NEW YORK ELECTRONIC CRIMES TASK FORCE

1
NEW YORK ELECTRONIC CRIMES TASK FORCE

• A Different Law Enforcement Model for the
  Information Age Addressing the Problem
  Systemically

2
NYECTF

• 50 Law Enforcement Agencies
• 200 Corporations
• 12 Universities
• The NYECTF model addresses the needs of the
  community using a uniquely proactive and systemic
  approach to focus on the underlying issues of
  crime

United States Secret Service New York Electronic
Crimes Task Force
3
USA PATRIOT ACT OF 2001HR3162, 107th Congress,
First Session October 26, 2001Public Law 107-56

• Sec. 105
• Expansion of National Electronic Crime Task Force
  Initiative
• The Director of the United States Secret Service
  shall
• appropriate actions to develop a national network
  of electronic
• crime task forces, based on the New York
  Electronic Crimes
• Task Force model, throughout the United States
  for the
• purpose of preventing, detecting, and
  investigating various
• forms of electronic crimes, including potential
  terrorist attacks
• against critical infrastructure and financial
  payment systems.

United States Secret Service New York Electronic
Crimes Task Force
Critical Infrastructure Assurance Office
4
Critical Infrastructure Protection

• Executive Order 13231 signed by President Bush on
  October 16, 2001, titled Critical Infrastructure
  Protection in the Information Age
• Created the Critical Infrastructure Protection
  Board
• Richard Clarke appointed as Chair of CIP Board
  and will report to National Security Advisor
• Executive Order 13228 Created Office of Homeland
  Security and the Homeland Security Council

5
USSS and Critical Infrastructure Protection

• Section 5(f) of Executive Order (Critical
  Infrastructure Protection in the Information Age)
  calls for Law Enforcement Coordination with
  National Security Components, DOJ through NIPC
  and Department of Treasury through United States
  Secret Service

6
National Strategy The Challenge for the New
Frontier

United States Secret Service New York Electronic
Crimes Task Force
Critical Infrastructure Assurance Office
7
Terrorists Thinking

• The time of humiliation and subjugation is over.
  Its time to kill Americans in their heartland
• Ahmed Alhaznawi, 3/27/01
• Flight 93 crashed in Pennsylvania

United States Secret Service New York Electronic
Crimes Task Force
Critical Infrastructure Assurance Office
8
Terrorists Thinking

• It is very important to concentrate on hitting
  the US economy through all possible means. look
  for the key pillars of the US economy. The key
  pillars of the enemy should be struck
• Osama Bin Ladin, Leader of al-Qaida, 12/27/01

United States Secret Service New York Electronic
Crimes Task Force
Critical Infrastructure Assurance Office
9
Terrorists Thinking

• Hinder the emergency management process
• Affect any potential negotiation process
• Affect any potential mitigation process
• Inculcate fear amongst the non-combatant targets
  of the attack
• Exaggerate the outcome of the act
• Provide unnecessary media exposure to the
  terrorist organization.

United States Secret Service New York Electronic
Crimes Task Force
Critical Infrastructure Assurance Office
10
Terrorism Targets Critical Infrastructures
Government Services
Emergency Services
Water
Critical Infrastructures
Electric Power
Oil and Gas
Transportation
Banking and Finance
Telecommunications
United States Secret Service New York Electronic
Crimes Task Force
Critical Infrastructure Assurance Office
11
CyberTerrorists Attack

• Command, Control, Communications, Computers and
  Intelligence
• Emergency Services MDT, Radio, Cellular
• Wireless Technologies HERF EMP Attacks
• Computers
• Databases
• Internet
• GPS

United States Secret Service New York Electronic
Crimes Task Force
Critical Infrastructure Assurance Office
12
CyberTerrorism

• India - Pakistan
• Israeli - Palestinian
• FRY NATO - KOSVO
• USA - China
• England IRA
• British security forces discovery that the
  Irish Republican Army (IRA) planned to destroy
  power stations around London
• Cyber attacks immediately accompany physical
  attacks
• Cyber attacks are increasing in volume,
  sophistication, and coordination
• Cyber attackers are attracted to high value
  targets

United States Secret Service New York Electronic
Crimes Task Force
Critical Infrastructure Assurance Office
13
Facts Figures

• First quarter 2001 total credit market assets
  held by US financial institutions amounted to
  21.5 trillion, as reported by the Federal
  Reserve.
• Largest categories of financial institutions were
  commercial banks (5 trillion in assets)
• Insurance companies (2.5 trillion in assets)
• Mutual funds (2.5 trillion in assets)
• Government sponsored enterprises (1.7 trillion
  in assets)
• Pension funds (1.6 trillion)
• Thrift institutions (1.5 trillion)
• Remaining assets are distributed among finance
  and mortgage companies, securities brokers and
  dealers and other financial institutions.

United States Secret Service New York Electronic
Crimes Task Force
14
Criminal Acts or Acts of War

• The line between criminal acts and acts of war
  are becoming increasing blurry

15
A Civil Defense

• E-crime partnerships
• corporate sector
• ISAC community
• information security professionals
• law enforcement
• academia

16
Lessons Learned From 911

• Planning Planning Planning
• Exercise Test
• People
• Logistics (mundane things)
• Leadership Communications
• Institutional, Cross Sector Relationships

United States Secret Service New York Electronic
Crimes Task Force
Critical Infrastructure Assurance Office
17
Lessons Learned

• Cyber Attacks Immediately Accompany Physical
  Attacks
• Politically Motivated Cyber Attacks Are
  Increasing in Volume, Sophistication, and
  Coordination
• Cyber Attackers Are Attracted to High Value
  Targets
• Electronic high value targets are
  networks, servers, or routers, whose disruption
  would have symbolic, financial, political, or
  tactical consequences

United States Secret Service New York Electronic
Crimes Task Force
Critical Infrastructure Assurance Office
18

• A Leadership Primer
• Leadership is the art of accomplishing more than
  the science of management says is possible.

