FBI Cyber Squad - ISACA Denver Chapter
Download
Report
Transcript FBI Cyber Squad - ISACA Denver Chapter
FBI Denver
Cyber Squad
Supervisory Special Agent R. David Mahon
1961 Stout Street, #1823
Denver, Colorado
(303) 629-7171
[email protected]
Presidential Decision
Directive 63
“The US will take the necessary measures
to swiftly eliminate significant vulnerability
to both physical and cyber attacks on our
critical infrastructures, including our cyber
systems.”
May 22, 1998
May 22, 2003
Presidential Decision
Directive 63
Increased government
security by 2000
Secure information system
infrastructure by 2003
Federal agencies to serve as
model in reducing
infrastructure vulnerabilities
Seeks participation of private
industry
Executive Office of the President
OSTP
(R&D)
National Security
Advisor
National Coordinator
National Infrastructure
Assurance Council
National
Infrastructure
Protection Center
Sector
Information
Sharing and
Analysis
Center(s)
The
Private Sector
Critical Infrastructure
Coordinating Group
Critical Infrastructure
Assurance Office
Lead Agency
Banking & Finance
Dept of Treasury
Transportation
Dept of Transportation
Electric and Gas & Oil
Dept of Energy
Information / Comms
Dept of Commerce
Emergency Law Enforcement
Dept of Justice
Government Services
FEMA
Emergency Fire
FEMA
Public Health Services
HHS
Water Supply
EPA
Special Function
Agencies
DoJ / FBI
Law Enforcement
Internal Security
DoD
National Defense
CIA
Intelligence
DoS
Foreign Affairs
4
PDD 63 Requires the FBI
through the NIPC to:
Serve as national infrastructure threat gathering,
assessment, warning, vulnerability & law enforcement
investigation/response entity
Be linked electronically as a national focal point
Establish its own relationships with private sector
Be the principal means of coordinating US Govt
response, mitigation, investigation and reconstitution
efforts.
NIPC Mission
• Detect, deter, warn of, investigate, and
respond to attacks on critical
infrastructures
• Coordinate FBI computer intrusion
investigations
• Support other agencies and state &
local governments involved in
infrastructure protection
NIPC Mission
• Share, analyze, & disseminate information
• Provide training for Federal, state and
local cyber investigators
• Clearinghouse for technological
developments
• 24/7 watch and warning capability
NIPC
Organization
Location
Located at FBIHQ in Washington, D.C.,
the NIPC is one of the fastest growing
investigative areas in the FBI
Composition
Multiple government agencies
Federal, state, and local law
enforcement
Private sector representatives
NIPC
Programs
NIPC
Key
Asset
Initiative
Computer
Intrusion
Program
Infragard
Key Asset
Initiative
Key Asset
Initiative
Develop Database for specific entities within each
infrastructure
Key Asset: An organization, group of organizations,
system, or group of systems is considered to be a
key asset if it is determined that the loss of
associated goods or services or information would
have widespread and dire economic or social impact.
Develop Emergency Points of Contact
Cyber and Physical Threats
Contingency Planning
Vulnerability Assessments for Assets with National
Importance
Critical
Infrastructures
“Critical infrastructures are those physical
and cyber-based systems essential to the
minimum operations of the economy and
government.”
Presidential
Decision
Directive-63
May 1998
New Thinking Required To Appreciate
Infrastructure Interdependencies
Information
&
Communications
Information
&
Communications
Electrical
Power
Electrical
Power
• Telecomm site
power
• Control systems
• Emergency
coordination
Gas & Oil
Storage &
Distribution
• Fuels for backup
power
• Fuels for primary or
backup power
Banking &
Finance
Physical
Distribution
Vital Human
Services
• Corporate finance
• Major bridges &
crossings
• Vehicles & routes
for system service
& response
• Cooling water
• 911 systems
• Emergency
response control
• Corporate finance
• Major bridges &
crossings
• Vehicles & routes
for system service
& response
• Cooling water
• 911 systems
• Emergency
response services
• Corporate finance
• Major bridges &
crossings
• Vehicles & routes
for system service
& response
• Cooling water
• 911 systems
• Emergency
response services
• Transport of
canceled checks,
etc.
