Cyber Crime

1

By John B. Chesson Supervisory Special
Agent Federal Bureau of Investigation Cyber
Division, Public Private Alliance Unit FBIHQ,
Washington, DC
2
Cyber Crimes

• Computer facilitated (non-intrusion)
• Fraud and Theft (IFCC) www.ic3.gov
• E-mail extortions
• Child pornography
• Computer Intrusion (Title 18 Sec 1030)
• Unauthorized or exceeding authorized access to a
  protected computer
• National security
• Denial of Service attacks
• Data alteration or destruction
• Theft of intellectual property
• Worms virus attacks
• Web defacement or Website redirects

3
Potential Cyber Attacks

• Unauthorized Intrusions
• Website Defacements
• Domain Name Server Attacks
• Distributed Denial of Service (DDoS) Attacks
• Computer Worms
• Routing Operation Disruptions
• Critical Infrastructures
• Compound Attacks

4
National Critical Infrastructures

• Critical infrastructures are those physical
  and cyber-based systems essential to the minimum
  operations of the economy and government. These
  systems are so vital, that their incapacity or
  destruction would have a debilitating impact on
  the defense or economic security of the United
  States. President William J. Clinton, 1998

Agriculture Food, Banking Finance, Chemical,
Defense Industrial Base, Drinking Water and
Wastewater Treatment Systems, Emergency Services,
Energy, Information Technology, Postal
Shipping, Public Health Healthcare,
Telecommunications, Transportation Systems
5
Potential Motives for Cyber Attacks

• Thrill Seekers
• Organized Crime
• Terrorist Sympathizers and Anti-U.S. Hackers
• Terrorist Groups
• Nation-States

6
Terrorist Groups

• Terrorist groups are using information technology
• Terrorists possess the will and can easily obtain
  the means to attack IT targets
• Potential for major cyber attacks is very high

7
Cyber Capabilities

• Cyber Attacks
• In the wake of the 11 September 2001 attacks,
  Osama bin Laden allegedly gave a statement
• "hundreds of young men had pledged to him that
  they were ready to die and that hundreds of
  Muslim scientists were with him and who would use
  their knowledge in chemistry, biology and (sic)
  ranging from computers to electronics against the
  infidels.
• Mapping US vulnerabilities
• Compound Attacks most dangerous

8
Nation States China
Chinese Cyber Invaders May be After Defense
Logistics The SANS Institute NewsBites_at_sans.org
(SANS, 2006)

• Our country needs to go all-out to develop
  high-quality internet warriors. That should
  include development in exclusive universities as
  well as attracting private computer users to take
  part in internet combat". (Liberation Army Daily,
  2001)

9
Many Potential Cyber Threats

• Unstructured Threats
• Insiders
• Recreational Hackers
• Institutional Hackers

• Structured Threats
• Organized Crime
• Industrial Espionage
• Hacktivists

• National Security Threats
• Terrorists
• Intelligence Agencies
• Information Warriors

10
BotNets
11
Collective Defense Strategies

• Share Real-time Cyber Threat Reports
• Share IDS logs across multiple companies,
  industries, sectors
• Deploy passive sensors across multiple companies,
  industries, sectors
• Share best practices for incident response and
  recovery
• Provide Law Enforcement actionable leads to stop
  or neutralize the threat actors.

12
Distributed Intrusion Detection
13
What to Expect if you call the FBI

• Agents will interview staff and obtain evidence
• Obtain prosecutive opinion
• Trace the attack (subpoenas, 2703(d) orders,
  sources
• Identify the subject(s)
• Obtain/execute search warrants, interview
  subjects
• Examine evidence, identify more victims, develop
  more leads
• Obtain Federal Grand Jury Indictment
• Arrest and Possible Trail
• Disclosure Issues

Confidential
Public
14
Self Defense in the Current Environment What Can
You Do Today?

• Increase logging and filtering
• Prioritize Data Protect
• (Proprietary vs. Mission Critical)
• Understand your Defenses
• (Flexible vs. Rigid)
• Use warning banners to suppress internal threats.
• Patch Management Plan
• Incident Management Plan
• Join your local chapter of InfraGard

15
What is InfraGard?

• An partnership between FBI and private industry
  to protect our national critical infrastructure.
• Who are members
• business executives
• security professionals
• entrepreneurs
• government officials
• academia
• state and local Law Enforcement
• security concerned citizens
• A tool which encourages information sharing
  between government and private sector.

16
What is InfraGard?

• Secure web site with DHS threat alerts, warnings,
  vulnerabilities www.InfraGard.org
• Intelligence Bulletins from FBIHQ
• Information sharing, primarily from FBI Agents
  assigned to each Chapter, bringing meaningful
  news and information

17
(No Transcript)
18
InfraGards Mission Goals

• Information sharing in support of critical
  infrastructure protection related to the FBIs
  focus on reducing the threat of terrorism and
  preventing terrorist attacks.
• Development and support of a partnership between
  InfraGard members and the FBI to support all FBI
  investigative programs, especially
  Counterterrorism, Counterintelligence, Cyber
  Crime, and General Criminal Matters.

19
Structure of InfraGard

• InfraGard Program is managed by the FBI
• Public Private Alliance Unit
• Information Sharing and Analysis Section
• Cyber Division at FBIHQ
• National InfraGard organization (Nonprofit)
• 86 InfraGard Chapters
• Each led by an FBI Special Agent Coordinator
• Each with a private sector InfraGard Members
  Alliance (IMA)
• Membership is over 15,000 nationally,
• 68 of the top 100 firms in the Fortune 500 are
  represented.
• Over 5000 firms total are represented.

20
Structure of InfraGard (contd.)

• InfraGard chapters are organized
• By local FBI field offices
• The private industry side of InfraGard
• Headed by the InfraGard National Members Alliance
  (INMA).
• Elected by the presidents of each IMA
• Serves as governing board for the private sector

21
FBI Role in InfraGard

• Gather and distribute security related
  information to/from members
• Run background checks and process applications
  for new members
• Organize and facilitate both local and national
  InfraGard meetings
• Recruit new members

22
How to Apply for InfraGard

• Visit our public website, www.infragard.net
• Click on Become A Member
• Fill out the application in writable pdf format
  and either mail it in to your local FBI Field
  Office or bring it to your Chapter Coordinator

23
InfraGard Contact Information

• If you have any questions, you may e-mail
• infragardteam_at_infragard.org
• Or you can call the 24/7 InfraGard Technical
  Support Line at
• 877.861.6298

24
Questions?
Public/Private Alliance Unit Presented
by SSA John B. Chesson John.Chesson_at_ic.fbi.gov 20
2-324-0341