Cyber Behavioral Profiling and Analysis Expert Witness
Cameron Malin at Eagle Security Group
Fredericksburg, Virginia 22401
https://www.eaglesecuritygroup.com/services/corporate/expert-witness/cameron-malin/
► Contact Cameron Malin at Eagle Security Group
Expert WitnessForensic ExpertLitigation SupportSpeaker
He has over twenty-two years of Federal Bureau of Investigation (FBI) experience investigating, analyzing, profiling and locating cyber adversaries across the spectrum of local cyber criminals to national security attacks. As a Cyber Behavioral Profiler and former Supervisory Special Agent/Behavioral Profiler with the Behavioral Analysis Unit (BAU), he specialized in the assessment of cyber attackers, cyber adversary tradecraft, cyber deception and digital behavioral criminalistics.
Services
Mr. Malin serves Eagle Security Group as an expert in Cyber Behavioral Profiling: Cyber/Malware Attack Analysis, Targeted Violence (Online Reputation Damage/Smear Campaigns), Cyber Intrusion/Insider Threat, Assessing Online Behavior in Digital Devices (Digital Behavioral Criminalistics) and in White Collar/Economic Crimes: Corporate Fraud / Embezzlement / Misappropriation of Funds and Intellectual Property /Transactional Analysis.
Litigation Support Services
As a Special Agent for the FBI, testified on cases before Federal Grand Jury, Preliminary Hearing, and at trial. In each of these cases, testified concerning the facts of the investigation in the following matters:
• Cyber Crime
• Computer Intrusions
• Malicious Code (“Malware”)
• Cyber Attacks
Testified to facts and/or provided professional guidance related to how cyber crimes were conducted, how malware was used to compromise victim computer systems, malware forensics, digital evidence review, types of cyber-attacks, cyber crime conspiracies, criminal conspiracies, malware used to profit schemes, general properties and characteristics of malware, characteristics of cyber-attacks, and more.
Areas of Expertise
- Computer Crime
- Computer Forensics
- Computer Intrusions
- Cyber Attacks
- Cyber Behavioral Analysis
- Cyber Behavioral Profiling
- Cyber Crime
- Embezzlement
- Intellectual Property
- Malware
- White Collar Crime
Additional Expertise:
Malicious Code, Cyber Behavioral Analysis, Cyber/Malware Attack Analysis, Targeted Violence (Online Reputation Damage/Smear Campaigns), Cyber Intrusion/Insider Threat, Digital Behavioral Criminalistics, Behavioral Threat Intelligence, Cyber Victimology Assessment, Cyber Behavioral Threat Assessment, Cyber Deception, Deepfake and Synthetic Media Analysis, Digital Evidence, Digital Forensics, Risk Mitigation.
Profile
Cameron Malin is an esteemed expert in Cyber Behavioral Profiling with a deep knowledge of digital forensics who has testified regarding cyber-crime, computer intrusions, malicious code (malware) and cyber attacks. Specifically, he has testified in the Federal court system and has provided guidance related to how cyber-crimes were conducted, how malware was used to compromise a victim's computer systems, malware forensics, digital evidence review, types of cyber-attacks, cyber-crime conspiracies, criminal conspiracies, malware used to profit schemes, general properties and characteristics of malware, characteristics of cyber-attacks, and more. Formerly, Mr. Malin was an Assistant State Attorney (ASA) and Special Assistant United States Attorney in Miami, Florida, where he specialized in computer crime prosecutions.
He has over twenty-two years of Federal Bureau of Investigation (FBI) experience investigating, analyzing, profiling and locating cyber adversaries across the spectrum of local cyber criminals to national security attacks. As a Cyber Behavioral Profiler and former Supervisory Special Agent/Behavioral Profiler with the Behavioral Analysis Unit (BAU), he specialized in the assessment of cyber attackers, cyber adversary tradecraft, cyber deception and digital behavioral criminalistics.
Mr. Malin founded two specialized sub units: the FBI BAU's Cyber Behavioral Analysis Center (CBAC) - the methodology and application of science-based behavioral profiling and assessment to national security and criminal cyber offenders - and the BAU's Deception and Influence Group (DIG) - a uniquely trained and experienced cadre of Behavioral Profilers specializing in analyses of and countermeasures to adversary cyber deception campaigns and influence operations.
He has assessed hundreds of offenders and cases spanning the spectrum of cyber, counterintelligence, counterterrorism and violent crime matters. Employing his training and experience, Mr. Malin developed Digital Behavioral Criminalistics™, a combined application of numerous forensic disciplines - digital forensics, criminalistics, and behavioral sciences - to meaningfully uncover offender thoughts and actions in digital artifacts. He formally introduced this discipline in his book chapter, “Digital Behavioral Criminalistics to Elucidate the Cyber Pathway to Intended Violence,” in the International Handbook of Threat Assessment.
He is a co-author of the authoritative cyber deception book, Deception in the Digital Age: Exploiting and Defending Human Targets Through Computer-Mediated Communication and co-author of the Malware Forensics book series: Malware Forensics: Investigating and Analyzing Malicious Code, Malware Forensics Field Guide for Windows Systems, and Malware Forensics Field Guide for Linux Systems.
Upon retiring from his illustrious career with the FBI, Mr. Malin founded Modus Cyberandi, a company that provides consulting services related to the prevention and analysis of formidable cyber-crimes, including cyber behavioral profiling. He now serves Eagle as an expert in Cyber Behavioral Profiling: Cyber/Malware Attack Analysis, Targeted Violence (Online Reputation Damage/Smear Campaigns), Cyber Intrusion/Insider Threat, Assessing Online Behavior in Digital Devices (Digital Behavioral Criminalistics) and in White Collar/Economic Crimes: Corporate Fraud/Embezzlement/Misappropriation of Funds and Intellectual Property/Transactional Analysis.
Areas Served
All States
More Information
Professional Experience
Experience -- Private Sector
2024
Consultant and Expert Witness for Eagle Security Group
Fredericksburg, VA
Delivers consultation, training and subject matter expertise to include consultation, investigative support, litigation support and expert witness testimony in the areas of: Cyber Behavioral Profiling: Cyber/Malware Attack Analysis, Targeted Violence (Online Reputation Damage/Smear Campaigns), Cyber Intrusion/Insider Threat, Assessing Online Behavior in Digital Devices (Digital Behavioral Criminalistics) and in White Collar/Economic Crimes: Corporate Fraud/Embezzlement/Misappropriation of Funds and Intellectual Property/Transactional Analysis.
2023 to Present
Cyber Behavioral Profiler for Modus Cyberandi
Stafford, VA
Founder and operator of behavioral analysis consultancy offering a range of bespoke solutions and expert analysis to assist clients in understanding and defending against cyber-attacks. Practice areas include: Cyber Behavioral Profiling; Digital Behavioral Criminalistics; Behavioral Threat Intelligence; Cyber Victimology Assessment; and Cyber Behavioral Threat Assessment.
2023 to Present
Director of Behavioral Profiling for Psyber Labs
Stafford, VA
Co-founder and operator of a cognitive security and cyber behavioral threat assessment consultancy, specializing in deepfake assessment. Pysber Labs is the developer of the Software-as-a-Service (SaaS) deepfake assessment platform, the Deepfake Dashboard. Practice areas include: Cyber Behavioral Threat Assessment; Cyber Deception; Deepfake and Synthetic Media Analysis.
Experience -- The Federal Bureau of Investigation (FBI)
2012 to 2023
Supervisory Special Agent (SSA)/Behavioral Profiler at the BAU
Quantico, Virginia
FBI Behavioral Analysis Unit-2, Cyber Behavioral Analysis Center (CBAC)
Quantico, Virginia
Types of Crimes Included: Cyber Crime, National Security Cyber Matters, Cyber Behavioral Threat Assessment, Malware, Cyber Influence, Cyber Stalking, Ransomware, Influence Operations, Disinformation, Cyber Deception, Online Threatening Communications, and Extortion
Creator and founder of the FBI BAU's Cyber Behavioral Analysis Center (CBAC). Developed the FBI BAU's methodology and application of science-based behavioral profiling and assessment to national security and criminal cyber offenders.
Conducted and participated in over 650 operational behavioral assessments of criminal and national security threat actors.