• Drinking water
• 911 systems
• Emergency
response services
Gas & Oil
• Control systems
Storage & • Comms
Distribution
• Power for systems
& facilities
• Emergency backup
power
Banking • Transactions
• Control systems
& Finance • Comms
• Power for systems
& facilities
• Emergency backup
power
• Fuels for backup
power
Physical • Control systems
Distribution • Comms
• Power for systems
& facilities
• Emergency backup
power
• Energy for
distribution systems
• Fuels for backup
power
• Corporate finance
Vital Human • Control systems
Services • Comms
• Power for systems
& facilities
• Emergency backup
power
• Fuels for system
support
• Corporate & local
government finance
• Cooling water
• 911 systems
• Emergency
response services
• Vehicles & routes
for system service
& response
How are infrastructures on the left reliant on infrastructures across the top?
What if…...
Pipeline disruption
Threat to
water supply
Two bridges down
Two regional
ISP’s out of
service
Power
outage
FBI
phones
jammed
911
unavailable
Telephone
service
disrupted
Submarine
cable lost
Oil refinery fire
Bomb threats in
two buildings
Computer Intrusion
Program
Vulnerabilities: A
New Dimension
Physical vulnerabilities and threats
are known.
Cyber vulnerabilities are growing and are
not well understood.
New Risks and
Threats
Cyber vulnerability stems from easy
accessibility to infrastructures via Internet
Tools to do harm are widely available and do not require a high
degree of technical skill
Globalization of infrastructures increases exposure to potential
harm
Interdependencies of systems make attack consequences harder to
predict and perhaps more severe
Likely Sources of
Attack
100
80
60
76% 81%
49%
31% 25%
40
20
0
Disgruntled
Employees
U.S.
Competitors
Independent
Hackers
Foreign
Governments
Foreign
Competitors
CSI/FBI 2001 Computer Crime and Security Survey
Source: Computer Security Institute
70
Unauthorized use of
computer system within
the last 12 months
64%
60
50
40
25%
30
20
11%
10
0
Yes
Yes
CSI/FBI 2001 Computer Crime and Security Survey
Source: Computer Security Institute
No
No
Don't know
Don’t
Know
Types of Attacks
26
40%
Theft of Theft
Proprietary
Infoinfo
of proprietary
36%
System Penetration
System penetration
64%
Denial of Service
Denial of Service
Laptop
49%
Laptop
91%
Unauthorized
Access
by
Unauthorized access
by insiders
Insider
94%
abuse
NetAccess
access
InsiderInsider
Abuse
of ofNet
Virus
Virus
CSI/FBI 2001 Computer Crime and Security Survey
Source: Computer Security Institute
0
20
40
60
80
100
Cyber
Threats
Unstructured Threats
Insiders
Recreational Hackers
Institutional Hackers
Structured Threats
Organized Crime
Industrial Espionage
Hacktivists
National Security Threats
Terrorists
Intelligence Agencies
Information Warfare
Hackers
Types of Attacks
•Denial of Service
•Hijacked Domain Names
•Defacement of Web Page
In 1994, hackers compromised passwords
to impersonate account holders
Attempted 40 transfers totaling $10 million
Actual losses of $400,000
5 individuals arrested
All pled guilty to either bank fraud or
conspiracy to commit bank fraud
Vladimir Levin
CREDIT CARD
EXTORTION
Russian hackers break into more than 40 ecommerce businesses/databases in 10
states
One business had 38,000 credit-card
numbers compromised; another had 15,700
credit cards numbers stolen
Businesses contacted by subjects – they
offered to “fix” the problem for a price.
And, one victim company hired a hacker as
a computer security consultant!!
CREDIT CARD
HACKERS…
November, 2000: Undercover sting set
up in Seattle; two subjects lured to US
Subjects demonstrate their hacking
prowess for their new “employers,” then
arrested on the spot
250 gigabytes of stolen data recovered
through a “reverse hack” into the
subjects’ computers
Terrorist Groups
Usama
Bin Laden
Aum
Shinrikyo
Terrorists
• Terrorist fundraising, communications on
Internet
• Ramzi Yousef:
– Plotted to bomb 11 U.S. airliners in Pacific
– Details of plot encrypted on laptop
• Tamil Tigers: web site defacement
• Zapatista National Liberation Army
(EZLN)
Information Warfare
“Several countries have or
are developing the capability
to attack an adversary’s
computer systems.”
