×

De afgelopen week heeft het kabinet aanvullende maatregelen genomen om de verspreiding van het coronavirus tegen te gaan. Ook op Logius heeft dit impact. Lees verder op de pagina Continuïteit dienstverlening Logius

Logius international seminar 2020

Unfortunately, this scenario became reality for Logius. Would you like to know how we dealt with this cyber-attack? And what we do to prevent identity fraud? Then please come to our seminar on Digital identity fraud in the public sector. Together with experts of other public IT organisations, we will share our lessons learned and approach regarding prevention and detection of digital identity fraud. The seminar will be hosted by us, Logius, the digital government service provider of The Netherlands and member of Euritas (the European Association of Public IT Services Providers).

 

Panel discussions

The seminar will focus on three specific topics, which will be presented and addressed in panel discussions:

Phishing is a way of social engineering, its success depends on human factors. As a high-profile public-sector organisation, the Dutch Tax and Customs Administration deals with criminals claiming to be their representatives and contacting the public with phishing e-mails every day. A technique has been developed to identify phishing attacks that are carried out under the disguise of the Dutch Tax and Customs Administration. This technique is universally applicable. The framework gives more insight in phishing attacks conducted under the disguise of an organisations name. During this session we will inform you about this technique, which could lead to a significant decrease of phishing e-mails.

In cooperation with the German national cyber security authority 'Bundesamt für Sicherheit in der Informationstechnik (BSI)' and the Dutch 'National Cyber Security Centre (NCSC)', the Dutch Standardisation Forum initiated an EU government community regarding modern e-mail security standards (MESSEU). The community organises workshops for EU member states and aims to accelerate the implementation of modern e-mail security standards in Europe. In this session, BSI and Standardisation Forum will also inform you about these e-mail security standards, their experiences with thriving adoption, and the importance of sharing best practices.

Rogue mobile apps are counterfeit apps designed to duplicate those of trusted organisations. For example, a citizen might download a tax return app thinking it was issued by their national tax authority. The rogue app can contain malware, used to steal personal details and commit identity fraud (phishing).

Public sector organisations are increasingly using mobile as a preferred channel to provide secure services to their citizens. From a security perspective, they are adopting Secure Development Lifecycle (SDLC) practices and increasing the amount of testing for many of their important apps. But what happens to those mobile apps once they are uploaded to app stores?

As inventory intermediaries step in and grab apps from official stores and re-deploy them to secondary stores, the threat of those apps being exploited, attacked or copied increases. While Google Play and the Apple App Store capture a significant part of the market, there are hundreds of other competing app stores out there looking to promote their brand; carrier branded stores, handset manufacturer branded stores, e-merchant branded stores, regional stores, etc. The result is a complex network with multiple delivery mechanisms for the proliferation of apps. Fraudulent actors are increasingly leveraging mobile as a distribution channel for malware, especially on the Android platform.

In this interactive session we will provide an up to date look at the worldwide app store ecosystem; primary, secondary and affiliate app stores, and how inventory makes its way through this ecosystem. We’ll also examine recent examples of malware, app repackaging, data leakage and intellectual property violations presented by fraudulent and unauthorized apps.

Identity theft is a serious crime that can have damaging and far-reaching effects for its victims. By stealing your identity, a person may access your bank account or wrongly claim government benefits in your name. Unlike a robbery or burglary, identity theft often occurs without the victim's knowledge. Most identity theft victims only find out after they see strange charges on their credit card statements or apply for a loan.

After detecting possible identity theft, data analysts can investigate the case by searching the data. By analysing they discover patterns and characteristics, which can be used for preventive and proactive analysis. And also helps law enforcement to investigate and identify criminal perpetrators.

We should always try to prevent fraud from remaining unnoticed. Monitoring, mapping and recognizing threats are therefore essential. Based on real-life examples and interesting data analyses and visualizations, we will explain how logging can be used for detecting digital identity theft.

 

Speakers

Florian Bierhoff is the author and co-author of several technical guidelines on the security of modern technologies, released by the German Federal Office for Information Security (BSI). He started working at BSI in the field of official documents and electronic identification (eID) after finishing his studies of applied computer science at South Westphalia University of Applied Science in 2007. Since then he has developed guidelines for applications, like Secure E-Mail Transport and Secure Broadband Routers, from their conception to implementation.

Picture of Florian Bierhoff

Terry has over 20 years of experience in IT Security & Networking working with both private and public sector organisations to deploy and manage security solutions, in both technical and leadership roles. His experience ranges from the endpoint to enterprise wide monitoring for security and compliance. Terry is currently EMEA Technical Director at RiskIQ, delivering a unique approach to security, providing an outside in view of its customers external attack surface.

 

Picture of Terry Bishop

Arnold Hölzel is a senior security consultant working at SMT, a data-driven solution provider in the Benelux, and is mostly operating within the governmental SOC’s. He is been doing all sorts of security related work for about 15 years low, but sees it more as an out-of-control hobby. He loves to analyze and dig through multiple terabytes of data each day, to find that one outliner of hidden treasure. He always tries to broaden his knowledge, either through training or self-study.

Picture of Arnold Holzel

Karl is the Technical Lead of the Security Operations Center (SOC) of the Dutch Tax and Customs Administration. He must ensure that the security analysts of the SOC can do their job well in the technical field. In addition, he is responsible, among other things, for strengthening the network of governments and companies, so that the right information is quickly available in the event of threats and incidents. Karl obtained the title Master of Security in Information Technology (MSIT) at Eindhoven University of Technology. He completed the post-graduate course Judicial Expert at Leiden University, holds several GIAC certificates and furthered his knowledge in the field of ICT and security through courses such as Splunk, Taranis and Information Technology Architecture. He loves technology and has seven RFID / NFC chips implanted in his body, including a creditcard.

Picture of Karl Lovink

Steven is Clustermanager fraud and data expertise. He is responsible, among other things, for analysing and handling reports on identity fraud. This also means taking care of fraud investigations and working with chain partners.

Chris has over 20 years’ experience of Complex Financial Crime Investigations , Digital Forensics, Cybercrime & Information Security within government and the financial industry.

 

Registration required

If you want to attend the seminar, then please fill out the registration form which you can find through the button below. Seminar admission is free of charge, including lunch and drinks.

 

Programme

 
09.30-10.00 Registration and coffee
10.00-10.30 Welcome and keynote speech
10.30-12.00 Session 1 | Can phishing be stopped?
12.00-13.00 Lunch
13.00-14.30 Session 2 | When there are apps, there's always a rogue app
14.30-15.00 Coffee break
15.00-16.30 Session 3 | Data analysis in relation to digital ID fraud
16.30-16.45 Closing words
16.45-18.15 Private tour and networking reception

Location

The seminar will be held at the museum Mauritshuis. So you will also get a private tour to see Dutch famous masterpieces, such as Vermeer's Girl with a Pearl Earring. The compact, yet world-renowned collection, is situated in the heart of The Hague.

The museum is close and easy to reach from Amsterdam airport Schiphol by train or car (45 Km.). 

Painting of Vermeer: Girl with the pearl earring