So, I’ve talked a LOT about the gap in knowledge between Infosec and the rest of the world, and I would like to share something absolutely terrifying that I recently discovered.

Many cops working in cybercrime have never heard of Multi Factor Authentication.
That means they’re executing search warrants, and not grabbing things like yubikeys because they don’t know to. Which means there’s a WHOLE side of digital forensics that they are missing. Which means there are more people getting away with things like CSAM.
So, I will refer back to my tweet last week: the absolute BEST WAY you, As a security professional, can help orgs like BADASS or others fighting online sexual exploitation, is to EDUCATE your local court officials and LE about basic security practices and methods used by bad guys
Because they ARENT getting this knowledge. There is no one out there making sure judges understand what IP addresses mean, that local detectives know what the way back machine is- or that basic things like OSINT and exif data can be keys for investigations.
Want to make a world of difference in a lot of victims lives? Contact your local resources for DV/SV and teach them about google dorks, how to protect PII from appearing on websites like whitepages, and about MFA. They can pass that knowledge into the hands of victims.
I’ve had CSAM/NCP cases dismissed because judges didn’t understand IP addresses, because detectives didn’t know how to properly use google dorks or any osint tools, or were completely lost when it came to platforms like discord or 4chan.

We know this stuff. Pass the knowledge on
You can follow @BadassBowden.
Tip: mention @twtextapp on a Twitter thread with the keyword “unroll” to get a link to it.

Latest Threads Unrolled: