Cyber Crime

1

FBI's InfraGard Program
John B. Chesson Supervisory Special Agent Federal
Bureau of Investigation Cyber Division, Public
Private Alliance Unit FBIHQ, Washington, DC
2
Cyber Crimes

• Computer facilitated (non-intrusion)
• Fraud and Theft (IFCC) www.ic3.gov
• E-mail extortions
• Child pornography
• Computer Intrusion (Title 18 Sec 1030)
• Unauthorized or exceeding authorized access to a
  protected computer
• National security
• Denial of Service attacks
• Data alteration or destruction
• Theft of intellectual property
• Worms virus attacks
• Web defacement or Website redirects

3
National Critical Infrastructures

• Critical infrastructures are those physical
  and cyber-based systems essential to the minimum
  operations of the economy and government. These
  systems are so vital, that their incapacity or
  destruction would have a debilitating impact on
  the defense or economic security of the United
  States. President William J. Clinton, 1998

Agriculture Food, Banking Finance, Chemical,
Defense Industrial Base, Drinking Water and
Wastewater Treatment Systems, Emergency Services,
Energy, Information Technology, Postal
Shipping, Public Health Healthcare,
Telecommunications, Transportation Systems
4
SCADA Infrastructure Interdependencies
Fuels, Lubricants
Fuel for Generators, Lubricants
Power for Signaling, Switches
Transpor- tation
Oil
Fuels, Lubricants
Power for Pumping Stations, Storage, Control
Systems
Power for Compressors, Storage, Control Systems
Power for Pump and Lift Stations, Control Systems
Water for Production, Cooling, Emissions Reduction
Natural Gas
Electric Power
SCADA, Communications
Fuel for Generators
Water for Cooling, Emissions Reduction
Heat
Water
Water for Cooling
Power for Switches
Telecom
Fuel for Generators
Peerenboom, Fisher, and Whitfield, 2001
http//www.ari.vt.edu/workshop/Whitfield-presenta
tion.ppt
5
Potential Cyber Attacks

• Unauthorized Intrusions
• Website Defacements
• Domain Name Server Attacks
• Distributed Denial of Service (DDoS) Attacks
• Computer Worms
• Routing Operation Disruptions
• Critical Infrastructures
• Compound Attacks

6
Potential Motives for Cyber Attacks

• Thrill Seekers
• Organized Crime
• Terrorist Sympathizers and Anti-U.S. Hackers
• Terrorist Groups
• Nation-States

7
Terrorist Groups

• Terrorist groups are using information technology
• Terrorists possess the will and can easily obtain
  the means to attack IT targets
• Potential for major cyber attacks is very high

8
Cyber Capabilities

• Cyber Attacks
• In the wake of the 11 September 2001 attacks,
  Osama bin Laden allegedly gave a statement
• "hundreds of young men had pledged to him that
  they were ready to die and that hundreds of
  Muslim scientists were with him and who would use
  their knowledge in chemistry, biology and (sic)
  ranging from computers to electronics against the
  infidels.
• Mapping US vulnerabilities
• Compound Attacks most dangerous

9
Nation States China
Chinese Cyber Invaders May be After Defense
Logistics The SANS Institute NewsBites_at_sans.org
(SANS, 2006)

• Our country needs to go all-out to develop
  high-quality internet warriors. That should
  include development in exclusive universities as
  well as attracting private computer users to take
  part in internet combat". (Liberation Army Daily,
  2001)

10
Many Potential Cyber Threats

• Unstructured Threats
• Insiders
• Recreational Hackers
• Institutional Hackers

• Structured Threats
• Organized Crime
• Industrial Espionage
• Hacktivists

• National Security Threats
• Terrorists
• Intelligence Agencies
• Information Warriors

11
Attack Sophistication vs.Intruder Technical
Knowledge
AutoCoordinated
Tools
Cross site scripting
stealth / advanced scanning techniques
High
Staged
packet spoofing
denial of service
Intruder Knowledge
distributed attack tools
sniffers
sweepers
www attacks
automated probes/scans
GUI
back doors
network mgmt. diagnostics
disabling audits
hijacking sessions
burglaries
exploiting known vulnerabilities
Attack Sophistication
password cracking
self-replicating code
password guessing
Low
2005
1980
1985
1990
1995
12
Vulnerability Exploit Cycle
Intruders Begin Using New Types of Exploits
Of Incidents
Highest Exposure
Time
13
Botnets the growing threat

• FBI Intelligence Bulletins continually provide
  information on new and emerging Botnets and
  related activity.

