Post on 16-Jul-2015
Emcee
Margaret WalkerCohesive Networks
Tweet: @CloudCamp_Chi #cloudcamp
#cloudcamp@CloudCamp_CHI
Sponsored by
Hosted by
… sponsored by you!
Chacko Kurian - Complete Health Systems,LCJoshua Beckman - ThreadMeUpAlex Connor - Advisory Board CompanyLynn Diegel - USGJoshua Inglis - PropllrJoAnn Becker - ARCWilliam Knowles - Evident.ioTaylor Speaker - Nexum Inc.Ron Zirkin - XO CommunicationsWalter Torres - SearsPaul Flig - Heartland Technology GroupCorey Yates - Datalogics, Inc
6:00 pm Introductions6:05 pm: Lightning Talks
"The Chicago Electronic Crimes Task Force" - Patrick Hogan, Assistant to the Special Agent in Charge at U.S. Secret Service "Information Security Breach Trends" - Michael Roytman, Data Scientist at Risk I/O @mroytman“Keeping hardware secure, even after its useful life” - Jim Tarantino, VP Global Sales at MarkITx @JimTarantino
7:00 pm: Unpanel 7:45 pm: Unconference / Networking, drinks and pizza
Agenda
#cloudcamp@CloudCamp_CHI
Sponsored by
Hosted by
“The Chicago Electronic Crimes Task Force"
Patrick HoganAssistant to the Special Agent in Charge at U.S. Secret Service
Tweet: #cloudcamp
#cloudcamp@CloudCamp_CHI
Sponsored by
Hosted by
United States Secret Service Chicago Electronic Crimes Task Force ATSAIC Patrick Hogan Patrick.hogan@usss.dhs.gov
rev. 03/02/15
History / Statutory Authority
1865 - Secret Service created to fight counterfeit currency 1901 - Assigned Presidential Protection duties 1948 - Title 18 USC § 470-474 (Counterfeiting & Forgery) 1984 - Title 18 USC § 1029-1030 (Access Device Fraud, Computer Hacking) 1986 - Title 18 USC § 1030 (Computer Hacking, Expanded) 1990 - Title 18 USC § 1344 (Bank Fraud) 1996 - Title 18 USC § 514 (Fictitious Obligations) 1998 - Title 18 USC § 1028 (Identity Theft, Expanded) 2001 - USA PATRIOT Act (Expanded Cyber Investigations & ECTFs) 2003 – Title 18 USC § 1037 (CAN-SPAM Act) 2004 - Title 18 USC § 1028A (Aggravated Identity Theft)
USSS Cyber Organization Overview
Field Office Investigations – Field agents conduct investigations of cyber crimes with venue and impact within their local districts. Training available to field agents includes: • BICEP – Basic Investigation of Computers and Electronic Crimes Program: One week
instruction provided to all USSS Special Agents as part of their initial academy training program.
• BNITRO – Basic Network Intrusion Responder Program: Three week training course focused on the knowledge, skills, and tools necessary to conduct network intrusion investigations.
• ECSAP – Electronic Crimes Special Agent Program: Initial training comprised of five weeks instruction in computer forensics, with extensive continuing education to follow.
• Continuing Education and Other – Numerous courses are available to agents covering topics such as advanced network intrusion, electronic evidence, mobile wireless, and others.
USSS Cyber Organization Overview
• Run by the USSS and the Alabama Office of Prosecution Services. • Attendees receive advanced tuition-free training in forensics and
network intrusion. • Graduates are eligible to participate in USSS ECTF program. • Other training program topics include mobile wireless, computer
evidence, judge and prosecutor training and others.
• National Computer Forensics Institute: The nation’s only federally funded training center dedicated to instructing state and local officials in digital evidence and cyber crime investigations.
NCFI, Hoover, Alabama. http://www.ncfi.usss.gov
• USSS Electronic Crimes Task Force (ECTF): 36 Regional ECTF locations throughout the United States; 2 International • ECTF members support federal, state, and local investigations.