United States Secret Service New York Electronic
Crimes Task Force
Critical Infrastructure Assurance Office
19
Why does cyber crime matter?

• Information Technology systems and the Internet
  represent todays financial payment system.
• Criminal activity that targets these systems has
  a broad affect on public confidence in these
  systems.
• Our Nations reliance on these IT systems and the
  Internet makes us vulnerable to cyber terrorism.

20
International Hacking

• ?Suspect broke into a major financial
  institutions server and gained access to over
  20,000 customers identity and bank account
  information. Suspect began extorting the
  financial institution not to sell the customer
  base.
• ? Suspect utilized several proxy servers around
  the world to mask his IP Address.
• ? In replying to one of the extortion emails,
  USSS agents sent a simple applet contained
  within the email. When suspect viewed this email
  for a split second the proxy servers were
  bi-passed and the email hit a server under the
  Secret Services control. Agents were able to
  determine the suspects true IP address.
• ? The suspect was apprehended overseas and
  confessed.

21
Financial Services Hacking

• ? Disgruntled former IT employee writes a
• network computer worm (bomb) and is able to
• access major financial corporations network
  
• easily and engage worm.
• ? Worm crashes system, shuts down network
• for 3 days.
• ? Estimated losses in excess of 100
• million dollars.

22

New York Electronic Crimes Task Force 2002
23

New York Electronic Crimes Task Force 2002
24
Framework for action to guide planning and
implementation

• Assessment and Understanding Analysis of the
  infrastructures strengths, interdependencies,
  vulnerabilities and abilities to resolve virtual
  and physical issues and concerns.
• Preparation, Prevention and Recovery Taking
  steps to strengthen the sectors capacity to
  prepare for, defend against, and recover
  financially and technologically from systemic
  attacks.
• Detection and Response Building and implementing
  strategies for detection and response to attacks
  on the information infrastructure of the banking
  and finance sector.
• Reconstitution and Restoration Having the
  ability to recover and restore technological and
  services and functions to their normal state of
  operation.
• Financial Risk Management Having the ability to
  financially withstand the impact of attacks.

United States Secret Service New York Electronic
Crimes Task Force
25
Managing Risk Investment Spectrum

• Deterrence
• Prevention
• Mitigation
• Manage Crisis and Respond
• Recovery
• Restoration
• Robust Resilient

United States Secret Service New York Electronic
Crimes Task Force
26
Importance of the Risk Management Community

• First line of defense
• Assuring strong security policies
• Systems and business process expertise
• Invaluable partner for law enforcement

United States Secret Service New York Electronic
Crimes Task Force
Critical Infrastructure Assurance Office
27
Scenarios

• Scenario 1 Physical Attack on Institutions
  Individual firms are well-prepared for localized
  physical attacks. Beyond the baseline plan,
  industry readiness could be improved in the
  medium term by a deeper understanding of
  functional concentrations and interdependencies.
• Scenario 2 Cyber-Attack on Institutions
  Individual firms backup and recovery
  capabilities will be critical in a cyber-attack.
  Industry emphasis should be on advance
  cooperation with vendors, and on instantaneous
  and open communication among institutions,
  vendors and the authorities.
• Scenario 3 Attack on Utilities
• Industry-level efforts will be critical if
  one or more financial utilities are attacked.
  Existing plans should be supplemented with crisis
  communications capability and ultimately with
  tested redundant capacity.
• Scenario 4 Attack on Telco InfrastructureIndivi
  dual institutions and the industry as a whole
  should be prepared to manage operations and
  maintain crisis communications even if multiple
  components of the telecom infrastructure are
  disabled.
• Scenario 5 Combination Attack A regional
  outage, or any situation that combines elements
  of multiple scenarios, will stress private and
  public crisis management resources. Cross-sector
  planning and communications will become
  particularly important.

United States Secret Service New York Electronic
Crimes Task Force
Critical Infrastructure Assurance Office
28
? Response to Cyber AttacksThe best response is
one that involves a pre-existing plan including
various corporate officers

• Security
• Information Technology Department
• Public Relations / CIO
• Legal Counsel
• Customer Relations (For incidents involving the
  compromise of customer information)

29
Public Perception

• Converging technology trends are creating
  economies of scale that enable a new class of
  cybercrimes aimed at mass victimization,
• Richard Hunter, Gartner Research Fellow for sure.

• Recent Survey
• 41 information most vulnerable on Internet
• 40 most concerned about social security numbers
• 29 most concerned about credit card numbers

30
International Threat?

• Top 12 Countries for Cyberfraud(The worst
  offenders from a list compiled by ClearCommerce,
  of fraudulent contact by country origin)
• 1. Ukraine 2. Indonesia 3.
  Yugoslavia 4. Lithuania 5. Egypt 6.
  Romania 7. Bulgaria 8. Turkey 9.
  Russia 10. Pakistan 11. Malaysia 12. Israel

31
Contact Information
Michael Dobeck 216-706-3612 mdobeck_at_usss.treas.gov

Tom Dover 216-706-4365 tdover_at_usss.treas.gov
U.S. Secret Service Cleveland Field Office 6100
Rockside Woods Blvd. Independence, Ohio
44131 216-706-4365 IT_TaskForce_at_usss.treas.gov www
.NOITR.com
United States Secret Service New York Electronic
Crimes Task Force
Critical Infrastructure Assurance Office