14
Typical Botnet
Broadband 1
Broadband 2
Controller
Broadband 3
ISP
Enterprise
Customer ISP
15
Collective Defense Strategies

• Share cyber threat Intelligence products
• Share real-time cyber threat data
• Share IDS logs across multiple companies,
  industries, sectors
• Deploy passive sensors across multiple companies,
  industries, sectors
• Provide central analysis of real-time data
• Share best practices for incident response and
  recovery
• Provide Law Enforcement actionable leads to stop
  or neutralize the threat actors.

16
What to Expect if you call the FBI

• Agents will interview staff and obtain evidence
• Obtain prosecutive opinion
• Trace the attack (subpoenas, 2703(d) orders,
  sources
• Identify the subject(s)
• Obtain/execute search warrants, interview
  subjects
• Examine evidence, identify more victims, develop
  more leads
• Obtain Federal Grand Jury Indictment
• Arrest and Possible Trail
• Disclosure Issues

Confidential
17
Self Defense in the Current Environment What Can
You Do Today?

• Increase logging and filtering
• Prioritize Data Protect
• (Proprietary vs. Mission Critical)
• Understand your Defenses
• (Flexible vs. Rigid)
• Use warning banners to suppress internal threats.
• Patch Management Plan
• Incident Management Plan
• Join your local chapter of InfraGard

18
InfraGardA Brief History

• In 1996, FBI Cleveland Field Office cyber focused
  industry outreach initiative.
• In 1998, the FBI adopted the InfraGard program
  for NIPC private sector outreach
• In 2003, the FBI Cyber Division was established
  and DHS formed taking NIPC mission.
• Today, InfraGard is the FBIs lead private and
  public sector information sharing tool

19
National InfraGard Membership Growth
All Secure
Non-secure secure
Numbers are based on annual estimates
20
National InfraGard Membership by Industry
Sector (Areas of Interest)
Percentages are based on membership application
areas of interest.
21
How InfraGard is used for Investigations?

• Member Initiated responses to
• Survey crime problems
• Provide investigative needs presentations
• Explain what cases interest you
• Explain what evidence you need
• Explain what resources you need

• SME assistance requests
• Prepare RFII
• Initiate crime problem working groups
• Evaluate Source Knowledge/potential
• Evaluate Subjects knowledge
• Invite Source SME to join InfraGard

22
Cases Enhanced by InfraGard Top 10 Field Offices
Oct 2004 Oct 2006
153 Total
These numbers are based on the InfraGard
Semi-Annual Reports (SAR)
23
InfraGard Initiated FBI Cases
These numbers are based on the InfraGard
Semi-Annual Reports (SAR)
24
FBI Case Briefs

• Little Rock Insider Intrusion of Acxiom Corp,
• 7 million loss, 8 subjects convicted.
• Denver Insider Intrusion of a local utilities
  board,
• 422K loss, pending.
• Phoenix Intrusion of state information system,
  resulted in 3 deleted databases.
• Subject traced to Denmark, IIR generated.
• Indianapolis Intrusion of financial services,
  customer accounts compromised.
• Oklahoma City Intrusion of a local bank,
  resulted in stolen customer IDs.
• New Haven Phishing case with International ties.
  - Over 150,000 loss to victims

25
InfraGard Structure FBI Program vs Private Sector

• Provide vetting for membership
• Provide Secure Infrastructure
• Provide LES Intel Products
• Conduit for Investigations

• Self govern
• Identify SMEs
• Provide non-government Intelligence
• Liaise with other Govt Agencies
• Marketing/Fundraising
• Education

MOU
26
FBI Intelligence Products Disseminated to
InfraGard
27
Special Interest Groups (SIG)

• Chemical Sector
• December 2005
• Food/ Agriculture Sector
• March 2006
• Research and Technology Protection
• September 2006
• SCADA Security
• May 2007

28
InfraGards VPN using SSL(Caymas Login to access
SIGs)
SIGs
Chem
Secure Site InfraGard.org
Ag/Food
Member
RTP
SCADA
General Intel
Transpo
29
How InfraGard provides operational support

• Request For Investigative Information (RFII)
• BOLO list
• Have you seen?
• Does anyone know?
• Can anyone provide?
• How to query national membership?

FBI Local Office
InfraGard Secure Member Listserv
InfraGard Secure Website
30
How to Apply for InfraGard

• Visit our public website, www.infragard.net
• Click on Become A Member
• Fill out the application in writable pdf format
  and either mail it in to your local FBI Field
  Office or bring it to your Chapter Coordinator

31
InfraGard Contact Information

• If you have any questions, you may e-mail
• infragardteam_at_infragard.org
• Or you can call the 24/7 InfraGard Technical
  Support Line at
• 877.861.6298

32
Questions?
Public/Private Alliance Unit Presented
by SSA John B. Chesson John.Chesson_at_ic.fbi.gov 20
2-324-0341