally about if it is important to devide the location related to risk? Is mobile always more risky than home? Its a matter of time-budget. Normally mobile brings a tiny time-budget. This is more risky as the user has not time to 'think twice' and to double-check. Fast consuming is in general a high risk (eating too much, not taking into consideration relevant details). A good campain years ago in the U.S. was called:


But today its more about Stop-Think-DoNotTouch. We here are uncertain how to value risk and especially which attack vector is vulnerable by high risk. Is it important to take gender differencies into the game? Is it important to take the level of distraction into the platform?

Lets continue related on: How can you user make more aware of distraction? Visual Distraction VD, Acoustic Distraction AD and Emotional Distraction ED. If you like you can add Brain Distraction BD.

What do you think?  

Senior Member

Re: Predictive Crime Lab (PCL) All-IP

Post Posted: Thu May 11, 2017 11:40 am

- RolfGutmann
Is it important to take gender differencies into the game?

From my experience: Yes, and there is some research out there, e.g.: lorrie.cranor.org/pubs...-sheng.pdf

As an attacker who has got the choice, you mostly pick the woman. Women are easier to trick in user interaction and, which I find more relevant, are more tolerant towards technical malfunction.

If your exploit is invoked by systems interaction (which should be preferred over social engineering), but may cause some unwanted behaviour (error message, application hang, reboot etc.), your chances, that the user neither digs into it by herself nor asks anyone to investigate, are much better with women.  

Senior Member

Re: Predictive Crime Lab (PCL) All-IP

Post Posted: Thu May 11, 2017 5:28 pm

To reduce complexity: What are the next crime attack vectors digitally looming up?

Train Your Brain!  

Senior Member

Re: Predictive Crime Lab (PCL) All-IP

Post Posted: Thu May 11, 2017 6:03 pm

Thank you C.R.S. - will drop (SEC) Social Engineering Crime towards System Interaction Crime (SIC).

Lets look on women and splitting into 3 age segments: Y Young 2-19, M Mid 20-67, W Wise 68-x.


This segment often has the highest level of activity day and night. Speed and distraction combined bring a high level of Fast Moving Consuming (like the term out of marketing Fast Moving Consumer Goods FMCG, think about a bottle of coke filled in the shelf and minutes later already sold). But this segement is socially best connected, there is no lack of friends, help or advice. As genders are mixed the technical issues are assisted by boys highly affine digitally.

We found that in this segment both genders are vulnerable by malicious apps, infected downloads or Peer-to-Peer acid. Music and Clips are top on wishlist, Youtube to MP3... Not to forget the layer of education in this segment like schools and unis.


Combined experience in our team brought out that this segment is very heterogenous. Job, Partnership, Friends and Holidays have a high level of influence. But there must be a common ground of vulnerability in this segment as financial crime is high here. Holidays is on top of the list and not just by Credit Card Theft. Flights, Lodging and Activities of both genders contribute highly.


Actually not a high level of digital crime as low adaption. But what will be next generation of W which is digitally affine but tired of new trends. For sure this segment will be the top runner of digital crime as more money to steal at end of live.

But again: What are your predictive digital crime trends for 2020? Where and Why?
Besides: Who runs a PCL in law enforcement somewhere globally?  

Senior Member

Re: Predictive Crime Lab (PCL) All-IP

Post Posted: Fri May 12, 2017 9:46 am

- RolfGutmann
Thank you C.R.S. - will drop (SEC) Social Engineering Crime towards System Interaction Crime (SIC).

To avoid misconceptions: I used systems interaction complementarily to user interaction. Exploitation purely based on systems interaction (with data) is preferable, since it does not rely on tricking a user and does not raise suspicion (if it works). E.g. you send an email with an exploit against AV software to the victim, it gets scanned by the victim's AV software, you own the system. A relatively small portion of criminal actors is able to conduct these attacks. I "predict" that this will not change in the future, since digital crime is a numbers game. There is no incentive to gain the required abilities, as long as tricking users is still profitable.

- RolfGutmann
What are your predictive digital crime trends for 2020? Where and Why?

Regarding IoT, a recent article from ENDGAME asks:

So, are we all about to be subjected to a wave of ransomware that prevents you from flushing your toilet? Will ransomware disable your thermostat? Will ransomware burn your toast?

In an internal discussion some time ago about automotive ransomware we did not figure out, how this could be effectively monetized. The issue with IoT-controlled assets is, that they are either low priced or (in contradiction to generic computers and software) locked down against the user's misbehaviour and the vendor's liability actually works. You would not pay ransom to unlock your car or to switch on the micro wave oven, but ask the vendor to fix it for you, and they probably will have to do it for free. This could be a way to gain market shares against a competitor, but will not pay out immediately.  

Senior Member

Page 1 of 2
Go to page 1, 2  Next