Police-Led Intelligence principals Nick Selby and Dave Henderson speak with the media on a range of topics in law enforcement, intelligence, analysis and cyber crime, including computer breaches and data theft.

Business Week/Bloomberg: Cyber War: The Digital Arms Race Video montage: Computer-security specialists discuss the growing number of online attacks and the exploding cyberweapons industry. Brian Contos, director of global security strategy at McAfee Inc., Chris Swecker of Chris Swecker Enterprises, and Nick Selby of Police-Led Intelligence, talk about cybersecurity and state-sponsored cyber attacks against the US. Watch the video

Information Security Magazine: Striving for better information security intelligence The need to tame runaway data is just one issue facing security teams. A far more significant factor, particularly for organizations responsible for high-value information assets, is an increased recognition of the economics of exploit. Those who know their assets are a target also know that dedicated attackers have the means to evade many common defenses. Nick Selby, a Texas police officer and managing director of, says, “If it costs you 50 million to build intellectual property but only 3 million to steal, [what attackers] can say no to numbers like that?” Read the article

CSO: Selling technology to cops, part 4: Building in utility For the past month, we’ve been writing about the kind of technologies that cops want, and the way to sell them. We’ve written (in Part I of this series) that there are three qualities law enforcement agencies want when they buy technology: it must be integrated, it must be simple and it must have utility. In Part II, we talked about integration. In Part III, we talked about keeping it simple – and the rule of thumb for vendors that, if your dad can’t use the product, it’s not simple enough. In this part, we’ll look to wrap it all up with our discussion of utility – the ability of a product to change the way we work, make us more effective, keep us safer. Read the article

DarkReading: Cybercrime Falling Into Two Distinct Camps
There are sophisticated cybercrime groups who target organizations or individuals using social engineering or rare exploits, and then there are those cybercriminals who use more widely available attack techniques aimed at a wider audience of victims. Those two approaches are the two main ways cybercrime has shaken out, according to a new report released today by Microsoft. But not everyone agrees that fewer publicly disclosed vulnerabilities is necessarily good news. Nick Selby, managing director of and a Texas police officer, says touting a decline in publicly disclosed vulnerabilities gives people a false sense of security. Read the article

Fox News: Officials Warn Facebook and Twitter Increase Police Vulnerability
In the midst of what officials call an “appalling” and “alarming spike” in attacks on law enforcement around the country, officials are warning the success of sites such as Facebook and Twitter has made police even more vulnerable. Nick Selby, a Dallas-area police officer and information security analyst, reflected the threat this way: “I work in Texas. I assume everybody has a gun, [and] I assume everybody has some kind of personal recording device on them.” Read the article

InformationWeek: China Implicated In Hacking Of SMB Online Bank Accounts
FBI warns that small to midsize businesses are being targeted in an attack that so far has bilked companies’ accounts of millions of dollars and wired the money to Chinese companies. “We’d like see more of this from the FBI — specific and actionable information on a regular basis,” says Nick Selby, managing director of Police-Led Intelligence, and a police officer. “The FBI is telling the banks what to look out for, and the business owners [as well] — both sides of the equation.” Read the article

CSO Magazine: Selling technology to cops, part 3: Get dad involved, keep it simple
Over the last couple of weeks, we’ve written (in Part I of this series) that there are three qualities law enforcement agencies want when they buy technology: it must be integrated, it must be simple and it must have utility. Last time (in Part II) we talked about integration. Now we’ve arrived at “simplicity.” Read the article

Dark Reading: Coreflood Botnet An Attractive Target For Takedown For Many Reasons
The Justice Department and FBI’s operation to derail the 7-year-old Coreflood botnet set a precedent for how these criminal networks will be targeted by law enforcement, and the relatively old-school botnet’s architecture made the feds’ method of takedown especially attainable. “Coreflood has been around for so long … and the business model for this kind of crime is evolving constantly. That is why it is so crucial that law enforcement move quickly,” says Nick Selby, a cybercrime consultant and police officer who co-founded the Police Led Intelligence blog and podcast. Read the article

CSO Magazine: Selling technology to cops, part 2
Last week, Dave and I wrote about the high-level concepts behind making your information technology product appealing to cops and police agencies: integration, simplicity and utility. This week, we’ll look at the first of those, with a couple of examples. When we say “Integrated”, we mean that it shares information and resources with other products that the agency has. Read the article

CSO Magazine: Selling technology to cops: 3 Ways to Make Them Interested
Nick Selby and Dave Henderson want you to know that cops do not hate technology. You just have to know how to sell them on it. On the one hand, I’m constantly astounded by how badly technology is leveraged by the cops. Cops are pretty slow to adopt technologies unless they absolutely have to, and even slower to adapt to them culturally. On the other hand, I never — in all the time I was in IT, in more than 1,000 interviews with vendors, no matter how much they wanted to — I never had a technology executive hit me with a TASER… Read the Article

Marketplace: Hackers heist carbon credits
Call it the carbon credit caper. A gang of eastern European criminal hackers have stolen more than $50 million in carbon offsets, temporarily shutting down part of the European carbon trading system. Cyber-crime consultant Nick Selby says the carbon credit system was particularly vulnerable. “When you have relatively new markets, like carbon trading, it’s a lot easier for criminals to target because few people know what ‘good’ looks like,” Selby says. “And if you don’t know what ‘good’ looks like, you’re not likely to catch ‘bad’ when it comes across the wire.” Listen to the broadcast

Carpe Breachum: How the HBGary breach can make us stronger
Companies have long sought to balance what information about their vulnerabilities they must keep secret, and what information it would benefit them to share. The names of companies leaked in internal emails from HBGary, which were made public after the attacks last month by Anonymous, may change the calculus used to determine just how much we share. Read the article

The Tech Herald: RSAC 2011: Forming a bridge between law enforcement and security
After a security incident, InfoSec professionals have a hard time talking to police and explaining to them exactly what happened in terms that non-technical investigators can understand. Being technically inclined is not a requirement to join the police force. Yet, this doesn’t mean that local or state police don’t care about cybercrime. Read the Article

Threatpost: After The Hack: Tips For Working With Local Law Enforcement
The fact is: your business will engage with law enforcement at some point, and you better be prepared. Sadly, few businesses today are. That’s the assessment offered by Nick Selby, a Texas police officer, who urged attendees at the Security B-Sides Conference here Monday to be prepared when that day arrives. Read the article

Threatpost: Bridging The Gap Between IT And Law Enforcement
One of the big impediments to prosecuting computer crimes is getting law enforcement to pursue computer crimes with the same intensity that they do traditional property and violent crimes. But that’s easier said than done. At the recent B-Sides San Francisco Conference, sat down with Nick Selby to talk about the gulf that separates the “guns and badges” folks from the world of IT security. Read the article

CSO Magazine: Lessons of the HBGary Hack
I’ve been speaking quite a bit lately about how information security professionals can work with law enforcement – in fact, I’m speaking about it next week at BSidesSanFrancisco. The attacks by Anonymous against HBGary, and the accompanying defecation-hitting-the-ventilation raises some important rules of the road for this. Read the article

Threatpost: Malwarians At The Gate
Banks and their customers are on opposite ends of a feud over which is responsible when online banking accounts get hacked and pillaged. But where does the fault really lie? Read the article

Threatpost: It’s The Adversaries Who Are Advanced And Persistent
If we allow vendors to say that the “threat” is the problem, then, “advanced persistent threat” is relegated, as it has been, to the people we have been paying to clean up what we have typically labeled “threats”. Read the article

%d bloggers like this: