Embed Size (px)
Citation preview
Counterintelligence and Cyber News and Views
1
Counterintelligence and Cyber News and Views April 2013 Volume 2 Issue 2
NOTE: Much of the Information contained within this newsletter originates from websites maintained by
agencies of the U.S. Federal Government. The original web address from which material has been derived is
posted at the beginning of reproduced articles. Readers are always encouraged to visit the web address
from where the article has been derived from, in order to view the article in the original form in which it
was presented. This newsletter also contains commentary from the editor of the newsletter. Such
commentary is solely the opinion of the newsletter editor and does not represent the views of the U.S.
Government, nor the agency originally presenting this information on the internet. Questions, comments,
and subscription requests may be directed to the editor at [email protected] or to Richard Haidle
at 310-536-9876 x237
CI TRENDS
In this issue of Counterintelligence and Cyber News and Views we would like to focus on recent arrests and convictions related to counterintelligence (CI). Most of the stories that follow occurred between January and April 2013. Most of the persons discussed within this article represent the type of targets Hostile Intelligence Services (HOIS) will attempt to recruit or compromise. You will see, from within these stories, a pattern of methodology used by our foes to compromise individuals, gain access to our technology and use it to our disadvantage. Additionally, stories of greed, revenge and fraud round out some of the methods CI
professionals find daily in their struggles to protect classified, sensitive, and export controlled information.
Our first story, represents, in our opinion (let’s wait for the trial before we call anybody guilty) a classic case of the so called ―honeypot,‖ where an older male has been, apparently, seduced by a younger woman, and
passes on to her US government classified information.
This is the apparent story of ―Benjamin Pierce Bishop, 59, a former U.S. Army officer who works as a civilian employee of a defense contractor at U.S. Pacific Command (USPACOM) in Hawaii, "Bishop…(was)…‖arrested on charges of communicating classified national defense information to a person not entitled to receive such information.‖ The US Attorney for Honolulu’s press release regarding this case is reprinted in its
entirety later in this newsletter.
In summary, a 27-year-old female citizen of the PRC has, in all likelihood, seduced a retired U.S. Army Lieutenant Colonel into allegedly ―telling his 27-year-old Chinese girlfriend top secret details about the U.S.’s
nuclear capabilities and defense protocols.‖
We will continue to follow this story with great interest and will keep readers of this newsletter apprised of any
updates.
(Continued on pg. 3)
Corporate Headquarters
222 North Sepulveda Boulevard, Suite 1780
El Segundo, California 90245 (310) 536-9876
www.advantagesci.com
INSIDE THIS ISSUE: PG. 1 CURRENT TREND ANALYSIS
PG. 2 REVIEW OF COUNTERINTELLIGENCE/CYBER SECURITY SEMINAR
PG. 7 ARRESTS, TRIALS, CONVICTIONS
PG. 7 NAVY SPY DELISLE SENTENCED TO 20 YEARS IN PRISON
PG. 7 FOREIGN ECONOMIC ESPIONAGE INVESTIGATION LEADS TO ARREST
PG. 8 IRANIAN CITIZEN SENTENCED IN PLOT TO EXPORT AIRCRAFT PARTS TO IRAN
PG. 9 US DEFENCE CONTRACTOR, 59, 'GAVE CLASSIFIED INFORMATION TO 27-YEAR-OLD CHINESE LOVER IN HONEYTRAP'
PG. 12 FORMER U.S. CONSULATE GUARD SENTENCED TO NINE YEARS IN PRISON FOR ATTEMPTING TO COMMUNICATE NATIONAL DEFENSE INFORMATION TO CHINA
PG. 13 ALASKA-BASED SOLDIER GETS 16 YEARS IN SPY CASE
PG. 14 METHODS AND TECHNIQUES
PG. 14 5 LESSONS FROM THE FBI INSIDER THREAT PROGRAM PG. 15 ATTORNEY GENERAL ERIC HOLDER SPEAKS AT THE ADMINISTRATION TRADE SECRET STRATEGY ROLLOUT
PG. 17 CYBER RELATED THREATS REPORTED IN THE DHS DAILY OPEN
SOURCE INFRASTRUCTURE REPORT
PG. 20 VIRUS ALERT EMAIL NOT
REALLY FROM FBI
PG. 20 LOOKING FOR LOVE? BEWARE
OF ONLINE DATING SCAMS
PG. 21 STATEMENT TO HOUSE COMMITTEE ON THE JUDICIARY, SUBCOMMITTEE ON CRIME, TERRORISM, AND HOMELAND
SECURITY
PG. 23 DEPUTY ATTORNEY GENERAL JAMES M. COLE SPEAKS AT THE ADMINISTRATION EVENT TO HIGHLIGHT PRIORITIES FOR CYBERSECURITY
POLICY
PG. 24 EXECUTIVE ORDER -- IMPROVING CRITICAL INFRASTRUCTURE
CYBERSECURITY
PG. 28 THE FBI IN POPULAR FICTION
(COMIC BOOKS)
PG. 28 TRAVEL APP INFORMATION
PG. 29 ADVANTAGE SCI PRODUCTS,
SERVICES, TRAINING
Counterintelligence and Cyber News and Views
2
Advantage SCI hosted its first CI/Cyber Security Seminar on Wednesday, February 27th 2013. With more than 35 attendees, a diverse mix of cleared defense contractors, government, and
municipal employees was in attendance.
Advantage SCI CEO and President, Elsa Lee, welcomed our guests, and provided a brief
overview of the company.
Our first presentation of the day was provided by Mike Hartman (pictured at right) of the Aerospace Corporation. Mike retired from the FBI Los Angeles as the Assistant Special Agent in Charge for Counterintelligence before moving onto the
Aerospace Corporation in the early 2000s.
Mike discussed the art of counterintelligence and its current state. He delineated case examples and current legal precedents affecting counterintelligence. Finally, he pointed out trends
and issues the discipline faces going forward.
Following Mike was Brian Smith from Advantage SCI (pictured at right, middle photo). Brian is a retired Lieutenant Colonel from the USAF. Brian gave an excellent presentation on the collection of intelligence and the methods used by foreign
governments to obtain that intelligence.
Next, Deb Thomas (pictured at bottom right) from The Walt Disney Company spoke. Deb retired from the USAF as an OSI agent, then worked at Boeing before joining Disney. Deb discussed the protection of intellectual property and some of the
inherent challenges.
Our final presenter of the day was Jason Smolanoff of Stroz Friedberg. Jason was a Supervisory Special Agent with the FBI, heading up one of the FBI Los Angeles Cyber squads prior to joining Stroz Friedberg. Jason gave a very lively and informative presentation regarding the current state of cyber crime and the threats we
face going forward into the electronic world.
Our seminar was a great success. Our guests
provided great reviews of the day’s presentations.
With the favorable reviews and positive comments, another seminar will be planned for
the late summer or early fall.
Counterintelligence/Cyber Security Seminar: Lively Discussions, Enlightening Views
Counterintelligence and Cyber News and Views
3
(Continued from pg. 1)
The next arrest of interest is outlined In this brief extract from the Washington Examiner at web link: http://washingtonexaminer.com/watchdog-alert-fbi-arrests-nasa-contract-employer-trying-to-flee-to-china/article/2524691 where the arrest of Chinese national Bo Jiang is reported: ―Jiang was employed by the National Institute of Aerospace, a Hampton, VA-based NASA contractor. The position afforded Jiang virtually unlimited, unescorted access to the NASA Langley facility, which is the location for classified research programs related to U.S. space defense technologies. Ronda Squizzero, an FBI Special Agent said in documents Wolf made available today concerning Jiang’s arrest that he ―was leaving the United States abruptly to return to China on a one-way ticket.‖ The FBI is ―investigating conspiracies and substantive violations of the Arms Export Control Act,‖ according to the FBI’s arrest warrant. Jiang also is charged with making a false statement to federal law enforcement agents, including his attempt to conceal a ―laptop, and old hard drive and a SIM card,‖ according to the FBI agent. The FBI said it ―believes this to be material to the federal investigation, in that it was important to learn what electronic media Jiang was taking out of the United States.‖ Wolf said the Chinese national’s activities came to his attention from whistleblowers who worked at NASA Langley. ―I want to credit the whistleblowers at NASA who brought Mr. Jiang’s security violations to my attention, which resulted in this investigation,‖ Wolf said at today’s news conference. After learning about Jiang, Wolf met with the FBI’s counterintelligence office and called FBI Director Robert Mueller about Jiang. Wolf said he hopes to learn more about the information contained on Jiang’s hard drive. He said ―we know that Mr. Jiang has in the past taken sensitive information back to China that he should not have been allowed to remove at Langley.‖ Wolf also said he believes Jiang’s information ―may pertain to the source code for high-tech imaging technology that Jiang has been working on with NASA. This information could have significant military applications for the Chinese Peoples Liberation Army.‖
Sensitive technologies that are supposed to be strictly limited by U.S. export control laws are essential to U.S. space defense programs, but Wolf said they could also apply to ―unmanned aerial vehicles and other aerospace/aeronautic technologies.‖ There is little information publicly available regarding this case beyond what we have included here. Located at http://www.federalnewsradio.com/pdfs/jiang_affadavit.pdf the FBI affidavit for this case implies the existence of a great deal of sensitive, possibly export controlled or classified information that Bo Jiang was trying to take with him to China. Again, we anxiously await further details on this sensitive case. Our next case of interest involves one Hua Jun Zhao. ―On March 29, 2013, special agents in the Milwaukee Division of the FBI arrested Hua Jun Zhao, age 42. Zhao is charged via a criminal complaint for knowingly engaging in economic espionage benefiting a foreign government, foreign instrumentality, or foreign agent, in violation of Title 18, United States Code, Section 1831 (a) (1)(2)(3)‖. ―Zhao is alleged to have used his employment and position at the Medical College of Wisconsin to illegally acquire patented cancer research material and to have taken steps to provide that material to Zhejiang University in China.‖ This apparent case of Economic Espionage harkens back to a 1997 case where Japanese researchers were alleged to have stolen proprietary cancer research information from a clinic in Cleveland. Some involved in this case never were prosecuted because they fled to Japan. The government of Japan would not extradite individuals associated with this case. Fortunately, in this case, Hua Jun Zhao was arrested and will face trial in a US Court of law. As reported in the following extract (see http://www.justice.gov/opa/pr/2013/March/13-nsd-269.html ) former U.S. Consulate Guard Bryan Underwood was convicted of attempting to communicate national defense information to a foreign government with intent or reason to believe that the documents, photographs or information in question were to be used to the injury of the United States or to the advantage of a foreign nation. According to the US Attorney’s press release: Bryan Underwood, a former civilian guard at a U.S. Consulate compound under construction in
China, was sentenced to nine years in prison in connection with his efforts to sell for personal financial gain classified photographs, information and access related to the U.S. Consulate to China’s Ministry of State Security (MSS), announced Lisa Monaco, Assistant Attorney General for the Justice Department’s National Security Division; Ronald C. Machen Jr., U.S. Attorney for the District of Columbia; Valerie Parlave, Assistant Director in Charge of the FBI’s Washington Field Office; and Gregory B. Starr, Director of the U.S. State Department’s Diplomatic Security Service. Underwood pleaded guilty Aug. 30, 2012, in the U.S. District Court for the District of Columbia to one count of attempting to communicate national defense information to a foreign government with intent or reason to believe that the documents, photographs or information in question were to be used to the injury of the United States or to the advantage of a foreign nation. He was sentenced by the Honorable Ellen S. Huvelle. Upon completion of his prison term, Underwood will be placed on two years of supervised release. Significant about this case is that Underwood, having experienced financial pitfalls, apparently decided to sell out the US Government to recoup his losses. Through good fortune, he was never able to link up with PRC intelligence officers to compromise our diplomatic security. After admitting his actions, Underwood was released on his own recognizance, and took the opportunity to flee to Los Angeles. He was apprehended there in September 2011. He was sentenced to nine years confinement on March 5, 2013. In another case of Economic Espionage, detailed at http://www.fbi.gov/newark/press-releases/2013/former-employee-of-new-jersey-defense-contractor-sentenced-to-70-months-in-prison-for-exporting-sensitive-military-technology-to-china ―Sixing Liu, aka, “Steve Liu,‖ 49, a PRC citizen who had recently lived in Flanders, New Jersey, and Deerfield, Illinois was charged with stealing thousands of electronic files from his employer, L-3 Communications, Space and Navigation Division, located in Budd Lake, New Jersey. The stolen files detailed the performance and design of guidance systems for missiles, rockets, target locators, and unmanned aerial vehicles. Liu stole the files to position and prepare himself for future employment in the PRC. As part of that plan, Liu delivered presentations about the technology at several PRC universities, the Chinese Academy of Sciences, and conferences organized by PRC government entities.‖
(Continued on pg. 4)
Counterintelligence and Cyber News and Views
4
(Continued from pg. 3)
―On November 12, 2010, Liu boarded a flight from Newark Liberty International Airport to the PRC. Upon his return to the United States on November 29, 2010, agents found Liu in posses-sion of a non-work-issued computer containing the stolen material. The following day, Liu lied to agents of the Department of Homeland Security about the extent of his work on U.S. defense technology, which the jury found to be a criminal false statement.‖ ―The U.S. Department of State’s Directorate of Defense Trade Controls later verified that several of the stolen files on Liu’s computer contained export-controlled technical data that relates to defense items listed on the United States Muni-tions List (USML). Under federal regulations, items and data covered by the USML may not be exported without a license, which Liu did not ob-tain. The regulations also provide that it is the policy of the United States to deny licenses to export items and data covered by the USML to countries with which the United States maintains an arms embargo, including the PRC.‖ The case, when it went to trial in September 2012, presented information to the jury. ―The jury heard testimony that Liu’s company trained him about the United States’ export control laws and told him that most of the company’s products were covered by those laws. ‖Sixing Liu, aka, ―Steve Liu,‖ 49, a PRC citizen who had recently lived in Flanders, New Jersey, and Deerfield, Illinois, has been in custody since the September 2012 verdict, based on his risk of flight. As a result of the trial and testimony, Liu, the ―former New Jersey-based defense contractor ... was convicted by a federal jury of exporting sen-sitive U.S. military technology to the People’s Republic of China (PRC), stealing trade secrets, and lying to federal agents…‖ Liu…‖was sen-tenced (on 3/25/2013) to 70 months in prison, New Jersey U.S. Attorney Paul J. Fishman an-nounced. In two other cases, it appears hubris and greed have overtaken two individuals who may have at one time had better intentions and values in mind. In the first case, James F. Hitselberger, a US Government Linguist in Bahrain, was charged as follows: On or about April 11, 2012, at the Naval Support Activity – Bahrain, outside the
jurisdiction of any particular state or district of the United States, but within the extraterritorial juris-diction of the United States and therefore, pursu-ant to Title 18, United States Code, Section 3239, within the venue of the United States District Court for the District of Columbia, the defendant, JAMES F. HITSELBERGER, having unauthor-ized possession of and control over documents and writings relating to the national defense, did willfully retain documents and writings relating to the national defense, that is, a Joint Special Op-erations Task Force (JSOTF) Situation Report (SITREP) dated April 11, 2012 (SITREP 104) and classified SECRET, and a Navy Central Com-mand (NAVCENT) Regional Analysis dated April 9, 2012, and classified SECRET, and fail to deliv-er the same to an officer and employee of the United States entitled to receive it. (Unlawful Retention of National Defense Infor-mation, in violation of Title 18, United States Code, Section 793(e)) On or about March 8, 2012, at the Naval Support Activity – Bahrain, outside the jurisdiction of any particular state or district of the United States, but within the extraterritorial jurisdiction of the United States and therefore, pursuant to Title 18, United States Code, Section 3239, within the venue of the United States District Court for the District of Columbia, the defendant, JAMES F. HITSEL-BERGER, having unauthorized possession of and control over documents and writings relating to the national defense, did willfully retain docu-ments and writings relating to the national de-fense, that is, a Joint Special Operations Task Force (JSOTF) Situation Report (SITREP) dated March 8, 2012 (SITREP 72) and classified CON-FIDENTIAL, and fail to deliver the same to an officer and employee of the United States entitled to receive it. (Unlawful Retention of National Defense Infor-mation, in violation of Title 18, United States Code, Section 793(e)) Ultimately Hitselberger was also indicted on a third count regarding possession and retention of classified US Government materials. As this case is pending trial, motives and inten-tions are mere speculation. But let’s go ahead and speculate in this case, based on the limited information available in the public record. Mr. Hitselberger had been in email communica-tion with the Hoover Institute, a conservative think tank located at Stanford University. In reading some of these communications, your newsletter editor has reached a preliminary opinion that Hitselberger was donating what he knew to be
classified communications to the Hoover Institute for the purpose of academic study. He men-tioned what he thought to be the declassification dates for some of the documents, but expressed an opinion that the Hoover Institute should make the appropriate determinations, to include how to use these ostensibly classified communications. Again, at this point, the following comments are mere speculation, and have no basis in knowledge. They are based on the observations and opinions of an FBI Counterintelligence Agent with over 31 years of government intelligence experience. In your author’s experience it ap-pears here that we have an egotistic academician type who thinks the rules don’t apply to him. He has found classified materials he thinks should be part of a collection of government classified com-munications available in a think-tank environment for researchers of the future to review. This speculation is based on information currently available in the public record, and may be proven wrong by future events or information. In the second case mentioned ―Former CIA of-ficer John Kiriakou, 48, of Arlington, Virginia, was sentenced to 30 months in prison, followed by three years of supervised release, for reveal-ing to a journalist the identity of a man whose 20-plus-year career as a covert CIA agent had never been disclosed publicly. Kiriakou also admitted in court that he disclosed information revealing the role of another CIA employee in classified activi-ties.‖ ―Court records indicate that the e-mails seized during the investigation revealed that Kiriakou disclosed information to journalists about dozens of CIA officers, including numerous covert officers of the National Clandestine Service beyond the one identified in the defense filing by lawyers for the high-value detainees in Guantanamo Bay. The government raised this with the court to demonstrate that the charged conduct was in no sense aberrational or reflective of an atypical lapse of judgment.‖ ―Kiriakou admitted that, through a series of e-mails with Journalist A, he disclosed the full name of a CIA officer (referred to as ―Covert Officer A‖ in court records) whose association with the CIA had been classified for more than two decades. In addition to identifying the officer for the journal-ist, Kiriakou also provided information to the jour-nalist that linked the officer to a CIA counterter-rorism program known as the Rendition, Deten-tion, and Interrogation (RDI) Program and a par-ticular RDI operation.‖ (Continued on pg. 5)
Counterintelligence and Cyber News and Views
5
(Continued from pg. 4)
―In addition, Kiriakou admitted that he disclosed to Journalists A and B the name and contact information of a CIA officer, identified in court records as ―Officer B,‖ along with his association with an operation to capture terrorism subject Abu Zubaydah in 2002. Kiriakou knew that the association of Officer B with the Abu Zubaydah operation was classified. Based in part on this information, Journalist B subsequently published a June 2008 front-page story in The New York Times disclosing Officer B’s alleged role in the
Abu Zubaydah operation.‖
―Kiriakou provided this information to journalists without inquiring what the journalists would do with the information. Without Kiriakou’s knowledge, Journalist A passed the information he obtained from Kiriakou to an investigator assisting in the defense of high-value detainees at Guantanamo Bay. The investigator had been unable to successfully identify either officer until he received this information from Journalist A, which led to Officer B being secretly photographed and his photographs being tendered to high-value terrorist detainees—a
result Kiriakou himself described as ―terrifying.‖
―Kiriakou also admitted that he lied to the CIA regarding the existence and use of a classified technique, referred to as a ―magic box,‖ while seeking permission from the CIA’s Publications Review Board to include the classified technique
in a book.‖
Mr. Kiriakou was playing a dangerous game here. He compromised the name of an intelligence agent, possibly putting that agents safety at risk. He could have compromised intelligence activities, and possibly put lives in
jeopardy.
