Hal Berghel

Hal Berghel Hal Berghel, PhD
Howard R. Hughes College of Engineering
University of Nevada, Las Vegas
4505 Maryland Parkway
Las Vegas, NV 89154-4019
Phone: 702-895-2441
Fax: 702-895-0964
Email: hlb@berghel.net

DVP trem expires December 2013

Hal Berghel is currently Professor and Director of the School of Informatics and Professor of Computer Science at the University of Nevada, Las Vegas.  He is also the founding Director of both the Center for CyberSecurity Research, and the Identity Theft and Financial Fraud Research and Operations Center. His research interests range from logic programming and expert systems, relational database design, algorithms for non-resolution based inferencing, approximate string matching, digital watermarking and steganography, and digital security (including both computer and network forensics), For the past decade he has applied his work in digital security to law enforcement and cybersecurity, particularly with respect to digital crime, cyberterrorism, and information warfare. His research has been supported by both industry and government for over thirty years. In addition to his academic positions, Berghel is also a popular columnist, author, frequent, talk show guest, inventor, and keynote speaker. For nearly fifteen years he wrote the popular Digital Village column for the Communications of the ACM.

Berghel is a Fellow of both the Institute for Electrical and Electronics Engineers and the Association for Computing Machinery, and has served both societies as a distinguished lecturer/visitor many times over the past 30 years in addition to his many recognitions and awards.   He is the founder and owner of Berghel.Net, a consultancy serving government, business and industry, and co-owner of BC Innovations Management, a startup company in IP and DRM. Preprints of publications, notices, information about inventions and patents, and lecture schedules may be found on Berghel's website: www.berghel.net.

The Stuxnet Experience: insights into the world of network forensics
This talk will discuss the tools of the network forensics practitioner by means of the recent Stuxnet attack that was so effective in disabling the Iranian Natanz uranium enrichment centrifuges. The discussion begins with an overview of malware profiling and the art of Internet forensics. We then look at Stuxnet from an evolutionary point of view, tracing it's development from the initial PLC MC7 hack through the Windows OS vulnerabilities, to the process injection sequence, to the method of flying under the anti-malware radars, and finally to the actual exploit itself. Several conjectures of the source of Stuxnet modules will be covered. A flowchart of the Stuxnet infection flow will be presented. This talk may also include other network hacks as exemplars of Internet forensics tools and strategies.

The Art and Practice of Digital Forensics
This talk looks into practice of digital forensics as a tool for e_discovery and risk aversion and mitigation.  Both computer and network forensics will be discussed, and the characteristics of both disciplines will be compared and contrasted.  Specific topics to be discussed will include but not be limited to: network reconnaissance, network discovery, OS fingerprinting, covert channeling, denial-of-service attacks, malware, file system forensic analysis, file carving, computer activity mining, metadata analysis, password cracking, network scanning, keystroke capturing and analysis, zero-day exploits, and metamorphic and polymorphic worms.  (100 slides; 45-60 minutes plus Q&A; categories: computer forensics, network forensics.)

Secure Credentialing: a new direction in mobile, secure, authenticable identification systems (that actually works and doesn't still respects the individual's right to privacy!)
We discuss several new methods for the creation of secure credentials, including some of those for which the speaker holds patents. These methods include those that work with conventional identification media (mag stripe cards, smart cards, RFID cards, etc.) as well as newer applications that use digital displays (e.g., on iPhones and PDAs). These methods will be presented in the context of a variety of business, government, law enforcement and military applications. Our methods integrate biometrics (fingerprint, iris scan, bone scan, capillary/palm scan, photographic images, etc.) to provide at least four points of authentication. Industry standard encryption (e.g., AES and Blowfish) is added in a variety of ways to provide security. The result is a self-validating credential that operates on a mobile platform with equipment that may be found in most office equipment retail stores. One of our systems, CardSleuth, will be demonstrated. Although CardSleuth takes advantage with elecrical power and network access, it requires neither for full functionality. The software runs on any Windows computer, PDA, phone, etc. for both the generation and recognition, as well as authentication and validation of IDs. The robustness of these methods are compared with recent government efforts such as RealID and the WHTI Pass Card. (100 slides; 45-60 minutes plus Q&A: categories: digital credentials, security, encryption, biometrics)

Macro and Micro Themes in Digital Money Laundering
This talk investigates several types of digital money laundering, characterized by source (failed states, state-aware, keptocratic states, terrorists, extremists, and individuals), means (credit- and debit-card exploits, international funds transfers, klepto-banks, "gift-card" exploits), and purpose (terrorism, narco-trafficking, electronic crime, Internet fraud). These categories are introduced by their identifying events-of-interest. Implications on shadow economies, degrees of sophistication, and case studies are discussed.  Each crime will be explicitly linked geographically and politically to sources, and may include discussion of actual cases. Several micro- and macro-level mitigation strategies will be discussed. (100 slides; 45-60 minutes plus Q&A. categories: money laundering, digital crime, digital fraud, narco-trafficking, cyber-terrorism, Internet fraud. No part of this presentation may be recorded!)

Phactors in Phish Pharming
This talk will focus on the latest manifestations and mutations of phishing attacks. Topics will include the art of perception management and social engineering; various forms of technical subterfuge; "core" phishing tactics; obfuscation techniques; delivery techniques; client-side vs. server-side vulnerabilities; anti-phishing weaponry, legal issues, etc. Several current phishing expeditions will be analyzed and compared for effectiveness. (100 slides; 45-50 minutes plus Q&A. categories: phishing, digital crime, digital fraud, email fraud, hacking)

note: Speaker will bring media to the venue on a USB memory stick and will require digital projection connected to a Windows Vista or Windows 7 computer with Office 2007).