USSS Cyber Organization Overview
Working Groups – Agents volunteer for temporary overseas assignments to work in concert with foreign counterparts. Typical duties include assisting with the execution of Mutual Legal Assistance Treaty (MLAT) requests. • Dutch – Partnership with the Dutch National High Tech Crime Unit
• 30 day assignment, increasing to 90 days in 2015 • Baltic – State Police of Latvia
• 3 week assignment, increasing to 30 days in 2015
• Europe – Wiesbaden, Germany. Partnership with the German Federal Criminal Police Office (BKA) • 90 day assignment
BKA Building, Wiesbaden, Germany http://www.bka.de
USSS Cyber Organization Overview
Foreign Offices – Liaison and work with foreign counterparts worldwide
VANCOUVER
MEXICO CITY
LIMA
BOGOTA
OTTAWA
MONTREAL
BRASILIA
MADRID
LONDON
PARIS
MADRID
THE HAGUE
FRANKFURT
ROME
TALLINN
BUCHAREST
SOFIA
PRETORIA
AMMAN
MOSCOW
BANGKOK
HONG KONG
BEIJING
SYDNEY
Cyber Intelligence Investigations Overview
Pro-active investigations • Historical tracking of known / identified suspects • Targeting of financially motivated cyber criminals with significant
impact or threat to the financial infrastructure of the United States
• Identification of offenders, gathering of evidence and intelligence
Investigative tactics • Cooperating sources • Undercover operations
Intelligence gathering • Open source • Historical data mining • Inter-agency cooperation
Charging, apprehension, extradition, prosecution
U.S. Secret Service Cyber Crime Targets
Card Vending Sites
Automated websites for the sale of stolen credit cards • Advertised on forums • Administered by cyber
criminals • Sell stolen cards obtained
through skimming operations, online retailer breaches, large scale point of sale breaches, etc
• Customer support • Refund policies
U.S. Secret Service Case Study: Maksik
As of 2006, “Maksik” has been identified as a prolific vendor of stolen credit card data. • Operates and advertises on several high-level forums • Operates a card vending site
U.S. Secret Service Case Study: Maksik
Undercover operation leads to Maksik • Undercover USSS agent
conducts multiple purchases of stolen credit cards from an associate of Maksik
• The associate eventually introduces the UC agent to Maksik
• The UC agent conducts purchases from Maksik and establishes a rapport.
• Data analysis identifies Maksik as Maksym Yastremskiy, a Ukrainian
• Maksik discusses interest in vacationing in Thailand, agent offers to meet and serve as tour guide.
U.S. Secret Service Case Study: Maksik
Undercover operation continues • UC agent travels with
Maksik for a second vacation in Dubai, UAE
• At the suggestion of the UC agent, they go on a 6 hour safari
• During this time, other agents and local law enforcement execute a search warrant and surreptitiously image Maksik’s computer
U.S. Secret Service Case Study: Maksik
Apprehension in Turkey • Maksik agrees to meet the UC agent in Turkey for another vacation • MLAT submitted to Turkish authorities requesting arrest of Maksik • Upon Maksik’s arrest he is possession of a laptop computer containing extensive credit
card data • Based up the possession of that data, on January 8, 2008, Maksik is convicted in Turkey
and sentenced to 24 years in prison.
U.S. Secret Service Case Study: Maksik
Johnny Hell • Known to have been active in the
carding underground since 2002. • Hacked dozens of U.S. companies
to obtain stolen credit cards. • Identified as Estonian national
Aleksandr Suvorov • Also involved with real estate –
built a restaurant and hotel in Tallinn, Estonia.
• Arrested in Frankfurt, Germany in 2008 at USSS request
• Extradited to the United States, convicted and currently serving 10 year sentence.
U.S. Secret Service Case Study: Maksik
End of Story?...