―In a statement of facts filed with his plea agreement, Kiriakou admitted that he made illegal disclosures about two CIA employees and their involvement in classified operations to two journalists (referenced as ―Journalist A‖ and ―Journalist B‖ in court records) on multiple
occasions between 2007 and 2009.‖
Again here, we have an individual who thinks the rules do not apply to him. No malicious intent, no revenge or greed, perhaps just wanting to establish his knowledge and expertise to aggrandize himself. Still, a potentially dangerous game for the person whom he was referring to, and, ultimately, dangerous to him for at least the
30 months he will be in federal confinement.
Moving onto computer intrusions and computer hacking activity, we have one Eric J. Rosol, 37,
of Black Creek, Wis., who is charged with one count of conspiracy to damage a protected computer and one count of damaging a protected
computer.
“In February 2011, a loosely organized group of computer hackers called Anonymous began using Internet Relay Chat (IRC) channels to advertise a dedicated denial of service attack against Koch industries and seeking participants to the attack. Such an attack aims at making a computer resource unavailable to users by saturating the target computer with large numbers of external communication requests. If successful, the attack causes the target computer to be unable to respond or to respond so slowly
as to be effectively unavailable to users.‖
―The attack was to be undertaken using a tool known as a ―Low Orbit Ion Cannon‖ that could send a high volume of repeated requests to Koch
Web sites. ―
―On Feb. 27, 2011, Anonymous told conspirators to use the Low Orbit Ion Cannon to attack a Koch
Industries Web site, ―quiltednorthern.com.‖
―On Feb. 28, 2011, Anonymous told conspirators to attach a Koch Industries Web site, ―Kochind.com.‖ Rosol and others launched Low
Orbit Ion Cannon attacks on ―Kochind.com.‖
―As a result of the attack, the Web site ―Kochind.com‖ crashed and was unavailable for
legitimate traffic.‖
This attack on Koch Industries will, in all likelihood, place Mr. Rosol in personal legal peril. If convicted, he faces a maximum penalty of five years in federal prison and a fine up to $250,000
on each count.
In another computer hacking related case ―a Texas resident was convicted ... by a federal jury for conspiring to hack into his former employer’s computer network, announced Acting Assistant Attorney General Mythili Raman of the Justice Department’s Criminal Division and U.S. Attorney for the Northern District of Texas Sarah R.
Saldaña.‖
―Michael Musacchio, 61, of Plano, Texas, was found guilty by a federal jury in Dallas of one felony count of conspiracy to make unauthorized access to a protected computer (hacking) and
two substantive felony counts of hacking.‖
―According to the evidence submitted at trial, from 2002 to 2004, Musacchio was the president of Exel Transportation Services, a third party logistics or intermodal transportation company that facilitated links between shippers and
common carriers in the manufacturing, retail and consumer industries. In 2004, Musacchio left Exel to form a competing company, Total Transportation Services, where he was the original president and CEO. Two other former Exel employees, Joseph Roy Brown and John Michael Kelly, also went to work at Musacchio’s new company. Trial testimony and exhibits established that between 2004 and 2006, Musacchio, Brown and Kelly engaged in a scheme to hack into Exel’s computer system for the purpose of conducting corporate espionage. Through their repeated unauthorized accesses into Exel’s email accounts, the co-conspirators were able to obtain Exel’s confidential and proprietary business information and use it to
benefit themselves and their new employer.‖
―A federal grand jury had returned an indictment against the three men on Nov. 2, 2010. Brown and Kelly entered guilty pleas on May 19, 2011, and Aug. 2, 2012, respectively, and are awaiting sentencing. Musacchio is scheduled to be sentenced on June 14, 2013, before U.S. District Judge Jorge A. Solis in the Northern District of
Texas.―
In a computer software piracy case, the risks for compromise of sensitive defense information is
illustrated by the story linked below:
http://www.networkworld.com/cgi-bin/mailto/x.cgi?pagetosend=/news/2013/031913-us-defense-scientist-bought-pirated-267830.html&pagename=/news/2013/031913-us-defense-scientist-bought-pirated-267830.html&pageurl=http://www.networkworld.com/news/2013/031913-us-defense-scientist-bought-pirated-
267830.html&site=security&nsdr=n
The former chief scientist at a Kentucky defense contractor has been sentenced to a year in prison for buying pirated software from Russian and Chinese hackers and using it to design
components for military helicopters.
Wronald Best, 55, of Owensboro, Kentucky, purchased the modeling and design software, with a retail value of more than US$2.3 million, for use at his job with MPD, a manufacturer of military and law enforcement equipment, the U.S.
Department of Justice said.
An investigation by U.S. Immigration and Customs Enforcement's Homeland Security Investigations (HSI) unit found that Best was one of the top customers for Crack99.com, a site that sells pirated software, in 2008 and 2009, the DOJ said.‖
(Continued on pg. 6)
Counterintelligence and Cyber News and Views
6
(Continued from pg. 5)
Best told special agents that he used the soft-ware to conduct simulations on components MPD was designing for use in military helicopters, including the Black Hawk helicopter and the pres-idential helicopter fleet, commonly referred to as Marine One, the DOJ said. Other projects on which Best used cracked software included de-signing Patriot missile components, police radars and breath analysis equipment widely used by
American police departments.
Best was sentenced Monday in U.S. District Court for the District of Delaware for conspiracy
to commit criminal copyright infringement.
Li pleaded guilty in January to one count of con-spiracy to commit copyright infringement and one count of conspiracy to commit wire fraud. He's
awaiting sentencing.
The software piracy conspiracy raised investiga-tor concerns that sophisticated modeling soft-ware, some of which was on a U.S. restricted export list, was falling into the wrong hands, said John Kelleghan, special agent in charge at HSI
Philadelphia.
Best was working on sensitive government pro-jects and "gets into cahoots with a Chinese na-tional and Russian cybercriminals," Kelleghan said. U.S. agencies need to be able to trust their contracting partners, and Best "absolutely failed" in his security agreements with the government,
he added.
The DOJ and investigators with HSI accused Best of encouraging Chinese national Xiang Li and a Russian hacker to pirate copies of defense
modeling programs and other software.
Xiang Li and a partner sold cracked copies of software on websites including Crack99.com and Cad100.com between April 2008 and November 2010, according to court documents. Many of the software packages they sold had retail values of
$10,000 or more.
Best communicated electronically with about 35 different computer code crackers and purchased more than 60 pirated software titles from Chinese and Russian sources, according to court docu-ments. He paid more than $6,000 to obtain pirat-ed software worth more than $2.3 million, the
DOJ said.
HSI was tipped off to Li's operation by a software vendor, and the agency's investigation resulted in the notification of cracked software to several other vendors, Kelleghan said. Some of the soft-ware vendors "had no clue their software was
getting cracked," he said.
The investigation may lead some software ven-dors to reexamine their anticopying security,
Kelleghan said.
The DOJ had sought a three-year prison sen-tence for Best. Prosecutors argued that Best encouraged Li and the Russian hacker to crack
copies of software for him.
Best held a secret U.S. government security clearance, prosecutors wrote in a sentencing document. Best "became the very epitome of a compromised individual known to those who posed an international threat to the United
States," prosecutors wrote.
Best's lawyer, Edmund Lyons, argued that crimi-nal copyright sentences were typically much shorter than the DOJ requested, with recent sen-tences averaging less than a year. Lyons wasn't
immediately available for comment Monday.
The HSI investigation found that between April 2008 and June 2011, Li sold about 550 pirated software titles to about 325 customers located in more than 25 states and more than 60 foreign countries. The software, from about 200 vendors, had a retail value of more than $100 million, the
DOJ said.
Between January 2010 and June 2011, under-cover agents made a series of purchases of pirat-ed software from Crack99.com. Undercover agents met Li in Saipan in June 2011. Li had agreed to travel from China to Saipan to deliver pirated software, design packaging, and 20 giga-bytes of proprietary data obtained from the server of a U.S. software company to undercover agents posing as U.S. businessmen. Agents arrested Li
during a meeting in Saipan.
Li is scheduled to be sentenced on May 3.
If not obvious to the reader (and at the risk of stating the obvious to the majority of readers) the use of this ―cracked software‖ potentially runs the risk of compromising other software or computers networked with the computer running this soft-ware. This ―cracked‖ software has the potential to ―crack‖ your internal computing system or net-work. Those of you with the ability to scan your internal networks should consider an audit of software connected to that network to determine whether the software is original or a copy. If it is a copy what is the original source the copy is
derived from?
Our last snippet is a tale designed to remind you to verify and validate who you are talking to when it comes to work related matters. The case of Paul Alan White, outlined here http://www.fbi.gov/houston/press-releases/2013/
woodlands-man-convicted-of-using-fake-cia-credentials and reprinted below shows how fail-ure to validate an individual’s identity can poten-tially lead to a compromise of sensitive infor-
mation.
―Paul Alan White, aka Jonathan Alan Davenport, 57, of The Woodlands, has entered a plea of guilty to two counts alleging he impersonated a public servant, United States Attorney Kenneth Magidson announced today. The plea was en-tered late yesterday before U.S. District Judge
Ewing Werlein, Jr.
According to the factual basis in support of the plea, White posed as a CIA agent to others at different times during 2011 and 2012 in order to obtain personal information from individuals and to have authorities give him privileges as well as
official record documents.
During March 2011, White had convinced a co-worker that he worked with Special Ops within the CIA and that they had to fill out an application form for a security clearance with the CIA. White apparently obtained the form from the Internet. The co-worker completed the form, which includ-ed personal information, such as names of family members and friends, education, employment history, and personal identification data such as a Social Security number, a Texas driver’s license number, and a U.S. passport number. As di-rected by White, the co-worker also ordered their own credit report and gave White a copy of their
passport.
The next month, White also attempted to recruit the co-worker’s friend from the co-worker’s Face-book site, using an alias. White reported to be conducting a reference check and also tried to recruit them for a position with the CIA. At the request and demand of White, pretending to act as an agent under the authority of the CIA, the friend sent the security clearance form via FedEx with their personal information on it along with a copies of their birth certificate, Social Security
card, driver’s license, and passport.
Also that month, White introduced himself to Texas Department of Public Safety troopers as an agent working for the CIA. White showed a badge and a credential thought to be from the CIA and stated he had retired from CIA and was rehired to run ―backgrounds‖ on people. White, while pretending to be an officer and employee of the United States, asked the trooper to run a criminal history check on his co-worker. White represented the request as an ―official request‖ from a CIA officer. The trooper did so and provid-ed the result.
(Continued on pg. 7)
Counterintelligence and Cyber News and Views
7
(Continued from pg. 6)
Later, the CIA was contacted to conduct a check for any and all employment either directly or indi-rectly of White, aka Davenport. The CIA con-firmed he did not work for the agency in any ca-pacity. A search warrant was executed at White’s home revealed several false and fraudulent pur-ported official U.S. government identifications
and badges allegedly belonging to the CIA.
Judge Werlein has set sentencing for June 28, 2013, at which time he faces up to three years in federal prison and a possible $250,000 fine on each count. White will remain in custody pending
that hearing.
The case was investigated by the FBI and Hou-ston Police Department. Assistant U.S. Attorney (AUSA) Joe Porto is prosecuting the case. AUSA
Ken Dies handled the hearing yesterday.
If confronted with identification from an individual claiming to be with the CIA, if you have any doubt, contact your local FBI Office (call the num-ber published in the phone book if you don’t trust some other source for the FBI’s number), ask for the Duty Agent, and tell them you have been contacted by someone claiming to be with the CIA, and that you need to validate the claim be-fore meeting with the person in question. Each FBI Office will have some sort of established protocol to validate the identity of an individual claiming to be with the CIA. It may take some amount of time, but you should be able to ulti-
mately verify your contact through the local FBI.
ARRESTS, TRIALS, CONVICTIONS
Navy spy Delisle sentenced to 20 years in prison
http://www.cbc.ca/news/canada/nova-scotia/
story/2013/02/08/ns-spy-faces-sentencing.html
He'll serve 18 years, 5 months, because of time
served, and pay an $111,000 fine
CBC News
Posted: Feb 8, 2013 8:48 AM AT
Sub-Lt. Jeffrey Delisle, the Halifax naval officer who sold secrets to Russia, has been given a 20-
year prison sentence.
But Judge Patrick Curran said Delisle will serve 18 years and five months behind bars because of
time he has already served.
Delisle, 41, was also fined over $111,000, equal to what investigators say he received from the
Russians. He has 20 years to pay.
As his children watched in the courtroom, one daughter's eyes welled up with tears as the judge delivered the sentence, reported the CBC's Ste-
phen Puddicombe.
Delisle is the first person to be sentenced under
Canada's Security of Information Act.
He pleaded guilty last October to one count of breach of trust and two charges of passing infor-mation to a foreign entity that could harm Cana-
da's interest.
A "big chunk of the rest of your life" will be spent
paying for the crime, Curran told Delisle.
He said Delisle was aware that Canada safe-guarded secret information. He also said Delisle knew he shouldn't leak that information but
"coldly and rationally" did so anyway,
Curran went on to say that even if the amount of damage Delisle caused is speculation, the fact that he passed information at all is a serious
crime.
"Society is justifiably outraged at the betrayal,"
said Curran.
Showing no emotion, Delisle sat quietly with his chin rested on his folded hands as he listened to the judge outline his spying and betrayal to the
court, reported the CBC's Rob Gordon.
When the sentencing was over, Delisle pulled up his red and blue hoodie, which he's worn to every
court appearance, and left.
The Crown had sought a prison sentence of at least 20 years, while the defence asked for nine
to 10 years.
Delisle's lawyer, Mike Taylor, said he was sur-
prised by Friday's sentence.
"I just thought considering all the factors that were brought out in court, that the sentence would be somewhat less than what the Crown was asking for. It's as simple as that. They were asking for what I consider a very high number,"
he said.
"I can't say I'm completely caught off guard, but I
was hoping for something less."
The Crown prosecutor said she is extremely
happy getting almost exactly what she wanted.
Lyne Decarie said it is all about deterrence and
this sentence sends a clear message.
Approached Russians
The story began when Delisle walked into the Russian Embassy in Ottawa wearing a red ball cap and civilian clothes. He flashed his Canadian military identification and asked to meet with someone from GRU, Russia's military intelligence
agency.
Delisle was posted to the security unit HMCS Trinity, an intelligence facility at the naval dock-yard in Halifax. It tracks vessels entering and exiting Canadian waters via satellites, drones
and underwater devices.
There, he had access to Stone Ghost, an allied computer system. Delisle spied on top-secret
NATO information for four years.
"Nothing in his past life made him stand out as a
potential traitor," said Curran.
Review of procedure
Canada's head of defence said Delisle failed all Canadians and violated the trust of Canada's partners, his colleagues and the entire Armed
Forces.
Gen. Tom Lawson said he is conducting a full
review of security procedures.
"We are actively pursuing measures to improve and enhance all facets of our security proce-
dures," he said.
The Department of National Defence said it has to complete its administrative review before it can
strip Delisle of his rank.
Until then he is on full pay.
Foreign Economic Espionage Investigation Leads to Arrest
h t t p : / / w w w . f b i . g o v / m i l w a u k e e / p r e s s -releases/2013/foreign-economic-espionage-
investigation-leads-to-arrest
FBI Milwaukee
April 02, 2013 Public Affairs Specialist Leonard
C. Peace (414) 291-4892
On March 29, 2013, special agents in the Mil-waukee Division of the FBI arrested Hua Jun Zhao, age 42. Zhao is charged via a criminal complaint for knowingly engaging in economic espionage benefiting a foreign government, for-eign instrumentality, or foreign agent, in violation of Title 18, United States Code, Section 1831 (a)
(1)(2)(3).
Zhao is alleged to have used his employment and position at the Medical College of Wisconsin to illegally acquire patented cancer research material and to have taken steps to provide that material to Zhejiang University in China. The public is reminded individuals placed under arrest
are presumed innocent until proven guilty.
The arrest was a direct result of successful out-reach by the FBI’s Division’s Strategic Partner-ship Program. This program focuses on fostering communication and building awareness through partnerships with key public and private entities. The goal of the outreach is to protect United States sensitive information, technologies, and competitiveness in an age of globalization.
(Continued on pg. 8)
Counterintelligence and Cyber News and Views
8
(Continued from pg. 7)
―This investigation underscores the importance of the FBI’s outreach to our community partners,‖ said Teresa L. Carlson, Special Agent in Charge. ―The FBI will aggressively pursue those who would attempt to steal trade secrets, proprietary
information, or national security information.‖
The FBI Milwaukee Division’s Strategic Partner-ship Program provides businesses and academia the tools to recognize, identify, and report insider threats, theft of trade secrets, and economic espionage. The FBI encourages businesses and academia to contact the Strategic Partnership Coordinator Special Agent Byron Franz at 414-291-4371 for more information on this outreach
program or to report suspected threats.
Subsequent to the preceding indictment the gov-ernment issued a superseding indictment on
4/11/2013 as announced by the USDOJ::
Defendant Charged With Attempting To Dam-age A Protected Computer
http://www.justice.gov/usao/wie/news/2013/pr20130411_Protected_Computer_Damage_Cha
rge.html
FOR IMMEDIATE RELEASE
April 11, 2010
United States Attorney James L. Santelle an-nounced that earlier today, Hua Jun Zhao (age 42) was arraigned in federal court on criminal charges that he: (1) had attempted to damage and had deleted information from a federally-protected computer at the Medical College of Wisconsin; and (2) had lied to the Federal Bu-reau of Investigation (FBI) in connection with an investigation into the alleged theft of an anti-cancer compound and related research data from
the Medical College.
According to court records, a federal grand jury returned the two-count indictment against Dr. Zhao on April 9, 2013. If convicted, the defend-ant faces a maximum term of 10 years’ imprison-ment, a fine of up to $250,000, and a maximum of 3 years’ supervised release for the charge of attempting to damage a protected computer, and a maximum term of 5 years’ imprisonment, a fine of up to $250,000, and a maximum of 3 years’ supervised release for the charge of making a
false statement.
Court records indicate that Dr. Zhao, a research scientist formerly employed by the Medical Col-lege, previously had been charged in a criminal complaint with the theft of the anti-cancer com-pound, in violation of the Economic Espionage Act. The United States moved to dismiss that
complaint without prejudice in light of the indict-ment returned by the grand jury. According to Court records, the indictment relates to efforts by Dr. Zhao to obstruct the investigation into the theft of the compound by lying to the FBI and by covertly accessing the Medical College’s comput-er server and attempting to delete proprietary information – including research data – related to
the stolen compound.
United States Attorney Santelle explained: ―The professional work being done by institutions like the Medical College of Wisconsin is vital to the present care and treatment and the future health and welfare of individuals in Wisconsin, through-out the United States, and across the globe. The United States Department of Justice, the Office of the United States Attorney, and the Federal Bureau of Investigation, in cooperation with our partners in the public and private sectors, are all committed to vigorously enforcing federal crimi-nal law, to ensuring the safety of our community, to guarding against all threats to our economy, and to protecting our nation’s leadership in medi-cal innovation and research.‖ United States At-torney Santelle added that the investigation into the ultimate disposition of the stolen compound and the ultimate intended use of the proprietary information stolen from the Medical College and
transported overseas is continuing.
"Proactive outreach through our Strategic Part-nership Program was a key factor in this case, the arrest was a direct result of building aware-ness of insider threats with our public and private partners," said Teresa L. Carlson, Special Agent in Charge, "the FBI will aggressively pursue those who damage or delete information on pro-tected computer systems to further their own
interests."
The investigation in this matter is being conduct-ed by the FBI, and the case is being prosecuted
by Assistant U.S. Attorney Stephen A. Ingraham.
Indictments and criminal complaints are merely the formal method of charging an individual and do not constitute inference of his or her guilt. An individual is presumed innocent until such time, if ever, that the government establishes his or her
guilt beyond a reasonable doubt.
Iranian Citizen And U.S. Citizen Residing In Louisville, Kentucky, Holding An Iranian Passport, Sentenced In Plot To Export Air-craft And Aircraft Parts To Iran
h t t p : / / w w w . j u s t i c e . g o v / u s a o / k y w /news/2013/20130304-01.html Conspired to violate the U.S. embargo against
Iran
FOR IMMEDIATE RELEASE
March 4, 2013
LOUISVILLE, Ky. - David J. Hale, U.S. Attorney for the Western District of Kentucky; Lisa Mona-co, Assistant Attorney General for National Secu-rity; and Perrye Turner, Special Agent in Charge, Federal Bureau of Investigation, Louisville Divi-sion, announced the sentencing today, of two men to charges related to unlawful export of aircraft and aircraft parts from the United States to Iran. One of the defendants, Hamid Asefi, age 67, is a citizen and resident of the Republic of Iran. The other, Behzad Karimian, also known as ―Tony‖ Karimian, age 52, is a United States citi-zen living in Louisville, Kentucky who holds a valid Iranian passport and is employed as a Mesaba Airlines Pilot. Asefi was sentenced to 23 months in prison, and Karimian was sentenced to 46 months in prison by Chief Judge Joseph H. McKinley, Jr. in United States District Court. The defendants pleaded guilty in Louisville, before Magistrate Judge James D. Moyer on December 3, 2012. The two-count Indictment was returned by a Federal Grand Jury meeting in Louisville on August 2, 2012 and unsealed prior to their
change of pleas hearings.
Hamid Asefi and Behzad Karimian were both charged with conspiracy to violate and violation of the International Emergency Economic Powers Act for exporting, selling, or causing the export or sale of aircraft and aircraft parts without first hav-ing obtained the required license from the U.S. Department of Treasury. Asefi made his initial appearance in U.S. District Court in Louisville, Kentucky on June 1, 2012. Karimian was arrest-ed and made his initial appearance in U.S. Dis-trict Court in Louisville, Kentucky on June 6,
2012.
Asefi is the principal officer of Aster Corp Ltd., an Iranian company with offices in both Iran and the United Kingdom. The Indictment charges that, beginning as early as August 2007 and continu-ing through April 2011, Asefi used the United Kingdom office of Aster to serve as a transship-ment point to facilitate shipment of goods from the United States to Iran; Asefi used Aster to facilitate the shipment of goods from the United States to Iran through third party countries; Asefi sent requests on behalf of Iranian entities to Karimian for purchases of aircraft and aircraft parts located in the United States or owned by United States persons; and Karimian knowingly and willfully made inquiries, placed orders, and attempted to facilitate the purchase of aircraft and aircraft parts located in the United States and owned by United States persons on behalf of defendant Asefi and persons in Iran.
(Continued on pg. 9)
Counterintelligence and Cyber News and Views
9
(Continued from pg. 8)
Asefi and Karimian pleaded guilty to Count One of the Indictment and admitted in court that they acted with knowledge and intent to violate the Iran embargo when on September 27, 2007, Asefi and Karimian sent emails to establish a ―profitable business collaboration‖ for the purpose of procuring aircraft and aircraft components for end-users in Iran. They further admitted that on or about October 1, 2009, Asefi sent an email to Karimian which outlined the terms of delivery and payment on future transactions with Iran Air and stated ―…remember that, only US Embargo has brought this chance and benefit to us, to get
involved in these deals….‖
Further, defendants Asefi and Karimian pleaded guilty to Count Two of the Indictment, and admitted that beginning in September 2009 and continuing through April 2010, they violated the embargo against Iran by exporting and causing the export of services related to the sale of a G.E. Aircraft Engine Model CF6-50C2, as well as attempting the procurement of helicopters manufactured by Bell Helicopter, from the United States to Iran, without first having obtained the required authorizations from the U.S. Department of Treasury. All of the aircraft and aircraft parts involved in this case were intended for civilian
use.
―The investigation and prosecution of national security cases is the top priority of the Department of Justice and my Office,‖ stated David J. Hale, the U.S. Attorney for the Western District of Kentucky. ―We view the circumvention of Iranian export control laws as a very serious matter. The FBI should be commended for its excellent work in disrupting this international scheme and
bringing these men to justice.‖
The International Emergency Economic Powers Act authorizes the President of the United States to impose economic sanctions on a foreign country when the President declares a national emergency with respect to a national security threat. On March 15, 1995, the President issued an Executive Order declaring the actions and policies of the Government of Iran constituted a national emergency. On May 6, 1995, the President issued an Executive Order imposing the Iran Trade Embargo. On June 23, 2011, the U.S. Department of the Treasury imposed sanctions on Iran Air after designating it as a proliferator of weapons of mass destruction for providing material support and services to Iran’s Islamic
Revolutionary Guard Corps.
This case was prosecuted by Assistant United States Attorney Bryan Calhoun of the U.S. Attorney’s Office for the Western District of Kentucky, and Trial Attorney Casey Arrowood of the Counterespionage Section of the Justice
Department’s National Security Division. The case was investigated by the Federal Bureau of
Investigation, Louisville Division.
US Defense Contractor, 59, 'Gave Classified Information To 27-Year-Old Chinese Lover In Honeytrap'
http://www.dailymail.co.uk/news/article-2295733/American-defence-contractor-Benjamin-Pierce-Bishop-gave-nuclear-secrets-younger-Chinese-
lover.html
Benjamin Pierce Bishop, 59, of Honolulu, charged
with passing on secrets
PUBLISHED:06:52 EST, 19 March 2013|
UPDATED:11:01 EST, 19 March 2013
The defence contractor met younger lover at
military defence conference
He did not tell authorities about her as he
should have done
A covert search of his home in Hawaii found
documents marked 'secret'
By Harriet Arkell
Bishop, who is accused of passing classified military information to a Chinese lover 32 years
his junior
A defence contractor and former US Army officer has been arrested and charged with giving his younger Chinese lover secret information about existing war plans and American nuclear
weapons.
Benjamin Pierce Bishop, 59, who worked in intelligence in Hawaii, appeared in court to face one count of communicating national defence information to a person not entitled to receive it and one count of unlawfully retaining national
defence documents and plans.
According to the complaint filed in Honolulu, Bishop met the woman at a conference on international military defence issues and passed her the information by email after beginning a
romantic relationship with her.
The complaint said the 27-year-old woman 'may have been at the conference in order to target individuals such as Bishop', who had top secret
security clearance since 2002.
Bishop was arrested on Friday at Pacific Command headquarters at Camp H.M. Smith in
Hawaii and appeared in court yesterday.
Authorities did not say when the conference took place but said the Chinese woman, whose identity has not been released, was in the US on a
student visa at the time.
US Attorney Florence Nakakuni said Bishop had been charged with giving defence secrets to his
Chinese lover
She allegedly began an intimate relationship with Bishop in June 2011, and the authorities say he passed on the information to her in an email in May, and also in a phone call in September, when he told the woman about the deployment of US strategic nuclear systems and about the ability of the US to detect other nations' low- and medium-
range ballistic missiles.
Bishop is accused of hiding the relationship from the government even though his position and security clearance requires him to report contact
with foreign nationals.
Authorities conducting a covert search of Bishop's home in the Honolulu suburb of Kapolei found 12 individual documents marked 'secret' although he was not authorized to keep classified papers at
home, court documents said.
The woman asked Bishop last month what western countries knew about 'the operation of a particular naval asset of People's Republic of China', the complaint said, though the topic fell
outside Bishop's regular work assignments.
Bishop researched the issued using open source records and was observed collecting and reviewing classified information on the topic,
according to the complaint.
At one point, when he travelled to the UK to visit the woman, Bishop tried to hide her identify on a request to leave for travel form 'by slightly changing her given name to a masculine form of the same name and by adding a letter to the
surname,' according to an FBI agent's affidavit.
(Continued on pg. 10)
Counterintelligence and Cyber News and Views
10
(Continued from pg. 9)
At one point, when he travelled to the UK to visit the woman, Bishop tried to hide her identify on a request to leave for travel form 'by slightly chang-ing her given name to a masculine form of the same name and by adding a letter to the sur-
name,' according to an FBI agent's affidavit.
US Magistrate Judge Richard Puglisi conditional-ly appointed Bishop an attorney after hearing arguments that his finances weren't sufficient to
cover the costs of defending himself.
Bishop's court-appointed attorney Birney Bervar, said Bishop was a lieutenant colonel in the US
Army Reserve.
He said: 'Colonel Bishop has served this country for 29 years. He would never do anything to harm
the United States.'
Bishop's lawyer Birney Bervar said his client would never do anything to intentionally harm the
United States
Bart DaSilva, a neighbor of Bishop's, said the man lived alone and was initially friendly when he
moved in about three years ago.
DaSilva said Bishop once brought over a woman and a girl he said were his wife and daughter
from Thailand.
But he said he never saw Bishop with other visi-tors, and noticed that Bishop increasingly began
to keep to himself.
The complaint filed against Bishop at the court in Honolulu does not refer to the Chinese woman
by name, calling her instead 'Person1'
'I kind of felt: "What did we do?"' DaSilva said. 'It
was almost like he switched off.'
No-one was available for comment at Bishop's brown, two-story home in a hilly neighborhood overlooking Pearl Harbor and downtown Honolu-
lu.
The arrest and charges were announced by Flor-ence T. Nakakuni, U.S. Attorney for the District of Hawaii; John Carlin, Acting Assistant Attorney General for National Security; Vida G. Bottom, Special Agent in Charge of the FBI Honolulu Division; Dwight Clayton, Special Agent in
Charge of the Naval Criminal Investigative Ser-vice (NCIS) Hawaii Field Office; and U.S. Navy
Captain Patrick McCarthy of USPACOM.
Bishop, who faces a maximum potential sen-tence of 20 years in prison if convicted, was scheduled to appear in court this Friday for a hearing on whether he will remain in detention during the case. A preliminary hearing was
scheduled for April 1.
The complaint filed against Bishop at the court in Honolulu does not refer to the Chinese woman
by name, calling her instead 'Person1'
'I kind of felt: "What did we do?"' DaSilva said. 'It
was almost like he switched off.'
No-one was available for comment at Bishop's brown, two-story home in a hilly neighborhood overlooking Pearl Harbor and downtown
Honolulu.
Bishop, who faces a maximum potential sen-tence of 20 years in prison if convicted, was scheduled to appear in court this Friday for a hearing on whether he will remain in detention during the case. A preliminary hearing was
scheduled for April 1.
The home of civilian defense contractor Benjamin Pierce Bishop in Kapolei, Hawaii on, March 18, 2013. Bishop is charged with giving national security secrets to a 27-year-old Chinese woman he was dating. Authorities conducting a covert search of Bishop's home in Kapolei, a suburb about 22 miles west of downtown Honolulu, in November found 12 individual documents marked "secret" even though he's not authorized to keep classified papers at home, the complaint
said. (AP Photo/Oskar Garcia)
Woman At Center Of Spy Allegations Is Enig-ma
http://azdailysun.com/news/national/pacific-command-contractor-chargedwith-%20spying/a r t i c l e _ 5 7 c 6 3 1 f 6 - e 0 7 6 - 5 9 0 a - a 9 6 1 -
ce40459c447e.html
Oskar Garcia
U.S. officials say the 27-year-old university stu-dent from China started a relationship with a
civilian defense contractor more than twice her age and then found out classified information on U.S. nuclear weaponry, missile defenses and war
plans.
But is she a spy?
It is clear the Justice Department believes the woman's boyfriend broke the law, but the criminal complaint that outlines the charges against him never formally accuses her of any crime. It just paints a picture of a young woman who seems to
be involved in espionage.
A Justice Department official who spoke on con-dition of anonymity because the investigation is ongoing says the government knows the wom-an's location and is continuing to investigate her role. Her identity and whereabouts haven't been released, and U.S. authorities also haven't said publicly whether they believe she is working for
the Chinese government.
She lives in the United States as a student on a J-1 visa, according to an affidavit the FBI filed this week by the FBI in U.S. District Court in Hon-
olulu.
Her boyfriend, Benjamin Bishop, a 59-year-old civilian defense contractor who works at Pacific Command, met the woman at a Hawaii confer-
ence on military defense issues.
The counterintelligence agent investigating Bish-op said the woman may have been at the confer-ence specifically to meet people like Bishop, who work with and have access to certain classified
information, the affidavit said.
They began an intimate, romantic relationship in June 2011, according to the affidavit. At the time, Bishop was working at a Pacific Command office that develops plans to deter potential U.S. adver-
saries, according to his LinkedIn profile online.
Bishop is scheduled to appear in federal court Friday for a hearing on whether he should stay in
detention while prosecutors pursue their case.
Birney Bervar, Bishop's attorney, said he planned to seek bail but wasn't optimistic he would be successful. Bervar declined to discuss details of the case, saying he had not yet spoken in depth
to his client.
A preliminary hearing is scheduled for April 1.
The affidavit says the woman told Bishop repeat-edly she didn't want him to tell her anything clas-sified but continued to question Bishop about his
work.
Bishop, on the other hand, told her he wouldn't give her any classified information but did so anyway, the document said.
(Continued on pg. 11)
Counterintelligence and Cyber News and Views
11
(Continued from pg. 10)
Bishop, a lieutenant colonel in the U.S. Army Reserve, is accused of telling her secrets about U.S. nuclear weapons, missile defenses, war plans, early warning radar systems and other
issues.
Last month, the woman asked Bishop what west-ern countries knew about a Chinese naval asset. This fell outside the scope of Bishop's work but he conducted open source record research for her and collected and reviewed classified infor-
mation on the topic, the affidavit said.
Bishop's security clearance required him to dis-close his contacts with foreign nationals, but the affidavit says he failed to let officials know about
his relationship with the woman.
The FBI declined further comment on Tuesday. A Justice Department spokesman in Honolulu did
not return a call seeking comment.
Bishop was married until last year, according to state documents in Utah. His ex-wife declined comment when approached by The Associated
Press on Tuesday at her home in Ogden, Utah.
Her neighbor, Sandra Doyle, said it was clear Bishop was having an affair with a Chinese wom-an prior to the divorce. Doyle, who said she is friends with the ex-wife, said the girlfriend was a university student in the District of Columbia,
though she didn't know which school.
Doyle said neighbors knew Bishop worked for the government in Hawaii but were unclear on his
exact job.
Larry Wortzel, a member of the U.S.-China Eco-nomic and Security Review Commission, said China has used sexual entrapment as a means to gather intelligence before and the allegations
aren't surprising.
As an Army reserve officer and defense contrac-tor, Bishop would have received security brief-ings on this and understood "how sex may be
used for intelligence targeting," Wortzel said.
Whether U.S. national security was damaged by any of the alleged disclosures would depend on how detailed the information was and whether the woman knew any of it was classified, said Carl Baker, director of programs at Pacific Forum
Center for Strategic and International Studies.
Information on weapons could be harmful be-cause it could tell a potential enemy what U.S. weapons system can do as well as what capabili-ties the adversary would need to develop to
counter U.S. capabilities, he said.
Bishop's position wouldn't have given him access to specifics about weapons technology, though,
Baker said.
Leaked details on military plans might also be
detrimental.
"That's an important part, because if you divulge enough information about the planning process, you end up giving information that reveals a strat-egy and how you could counter that strategy,"
Baker said.
The key issues for any trial will be Bishop's intent and the sophistication of the information he
passed on, Baker said.
Bishop is charged with one count of communi-cating national defense information to a person not entitled to receive it and one count of unlaw-fully retaining national defense documents and
plans.
Defense Contractor Charged In Hawaii With Communicating Classified Information To Person Not Entitled To Receive Such Infor-mation
http://www.fbi.gov/honolulu/press-releases/2013/defense-contractor-charged-in-hawaii-with-communicating-classified-information-to-person-
not-entitled-to-receive-such-information
U.S. Attorney’s Office District of Hawaii
March 18, 2013
(808) 541-2850
HONOLULU—Benjamin Pierce Bishop, 59, a former U.S. Army officer who works as a civilian employee of a defense contractor at U.S. Pacific Command (USPACOM) in Hawaii, has been arrested on charges of communicating classified national defense information to a person not
entitled to receive such information.
The arrest and charges were announced by Flor-ence T. Nakakuni, U.S. Attorney for the District of Hawaii; John Carlin, Acting Assistant Attorney General for National Security; Vida G. Bottom, Special Agent in Charge of the FBI Honolulu Division; Dwight Clayton, Special Agent in Charge of the Naval Criminal Investigative Ser-vice (NCIS) Hawaii Field Office; and U.S. Navy
Captain Patrick McCarthy of USPACOM.
Bishop, a resident of Hawaii, was arrested Friday without incident at his workspace at USPACOM in Hawaii and made his initial appearance on Monday in federal court in Honolulu. The criminal complaint filed in the District of Hawaii charges him with one count of willfully communicating national defense information to a person not entitled to receive such information and one count of unlawfully retaining documents related to the national defense. If convicted, he faces a maximum potential sentence of 20 years in pris-
on.
According to an affidavit filed in support of the criminal complaint, Bishop currently works as an employee of a defense contractor that has a contract with USPACOM, whose command is based in Oahu, Hawaii. Bishop has held a top secret security clearance since July 2002 and held access to Secure Compartmented Infor-mation from November 2002 to April 2012. As a person holding a top secret security clearance, Bishop has been subject to multiple security briefings on restrictions regarding the disclosure of classified national defense information, as well as the handling, marking, and storage of such
information.
According to the affidavit, between May 2011 through December 2012, Bishop willfully commu-nicated classified national defense information on multiple occasions to Person 1, an individual not entitled to receive such information. The affidavit alleges that Person 1 is a 27-year-old female citizen of the People’s Republic of China who is residing in the United States on a visa and who does not possess, nor has ever possessed, a U.S. security clearance, and thus is not entitled
to receive U.S. classified information.
According to the affidavit, Bishop and Person 1 originally met in Hawaii during a conference re-garding international military defense issues. Since June 2011, Bishop and Person 1 have allegedly been involved in a romantic relation-ship. Despite a Defense Department directive requiring personnel, like Bishop, who maintain a U.S. security clearance to report to the U.S. gov-ernment any contacts with foreign persons, Bish-op has affirmatively hidden his relationship with Person 1 from U.S. government officials, the
affidavit alleges.
The affidavit alleges that Bishop communicated information classified at the secret level to Per-son 1 on several instances. According to the affidavit, the national defense information that Bishop passed to Person 1 included information relating to nuclear weapons; information on planned deployment of U.S. strategic nuclear systems; information on the ability of the United States to detect low- and medium-range ballistic missiles of foreign governments; and information on the deployment of U.S. early warning radar
systems in the Pacific Rim.
The affidavit further alleges that a court-authorized search of Bishop’s residence in No-vember 2012 revealed approximately 12 individu-al documents each with classification markings at the secret level. Bishop’s residence is not an authorized location for the storage of classified information, and Bishop was not authorized to remove and retain those documents.
(Continued on pg. 12)
Counterintelligence and Cyber News and Views
12
Former U.S. Consulate Guard Sentenced To Nine Years In Prison For Attempting To Com-municate National Defense Information To China
ht tp : / /www. fb i . gov/wash ingtondc /press -releases/2013/former-u.s.-consulate-guard-sentenced-to-nine-years-in-prison-for-attempting-to-communicate-national-defense-information-to-
china
U.S. Department of Justice
March 05, 2013 Office of Public Affairs
(202) 514-2007/ (202) 514-1888
WASHINGTON—Bryan Underwood, a former civilian guard at a U.S. Consulate compound under construction in China, was sentenced to-day to nine years in prison in connection with his efforts to sell for personal financial gain classified photographs, information, and access related to the U.S. Consulate to China’s Ministry of State Security (MSS), announced Lisa Monaco, Assis-tant Attorney General for the Justice Depart-ment’s National Security Division; Ronald C. Machen, Jr., U.S. Attorney for the District of Co-lumbia; Valerie Parlave, Assistant Director in Charge of the FBI’s Washington Field Office; and Gregory B. Starr, Director of the U.S. State De-
partment’s Diplomatic Security Service.
Underwood pleaded guilty August 30, 2012, in the U.S. District Court for the District of Columbia to one count of attempting to communicate na-tional defense information to a foreign govern-ment with intent or reason to believe that the documents, photographs, or information in ques-tion were to be used to the injury of the United States or to the advantage of a foreign nation. He was sentenced by the Honorable Ellen S. Hu-velle. Upon completion of his prison term, Under-wood will be placed on two years of supervised
release.
Underwood, 32, a former resident of Indiana, was first charged in an indictment on August 31, 2011, with two counts of making false statements and was arrested on September 1, 2011. On September 21, 2011, he failed to appear at a scheduled status hearing in federal court in the District of Columbia. The FBI later located Under-wood in a hotel in Los Angeles and arrested him there on September 24, 2011. On September 28, 2011, Underwood was charged in a superseding indictment with one count of attempting to com-municate national defense information to a for-eign government, two counts of making false statements, and one count of failing to appear in
court pursuant to his conditions of release.
―Bryan Underwood betrayed America’s trust by attempting to sell access to secure areas of the
very U.S. Consulate compound he was charged to protect,‖ said Assistant Attorney General Mon-aco. ―Today, he is being held accountable for his actions. As this case demonstrates, we remain vigilant in protecting America’s secrets and in bringing to justice those who seek to compromise
them.‖
―Access to classified information is a special responsibility to be honored, not a financial op-portunity to be exploited,‖ said U.S. Attorney Machen. ―Bryan Underwood is going to prison because he tried to make millions by selling se-cret photos of a U.S. Consulate to a foreign gov-ernment. His sentence demonstrates our dedica-tion to jealously guarding our nation’s secrets. We all owe a great debt of gratitude to the agents who detected and stopped Underwood before he
succeeded in betraying our country.‖
――Bryan Underwood attempted to betray his coun-try by using his access to sensitive information for his own benefit. Fortunately, he was stopped before classified information fell into the wrong hands,‖ said FBI Assistant Director in Charge Parlave. ―Together with our partner agencies, the FBI will continue to diligently work to combat potential acts of espionage that threaten our
national security.‖
The close working relationship between the U.S. Department of State’s Diplomatic Security Ser-vice, the FBI, and the U.S. Attorney’s Office re-sulted in the conviction of Bryan Underwood before he could potentially harm the security of our country,‖ said Director Starr of the Diplomatic Security Service. ―This was a great success by
all of the agencies involved.‖
According to court documents, from November 2009 to August 2011, Underwood worked as a cleared American guard (CAG) at the site of a new U.S. consulate compound that was under construction in Guangzhou, China. During this time, the compound was not yet operational. CAGs are American civilian security guards with top secret clearances who serve to prevent for-eign governments from improperly obtaining sensitive or classified information from the con-struction site. Underwood received briefings on how to handle and protect classified information as well as briefings and instructions on security protocols for the U.S. Consulate, including the prohibition on photography in certain areas of the
consulate.
In February 2011, Underwood was asked by U.S. law enforcement to assist in a project at the con-sulate and he agreed. In March and April of 2011, Underwood lost a substantial amount of money in the stock market. According to court documents, Underwood then devised a plan to use his assistance to U.S. law enforcement as a ―cover‖ for making contact with the Chinese gov-
ernment. According to his subsequent state-ments to U.S. law enforcement, Underwood in-tended to sell his information about and access to the U.S. Consulate to the Chinese MSS for $3 million to $5 million. If any U.S. personnel caught him, he planned to falsely claim he was assisting
U.S. law enforcement.
As part of his plan, Underwood wrote a letter to the Chinese MSS, expressing his ―interest in initiating a business arrangement with your offic-es‖ and stating, ―I know I have information and skills that would be beneficial to your offices [sic] goals. And I know your office can assist me in my financial endeavors.‖ According to court docu-ments, Underwood attempted to deliver this letter to the offices of the Chinese MSS in Guangzhou but was turned away by a guard who declined to accept the letter. Underwood then left the letter in the open in his apartment hoping that the Chi-nese MSS would find it, as he believed the MSS routinely conducted searches of apartments oc-
cupied by Americans.
In May 2011, Underwood secreted a camera into the new U.S. Consulate compound and took photographs of a restricted building and its con-tents. Several of these photographs depict areas or information classified at the Secret level. Un-derwood also created a schematic that listed all security upgrades to the U.S. Consulate and drew a diagram of the surveillance camera loca-tions at the consulate. In addition, according to his subsequent statements to U.S. law enforce-ment, Underwood ―mentally‖ constructed a plan in which the MSS could gain undetected access to a building at the U.S. Consulate to install lis-
tening devices or other technical penetrations.
According to court documents, the photographs Underwood took were reviewed by an expert at the State Department’s Bureau of Diplomatic Security who had original classification authority for facilities, security, and countermeasures at the U.S. Consulate. The expert determined that several of the photographs contained images classified at the secret level and that disclosure of such material could potentially cause serious
damage to the United States.
In early August 2011, Underwood was inter-viewed several times by FBI and Diplomatic Se-curity agents, and he admitted making efforts to contact the Chinese MSS but falsely claimed that he took these actions to assist U.S. law enforce-ment. On August 19, 2011, Underwood was again interviewed by law enforcement agents and he admitted that he planned to sell photos, information, and access to the U.S. Consulate in Guangzhou to the Chinese MSS for his personal
financial gain.
(Continued on pg. 13)
Counterintelligence and Cyber News and Views
13
(Continued from pg. 12)
After initially being arraigned in this case on September 1, 2011, Underwood was released on his personal recognizance, with certain conditions, including staying within the Washington, D.C. metropolitan area and returning to court for a status hearing on September 21, 2011. Instead of returning to court as promised, Underwood purchased a bicycle, racks, panniers, helmet, and multiple energy snack bars. He left a fake suicide note at his hotel room in Springfield, Virginia. Then, alive and well, he pedaled west out of Springfield and eventually boarded a bus in Wytheville, Virginia, under a false name. He was arrested on September 24, 2011 in a hotel room in Los Angeles, with over $10,000 in cash and 80,000 Japanese yen. He has been in custody ever
since.
The U.S. government has found no evidence that Underwood succeeded in passing classified information concerning the U.S. Consulate in
Guangzhou to anyone at the Chinese MSS.
This investigation was conducted jointly by the FBI’s Washington Field Office and the State Department’s Bureau of Diplomatic Security. The prosecution was handled by the U.S. Attorney’s Office for the District of Columbia and Trial Attorney Brandon L. Van Grack from the Counterespionage Section of the Justice
Department’s National Security Division.
Alaska-Based Soldier Gets 16 Years In Spy Case
http://www.tri-cityherald.com/2013/04/15/2357504/us-soldier-
being-sentenced-in.html
Published: April 15, 2013
FILE - In this undated file photo released by the U.S. Army Alaska, Spc. William Colton Millay is shown. A panel of eight military members from Joint Base Elmendorf-Richardson in Anchorage Monday April 15, 2013 recommended a 19-year sentence for Spec. William Colton Millay, but that
was dropped to 16 years because of a pretrial agreement. He will receive credit for the 535 days he's been jailed since his Oct. 28, 2011, arrest. The panel also reduced him in rank to
private and he will forfeit all pay and allowances.
U.S. Army Alaska, File
By MARK THIESSEN — Associated Press
JOINT BASE ELMENDORF-RICHARDSON, Alaska — An Alaska-based military policeman will serve 16 years in prison and will be dishonorably discharged for selling military secrets to a Russian agent, who was an undercover FBI agent, a military panel decided
Monday.
A panel of eight military members from Joint Base Elmendorf-Richardson in Anchorage recommended a 19-year sentence for Spec. William Colton Millay, but that was dropped to 16 years because of a pretrial agreement. He will receive credit for the 535 days he's been jailed since his Oct. 28, 2011, arrest. The panel also reduced him in rank to private and he will forfeit
all pay and allowances.
Millay pleaded guilty last month to attempted espionage and other counts. A sentencing panel of male military members began deliberations
late Monday afternoon.
Military prosecutors painted Millay as a white supremacist who was fed up with the Army and the United States, and was willing to sell secrets to an enemy agent, even if that would cost his fellow soldiers their lives. Defense attorneys said Millay was emotionally stunted, was only seeking
attention and was a candidate for rehabilitation.
Millay's attorney, Seattle-based Charles Swift,
said they understand and accept the sentence.
However, "We do intend to seek further clemency as this case goes forward for the reasons that were set forth in the trial: his mental state, his emotional age, and the motivation for it, and the
circumstances."
Monday's proceedings were like a mini-trial conducted in front of the sentencing panel, with
both sides calling two witnesses.
FBI Special Agent Derrick Chriswell said Millay came to their attention in the summer of 2011 through an anonymous tip after Millay sent an email to a Russian publication seeking information about the military and made several
calls to the Russian embassy.
"That's a concern for national security," Chriswell
said.
The FBI, working with military intelligence agencies, conducted the investigation. On Sept. 13, 2011, an FBI undercover agent called Millay
and set up a meeting the next day at an
Anchorage hotel restaurant.
Chriswell testified that during the first meeting with the agent that day, Millay "expressed his disgust with the U.S. military." They then moved to the agent's hotel room, where audio and video
recording devices were in place.
Millay said he'd work for the Russian government, and if they made it worth his while, he'd re-enlist for a second five-year stint. He also said he had confidential information on the Warlock Duke jamming system the U.S. military
uses to sweep roadside bombs.
Two days after that meeting, Millay reported to his commander that he had been contacted by a Russian agent. He was later interrogated by military intelligence officers and the FBI, but prosecutors say Millay was merely trying to throw
off suspicion.
Chriswell said Millay, during the interrogation, withheld information that officials already knew from the recordings. That included a claim that he didn't know why a Russian agent would contact him, his claim to the agent that he had access to Social Security numbers of people on base because of his police job and that he had sent her an earlier text claiming he had more
information on the jamming system.
Later, after he came off a monthlong leave, he told the agent he was willing to sell information
using a confidential drop at a park.
On Oct. 21, 2011, he dropped off a white envelope with information about the F-22s and the jamming system in a garbage can. That
envelope was later collected by the FBI.
Millay was told to drive to a hotel, where he collected $3,000 and a disposable cellphone
from a pickup.
Afterward, the agent contacted Millay to complain her superiors wanted information that wasn't on the Internet. Millay assured her that the information on the jamming system - about a paragraph's worth - wasn't available. That was
later confirmed by military personnel.
He was arrested Oct. 28. A search of his barracks found two handguns, detailed instructions on how to use a Russian Internet phone service and literature from the white supremacist organization, the National Socialists
Movement.
Chriswell also testified that Millay has two Nazi SS thunderbolt tattoos under his biceps and spider web tattoos, which he said was common
among racists in prison.
(Continued on pg. 14)
Counterintelligence and Cyber News and Views
14
(Continued from pg. 13)
"He branded himself in their symbols of hate," military prosecutor Capt. Stewart Hyderkhan said in his closing statement, arguing for at least 25 years in prison. "He had hate for the Army. He
had hate for the United States."
Swift, Millay's attorney, argued that the Nazi movement and Russia don't exactly have a lot in common, and that Millay had once been married
to Filipino.
Defense witness Dr. Veronica Harris, a psychiatrist, testified Millay had the emotional capability of a 5-year-old and suffers from low self-esteem, mild depression, alcoholism and
narcissism.
Millay offered an unsworn statement to the court,
in which he said, "This has destroyed me."
"I know I've made a terrible mistake," he said, also fighting back tears. "I'm a U.S. soldier, and that
piece of me, I'm proud of."
Millay spoke of his demon within.
"It has taken me three years to come to grips with who he is," he said. "He's my worst enemy; my
worst enemy is myself."
Hyderkhan said that wasn't remorse, especially since jailhouse recordings show he threatens to
continue to divulge secrets.
Swift, in his closing statement, argued that eight years was punitive enough and would provide
time for rehabilitation.
METHODS AND TECHNIQUES
The following excellent article from Dark Reading ( h t t p : / / w w w . d a r k r e a d i n g . c o m / i n s i d e r -threat/167801100/security/news/240149745/5-lessons-from-the-fbi-insider-threat-program.html ) Summarizes some current thinking at the FBI regarding analysis and detection of the inside threat as it might manifest itself on internal FBI networks. Practitioners of internal threat monitoring and risk assessments may find this
article to be of interest.
5 Lessons From The FBI Insider Threat Program
Finding ways to improve enterprise insider theft
detection and deterrence
Mar 01, 2013 | 05:51 AM |
By Ericka Chickowski, Contributing Writer
Dark Reading
SAN FRANCISCO -- RSA CONFERENCE 2013 -- Insider threats may not have garnered the same sexy headlines that APTs did at this year's RSA
Conference. But two presenters with the Federal Bureau of Investigation (FBI) swung the spotlight back onto insiders during a session this week that offered enterprise security practitioners some lessons learned at the agency after more than a decade of fine-tuning its efforts to sniff out malicious insiders following the fallout from the
disastrous Robert Hanssen espionage case.
1. Insider threats are not hackers.
Often people think of the most dangerous insiders being hackers who are running special technology tools on internal networks. Not so, says Patrick
Reidy, CISO for the FBI.
"You're dealing with authorized users doing authorized things for malicious purposes," he says. "In fact, going over 20 years of espionage cases, none of those involve people having to do something like run hacking tools or escalate their
privileges for purposes of espionage."
Reidy says that just less than a quarter of insider incidents tracked on a yearly basis come at the hand of accidental insiders, or what he calls the "knucklehead problem." However, at the FBI his insider threat team spends 35 percent of their time dealing with these problems. He believes the FBI and other organizations should be looking for ways to "automate out of this problem set" by focusing on better user education. Dropping those simpler incidents gives insider threat teams more time to concentrate on the more complex problem
of malicious insiders, he says.
2. Insider threat is not a technical or
"cybersecurity" issue alone.
Unlike many other issues in information assurance, the risk from insider threats is not a technical problem, but a people-centric problem, says Kate Randal, insider threat analyst and lead
researcher for the FBI.
"So you have to look for a people centric solution," she says. "People are multidimensional, so what you have to do is take a multidisciplinary
approach."
This starts by focusing efforts on identifying and looking at your internal people, your likely enemies, and the data that would be at risk. In particular, understanding who your people really are should be examined from three important informational angles: cyber, contextual, and
psychosocial.
"The combination of these three things is what's most powerful about this methodology," Randal says. "In an ideal world we'd want to collect as much about these areas [as possible], but that's never going to happen. So what's important is adopting a method working with your legal and managerial departments to figure out what works
best within the limitations of your environment."
3. A good insider threat program should focus on
deterrence, not detection.
For a time the FBI put its back into coming up with predictive analytics to help predict insider behavior prior to malicious activity. Rather than coming up with a powerful tool to stop criminals before they did damage, the FBI ended up with a system that was statistically worse than random at ferreting out bad behavior. Compared to the predictive capabilities of Punxsutawney Phil, the groundhog of Groundhog Day, that system did a worse job of predicting malicious insider activity,
Reidy says.
"We would have done better hiring Punxsutawney Phil and waving him in front of someone and saying, 'Is this an insider or not an insider?'" he
says.
Rather than getting wrapped up in prediction or detection, he believes organizations should start
first with deterrence.
"We have to create an environment in which it is really difficult or not comfortable to be an insider," he says, explaining that the FBI has done this in a number of ways, including crowdsourcing security by allowing users to encrypt their own data, classify their own data, and come up with better ways to protect data. Additionally, the agency has found ways to create "rumble strips" in the road to let users know that the agency has these types of policies in place and that their interaction with
data is being used.
4. Detection of insider threats has to use
behavioral-based techniques.
Following the failure to develop effective predictive analytics, the FBI moved toward a behavioral detection methodology that has proved far more effective, Reidy says. The idea is to detect insider bad behavior closer to that "tipping
point" of when a good employee goes rogue.
"We look at how people operate on the system, how they look contextually, and try to build
baselines and look for those anomalies," he says.
Whatever analytics an organization uses, whether it is print file behavior or data around file interactions, Reidy recommends a minimum of six months of baseline data prior to even attempting
any detection analysis.
"Even if all you can measure is the telemetry to look at prints from a print server, you can look at things like what's the volume, how many and how big are the files, and how often do they do print,"
he says.
(Continued on pg. 15)
Counterintelligence and Cyber News and Views
15
(Continued from pg.14)
5. The science of insider threat detection and
deterrence is in its infancy.
According to Randal, it was bad science that led the FBI to the point where they were using a worse than random predictive analysis. Part of the issue is that even now the science of insider de-tection and deterrence is still in its infancy. One of the issues with its slow growth is that much of the existing research just focuses on looking at data
from the bad guys.
"So what the FBI has done is to really try to push this diagnostic approach of collecting data from and comparing it between a group of known bad and a group of assumed good [insiders] and try to apply that methodology to those three realms
[cyber, contextual and psychosocial]."
In particular, some of the research the FBI has done with regard to psychosocial diagnostic indi-
cators has been a bit surprising, she says.
"What we learned from this study is that some of the things we thought would be the most diagnos-tic in terms of disgruntlement or workplace issues really weren't that much," she says, explaining that more innate psychological risk factors come into play. For example, stress from a divorce, inability to work in a team environment, and exhib-iting behaviors of retaliatory behavior all scored high as risk indicators when comparing the bad
insiders with the good.
While enterprises will not be able to do the same kind of psychological screening that the FBI does with its employees, there are ways to incorporate
this knowledge into insider prevention programs.
"You can try to elicit this information from other avenues: observables, behavioral manifestations, making supervisors more aware of the insider threat problem, and creating an environment where they may be more willing to report some of these things as they see them," she says. "One of the best resources that your security program has
is the collaboration of the HR department."
Attorney General Eric Holder Speaks At The Administration Trade Secret Strategy Rollout
Commentary: In February of this year the govern-ment laid out its refined strategy for combatting the theft of trade secrets and intellectual property. This speech by the Attorney General sets forth the foundations for how these issues will be ad-
dressed in the coming months and years.
http://www.justice.gov/iso/opa/ag/speeches/2013/
ag-speech-1302201.html
Washington, D.C.
Wednesday, February 20, 2013
Thank you, Victoria, for those kind words – and thank you all for being here. It’s a pleasure to welcome you to the White House today – and a privilege to stand with so many friends, key part-ners, and indispensable allies in introducing the Administration’s strategy for combating the theft of
trade secrets.
As Victoria just mentioned, this work is a top prior-ity for President Obama, for the entire Administra-tion – and of course for the dedicated men and women at the Department of Justice. I’m deeply proud of the contributions that my colleagues have made in developing this strategy – and the pivotal role that the Department will play in its implementation. And I’m confident that – as we bring government agencies and additional private sector partners together to put these plans into action – we’ll continue strengthening national efforts to protect the rights, safety, and best inter-ests of American consumers, innovators, and
entrepreneurs.
Particularly in this time of ongoing economic re-covery, this work is more important than ever. Despite the challenges of recent years, American companies remain the most innovative in the world. They are responsible for many of the most important technological advances the world has ever seen, an overwhelming number of the 100 most valuable brands, and almost 30 percent of
global research and development spending.
This level of innovation and the investments that make it possible benefit consumers, create jobs, and support our economy. For instance, in 2011, companies in Silicon Valley added over 42,000 jobs and recorded a growth rate more than three times that of the U.S. economy as a whole. But, as any of the corporate leaders in this crowd can attest, this prosperity is a double-edged sword. And it inevitably attracts global rivals – including individuals, companies, and even countries –
eager to tilt the playing field to their advantage.
By corrupting insiders, hiring hackers, and engag-ing in other unscrupulous and illegal activities, these entities can inflict devastating harm on indi-vidual creators, start-ups, and major companies. As one private security expert has said of the largest U.S. corporations, there are only ―two categories‖ of companies affected by trade secret theft – ―[T]hose that know they’ve been compro-
mised and those that don’t know yet.‖
This is because, as new technologies have torn down traditional barriers to international business and global commerce, they’ve also made it easier
for criminals to steal trade secrets – and to do so from anywhere in the world. A hacker in China can acquire source code from a software compa-ny in Virginia without leaving his or her desk. With a few keystrokes, a terminated or simply unhappy employee of a defense contractor can misappropriate designs, processes, and formulas
worth billions of dollars.
Some of these criminals exploit pilfered secrets themselves – often by extorting the victim compa-ny or starting their own enterprise. Others try to sell the illicit information to a rival company, or obtain a bounty from a country interested in en-couraging such theft. And all represent a signifi-cant and steadily increasing threat to America’s
economic and national security interests.
Fortunately, the women and men of the Justice Department are working tirelessly to prevent, combat, and punish these serious crimes. Thanks to the efforts of 40 prosecutors and four computer forensic experts serving in the Comput-er Crime and Intellectual Property Section, and more than 230 specially-trained prosecutors sta-tioned at U.S. Attorneys’ Offices around the coun-try, including 25 Computer Hacking and Intellectu-al Property – or ―CHIP‖ – units, I’m pleased to report that we’re fighting back more aggressively, and collaboratively, than ever before. And with approximately 240 FBI agents in the field dedicat-ed to investigating IP crime, along with officials from U.S. Immigration and Customs Enforcement, and 20 additional state, federal, and international law enforcement agencies that are partners at the IPR Center, we are poised to build on our recent
successes.
I’m proud of the outstanding work that these pro-fessionals are leading every day, in offices all across the country. But I also recognize – as I know you all do – that the Justice Department won’t be able to continue making the progress we need, and that our citizens and companies de-
serve, on its own.
We need to increase cooperation and coordina-tion between partners at every level of govern-ment. We need to improve engagement with the corporations represented in the room today. We need to find ways to work together more efficiently and effectively – by following the road map set forth in the Administration’s new, comprehensive strategy. And we need to do so starting immedi-ately – because continuing technological expan-sion and accelerating globalization will lead to a dramatic increase in the threat posed by trade secret theft in the years ahead.
(Continued on pg. 16)
Counterintelligence and Cyber News and Views
16
(Continued from pg. 15)
In fact, by 2015, experts believe that the number of smart phones, tablets, laptops, and other internet-access devices in use will be roughly double the total that existed in 2010. In the same period, the proliferation of cloud-based computing will significantly enhance flexibility and productivity for workers around the world. But these same forces will also create more access points and vulnerabilities that allow criminals to steal confidential information. Just as increasing globalization will enable American companies of all sizes to benefit from foreign technical experts and research and development activities in other countries, the sharing of trade secrets with entities operating in nations with weak rule of law may expose them to intellectual property losses. Any resulting cost advantages will likely be more than offset by losses in
proprietary company information.
Unfortunately, these projections aren’t merely hypothetical. We’ve seen this phenomenon before – including in the late 1990s, when I had the privilege of serving as Deputy Attorney General. Between 1997 and 2000, internet usage in the United States more than doubled – and this massive technological shift also brought about major changes in the nature of crime. For instance, in 1999 alone, we saw a 30-percent spike in intellectual property cases over the previous year. In order to fight back, in July of that year I announced the Department’s first major IP Strategy, known as the Intellectual Property
Rights Initiative.
Of course, we’ve all come a long way since then. As critical technologies have advanced, criminals have adapted accordingly. Our need to keep pace with these changes remains imperative. And the stakes have never been
higher.
In some industries, a single trade secret can be worth millions – or even billions – of dollars. Trade secret theft can require companies to lay off employees, to close factories, to lose sales and profits, to experience a decline in competitive position and advantage – or even to go out of business. And this type of crime can have significant impacts not only on our country’s economic well-being, but on our national security – allowing hostile states to obtain data and technology that could endanger American lives; expose our energy, financial, or other sensitive sectors to massive losses; or make our infrastructure vulnerable to
attack.
In response, the Justice Department has made the investigation and prosecution of trade secret theft a top priority. This is why the Nat iona l Secur i ty D iv is ion ’s Counterespionage Section has taken a leading role in economic espionage cases – and others affecting national security and the export of military and strategic commodities or technology. It’s also why, in 2010, I established an internal Task Force on Intellectual Property – led by Deputy Attorney General Jim Cole and other senior Department leaders – to improve and expand our enforcement efforts in this area. And it’s why the FBI has increased its focus on trade secret theft and its use of sophisticated tools and techniques in conducting national
security and criminal investigations.
Of course, most trade secret matters are dealt with in civil court. But when the Justice Department receives referrals, we investigate and, when appropriate, prosecute those matters fairly and completely. And, although the primary legislation creating criminal liability for these acts is less than 20 years old, federal law enforcement officials have established a remarkable record of success in
this area.
In the decade between 2001 and 2011, we secured well over 100 convictions in cases involving criminal trade secret thefts, and 6 convictions in economic espionage cases. For instance, in December 2011, a federal court in Indiana sentenced a man from China to more than 7 years in prison – after his conviction on charges of economic espionage on behalf of a foreign university tied to the Chinese government. Last September – in New Jersey – a jury convicted another Chinese native of trade secret theft and other charges for stealing information from a defense contractor about the performance and guidance systems for missiles and other military hardware. And last November – in Michigan – a former General Motors engineer and her husband were convicted of conspiring to steal more than $40 million worth of trade secrets from GM, with intent to use them in a joint venture with an automotive competitor in
China.
In these and many other cases – as we’ve refined our approach and increased our understanding of these crimes and those who commit them – the Department has also gathered valuable intelligence about foreign-based economic espionage. We’ve forged strong relationships with law enforcement partners, private sector experts, and international allies. And we’ve begun to raise
awareness about the devastating impact of these crimes – and to encourage companies to report suspected breaches to law enforcement – so violators can be caught, brought to justice, and kept from striking
again.
As we carry this work into the future – thanks to the support and assistance of everyone here today, and the cutting-edge strategy we’re committed to implementing – I’m confident that we’ll continue to make great strides in the fight against trade secret theft. We’ll keep improving our ability to crack down on intellectual property infringement and economic espionage. And together we’ll ensure that the United States is, and always
will be, the world leader in innovation.
Counterintelligence and Cyber News and Views
17
CYBER RELATED THREATS REPORT-ED IN THE DHS DAILY OPEN SOURCE INFRASTRUCTURE REPORT
The following are extracts from DHS Daily Open Source Infrastructure Report, located at http://www.dhs.gov/files/programs/editorial_0542.shtm These reports link back to more detailed reporting from the original source. Included here are ex-tracts pertaining to cyber threats prevalent on a daily basis. Readers may find practical applica-tions for this material both in their work and in their personal use of computing devices and inter-
net usage.
March 20, Threatpost – (International) Research-ers uncover „Team Spy‟ attack campaign against government, research targets. Re-searchers uncovered a long-running cyberespio-nage campaign by a group dubbed ―Team Spy‖ for its use of the legitimate Team Viewer applica-tion. The group targeted government, heavy in-dustry, intelligence, and activist organizations
around the world.
Source: http://threatpost.com/en_us/blogs/researchers-uncover-teamspy-attackcampaign-
targeting-government-research-targets-032013
March 4, The Register – (International) New class of industrial-scale super-phishing emails threatens biz. Security researchers have identi-fied a new large-scale form of phishing that uses tailored messages and variable links to direct users to drive-by download sites where rootkits
are installed.
Source: http://www.theregister.co.uk/2013/03/04/
longlining_phishing/
February 27, Softpedia – (International) Emer-gency Flash update to protect Firefox users. Firefox released an update to Flash which ad-dresses vulnerabilities that target the browser and leave it susceptible to crashes and open to mali-
cious attacks.
Source: http://news.softpedia.com/news/Emergency-Flash-Update-to-Protect-Firefox-
Users332853.shtml
USA Today, Feb 27, 2013: Security tools reveal cyber intruders' trickery. There is a silver lining to the rash of revelations about cyber intruders cracking into the networks of marquee U.S. corpo-rations. Microsoft this week admitted to a major network breach, following in the footsteps of Ap-ple, Facebook, Twitter, The New York Times, The Wall Street Journal and the Federal Reserve, all of which have made similar disclosures in Febru-ary. However, the mea culpas also show that with persistent network breaches continuing to esca-late, some large organizations have begun proac-tively gathering intelligence about what the bad guys are up to. They are doing this by stepping up
the use of cutting-edge tech security systems. And by moving to advance public knowledge about the stealthy tactics of cyber intruders, com-panies under attack could be taking a crucial step toward gaining an advantage on the attackers, say security analysts and law enforcement offi-cials. "The one thing these disclosures have done is provide significant visibility into the latest at-tacks," says Lawrence Pingree, cybersecurity industry analyst at market researcher Gartner.
"Without that, you're blind."
Data thieves, cyberspies and hacktivists, to be sure, continue to probe company networks as intensively as ever. An estimated 60% of compa-nies globally reported a network security breach in the past year, including 34% that identified more than one penetration, according to a survey of 4,447 tech professionals in nine nations, conduct-ed by Ponemon Institute and sponsored by Juni-per Networks. Those survey results were released on Monday at the giant RSA cybersecurity confer-ence in San Francisco, where much of the buzz
this week has been about the value of openness.
"Just a short time ago, companies and third-party service providers were extremely reluctant to share any information for fear of airing dirty laun-dry or revealing any potential weaknesses," says Kelly Bissell, a Deloitte security and privacy princi-pal. "Now there is a grass-roots, band-of-brothers
kind of approach with the good guys."
Underscoring the openness theme, former White House cybersecurity adviser Howard Schmidt on Monday was named executive director of the non-profit Software Assurance Forum for Excellence in Code. Schmidt's mission: to assemble leaders from tech, military, law enforcement and industry to collaborate on increasing the trust in tech prod-
ucts and services.
Meanwhile, Hewlett-Packard on Tuesday an-nounced the formation of HP Security Research, a new division created to provide "actionable se-curity intelligence" via published reports and threat briefings. Those moves follow President Obama's recent executive order directing the federal government and private companies to work more closely to protect the nation's critical
infrastructure against cyberattacks.
"The best scenario for training new defenders is to get knowledge about defending current attacks out in the open," says Alan Paller, research direc-tor of security training organization The SANS Institute. "It's the only way to develop effective
and up-to-date skills and build confidence."
Cyber Squared, for one, has built openness into its business model. The security start-up recently launched ThreatConnect.com, an online ex-change where some 150 security researchers and 45 organizations convene around the clock to share data and brainstorm. "It's like a neighbor-
hood watch," says Cyber Squared CEO Adam Vincent. "The power comes from the development of a common, globally shared perspective about
sophisticated threats."
For the past three months, threatConnect partici-pants have been scrutinizing the activities of what the consensus believes to be a China-based cybergang that has been sending messages car-rying viral attachments to specific individuals at an array of companies. Their goal: to infect one em-ployee's computer and use it to get deeper into the targeted company's network, says Rich
Barger, Cyber Squared's chief intelligence officer.
One of the gang's chief targets is an international news service that has ties to the Falun Gong, a spiritual movement critical of China's human rights record. Other targets include a journal on the metals industry, as well as corporations in the U.S., Europe and Japan involved in mining, met-als, aerospace, defense, manufacturing, fabrica-
tion, construction and engineering, Barger says.
The attackers are after authentication credentials that would get them deeper network access to ultimately steal research projects, industrial pro-cesses, financial records, business strategies and
other intellectual property.
"This tells us that (China-based cybergang) APT6 has been given broad intelligence-collection re-quirements, including targeting news services that are critical of the Chinese Communist Party," Barger says. "After looking at patterns of activity and the targeting of specific victims around key geopolitical events, you can identify a common
China nexus.
"While the 3-month-old exchange is shedding fresh light on nation-state cyberespionage, other cutting-edge security systems are flushing out cybercriminals of another stripe: those motivated
purely by quick profits.
Juniper Networks, for instance, this week rolled out Spotlight Secure, a new cloud-based security service designed to pay very close attention to the makeup of any PC or mobile device that tries to probe a company's website for security holes. Cyber intruders often deploy armies of infected computers, or bots, under their control to repeat-edly attempt to break into a targeted company's network through its public website. Spotlight Se-cure watches for - and blocks - any PC or mobile device that attempts to make suspicious connec-tions to a website, and records more than 200 unique attributes of the attacking machine - in essence, fingerprinting it, says David Koretz, Juni-per security vice president. It then shares that information with companies and websites using Juniper's security services.
(Continued on pg. 18)
Counterintelligence and Cyber News and Views
18
(Continued from pg. 17)
The service recently detected 3,000 separate PCs launching more than 20,000 attacks against the website of an Australian hotel chain during the course of a week. "We were even able to detect a case of a single attacker who intentionally switched IP addresses to make it look like the attacking machines were coming from multiple
parts of the world," Koretz says.
"They were either trying to lock up hotel rooms to resell them for more money, or trying to steal
company or customers' financial credentials."
Another kind of mass attack crafted to make quick cash involves directing thousands of infected PCs to deliver phishing e-mail messages carrying a viral attachment or corrupted Web link. Security analysts at Cisco Systems were recently retained by a large payroll services firm to get to the bottom of a case in which numerous customers complained about a suspicious e-mail purporting to come from the firm, asking them to click to an anti-fraud alert service. Anyone unfortunate enough to have clicked on the tainted link had installed a sophisticated online banking theft program, called ZeuS, says Gavin Reid, Cisco's
director of threat research.
Cisco's analysts pored through the data trove of e-mail spam it continually filters from the networks of thousands of organizations worldwide that use its security services. They found that a run of bogus emails with the firm's name represented 38% of all spam for that day. The payroll firm thus was able to establish that the attackers had simply appropriated its brand to blast out the e-mail to a broad group of recipients, including some of its customers, using e-mail addresses
obtained from an unknown source.
"Cisco provided hard evidence that the attackers behind the phishing campaign had not, in fact, obtained a list of customers, and the phishing attack was not specifically targeted in this manner," Reid says. "The company was relieved that we could prove that no customer data had been taken." While that discovery did little for any of the firm's customers who happened to fall for the phishing ruse, security experts say any fresh insight that lends clarity to the tactics and patterns favored by cybercriminals represents ground
gained.
Says Gartner's Pingree: "What you're seeing with the discovery of these attacks and breaches is the fact that we've raised the bar in security and increased its visibility to the extent that malware
can be discovered, rooted out and removed."
Source: http://www.sheboyganpress.com/
usatoday/article/1949879
Spearphishing: The Dirty Email Trick Favored
by the Nastiest Hackers CNBC, 27 Feb 2013: A new report says that the Chinese military is secretly obtaining sensitive data from U.S.
companies.
A key technique is "spearphishing," an approach that tricks a targeted individual to reveal information that can be used to infiltrate the company or government agency that person works for. Security companies have been warning about spearfishing for the last two to three years, and its use is increasing. But now that it has become top news, thanks to a report from U.S. computer-security firm Mandiant Corp. explaining how Chinese operatives tricked workers at Coca-Cola and other major American firms, what is at the top of many people's minds is this: How do
you know if you're being spearphished?
You probably know to watch out for phishing attempts — broad, massive email efforts to get you to hand over personal financial information like a credit card number or to click on a website link that could allow malware to steal information from your computer. They're usually riddled with spelling errors and terrible formatting. Spearphishing is subtler, because it's aimed at
intelligence gathering.
It "often takes the form of key personnel inside an organization being emailed a malicious file," Graham Cluley of Sophos Security told NBC News Tuesday. "It could be, for instance, a booby-trapped PDF file or Word document which when opened — secretly and silently installs spyware onto your computer," he said. "The malicious spyware code can then open a backdoor on your computer, giving hackers remote access to all the files on your computer, as well as capture every keystroke, in order to steal passwords, and read
everything on your screen."
But why would an employee open such an email? The information in the email is crafted to look and sound just right enough so that it's "remarkably easy to dupe someone into clicking on a link or opening an attachment in an email and for their
computer to become compromised," Cluley said.
"Imagine you were a reporter covering human rights abuses in China. I simply send you an email (with a boobytrapped attachment), forge my 'from' address so you believe that the email has come from a human rights group, and in the body of the email tell you that attached you'll find shocking details of human rights abuses in China." "Similarly, if you were a military supplier, I might make my email appear as though it came from a
sister company or another supplier."
Dave Jevans , founder and CTO of Marble Security, said "spearphishers know that the easiest way to break into a company's network is not to breach their firewalls and intrusion prevention systems, but rather to compromise an
employee's computer, smartphone or online passwords." Employees who use cloud-based, shared document apps like Google Docs can be
sitting ducks for spearphishing attempts.
"Google Docs is a very convenient way to fool employees or end users into divulging passwords," Jevans said. For one thing, it is a "trusted website that won't be blocked by Web filters," with invitations to view documents or forms "hosted by a trusted company — Google — not some hacked server in Russia." Also, he said, "Google Docs connections are HTTPS encrypted, and cannot be filtered by Web-filtering gateways
to scan for malicious content."
Battling spearphishing is an ongoing effort, with no easy-fix solutions in sight. "It's a massive problem," Kurt Baumgartner, Kaspersky Lab senior researcher, told NBC News Tuesday. Jevans, of Marble Security, called spearphishing "one of the most dangerous of all the advanced
persistent threats" that exist.
In 2010, Sophos Security said it intercepted an attack against a firm tied to the defense industry in which emails "carried a malicious PDF file claiming to be about the Trident D-5 missile, launched from nuclear submarines." A report from McAfee Labs at the end of 2011 noted the worrisome rise in spearphishing, saying the problem "doesn't really lend itself to a pure
technology solution.
The best defense against spearphishing is employee — particularly executive employee — education. Next-generation firewall technology can also help prevent employees from accessing rogue sites." Baumgartner told NBC News on the "human side, the old adage 'do not open suspicious emails or links,' is, well, old. While it's sensible advice, it's proven to be ineffective because you are dispensing that advice to people." And people, of course, don't always pay
close enough attention.
Security vendors, he said, "have improved their product capabilities as well," but still, "the attackers sometimes up their game to beat all of those technologies. So you can stop 'it,' but at some level you can't always stop 'it.' "For some organizations and targets, learning how to best tolerate and maintain intrusions becomes an attractive option," he said. Tools to expel invaders, or minimize exposure once they are in, may prove to be more important than just relying on "defensive technology protecting against spearphishing components," he said.
(Continued on pg. 19)
Counterintelligence and Cyber News and Views
19
(Continued from pg. 18)
Cluley, of Sophos, says companies and agen-cies can "reduce the chances of a targeted attack" being successful by keeping software such as PDF readers, Web browsers, word processing software and the computer's operat-ing system itself as up-do-date as possible, with
the latest patches.
"Furthermore, you should run a layered defense — that means not just using up-to-date antivirus software, but also firewalls, email filtering tech-nologies, data-loss protection technology and strong encryption to secure your most sensitive data," he said. And back to that human ele-
ment?
"Also, it's amazing how many people re-use passwords, and use the same weak password in multiple places," Cluley said. "That means if you get hacked in one place, and your pass-word is compromised, it may also unlock ac-counts elsewhere on the Net." All of these steps "can reduce your chances of suffering from a
targeted attack," he said.
"But ultimately, there's no 100 percent techno-logical solution, as human beings can still make bad decisions. And that's why it's important to train users about threats, and warn them to be suspicious of unsolicited links and attachments
and to always report suspicious activity."
Source: http://www.cnbc.com/id/100502990
Corporate data loss hits highest levels since 2008 27 Feb 2013: Recent incidents of corpo-rate data loss hit the highest levels since 2008 as companies work to improve data security strategies against a greater variety of more sophisticated IT attacks that can pose severe enterprise and reputational risks. Data loss attacks affected more than one billion people in the last five years and more than 60 percent of those incidents were the result of hacking, says The Data Loss Barometer report from KPMG that analyzed incidents since 2005 across in-
dustries, types of data loss and global regions.
According to the report, data loss threats have risen substantially with the use of mobile devic-es for business purposes and personally identi-fiable information continues to be the top data loss type. Industries such as health care and professional services, which maintain the larg-est databases of personal information, saw 18.5 million people affected by PC theft, which ac-counted for one-third of all data loss incidents in
those sectors for the first half of 2012.
"Hard drives continue to be the number one
target for portable media data loss, but we have seen a big increase in incidents around DVDs and CDs, as well," said Greg Bell, a partner at KPMG LLP. "The volume of company data stored on personal and mobile devices needs to be a major consideration when devising a com-
prehensive security plan."
Depending on the type of data loss, an incident can be a major risk to a company's revenue or reputation. Senior management and boards are now challenged to weigh the threat of exposure according to which data loss could be more impactful to the company and employ security measures as appropriate, according to the re-
port's findings.
"If a laptop with a formula for a new cancer drug is stolen, it could have the potential for a billion dollar loss to a company's future revenue; but if a laptop is lost with health records for two mil-lion patients, that could be a reputational mark
from which they can't recover," said Bell.
"Executives and boards need to be a part of the discussion around the most effective way to protect this information from all types of loss because it could mean unrecoverable damage
to a firm."
Additional findings in the KPMG report included:
Government, healthcare, education, finan-cial services and retail comprised the top five worst performing sectors for data loss
incidents in the last five years.
The insurance sector is the most at risk from social engineering and system/human
error data loss.
More than 96 percent of data loss inci-dents in the media industry were attributed
to hacking during the first half of 2012.
Sou rce: h t t p : / /www.ne t - secur i t y .o rg /
secworld.php?id=14503
Cyber criminals masquerade as the ICE Cyber Crimes Center to extort money from web users IVN, 18 Feb 2013: Online scam-mers have employed a new hoax to extort mon-ey from web users in the name of the U.S. Im-migration and Customs Enforcement (ICE) Cyber Crimes Center. The latest version of this scam - which has imitated the FBI's Internet Crime Complaint Center in the past – lures victims to a drive-by download website, at which time ransomware is installed on the us-er's computer. Once installed, the computer freezes and the user is warned that their com-puter has been blocked due to federal criminal violations. The user is then told they must pay the ICE Cyber Crimes Center $400 within 48
hours to have their computer unlocked. This is a hoax - not a legitimate communication from ICE. If you have received this message, do not follow the payment instructions. Instead, it is
suggested that you:
1. File a complaint at www.IC3.gov.
2. Keep operating systems and legitimate antivirus and antispyware software updat-
ed.
3. Contact a reputable computer expert to
assist with removing the malware.
Source: http://www.imperialvalleynews.com/index.php/news/national-news/3103-cyber-criminals-masquerade-as-theice-cyber-crimes-
center-to-extort-
SCADA password cracking code available Heise Security, 25 Jan 2013: ICS-CERT has issued an alert about the existence and general availability of the proof-of-concept exploit code for a tool that can brute force passwords and thus gain access and control of programmable
logic controllers (PLCs).
The authors of the Python code in question are Alexander Timorin and Dmitry Sklyarov of SCADA Strange Love research group, and have unfortunately made the code available before the Siemens had the opportunity patch
the flaw or offer mitigations.
In order to be able to use the tool, an attacker must first capture TCP/IP traffic containing the authentication data in the challenge-response form, and then by using the script, tries out
different passwords until it finds a match.
Until Siemens comes out with mitigation, users of the affected controllers should minimize the risk to their systems by unplugging control sys-tem devices from the Internet, put them behind firewalls and isolate them from the business network, and employ secure methods for re-
mote access.
In the meantime, the script seems to have been incorporated in the popular John the Ripper password cracking tool. ICS-CERT expressed its fear that the script can be adapted to be
used against other vendor products.
Sou rce: h t t p : / /www.ne t - secur i t y .o rg /secworld.php?id=14303
(Continued on pg. 20)
Counterintelligence and Cyber News and Views
20
(Continued from pg. 19)
January 25, Help Net Security – (International) SCADA password cracking code available.
The Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) warned that a proof-of-concept exploit code was released that can brute force passwords to programmable logic controllers (PLC) before the vulnerability could be
addressed by the manufacturer, Siemens.
Source: http://www.net-security.org/secworld.php?
id=14303
January 23, InformationWeek – (International) Security flaws leave networked printers open to attack. A security researcher discovered flaws in Hewlitt-Packard’s JetDirect printer networking software which can be used to bypass security controls, disable printers, or reprint previous
documents.
Source: http://www.informationweek.com/security/vulnerabilities/security-flaws-leavenetworked-
printers/240146805
CYBER RELATED ARTICLES
The following articles of interest are included here
because of their nexus to cyber related topics.
Virus Warning: E-Mail from „FBI Alert‟ Not Re-ally from FBI
http://www.fbi.gov/jackson/press-releases/2013/virus-warning-e-mail-from-fbi-alert-not-really-from-fbi
FBI Jackson
February 06, 2013 Public Affairs Specialist Debo-
rah Madden
(601) 948-5000
The FBI does not send unsolicited e-mail.
Recently, some Mississippi residents have re-ceived an alarming e-mail, supposedly containing an ―FBI Alert‖ about someone with whom they have communicated online. This e-mail requests that recipients contact the ―FBI secret service‖ by
following a link provided in the e-mail.
Be warned: the e-mail is not from the FBI, and if you click on the embedded link, you run the risk of
infecting your computer with a malicious virus.
Daniel McMullen, Special Agent in Charge of the FBI in Mississippi, states, ―These e-mails do not come from the FBI. Recipients of this or similar e-mails should know that the FBI does not send
unsolicited e-mails to the public.‖
The following is the actual message:
From: FBI ALERT <[email protected]>
Date: February 2, 2013, 5:47:06 p.m. CST
To: undisclosed-recipients:;
Reply-To: FBI ALERT
We have an information for you regarding the person you are transacting with online. You need to see this yourself. Contact us immediately for this is very important to you. Keep it to yourself and contact us, get back to us immediately. There is something you need to know about this person or you might end up loosing everything you ever worked for. Stop e-mailing until you hear from us. Contact FBI secret service with the e-mail below
[email protected] FBI secret service.
There are many preventative measures you can take to minimize the risk of exposing your comput-
er to a virus.
1. Be suspicious of any unsolicited e-mail.
2. Do not click on links contained within an unso-
licited e-mail.
3. Log directly onto an official website for the enti-ty identified in the e-mail, instead of ―linking‖ to
one from an unsolicited e-mail.
4. Contact the actual entity that supposedly sent
the e-mail to verify if the e-mail is legitimate.
5. Be watchful of spelling errors, grammar prob-lems, or inconsistent information. These could be signs that the sender is fraudulent (not who they
say they are).
Opening e-mail from an unknown sender, espe-cially those using the names of well-known enti-ties to catch your attention, is risky. Links embed-ded in such e-mails frequently lead to viruses
which can infect the recipient’s computer.
In order to address Internet threats, including scam or fraudulent e-mails, the Internet Crime Complaint Center (IC3), a partnership between the FBI and the National White Collar Crime Cen-
ter, was established in 2000.
―The IC3 serves as a vehicle to receive, develop, and refer Internet crime complaints,‖ said SAC McMullen. ―If you have received an e-mail of this nature, or any scam e-mail, we encourage you to notify the IC3 by filing a complaint at
www.ic3.gov .‖
Looking for Love? Beware of Online Dating Scams
http://www.fbi.gov/news/stories/2012/february/dating-scams_021412
02/14/12
Millions of Americans visit online dating websites every year hoping to find a companion or even a
soul mate.
But today, on Valentine’s Day, we want to warn you that criminals use these sites, too, looking to turn the lonely and vulnerable into fast money
through a variety of scams.
These criminals—who also troll social media sites and chat rooms in search of romantic victims—usually claim to be Americans traveling or working abroad. In reality, they often live overseas. Their most common targets are women over 40 who are divorced, widowed, and/or disabled, but every age
group and demographic is at risk.
Here’s how the scam usually works. You’re con-tacted online by someone who appears interested in you. He or she may have a profile you can read or a picture that is e-mailed to you. For weeks, even months, you may chat back and forth with one another, forming a connection. You may even be sent flowers or other gifts. But ultimately, it’s going to happen—your new-found ―friend‖ is going
to ask you for money.
Recognizing an Online Dating Scam Artist
Your online ―date‖ may only be interested in your
money if he or she:
- Presses you to leave the dating website you met through and to communicate using personal e-
mail or instant messaging;
- Professes instant feelings of love;
- Sends you a photograph of himself or herself that looks like something from a glamour maga-
zine;
- Claims to be from the U.S. and is traveling or
working overseas;
- Makes plans to visit you but is then unable to do
so because of a tragic event; or
- Asks for money for a variety of reasons (travel, medical emergencies, hotel bills, hospitals bills for a child or other relative, visas or other official doc-uments, losses from a financial setback or crime
victimization).
One way to steer clear of these criminals all to-gether is to stick to online dating websites with
nationally known reputations.
So you send money…but rest assured the re-quests won’t stop there. There will be more hard-ships that only you can help alleviate with your financial gifts. He may also send you checks to cash since he’s out of the country and can’t cash them himself, or he may ask you to forward him a package.
(Continued on pg. 21)
Counterintelligence and Cyber News and Views
21
(Continued from pg. 20)
So what really happened? You were targeted by criminals, probably based on personal infor-mation you uploaded on dating or social media sites. The pictures you were sent were most likely phony, lifted from other websites. The profiles were fake as well, carefully crafted to
match your interests.
In addition to losing your money to someone who had no intention of ever visiting you, you may also have unknowingly taken part in a money laundering scheme by cashing phony checks and sending the money overseas and by shipping stolen merchandise (the forwarded
package).
While the FBI and other federal partners work some of these cases—in particular those with a large number of victims or large dollar losses and/or those involving organized criminal groups—many are investigated by local and
state authorities.
We strongly recommend, however, that if you think you’ve been victimized by a dating scam or any other online scam, file a complaint with our Internet Crime Complaint Center. Before forwarding the complaints to the appropriate agencies, IC3 collates and analyzes the da-ta—looking for common threads that could link complaints together and help identify the cul-prits. Which helps keep everyone safer on the
Internet.
For specific tips on how to keep from being lured into an online dating scam, see the side-bar above. Awareness is the best tool for pre-venting crime…and in this case, even for pre-
venting a broken heart.
Statement Before the House Committee on the Judiciary, Subcommittee on Crime, Terrorism, and Homeland Security
h t t p : / / w w w . f b i . g o v / n e w s / t e s t i m o n y /investigating-and-prosecuting-21st-century-
cyber-threats
John Boles Deputy Assistant Director, Cyber Division Federal Bureau of Investigation Washington, D.C. March 13, 2013
Chairman Sensenbrenner, Ranking Member Scott, and members of the subcommittee, I am pleased to appear before you today to discuss the nature of the cyber threat, how the FBI has responded to it, and how we are marshaling our resources and strengthening our partner-ships to more effectively combat the increas-
ingly sophisticated adversaries we face in
cyberspace.
The Cyber Threat
Some of the most critical threats facing our nation today emanate from the cyber realm. Intrusions into our corporate networks, person-al computers, and government systems are
occurring every single day by the thousands.
We see four primary malicious actors in the cyber world: foreign intelligence services, ter-rorist groups, organized crime enterprises, and
hacktivists.
Dozens of countries have offensive cyber ca-pabilities, and these foreign cyber spies have become increasingly adept at exploiting weak-nesses in our computer networks. Once inside, they can exfiltrate government and military secrets as well as valuable intellectual proper-ty—information that can improve the competi-tive advantage of state-owned entities and
foreign companies.
Terrorist groups would like nothing better than to digitally sabotage our power grid or water supply. Some say they do not currently have the capability to do it themselves. But the reali-ty is that the capability is readily available on
the open market.
Organized crime groups, meanwhile, are in-creasingly migrating their traditional criminal activity from the physical world to computer networks. They no longer need guns to rob a bank; they use a computer to breach corporate and financial institution networks to steal cre-dentials, account numbers, and personal infor-
mation they can use to make money.
These criminal syndicates, often made up of individuals living in disparate places around the world, have stolen billions of dollars from the financial services sector and its customers. Their crimes increase the cost of doing busi-ness, put companies at a competitive disad-vantage, and create a significant drain on our
economy.
Hacktivist groups such as Anonymous and LulzSec are pioneering their own forms of digital anarchy by illegally accessing comput-ers or networks for a variety of reasons, includ-
ing politically or socially motivated goals.
With these diverse threats, we anticipate that cyber security may well become our highest priority in the years to come. Computer intru-sions and network attacks are the greatest cyber threat to our national security. That is why we are strengthening our cyber capabili-
ties in the same way we enhanced our intelli-gence and national security capabilities in the
wake of the September 11 attacks.
FBI Response 2002-2012
The FBI recognized the significance of the cyber threat more than a decade ago and, in response, created the Cyber Division in 2002; elevated the cyber threat as our number three national priority (only after counterterrorism and counterintelligence); significantly in-creased our hiring of technically trained agents, analysts, and forensic specialists; and expanded our partnerships with law enforce-ment, private industry, and academia through initiatives like InfraGard—a public-private coa-lition of 55,000 members to protect critical infrastructure—and the National Cyber-Forensics and Training Alliance (NCFTA)—a proven model for sharing private sector intelli-
gence in collaboration with law enforcement.
We have made great progress in the interim. Ten years ago, if you were an agent conduct-ing a cyber investigation and the Internet Pro-tocol (IP) address tracked back to a foreign country, that was effectively the end of your investigation. Although you could send a lead to one of the FBI’s overseas legal attaché offices, the likelihood that you would discover
who was behind the keyboard was small.
Since then, we have embedded cyber agents with law enforcement in several key countries: Estonia, Ukraine, the Netherlands, and Roma-nia. Some countries in cyber hot spots also enhanced their domestic laws and agreed to
allow extraditions to the United States.
Those changes, along with improvements in our ability to track IP addresses back to their source, have led to a recognition in the under-ground economy that there are fewer safe hiding places around the globe. Building on the success of our international outreach, we are currently expanding our cyber assistant legal
attaché program to additional countries.
A prime example of how our investigations have progressed in the 10 years since the Cyber Division was created is the 2011 takedown of Rove Digital, a company founded by a ring of Estonian and Russian hackers to
commit a massive Internet fraud scheme.
The scheme infected with malware more than four million computers located in more than 100 countries. The malware secretly altered the settings on infected computers, enabling the hackers to digitally hijack Internet searches
(Continued on pg.22)
Counterintelligence and Cyber News and Views
22
(Continued from pg. 21)
using rogue servers for Domain Name System (DNS) routers and re-routing computers to certain websites and ads. The company re-ceived fees each time these websites or ads were clicked on or viewed by users. This scheme generated $14 million in illegitimate
income for the operators of Rove Digital.
Because Estonia has improved its domestic laws, we were able to work with our law en-forcement counterparts and our private indus-try partners to execute a takedown of this crim-inal organization. Following the arrest of sever-al co-conspirators in Estonia, teams of FBI agents, linguists, and forensic examiners as-sisted Estonian authorities in retrieving and analyzing data that linked the co-conspirators to the Internet fraud scheme. At the same time, we obtained a court order in the United States to replace the rogue DNS servers with court-
ordered clean servers.
In this case, we not only took down the crimi-nal organization, but worked with our partners in DHS and other agencies to mitigate the damage. Seven individuals have been indicted in the Southern District of New York in this case: six in Estonia and one in Russia. The United States has sought extradition of all six Estonian subjects. To date, two of them have been remanded to U.S. custody. One pleaded
guilty on February 1, 2013.
We are also employing novel ways of combat-ing the threat. In Operation Coreflood, the FBI worked with our private sector and law en-forcement partners to disable a botnet that had infected an estimated two million computers
with malicious software.
The malware on this Coreflood botnet allowed infected computers to be controlled remotely by criminals to steal private personal and fi-nancial information from unsuspecting users. In an unprecedented move, the FBI obtained a court order to seize domain names, re-route the botnet to FBI-controlled servers, and re-spond to commands sent from infected com-puters in the United States, telling the zombies to stop the Coreflood software from running. The success of this innovative operation will help pave the way for future cyber mitigation efforts and the development of new ―outside
the box‖ techniques.
While we’re proud of these investigative suc-cesses and our progress against the threat, we are continuing to push ourselves to respond more rapidly and prevent attacks before they
occur.
Last month, President Obama released the administration’s Strategy on Mitigating the Theft of U.S. Trade Secrets. As part of the strategy, the FBI is expanding its efforts to fight computer intrusions that involve the theft of trade secrets by individuals, foreign corpora-
tions, and nation-state cyber hackers.
Over the past year, under our legal authorities and in conjunction with our government part-ners, we have successfully warned some po-tential victims ahead of time that computer network exploitation or computer network at-tacks were about to happen. They were able to use that information to shore up their defens-
es.
Another area in which we’ve had success re-cently is in targeting infrastructure we believe has been used in distributed denial of service (DDoS) attacks, and preventing it from being
used for future attacks.
Since October, the FBI and the Department of Homeland Security have released nearly 130,000 IP addresses that were believed to be infected with DDoS malware. We have re-leased this information through joint intelli-gence bulletins (JIBs) to 129 countries. These JIBs are released by both the Department of Homeland Security’s Computer Emergency Readiness Team mechanisms as well as by
our legal attachés to our foreign partners.
These actions have enabled our foreign part-ners to take action and reduced the effective-
ness of the botnets and the DDoS attacks.
Next Generation Cyber
The need to prevent attacks before they occur is a key reason we have redoubled our efforts to strengthen our cyber capabilities while pro-tecting privacy, confidentiality, and civil liber-ties. The FBI’s Next Generation Cyber Initia-tive, which we launched in 2012, entails a wide range of measures, including focusing our Cyber Division on intrusions; hiring additional computer scientists; creating Cyber Task Forc-es focused on intrusions in each of our 56 field offices; and expanding partnerships and col-laboration at the National Cyber Investigative
Joint Task Force (NCIJTF).
The nature and severity of the cyber threat have led the government agencies with a role in cyber security to recognize that we must work together more efficiently than ever to keep pace with and surpass our adversaries in
this realm.
To that end, FBI Director Robert Mueller, DHS Secretary Janet Napolitano, and National Se-curity Agency (NSA) Director Keith Alexander recently held a series of meetings to clarify the lanes in the road in cyber jurisdiction. The group mutually agreed on their respective roles and responsibilities related to a cyber incident. The FBI’s role is to investigate, attribute, and disrupt cyber crimes affecting the United States. DHS’ role is to protect our critical infra-structure and our networks, coordinate mitiga-tion and recovery from cyber incidents, and to disseminate threat information across various sectors. NSA’s role is to gather intelligence on foreign cyber threats and to protect national
security systems.
We are coordinating at an unprecedented level, including rapid, real-time exchanges from FBI investigative activities to DHS, allow-ing the department to push out information to help safeguard other networks from similar
attacks.
A key part of the intergovernmental effort is the FBI-operated NCIJTF, which serves as the deconfliction center on cyber investigations among 19 agencies. The NCIJTF involves senior personnel from key agencies, including deputy directors from NSA, DHS, the Central Intelligence Agency, and U.S. Secret Service. A fifth deputy will soon be appointed by U.S. Cyber Command. NCIJTF brings together a partnership of agencies focused on addressing cyber threats through investigations and intelli-
gence sharing.
Not only have we recognized that the cyber threat warrants considerably strengthening our intergovernmental partnerships, but it also warrants significantly enhancing our collabora-
tion with the private sector.
Today, the private sector is the essential part-ner if we are to succeed in defeating the cyber threat. The private sector is a primary victim of cyber intrusions—and its networks contain the evidence of countless such attacks. Our na-tion’s companies and businesses possess the information, the expertise, and the knowledge we need to combat the threat. They also build the components of cyber security—the hard-ware, the software, and the networks—and drive future technology.
(Continued on pg. 23)
Counterintelligence and Cyber News and Views
23
(Continued from page 22)
In the past, industry has provided us infor-mation about attacks that have occurred, and we’ve investigated the attacks. Our adver-saries have taken advantage of the fact that we have been limited in the kind of information we exchange with the private sector. We now realize this can no longer be a one-way flow of
information.
As part of our enhanced private sector out-reach efforts, we’re providing industry with tools—including information—to help repel intruders. In fact, in line with a strategic gov-ernment-wide shift, we have recently begun to provide classified threat briefings to key indus-try partners and work with them to exchange information. InfraGard, NCFTA, and our other
partnerships are a step in the right direction.
But we must build on these initiatives, in con-junction with our federal partners, to expand the channels of information sharing and collab-oration. We recognize that there are many considerations to take into account when con-sidering the level of public-private collaboration we believe is necessary, including industry concerns about the protection of their proprie-tary information and questions about how best to share classified information. We are com-mitted, however, to engaging in this collabora-tion in a way that fully protects privacy, confi-
dentiality, and civil liberties.
* * *
In conclusion, Mr. Chairman, to counter the cyber threats we face, we are engaging in an unprecedented level of intergovernmental collaboration and cooperation with the private
sector.
We look forward to continuing to expand on those partnerships and working with the com-mittee and Congress as a whole to determine a successful course forward for the nation to combat the cyber threat while protecting priva-
cy, confidentiality, and civil liberties.
Thank you again for the opportunity to appear before you today. I would be happy to answer
any questions you may have.
Deputy Attorney General James M. Cole Speaks at the Administration Event to Highlight Priorities for Cybersecurity Policy
h t t p : / / w w w . j u s t i c e . g o v / i s o / o p a / d a g /
speeches/2013/dag-speech-130213.html
Washington, D.C.
Wednesday, February 13, 2013
Last year, the Administration made its views on the importance of privacy and civil liberties clear during deliberations on cybersecurity legislation. The Administration declared, ―Cybersecurity and privacy are not mutually exclusive.‖ It also affirmed its commitment that ―[t]he sharing of information must be con-ducted in a manner that preserves Americans' privacy, data confidentiality, and civil liber-
ties….‖
Today, as we roll-out the Executive Order on Improving Critical Infrastructure Cybersecurity, the Administration is just as resolute about
adhering to those ideals.
As Deputy Secretary Lute and General Alex-ander have emphasized, one of the most im-portant aspects of the Executive Order is its emphasis on improving government mecha-nisms for providing timely cyber threat infor-mation to the private sector. For example, the Executive Order explicitly adopts a ―whole-of-government‖ policy to increase the volume, timeliness, and quality of cyber threat infor-mation that is shared with the U.S. private sector so that they may better protect and defend themselves against cyber threats. In that vein, the Order mandates expansion of the Enhanced Cybersecurity Services initia-tive—a voluntary program that provides classi-fied cyber threat information to appropriately cleared personnel employed by private sector owners and operators of critical infrastructure. In addition, the Order requires the Department of Justice, the Department of Homeland Secu-rity, and the Office of the Director of National Intelligence to declassify cyber threat intelli-gence reports that target U.S. entities and to establish a process for rapidly notifying those entities of cyber threats. These are critical initial steps that the government must take to assist private sector companies in defending their systems and networks from escalating, evolving, and increasingly sophisticated cyber threats. In taking these steps to improve the flow of cyber threat information, however, we must not lose sight of our commitment to se-cure individual privacy and civil liberties as we
do it.
How will we ensure that information received and disseminated under the Executive Order is protected consistent with our commitment to
protect privacy and civil liberties?
We will do so by ensuring that our cybersecuri-
ty activities are conducted in a transparent manner with the guidance and oversight of officials trained to safeguard privacy and civil liberties. Under the Executive Order, each federal department and agency is required to develop and implement privacy and civil liber-ties safeguards in concert with their cyberse-curity activities. Each agency’s senior officials for privacy and civil liberties are required to conduct assessments of those safeguards and their implementation. Those assessments will be shared with DHS’ Chief Privacy Officer and Officer for Civil Rights and Civil Liberties for inclusion in a public report. That report will be produced in consultation with the Privacy and Civil Liberties Oversight Board and reviewed
annually.
The Executive Order includes another im-portant feature designed to ensure that federal agencies take a consistent and thorough ap-proach to identifying and mitigating potential privacy impacts of cybersecurity activities. In particular, it requires agencies to conduct their assessments using the well-established Fair Information Practice Principles—also known
as ―FIPPs.‖
So what are the ―FIPPs‖? FIPPs are the widely-accepted framework of principles used to assess and mitigate privacy and civil liberties impacts of information systems, processes, or programs. They consist of eight interdepend-ent principles—Transparency, Individual Par-ticipation, Purpose Specification, Data Minimi-zation, Use Limitation, Data Quality and Integ-
rity, Security, Accountability and Auditing.
The FIPPS provide an objective set of princi-ples, but they also permit agencies to apply those principles in the context of their differing authorities and missions. They are not a new invention of this Executive Order. Rather, they are time-tested and universally recog-nized principles that form the basis of the Pri-vacy Act of 1974 and dozens of other federal privacy and information protection statutes. They continue to be used prominently today, including in the White House’s National Strate-gy for Trusted Identities in Cyberspace and the
Consumer Privacy Bill of Rights.
In closing, I want to emphasize the Administra-tion’s commitment to doing this right—which is demonstrated by the Executive Order itself. This Order sets the direction for responsible, effective cybersecurity standards and infor-mation sharing, while preserving individual privacy and civil liberties and ensuring trans-parency and accountability to the American
public we seek to protect.
Counterintelligence and Cyber News and Views
24
Executive Order -- Improving Critical Infra-structure Cybersecurity
h t tp : / /www.wh i t ehouse .gov / t he -press -office/2013/02/12/executive-order-improving-
critical-infrastructure-cybersecurity
EXECUTIVE ORDER
IMPROVING CRITICAL INFRASTRUCTURE
CYBERSECURITY
By the authority vested in me as President by the Constitution and the laws of the United States of America, it is hereby ordered as fol-
lows:
Section 1. Policy. Repeated cyber intrusions into critical infrastructure demonstrate the need for improved cybersecurity. The cyber threat to critical infrastructure continues to grow and represents one of the most serious national security challenges we must confront. The na-tional and economic security of the United States depends on the reliable functioning of the Nation's critical infrastructure in the face of such threats. It is the policy of the United States to enhance the security and resilience of the Nation's critical infrastructure and to maintain a cyber environment that encourages efficiency, innovation, and economic prosperity while pro-moting safety, security, business confidentiality, privacy, and civil liberties. We can achieve these goals through a partnership with the own-ers and operators of critical infrastructure to improve cybersecurity information sharing and collaboratively develop and implement risk-
based standards.
Sec. 2. Critical Infrastructure. As used in this order, the term critical infrastructure means systems and assets, whether physical or virtual, so vital to the United States that the incapacity or destruction of such systems and assets would have a debilitating impact on security, national economic security, national public health or safety, or any combination of those
matters.
Sec. 3. Policy Coordination. Policy coordina-tion, guidance, dispute resolution, and periodic in-progress reviews for the functions and pro-grams described and assigned herein shall be provided through the interagency process es-tablished in Presidential Policy Directive-1 of February 13, 2009 (Organization of the National
Security Council System), or any successor.
Sec. 4. Cybersecurity Information Sharing. (a) It is the policy of the United States Government to increase the volume, timeliness, and quality of cyber threat information shared with U.S. pri-vate sector entities so that these entities may better protect and defend themselves against cyber threats. Within 120 days of the date of this order, the Attorney General, the Secretary
of Homeland Security (the "Secretary"), and the Director of National Intelligence shall each is-sue instructions consistent with their authorities and with the requirements of section 12(c) of this order to ensure the timely production of unclassified reports of cyber threats to the U.S. homeland that identify a specific targeted entity. The instructions shall address the need to pro-tect intelligence and law enforcement sources,
methods, operations, and investigations.
(b) The Secretary and the Attorney General, in coordination with the Director of National Intelli-gence, shall establish a process that rapidly disseminates the reports produced pursuant to section 4(a) of this order to the targeted entity. Such process shall also, consistent with the need to protect national security information, include the dissemination of classified reports to critical infrastructure entities authorized to receive them. The Secretary and the Attorney General, in coordination with the Director of National Intelligence, shall establish a system for tracking the production, dissemination, and
disposition of these reports.
(c) To assist the owners and operators of criti-cal infrastructure in protecting their systems from unauthorized access, exploitation, or harm, the Secretary, consistent with 6 U.S.C. 143 and in collaboration with the Secretary of Defense, shall, within 120 days of the date of this order, establish procedures to expand the Enhanced Cybersecurity Services program to all critical infrastructure sectors. This voluntary information sharing program will provide classi-fied cyber threat and technical information from the Government to eligible critical infrastructure companies or commercial service providers that
offer security services to critical infrastructure.
(d) The Secretary, as the Executive Agent for the Classified National Security Information Program created under Executive Order 13549 of August 18, 2010 (Classified National Security Information Program for State, Local, Tribal, and Private Sector Entities), shall expedite the processing of security clearances to appropri-ate personnel employed by critical infrastruc-ture owners and operators, prioritizing the criti-cal infrastructure identified in section 9 of this
order.
(e) In order to maximize the utility of cyber threat information sharing with the private sec-tor, the Secretary shall expand the use of pro-grams that bring private sector subject-matter experts into Federal service on a temporary basis. These subject matter experts should provide advice regarding the content, structure, and types of information most useful to critical infrastructure owners and operators in reducing
and mitigating cyber risks.
Sec. 5. Privacy and Civil Liberties Protections. (a) Agencies shall coordinate their activities under this order with their senior agency offi-cials for privacy and civil liberties and ensure that privacy and civil liberties protections are incorporated into such activities. Such protec-tions shall be based upon the Fair Information Practice Principles and other privacy and civil liberties policies, principles, and frameworks as
they apply to each agency's activities.