Creator and founder of the FBI BAU's Deception & Influence Group (DIG). Developed the FBI BAU's science-based methodology for assessing adversary cyber deception campaigns and influence operations.
Creator and founder of Five-Eye (FVEY) Behavioral Analysis Consortium to Combat Ransomware. Collaboratively developed FVEY best practices for assessing and successfully engaging with ransomware threat actors.
2002-2012
Special Agent and Supervisory Special Agent (Squad Supervisor)
FBI Los Angeles Field Office
Los Angeles, California
Types of Crimes Included: Cyber Crime, National Security Cyber Matters, Cyber Behavioral Threat Assessment, Malware.
Responsible for the investigation, gathering of evidence and management of criminal and national security computer intrusion matters.
Member of Cyber Action Team for national response.
Case Agent for first commercialized use of botnet cases prosecuted in the United States and globally.
1998-2002
Assistant State Attorney and Special Assistant United States Attorney
Miami Dade County State Attorney's Office
Miami, Florida
Types of Crimes Prosecuted: Violent Crime, Narcotics, Illegal Firearms, White Collar
Crime, Fraud
Responsible for the prosecution of misdemeanor and felony crimes including robbery, home invasion, burglary, murder, computer intrusions, malicious code, and Internet crimes. Conducted all phases of case preparation and trial.
Appointed as Special Assistant United States Attorney, Southern District of Florida (2001-2002).
Collateral Duty Assignments/Intra-Government Group Collaboration
2021 - 2023
FBI BAU Statement Analysis Group. Conducted analyses of written statements and 911 calls for discrepancies and indicators of truthfulness with the goal of providing valuable insight for future investigative actions. Example cases include equivocal death investigations, homicides, missing child investigations, threatening communications, etc.
2020 - 2023
United States Intelligence Community (USIC) Foreign Denial and Deception Committee. A component of the USIC that focuses on understanding and countering foreign efforts to deny and deceive U.S. intelligence operations. The committee's main objectives include identifying, analyzing, and mitigating foreign denial and deception (D&D) activities that target U.S. intelligence capabilities and efforts.
2020 - 2023
Active Measures Working Group. Interagency USIC group re-established by the FBI's BAU in late 2020 whose primary purpose was to counter Russian (and other hostile nation) disinformation and propaganda efforts, commonly referred to as "active measures”. These efforts by the Russians included spreading false information, creating forgeries, and conducting covert influence operations to undermine the credibility of the U.S. and its allies.
2021 - 2023
FIVE-EYE (FVEY) Behavioral Analysis Consortium to Combat Ransomware. Specialized FVEY (U.S., U.K., Canada, New Zealand, and Australia) group that focuses on understanding ransomware threat actors/groups and developing behavioral methods of countering and defending against threat actor tactics and strategies.
2006 - 2010
FBI Cyber Action Team. Rapid incident response on major computer intrusions and cyber-related emergencies.
Licenses
Licenses, Certifications and Clearance
Behavioral Analysis Certification, FBI, National Center for the Analysis of Violent Crime (NCAVC), 2013-Present
Certified Information Systems Security Professional (CISSP), (ISC)², 2004-Present
Certified Ethical Hacker (C EH), EC-Council, 2004-Present
Certified Network Defense Architect (C NDA), EC-Council, 2004-Present
Digital Behavior Change Certified (DBCC), Behavioral Design Academy, 2022-Present
Emotional Design Psychology Certified (EDPC), Behavioral Design Academy, 2022-Present
GIAC Reverse Engineering Malware (GREM), SANS Institute, 2005-Present
GIAC Certified Incident Handler (GCIH), SANS Institute, 2006-Present
GIAC Certified Intrusion Analyst (GCIA), SANS Institute, 2006-Present
GIAC Certified UNIX Security Administrator (GCUX), SANS Institute, 2014-2022 (Certification ‘Retired' by SANS)
GIAC Penetration Tester (GPEN), SANS Institute, 2014-Present
GIAC Certified Forensic Examiner (GCFE), SANS Institute, 2020-Present
International Press Card Credential, International Federation of Journalists
Current Security Clearance: Top Secret/SCI
Licensed Private Investigator, Virginia Department of Criminal Justice Services, 2024
The Florida Bar, Member, 1998-Present
Legal Experience & Services
2009
United States v. Kenneth LUCAS
United States District Court, Central District of California, Los Angeles (Cyber Crime)
Testified as the Case Agent in Federal Preliminary Hearing as to the complex criminal computer intrusion scheme that LUCAS led out Los Angeles, California, orchestrating collectively 100 co-conspirators in the United States and in Egypt. Dubbed “Operation Phish Phry,” LUCAS and co-conspirators created elaborate phishing emails to cause victims to unknowingly provide banking credentials. “Money mule” co-defendants would then use these credentials at bank locations, pilfer funds from the accounts and exfiltrate the funds via wire transfer. Provided testimony into LUCAS et. al. modus operandi, criminal acts, roles of co-defendants and collateral criminal activity, to include an illicit marijuana grow operation.
