Welcome to my personal home page. Views expressed do not represent anyone. Here you will find information about causes that are dear to me, how to stay safe online, why hacking is good, links to media, and ways to get in touch. My philosophy is simply this: we are here to do our work and help each other.
Cari Farver's life was cut tragically short by an act of violence. The Cari Farver Memorial Scholarship at Iowa Western Community College (IWCC) keeps Cari's memory and legacy of kindness alive by helping students who aspire to careers in information technology like she did.
The EFF is the leading non-profit organisation defending civil liberties in the digital world. Founded in 1990, EFF champions user privacy, free expression, and innovation through impact litigation, policy analysis, grassroots activism, and technology development.
Médecins Sans Frontières (MSF), or Doctors without Borders, provides medical assistance to people affected by conflict, epidemics, disasters, or exclusion from healthcare. Their teams are made up of tens of thousands of health professionals, logistic, and administrative staff whose actions are guided by medical ethics and the principles of impartiality, independence, and neutrality.
The hackers.blue group aims to encourage dialogue between the greater hacker and law enforcement communities and to connect LE professionals who embrace the hacker ethos. All hackers working in law enforcement who embrace Sharing, Openness, and World Improvement and reject bigotry, prejudice, and hate are welcome and encouraged to join.
The Internet can be a wonderful place to socialise, learn, and have fun. It can also be a dangerous place where cybercriminals pursue their victims.
Learn to protect yourself online with these tips.
Use a different password for each service. This prevents a breach at one website from compromising all of your accounts everywhere.
Longer passwords are always better because they're harder to crack. Use a password manager like the free and open-source KeePass to generate strong passwords for you and safely track them.
Also called two-factor authentication (2FA), turning on MFA is one of the best steps you can take to keep your accounts secure.
This means that anyone who wants to login to your accounts has to both know your password and provide a one-time code. You can manage your codes using an app like Authy or Google Authenticator.
Outdated software often contains security flaws fixed by updates also known as patches. Turn-on automatic updates for your operating systems, like Windows and Android OS, and reboot when prompted.
Remember to update your apps too like your web browser. Ninite is a free tool for Windows that can help you easily install popular free software, like the office suite, LibreOffice. Run the Ninite installer again later to automatically update.
Apps like Snapchat allow you to share your location with friends. Consider disabling that option or limiting the app's permissions. Check your Settings app for all the location-related privacy options.
Keep in mind that useful location sharing, like the Apple Find My app which allows you to find a lost phone, could pose a risk in certain situations. In a domestic abuse scenario, the abuser could use this capability to stalk their victim.
Phishing is a form of social engineering attack that attempts to trick you into giving-up your passwords or personal information. Don't trust links you receive by email, social media, or text.
If you're unsure manually type-in the address of a website or call the sender to verify. Be wary of "urgent" requests, and remember phishing websites made to steal your password can look just like the real thing.
All major social media platforms offer privacy and security features you can customise. Use security check-ups offered by Facebook and Google. Read Twitter's safety and security help page.
Practise reducing your attack surface by closing accounts you don't use and being careful of what you post. Remember that criminals and future employers alike will see it someday.
Backups can save you from a ransomware infection as well as computer failure. Free backup software is included with Ubuntu Linux, macOS, and Windows.
Remember that backups connected to your computer may also be lost if you're infected with malware so consider using cloud backups or disconnecting your backup drive when not in use.
When paying in person with your debit or credit card, pick Credit instead of Debit at the checkout. Consumers are better protected against credit card fraud, and it prevents a skimmer from stealing your ATM PIN code.
Always use the chip or tap options, rather than swiping, when possible. Swiped cards are easily cloned, but chip or contactless transactions are protected by better technology and harder to skim.
If someone gains unauthorised access to your account you should immediately change your password and enable multi-factor authentication (MFA / 2FA).
If the service allows it also remember to log-out all existing sessions so an attacker cannot continue to use your account after you've reset the password.
If you or someone else is in immediate danger always call 9-1-1.
If you've been the victim of a cybercrime you can report it to your local law enforcement agency's non-emergency number. You can also report Internet scams, fake websites, emails, and malware to the FBI's Internet Crime Complaint Center (IC3).