Not Quite… • In 2012, Ukraine authorities arranged for a “prisoner swap.” • Maksik is extradited to the Ukraine in October 2012. • December 2012 – Ukraine court reviews the Turkish conviction, finds the sentence to be inappropriate
under Ukraine law, reduces the sentence to five years imprisonment and unspecified fines, allows for time served in Turkey and releases Maksik.
Now, End of Story?...
Not Yet It’s Not… • Maksik is still wanted on charges filed in the United States • Any travel outside of Ukraine to an extraditable country will result in likely apprehension
• We can be patient.
United States Secret Service Chicago Electronic Crimes Task Force ATSAIC Patrick Hogan Patrick.hogan@usss.dhs.gov
"Information Security Breach Trends"
Michael Roytman Data Scientist at Risk I/O
Tweet: @mroytman #cloudcamp
#cloudcamp@CloudCamp_CHI
Sponsored by
Hosted by
"Keeping hardware secure, even after its useful life"
Jim TarantinoVP Global Sales at MarkITx
Tweet: @JimTarantino #cloudcamp
#cloudcamp@CloudCamp_CHI
Sponsored by
Hosted by
© MarkITx, Inc. 2014 All rights reserved. Confidential.
IT hardware is a commodity. It should trade like one.
© MarkITx, Inc. 2014 All rights reserved. Confidential.
IT investments directly impact organization’s ability to innovate and compete.
Changes in software & cloud
Hardware commoditization & increased refresh rates
IT demands skyrocketing but budgets remain flat
Preventing organizations from innovating at faster rates
Directly impacting organizations ability to compete
0%!
5%!
10%!
15%!
20%!
IT Budget! IT Demand!
15%
1.8%
© MarkITx, Inc. 2014 All rights reserved. Confidential.
Inefficient secondary markets are holding back enterprises from realizing the full return on their IT investments.
© MarkITx, Inc. 2014 All rights reserved. Confidential.
No reliable fair market value
Poor resale value by selling to few vendors/brokers
Brokers get majority value; enterprises write-off assets quickly
Data security concerns remain
Unclear commitment to environment
Enterprises unaware of true market value and wary of risks
© MarkITx, Inc. 2014 All rights reserved. Confidential.
What do buyers & sellers expect from the market?
Transparent, market driven pricing
Seamless trading
Guaranteed quality & security
© MarkITx, Inc. 2014 All rights reserved. Confidential.
What to look for in your IT partner?
Transparent, market driven pricing
Seamless trading
Guaranteed quality & security
• Neutral, never taking a position on a trade • Maximize ROI by recouping up to 40% of initial investment • Numerous buyers and not just 1-2 actively bidding on products
© MarkITx, Inc. 2014 All rights reserved. Confidential.
What to look for in your IT partner?
Transparent, market driven pricing
Seamless trading
Guaranteed quality & security • Guarantee end to end process in terms of quality and security • Works only with Tier 1 partners to deliver all aspects of after market
and reverse logistics services including audit, DOD certified data destruction, refurbishing & shipping • Environmentally friendly recycling with green certification • Source-certified refurb gear minimizing risk of counterfeits • Anonymous
© MarkITx, Inc. 2014 All rights reserved. Confidential.
What to look for in your IT partner?
Transparent, market driven pricing
Seamless trading
Guaranteed quality & security
• Quick pickup of gear along with full tracking & transparency throughout process • Easy web and mobile tools to trade • Comprehensive product lifecycle management services
© MarkITx, Inc. 2014 All rights reserved. Confidential.
Example: Equipment that retain over 30% of original value after 3 years or more Category Item New Price Current FMV % value retained Age of equipment
Storage Dell PowerVault MD3220i $14,356 $5,250 37% 4.5 years
Server Dell PowerEdge R620 $7,100 $2,924 41% 3 years
Router Cisco ASR1002 $9,500 $3,000 32% 4.5 years
Switch Juniper EX2200-48P-4G $2,100 $675 32% 4.5 years
Un-panel Discussion
volunteer to join the panel & ask questions from the floor!
#cloudcamp@CloudCamp_CHI
Sponsored by
Hosted by