2008
United States v. Lee Graham WALKER and Axel GEMBE
United States District Court, Central District of California, Los Angeles (Cyber Crime)
Testified as the Case Agent in front of Federal Grand Jury regarding the malicious code (“malware”) development and cyber-attacks conducted by the defendants. Provided testimony as to how WALKER, a British citizen and GEMBE, and German citizen, worked with other previously charged co-defendants to develop, “AgoBot”, a strain of malware used to create bot networks. These infected computers were collectively leveraged to launch distributed denial-of-service attacks against victim systems. Provided analysis of their respective and collective criminal roles, modus operandi and attacks conducted.
2005
United States v. Jeanson James ANCHETA
United States District Court, Central District of California, Los Angeles (Cyber Crime)
Testified as the Case Agent in a malicious code and computer intrusion investigation wherein the defendant, ANCHETA, compromised victim computer systems with malware and profited from the use of these "botnets"—armies of computers that are under the control of the botmaster and are used to launch destructive attacks or to send huge quantities of spam across the Internet. Provided analysis as to how ANCHETA operated his criminal cyber crime scheme and detailed the ill-gotten gains resulting from the scheme. Testified about ANCHETA's conspiracy with co-defendant who worked together with ANCHET to control and leverage the botnet for profit.
2004
United States v. Allan Eric CARLSON
United States District Court, Eastern District of Pennsylvania, Philadelphia (CyberCrime)
Testified in FBI Philadelphia Division case, wherein CARLSON was electronically breaking into computers around the country and using the return addresses of news/sports reporters for The Philadelphia Inquirer and the Philadelphia Daily News as well as e-mail accounts at the Phillies' offices to send thousands of unwanted e-mail messages. CARLSON resided in Los Angeles, California and I was the Los Angeles Special Agent responsible for the planning and execution of the search warrant on CARLSON'S residence and interviewing CARLSON pursuant to the search; at trial, I testified to the search and interview. CARLSON was convicted of 79 counts of computer fraud and identity fraud and sentenced to four years in Federal Prison.
Affiliations
Association of Threat Assessment Professionals (ATAP), 2023-Current
Authors Guild, 2009-Present
Florida Bar Association, 1998-Present
Information System Security Certification Consortium, (ISC)², 2004-Present
NATO Cognitive Warfare Community of Interest, Warfare Development Imperative, 2021-Present
United States Intelligence Community (USIC) Active Measures Working Group, 2020-2023
USIC Foreign Denial & Deception Committee (FDDC), 2018-2023
Awards & Honors
2012-2023: Subject Matter Expert, Cyber Security & Information Systems Information Analysis Center, U.S. Department of Defense Information Analysis Center (DoDIAC)
2012-2023: Subject Matter Expert, Defense Systems Information Analysis Center (DSIAC)
2023: FBI Medal of Excellence, Federal Bureau of Investigation
2020: FBI Medal of Excellence, Federal Bureau of Investigation
2016: National Intelligence Meritorious Unit Citation, Office of the Director of National Intelligence
2016: FBI Medal of Excellence, Federal Bureau of Investigation
Seminars & Training
Training and Presentations Provided
Selected by the FBI to speak to prosecutors, law enforcement communities and USIC officials both nationally and internationally, provided intensive hands-on instruction, seminars and training over the course of 21 years about a variety of topics to include cyber crime investigation, cyber behavioral analysis (colloquially known as profiling), cyber deception, cyber information operations, cyber threat actor psychology, and proper interviewing and elicitation techniques.
