UNCLASSIFIED. Definitional - Issues Post Sept 11 th Realizations.. * In drafting Patriot Act,...
-
Upload
steven-allison -
Category
Documents
-
view
213 -
download
0
Transcript of UNCLASSIFIED. Definitional - Issues Post Sept 11 th Realizations.. * In drafting Patriot Act,...
UNCLASSIFIEDUNCLASSIFIED
Definitional - IssuesDefinitional - Issues
Definitional - IssuesDefinitional - Issues
Post Sept 11th Realizations..
* In drafting Patriot Act, Congress noted: Criminal conduct potentially tied to terrorism is “inexorably woven through the Internet”…
* Critical information regarding such tentacles, more often resides with industry or academia long before it migrates into Govt/LE’s hands…
*Terrorism support tentacles stretch far, and are often not easily identifiable with known terrorist groups at the outset..
Initiative Based Initiative Based PartnershipsPartnerships
NCFTA = Resource Fusion Center:
NCFTA PPA Teams
Industry SME’s
Industry SME’s
Law Enforcement
Academia
(Intel & Analysis)
*Alerts
*PSA’s
*Proactive Options
*Target Initiatives
*Impact
*Lessons Learned =Training
(Output – Benefit)
NCFTASpace
FBI SecureSpace
DPNDB
SPAMDB
Other DB
ContractDB’s
TrilogyIDW
Fidelity DB’s
IDT-BITSDB’s
BSA-Other DB’s
CIDDAC Intel
MRC DB’s
Referral to Law Enforcement & Coordination
Nature of the Threat:Nature of the Threat:
• Complex & more sophisticated,Complex & more sophisticated,
• Increasingly International in origin or Increasingly International in origin or supportsupport
• Organized Criminal Groups with distinct Organized Criminal Groups with distinct rolesroles
• Social Engineering = Common Theme….Social Engineering = Common Theme….
OPERATION RELEAFOPERATION RELEAF (Retailers & Law Enforcement Against Fraud)(Retailers & Law Enforcement Against Fraud)
• 2003 IC3 received 35,000 transactions for a potential economic loss in excess of $10 million.
• Six week period ending 12/31/2003, IC3 received from 29 Industry members, 1434 fraudulent transactions of a potential loss in excess of $600,000. Of these transactions 733 addresses were identified.
Recruiting MethodsRecruiting Methods
UNCLASSIFIEDUNCLASSIFIED
Organized Crime In The 21st Century
International International Carder’s Carder’s AllianceAlliance
International International Carder’s Carder’s AllianceAlliance
Sobig.F Sobig.F 18 August 200318 August 2003
In a single day, 1 in every 17 In a single day, 1 in every 17 emails sent worldwide came emails sent worldwide came from Sobig.F. from Sobig.F.
Time delayed action. Time delayed action. Due to contact 20 servers Due to contact 20 servers
for instructionsfor instructions Like the Blaster worm, that Like the Blaster worm, that
pointed some 400,000 host pointed some 400,000 host PCs to Microsoft's PCs to Microsoft's windowsupdate.comwindowsupdate.com at the at the same time on the same day. same time on the same day.
Picture a future Sobig using Picture a future Sobig using millions of infected machines millions of infected machines to hack into the servers of a to hack into the servers of a major bank. "The virus-writer major bank. "The virus-writer world and the hacker world world and the hacker world have come together.have come together.
*From “Attack of the World Wide Worms”Time Magazine, Aug 25, 2003,CERT® Incident Note IN-2003-03
IndustryIndustry Industry
Industry
List serve
Joint Triage
Team
Direct Contact 24/7With Triage Members
Matched with other Teams Input
L.E.T.F L.E.T.F
Develop & Refine Develop & Refine InitiativesInitiatives
Defining Success (Impact)Defining Success (Impact)
Disrupt & DisableDisrupt & Disable– Shut Down sitesShut Down sites– Label/Banner links-ImagesLabel/Banner links-Images– Search/Seizure (Recover customer data)Search/Seizure (Recover customer data)
Investigate (Proactively)Investigate (Proactively)– Maximize informal intelligence sharingMaximize informal intelligence sharing– Keep strategy focused – Tweek periodicallyKeep strategy focused – Tweek periodically
Public Service Advisories (PSA’s)Public Service Advisories (PSA’s)– Utilize DPN team to maximize this…Utilize DPN team to maximize this…
Organized Crime In The 21Organized Crime In The 21stst CenturyCentury
13 Arrests - Estonia
17 Arrests - Estonia4 Arrests - Russia
4 Arrests - Austria
3 Arrests - Nigeria
4- Va
Wash
Ariz
Calif
Spoofed Website
Hosted on the server in China
Legitimate Website
Hosted in GermanySource of Spam
Harvested Data
VictimLogin from Romania
*FBI *FTC Working:
*Postal *DHS USSS?
*NW3C *Target DHL
*State and Locals SEC
Others..
CIRFU
*FBI
*Postal
*DHS
*State
*Local
*USCERT
INDUSTRY Co-LocatedIN HOUSE
*Discover
*BSA
*Fidelity
*Microsoft
*PNC
*Target
*Pfizer
IN THE WORKS
*eBay/Pay Pal
*Symantec
*Fiserv
*Merril Lynch
*PSI
Intel Products PSA’s-Alerts
Case Referrals 500-700/year
to L.E.T.F
Follow-up /Support.T.F and
International L.E.
Out-Put,Products
Industry Intel not turned on yet….. *Western Union
*NRF
*Mastercard
*CypherTrust
*VISA
*Escrow.com
*Experian
*Autotrader
*Corillean
RELEAF
80+ Industry
DPN 60+ Industry
Anti-S 95 Industry
MRC800 Industry
DHL,UPS, Fed EX
Consumer Complaint
Website
18K/Month www.ic3.gov
www.lookstoogood.com PSA’sJoint Training
Govt Agency Input
FBI.Postal,DHS,FTC,SEC,USCERT,IRS
Non-Profit 501 ©
Non-Profit 501 ©
Why Bother??Critical Intelligence = Fast!Exponential SME Analysis – Input2 Way Information Sharing
AlertsPSA’sOther Intel Products
Voluntary Data Input (minimize legal process needs)
1-Stop ShopStake Holders Define Threat/Problem
UNCLASSIFIEDUNCLASSIFIED