“Developing a computer attack capability can be quite
inexpensive and easily concealable: it requires little
infrastructure, and the technology required is dual-use.”
George Tenet, CIA Director 2/2/99
". . . attaining one hundred victories in one
hundred battles is not the pinnacle of
excellence. Subjugating the enemy's army
without fighting is the true pinnacle of
excellence."
Sun Tzu, The Art of War c. 350 B.C.
“Information warfare is the use of,
destruction or manipulation of information
on a computer network to destroy the enemy’s
telephone network, fuel pipelines, electric grid,
transportation control system, national funds transfer
system. . .in order to achieve a strategic victory.”
--Beijing Jianchuan Zhishi (Chinese Press) 30 June, 1999
Ownership of Problem
Risk is shared among
public and private interests
Partnership is the Foundation
for Infrastructure Protection
INFRAGARD
A Government and
Private Sector
Alliance
InfraGard
Overview
Voluntary Program/Public and Private
Sectors
National Identity, yet Locally Flexible
Information Shared Locally and
Nationally
Fosters Trust Between Members,
Locally and Nationally
Membership
Benefits
•
Forum for members to communicate
•
Prompt dissemination of threat
warnings
•
Help in protecting computer systems
Education and training on
infrastructure vulnerabilities
A community that shares information
in a trusted environment
•
•
Primary
Features
• Intrusion Alert Network
• Secure Web Site
• Seminars and training
Intrusion
Alert Network
• Member sends encrypted message about attack
to NIPC and FBI Field Office via E-mail
– Detailed description
– Sanitized description
• NIPC transmits sanitized description to
other members via E-mail
• NIPC analyzes incident
– Trends identified and reported
– Investigation opened if appropriate
Secure Web
Site
•
•
•
•
•
•
•
Information about recent intrusions
Archives of intrusion incidents
Original research on security issues
Chat and conference with other members
InfraGard news
Links to other security sites
Contact information
Denver InfraGard
Chapter
•
Chapter begun November 15, 2000
•
Membership from every infrastructure
sector
•
Quarterly meetings of general
membership
•
Individual sectors meet more frequently
•
Training planned on vulnerabilities, risk
assessment, solutions
DENVER INFRAGARD
CEO/Senior level briefing projects
planned
Educational initiatives underway
involving computer forensic training;
regional cyber crimes survey
“Action” item projects underway with
private sector
IFCC MISSION STATEMENT
To develop a national strategic
plan to address fraud over the
Internet, and to provide support to
law enforcement and regulatory
agencies at all levels of
government for crimes that occur
over the Internet.
www.ifccfbi.gov
PURPOSE OF THE IFCC
DEVELOP NATIONAL STRATEGY
IDENTIFY AND TRACK FRAUD
ANALYZE INTERNET CRIME TRENDS
TRIAGE INTERNET COMPLAINTS
DEVELOP INVESTIGATIVE PACKETS
FORWARD INFO TO APPROPRIATE AGENCY
www.ifccfbi.gov
ADVANTAGES WHICH THE
INTERNET PROVIDES CRIMINALS
Identification and Location of
victims
Victims do not see or speak to
fraudsters
Accepted vehicle for commerce
Minimal cost to set up web page
Technology has made Internet
company set up very easy
www.ifccfbi.gov
IFCC INTERNET
COMPLAINTS
2000 AVG 1,848 PER MONTH
2000* TOTAL 14,787
2001 AVG 4,155 PER MONTH
2001 TOTAL 49,863
2002 AVG 5,942 PER MONTH
2002** TOTAL 35,657
* MAY 8, 2000 THROUGH DECEMBER 31, 2000
** JANUARY 1, 2002 THROUGH JUNE 1, 2002
www.ifccfbi.gov
Federal Bureau of
Investigation
FBI – Denver Division
Cyber Squad
1961 Stout Street Suite 1823
Denver, Colorado 80294
Tel: (303) 629-7171
Fax: (303) 628-3240
[email protected]