Sought after presenter/trainer for law enforcement and USIC personnel throughout the country and abroad. Provided instruction on a wide range of topics to include the most effective way to interview cyber attackers, psychological aspects of cyber attackers, human engagement strategies ranging from approach, and influence operations.
Trained and educated investigators and USIC personnel on a myriad of topics including but not limited to cyber threat actor motives, offender typology, criminal investigative analysis, violations relating to cyber attacks and digital crime scene interpretation.
Provided presentations, training and seminars to the following national agencies and organizations:
• Add recent speaking engagements
• Cyber Behavioral Profiling: Assessing Cyber Threat Actors, SecureWorld Chicago, June 2024
• Asymmetric Cyber Deception: Understanding and Assessing Deepfakes and Generative AI, Cybersecurity at MIT Sloan, February 2024
• The Dark Personality Traits Fueling Cybercrime, CrowdStrike Adversary Universe Podcast, February 2024
• Behavioral Profiling in Ransomware Engagements International Conference on Cyber Security (ICCS), Fordham University, January 2024
• Cyber Threats Tabletop Exercise, Cornell Tech (Cornell University) Board of Directors Forum, November 2023
• Five-Eye Behavioral Analysis Consortium to Combat Ransomware, Creator and Moderator: Symposium, September 2022
• The Art and Science of Information Elicitation, Counterintelligence Training Center, July 2022
• Digital Behavioral Criminalistics, International Homicide Investigator's Association, April 2022
• Cyber Deception Through Reflexive Control, NATO Cognitive Warfare Symposium, October 2021
• Assessing and Engaging Cyber Attackers, United States Joint Special Operations Command (JSOC), July 2021
• Dissecting Russian Information Operations, United States Foreign Denial & Deception Committee, February 2021
• Foreign Cyber Influence, U.S. Intelligence Community (USIC) Active Measures Working Group, January 2021
• Cyber Information and Psychological Operations, USIC Active Measures Working Group, November 2020
• Online Influence and Persuasion, Joint Counterintelligence Training Academy (JCITA), August 2019
• Cyber Attackers and Dark Personality Characteristics, National Security Psychology Symposium (NSPS), July 2019
• Cyber Adversary Assessment and Engagement, United States Central Command, June 2019
• Malware Profiling: Applying Human Sciences to Malware Attacks, USIC Partner Symposium, April 2019
• Cyber Behavioral Analysis and the New Threatscape, Association of Threat Assessment Professionals, February 2019
• Cyber Behavioral Analysis for Intelligence Matters, JCITA Cyber Threat Seminar, August 2018
• Cyber Behavioral Profiling, United States Joint Special Operations Command, August 2017
• Cyber Psychology & Online Persona Analysis, Joint United States/Canadian Government Cyber Workshop, July 2017
• Profiling Cyber Attackers: Mindset and Motivations, United States Sentencing Commission, April 2017
• Behavioral Profiling of Cyber Attackers, Joint United States/Australian Government Cyber Workshop, August 2016
Publications
Malin, C. H. (2021). “Digital Behavioral Criminalistics to Elucidate the Cyber Pathway to Intended Violence” in J. Reid Meloy, and Jens Hoffmann (eds) International Handbook of Threat Assessment, 2 edn. Oxford University Press.
Malin C. H., et. al. (2017). Deception in the Digital Age: Exploiting and Defending Human Targets Through Computer-Mediated Communications. Academic Press, an imprint of Elsevier.
Malin C. H., et. al. (2014). Malware Forensic Field Guide for Linux Systems. Syngress, an imprint of Elsevier. Malin C. H., et. al. (2012). Malware Forensics Field Guide for Windows Systems. Syngress, an imprint of Elsevier.
Malin C. H., et. al. (2008). Malware Forensics: Investigating and Analyzing Malicious Code. Syngress, an imprint of Elsevier.
Education
1998 Juris Doctor
University of Florida
Gainesville, Florida
Bachelor of Science – Legal Studies (Pre-Law)
Nova Southeastern University
Davie, Florida