If you know of a child being exploited or encounter explotation material, sometimes called child pornography, report it to the National Center for Missing & Exploited Children (NCMEC) via the CyberTipline website.
Your CyberTip will be quickly routed to law enforcement. You could save a child.
Hacker shouldn't be a derogatory term. Before we started using the word to describe dull, money-grubbing criminals and poser corporate types, hackers built the Internet. Today, we fight to keep it secure. Hackers tear things apart, put them back together in cool, new ways, and invent creative uses for technology. They understand that everything has hidden features begging to be explored.
Hacking is not a crime. Most hackers are not criminals. They are people with a passion, and they use their skills to help, rather than harm. Hackers are infinitely curious and come from all walks of life. Rich or poor, old or young, from a global superpower or a relative backwater, you can embrace the culture. You can refuse to accept limitations or let the greedy decide how humans should use tech.
You can be a hacker. The only requirement is for you to embrace your curiosity. My advice: stay curious, never avoid a fight for what's right, and ignore anyone who tries to stifle you.
Hackers should be judged by their hacking, not bogus criteria such as degrees, age, race, or position.
Steven Levy
You can learn about hacker culture and the history of hacking from books like Hackers: Heroes of the Computer Revolution by Steven Levy, Exploding the Phone: The Untold Story of the Teenagers and Outlaws who Hacked Ma Bell by Phil Lapsley, and The Cuckoo's Egg by Clifford Stoll.
You can learn more, meet others of a like mind, and become part of a beautiful global community by connecting at conferences like DEF CON or by dropping-in at your local DEF CON Group. If you happen to hail from the Council Bluffs-Omaha metropolitan area you should check-out DC402, our local DEF CON group that meets every month. Can't make it to DEF CON? Check-out the DEF CON YouTube channel or DEF CON Media Server to learn and enjoy the talks anyway.
Lover, Stalker, Killer is a Netflix documentary produced by Curious Films UK and released in February 2024. The film tells Cari Farver's story in a new and very compelling way. This case was my life for over two years, and it took a lot of work by many people to bring closure to Cari's family and put her killer behind bars.
At the DEF CON 32 hacker conference, I gave a talk in the Warstories Track that covered some of the digital forensics behind the Farver case. The talk was called, "Solving the Lover, Stalker, Killer Murder with strings, grep, and Perl", and it was intended to share some of the techniques used as well as ignite interest in digital forensics work.
Season 26, Episode 1 of Dateline NBC, entitled "Scorned", covered the case of the disappearance of Cari Farver. This was the first major coverage of the case after we went to trial in May 2017. Keith Morrison hosts. The video linked below is a web addition that includes some footage not used in the episode itself.
In this presentation, given at the inaugural AppSec Village during the DEF CON 27 Hacking Conference in Las Vegas, I covered software security issues faced by small to mid-sized local governments. I also gave examples of vulnerabilities found in three vendors' products. I was honoured to take part in this village as well as Skytalks 303 where I gave an extended talk that included this material.
This virtual talk at the Recon Village during the DEF CON 29 Hacking Conference is about the dangers of lookalike domains, and an experiment to test whether impersonating .gov domains with .com and .org lookalikes yields real world results. See also: https://impostor.domains
In this article from The Daily Nonpareil, reporter Brian McCormack covers my job, my history with hacking, an early brush with the law, and an encouraging talk I received back then about using computer skills for good that I try to pass on to students today. It was humbling to be interviewed and to have this story shared with our community.
Interested in learning more about hacking, law enforcement digital forensics, cyber crime, cybersecurity, or other geeky topics?
I am happy to correspond online and love speaking with students, teachers, cops, criminialists, prosecutors, fellow nerds, and others in the public sector, at non-profits, or truly working to serve the common good.
Please note that, to avoid conflicts of interest, I do not do investigative or digital forensic work outside of my primary employment. I also cannot provide legal advice and strongly suggest consulting a lawyer in your jurisdiction for any and all legal matters.
Drop me a line. For speaking requests click here.