(b) The Chief Privacy Officer and the Officer for Civil Rights and Civil Liberties of the Depart-ment of Homeland Security (DHS) shall assess the privacy and civil liberties risks of the func-tions and programs undertaken by DHS as called for in this order and shall recommend to the Secretary ways to minimize or mitigate such risks, in a publicly available report, to be re-leased within 1 year of the date of this order. Senior agency privacy and civil liberties officials for other agencies engaged in activities under this order shall conduct assessments of their agency activities and provide those assess-ments to DHS for consideration and inclusion in the report. The report shall be reviewed on an annual basis and revised as necessary. The report may contain a classified annex if neces-sary. Assessments shall include evaluation of activities against the Fair Information Practice Principles and other applicable privacy and civil liberties policies, principles, and frameworks. Agencies shall consider the assessments and recommendations of the report in implementing privacy and civil liberties protections for agency
activities.
(c) In producing the report required under sub-section (b) of this section, the Chief Privacy Officer and the Officer for Civil Rights and Civil Liberties of DHS shall consult with the Privacy and Civil Liberties Oversight Board and coordi-nate with the Office of Management and Budget
(OMB).
(d) Information submitted voluntarily in accord-ance with 6 U.S.C. 133 by private entities under this order shall be protected from disclosure to
the fullest extent permitted by law.
Sec. 6. Consultative Process. The Secretary shall establish a consultative process to coordi-nate improvements to the cybersecurity of criti-cal infrastructure. As part of the consultative process, the Secretary shall engage and con-sider the advice, on matters set forth in this order, of the Critical Infrastructure Partnership Advisory Council; Sector Coordinating Coun-cils; critical infrastructure owners and operators; Sector-Specific Agencies; other relevant agen-cies; independent regulatory agencies; State, local, territorial, and tribal governments; univer-
sities; and outside experts.
(Continued on pg. 25)
Counterintelligence and Cyber News and Views
25
(Continued from pg. 24)
Sec. 7. Baseline Framework to Reduce Cyber Risk to Critical Infrastructure. (a) The Secretary of Commerce shall direct the Director of the National Institute of Standards and Technology (the "Director") to lead the development of a framework to reduce cyber risks to critical infra-structure (the "Cybersecurity Framework"). The Cybersecurity Framework shall include a set of standards, methodologies, procedures, and processes that align policy, business, and tech-nological approaches to address cyber risks. The Cybersecurity Framework shall incorporate voluntary consensus standards and industry best practices to the fullest extent possible. The Cybersecurity Framework shall be consistent with voluntary international standards when such international standards will advance the objectives of this order, and shall meet the requirements of the National Institute of Stand-ards and Technology Act, as amended (15 U.S.C. 271 et seq.), the National Technology Transfer and Advancement Act of 1995 (Public Law 104-113), and OMB Circular A-119, as
revised.
(b) The Cybersecurity Framework shall provide a prioritized, flexible, repeatable, performance-based, and cost-effective approach, including information security measures and controls, to help owners and operators of critical infrastruc-ture identify, assess, and manage cyber risk. The Cybersecurity Framework shall focus on identifying cross-sector security standards and guidelines applicable to critical infrastructure. The Cybersecurity Framework will also identify areas for improvement that should be ad-dressed through future collaboration with partic-ular sectors and standards-developing organi-zations. To enable technical innovation and account for organizational differences, the Cy-bersecurity Framework will provide guidance that is technology neutral and that enables critical infrastructure sectors to benefit from a competitive market for products and services that meet the standards, methodologies, proce-dures, and processes developed to address cyber risks. The Cybersecurity Framework shall include guidance for measuring the perfor-mance of an entity in implementing the Cyber-
security Framework.
(c) The Cybersecurity Framework shall include methodologies to identify and mitigate impacts of the Cybersecurity Framework and associat-ed information security measures or controls on business confidentiality, and to protect individu-
al privacy and civil liberties.
(d) In developing the Cybersecurity Framework, the Director shall engage in an open public review and comment process. The Director shall also consult with the Secretary, the Na-
tional Security Agency, Sector-Specific Agen-cies and other interested agencies including OMB, owners and operators of critical infra-structure, and other stakeholders through the consultative process established in section 6 of this order. The Secretary, the Director of Na-tional Intelligence, and the heads of other rele-vant agencies shall provide threat and vulnera-bility information and technical expertise to inform the development of the Cybersecurity Framework. The Secretary shall provide perfor-mance goals for the Cybersecurity Framework
informed by work under section 9 of this order.
(e) Within 240 days of the date of this order, the Director shall publish a preliminary version of the Cybersecurity Framework (the "preliminary Framework"). Within 1 year of the date of this order, and after coordination with the Secretary to ensure suitability under section 8 of this or-der, the Director shall publish a final version of the Cybersecurity Framework (the "final Frame-
work").
(f) Consistent with statutory responsibilities, the Director will ensure the Cybersecurity Frame-work and related guidance is reviewed and updated as necessary, taking into consideration technological changes, changes in cyber risks, operational feedback from owners and opera-tors of critical infrastructure, experience from the implementation of section 8 of this order,
and any other relevant factors.
"Sec. 8. Voluntary Critical Infrastructure Cyber-security Program. (a) The Secretary, in coordi-nation with Sector-Specific Agencies, shall establish a voluntary program to support the adoption of the Cybersecurity Framework by owners and operators of critical infrastructure and any other interested entities (the
"Program").
(b) Sector-Specific Agencies, in consultation with the Secretary and other interested agen-cies, shall coordinate with the Sector Coordi-nating Councils to review the Cybersecurity Framework and, if necessary, develop imple-mentation guidance or supplemental materials to address sector-specific risks and operating
environments.
(c) Sector-Specific Agencies shall report annu-ally to the President, through the Secretary, on the extent to which owners and operators noti-fied under section 9 of this order are participat-
ing in the Program.
(d) The Secretary shall coordinate establish-ment of a set of incentives designed to promote participation in the Program. Within 120 days of the date of this order, the Secretary and the Secretaries of the Treasury and Commerce each shall make recommendations separately to the President, through the Assistant to the
President for Homeland Security and Counter-terrorism and the Assistant to the President for Economic Affairs, that shall include analysis of the benefits and relative effectiveness of such incentives, and whether the incentives would require legislation or can be provided under existing law and authorities to participants in
the Program.
(e) Within 120 days of the date of this order, the Secretary of Defense and the Administrator of General Services, in consultation with the Sec-retary and the Federal Acquisition Regulatory Council, shall make recommendations to the President, through the Assistant to the Presi-dent for Homeland Security and Counterterror-ism and the Assistant to the President for Eco-nomic Affairs, on the feasibility, security bene-fits, and relative merits of incorporating security standards into acquisition planning and contract administration. The report shall address what steps can be taken to harmonize and make consistent existing procurement requirements
related to cybersecurity.
Sec. 9. Identification of Critical Infrastructure at Greatest Risk. (a) Within 150 days of the date of this order, the Secretary shall use a risk-based approach to identify critical infrastructure where a cybersecurity incident could reasona-bly result in catastrophic regional or national effects on public health or safety, economic security, or national security. In identifying criti-cal infrastructure for this purpose, the Secretary shall use the consultative process established in section 6 of this order and draw upon the expertise of Sector-Specific Agencies. The Secretary shall apply consistent, objective crite-ria in identifying such critical infrastructure. The Secretary shall not identify any commercial information technology products or consumer information technology services under this section. The Secretary shall review and update the list of identified critical infrastructure under this section on an annual basis, and provide such list to the President, through the Assistant to the President for Homeland Security and Counterterrorism and the Assistant to the Presi-
dent for Economic Affairs.
(b) Heads of Sector-Specific Agencies and other relevant agencies shall provide the Sec-retary with information necessary to carry out the responsibilities under this section. The Sec-retary shall develop a process for other relevant stakeholders to submit information to assist in making the identifications required in subsec-
tion (a) of this section.
(Continued on pg. 26)
Counterintelligence and Cyber News and Views
26
(Continued from pg. 25)
(c) The Secretary, in coordination with Sector-Specific Agencies, shall confidentially notify owners and operators of critical infrastructure identified under subsection (a) of this section that they have been so identified, and ensure identified owners and operators are provided the basis for the determination. The Secretary shall establish a process through which owners and operators of critical infrastructure may submit relevant information and request recon-sideration of identifications under subsection
(a) of this section.
Sec. 10. Adoption of Framework. (a) Agencies with responsibility for regulating the security of critical infrastructure shall engage in a consul-tative process with DHS, OMB, and the Nation-al Security Staff to review the preliminary Cy-bersecurity Framework and determine if current cybersecurity regulatory requirements are suffi-cient given current and projected risks. In mak-ing such determination, these agencies shall consider the identification of critical infrastruc-ture required under section 9 of this order. Within 90 days of the publication of the prelimi-nary Framework, these agencies shall submit a report to the President, through the Assistant to the President for Homeland Security and Coun-terterrorism, the Director of OMB, and the As-sistant to the President for Economic Affairs, that states whether or not the agency has clear authority to establish requirements based upon the Cybersecurity Framework to sufficiently address current and projected cyber risks to critical infrastructure, the existing authorities
identified, and any additional authority required.
(b) If current regulatory requirements are deemed to be insufficient, within 90 days of publication of the final Framework, agencies identified in subsection (a) of this section shall propose prioritized, risk-based, efficient, and coordinated actions, consistent with Executive Order 12866 of September 30, 1993 (Regulatory Planning and Review), Executive Order 13563 of January 18, 2011 (Improving Regulation and Regulatory Review), and Exec-utive Order 13609 of May 1, 2012 (Promoting International Regulatory Cooperation), to miti-
gate cyber risk.
(c) Within 2 years after publication of the final Framework, consistent with Executive Order 13563 and Executive Order 13610 of May 10, 2012 (Identifying and Reducing Regulatory Burdens), agencies identified in subsection (a) of this section shall, in consultation with owners and operators of critical infrastructure, report to OMB on any critical infrastructure subject to ineffective, conflicting, or excessively burden-some cybersecurity requirements. This report shall describe efforts made by agencies, and
make recommendations for further actions, to
minimize or eliminate such requirements.
(d) The Secretary shall coordinate the provision of technical assistance to agencies identified in subsection (a) of this section on the develop-ment of their cybersecurity workforce and pro-
grams.
(e) Independent regulatory agencies with re-sponsibility for regulating the security of critical infrastructure are encouraged to engage in a consultative process with the Secretary, rele-vant Sector-Specific Agencies, and other af-fected parties to consider prioritized actions to mitigate cyber risks for critical infrastructure
consistent with their authorities.
"preliminary Framework"). Within 1 year of the date of this order, and after coordination with the Secretary to ensure suitability under section 8 of this order, the Director shall publish a final version of the Cybersecurity Framework (the
"final Framework").
(f) Consistent with statutory responsibilities, the Director will ensure the Cybersecurity Frame-work and related guidance is reviewed and updated as necessary, taking into considera-tion technological changes, changes in cyber risks, operational feedback from owners and operators of critical infrastructure, experience from the implementation of section 8 of this
order, and any other relevant factors.
of technical assistance to agencies identified in subsection (a) of this section on the develop-ment of their cybersecurity workforce and pro-
grams.
(e) Independent regulatory agencies with re-sponsibility for regulating the security of critical infrastructure are encouraged to engage in a consultative process with the Secretary, rele-vant Sector-Specific Agencies, and other af-fected parties to consider prioritized actions to mitigate cyber risks for critical infrastructure
consistent with their authorities.
Sec. 11. Definitions. (a) "Agency" means any authority of the United States that is an "agency" under 44 U.S.C. 3502(1), other than those considered to be independent regulatory
agencies, as defined in 44 U.S.C. 3502(5).
(b) "Critical Infrastructure Partnership Advisory Council" means the council established by DHS under 6 U.S.C. 451 to facilitate effective interaction and coordination of critical infra-structure protection activities among the Feder-al Government; the private sector; and State,
local, territorial, and tribal governments.
(c) "Fair Information Practice Principles" means the eight principles set forth in Appendix A of the National Strategy for Trusted Identities in
Cyberspace.
(d) "Independent regulatory agency" has the
meaning given the term in 44 U.S.C. 3502(5).
(e) "Sector Coordinating Council" means a private sector coordinating council composed of representatives of owners and operators within a particular sector of critical infrastruc-ture established by the National Infrastructure
Protection Plan or any successor.
(f) "Sector-Specific Agency" has the meaning given the term in Presidential Policy Directive-21 of February 12, 2013 (Critical Infrastructure
Security and Resilience), or any successor.
Sec. 12. General Provisions. (a) This order shall be implemented consistent with applicable law and subject to the availability of appropria-tions. Nothing in this order shall be construed to provide an agency with authority for regulat-ing the security of critical infrastructure in addi-tion to or to a greater extent than the authority the agency has under existing law. Nothing in this order shall be construed to alter or limit any authority or responsibility of an agency under
existing law.
(b) Nothing in this order shall be construed to impair or otherwise affect the functions of the Director of OMB relating to budgetary, adminis-
trative, or legislative proposals.
(c) All actions taken pursuant to this order shall be consistent with requirements and authorities to protect intelligence and law enforcement sources and methods. Nothing in this order shall be interpreted to supersede measures established under authority of law to protect the security and integrity of specific activities and associations that are in direct support of intelli-
gence and law enforcement operations.
(d) This order shall be implemented consistent
with U.S. international obligations.
(e) This order is not intended to, and does not, create any right or benefit, substantive or pro-cedural, enforceable at law or in equity by any party against the United States, its depart-ments, agencies, or entities, its officers, em-
ployees, or agents, or any other person.
BARACK OBAMA
Securing Tomorrow Today!
Counterintelligence and Cyber News and Views
27
THE FBI IN POPULAR FICTION (COMIC BOOKS)
Pictured below are some exam-ples of comic books where the FBI is depicted carrying out its various missions.
The above is a loose depiction of the book, The FBI Story. It in-cludes a sequence fictionalizing the Rudolph Abel (1950s Russian Spy operating in the US) story.
Pictured above is the comic book version of the 1959 Movie, The FBI Story, Starring James Stew-art. This comic depicts the movie version of The FBI Story, and has the ―hollow nickel‖ holding micro-fiche sequence and a surveillance of a Russian spy to the subway and Yankee Stadium.
For those of you old enough to remember the old Classics Illus-trated Series of Comics, the FBI and its Counterintelligence mis-sions are prominently depicted in the above The Illustrated Story of the FBI.
We hope you have enjoyed these popular cultural references that we have included in the last few issues of our newsletter.
Counterintelligence and Cyber News and Views
28
Everything you see pictured here is a screenshot from the iTravelSafe™ App.
An Android version of this App is available for immediate purchase at the Google Play Store https://
play.google.com/store/search?q=itravelsafe&c=apps, or an iPhone version at the iTunes Store http://
itunes.apple.com/us/app/itravelsafe/id521506480?ls=1&mt=8.
Advantage SCI‟s Smartphone App: iTravelSafe™
iTravelSafe™ The Advantage SCI
App
iTravelSafe™
Avoid Cultural Missteps
Protect Your Business Secrets
Avoid Crime and Scams Travelers Face
Driving overseas? Read about driving in many
of the more than 200 countries this App in-
cludes.
―Hmmm. My phone is in ―Airplane Mode‖ with no internet connection. I really wish I had read a bit more detailed information about traveling to Brazil, what I could do safely. But with no internet connection, I guess I can’t do that, can I?‖ ―Wait a second!! I have the iTravelSafe™ app on my iPhone. All of the data I need is on my phone now. I can read it all even with no internet or cellular connection! Wow, that is really cool! Oh my, look here! I better not go on that hiking trip near Brazil’s border regions, I might get kidnapped. Oh no, my planned charitable journey to Rio’s shanty town is too dangerous. I’ll have to call it off. It’s a good thing I had iTravelSafe™ with me to tip me off to the danger!‖ iTravelSafe™ gives an organization an app for its employees traveling outside the U.S. to use as a ―self-briefing‖ travel tool. Read about hotel safety. Study up on tips about which business travelers need to be ―savvy.‖
Avoid getting “scammed” when traveling overseas. Read about
frauds and scams related to international travel. Do you have
elderly relatives traveling overseas? Gift them a copy of this App
so they can be aware of scams targeting the elderly.
Keep up to date with the latest Travel Alerts pushed out to iTravelSafe™ users immediately
from the U.S. State Department.
Example of the screenshot, appropriate for the
country to which it applies, will be sent to your device
as soon as the U.S. State Department pushes out the
notification of any Travel Alert
Sitting in the plane, holding your iPhone,
thinking about your trip to Brazil…
For volume sales, please contact Richard Haidle at 310-536-9876 x237 or email [email protected].
Are you a parent with a child
spending a semester in an
overseas study course?
Make sure your children read the “Tips for Students” section
of the iTravelSafe™ App.
NOW INCLUDING SECURITY TIP OF THE WEEK !
Counterintelligence and Cyber News and Views
29
Advantage SCI Vision:
―Educate America’s 300 million people and business leaders on prevention,
detection, and response to 21st century
threats.‖
Corporate Headquarters
Advantage SCI, LLC
222 North Sepulveda Boulevard
Suite 1780 El Segundo, California 90245
Phone: 310.536.9876
Fax: 310.943.2351 www.advantagesci.com
Newsletter Editor: Richard Haidle,
Counterintelligence Services Manager
[email protected] 310.536.9876 x237
Homeland Security and Private Sector
Business
Corporations' Role in Critical
Infrastructure Protection
By Elsa Lee
Auerbach Publications 2009 Print ISBN:
978-1-4200-7078-1
eBook ISBN: 978-1-4200-7079-8
Order Your Copy at:
http://www.crcpress.com/
Since September 11, 2001 the American Public has not had a clear understanding of "Homeland Security" and just what it means for the average citizen and business owner. Elsa Lee, in her first attempt, has hit ―a home run!‖ Not only is the book well researched, but it is quite simply the best resource on this important subject. I found the context to be informative, persuasive, and topical. Not only does the writer provide a clear understanding of the need for a National Infrastructure Plan, but provides the reader with a clear blueprint for protecting all of America's resources at home and abroad. Hopefully, every university and college with a Homeland Security course will use this book as a major text to insure that all students obtain a grounded
education on this important topic.
Review by: A l f red J . F inch
FBI Legal Attaché, Cairo (Retired)
ADVANTAGE SCI PRODUCTS, SERVICES, AND TRAINING
Advantage SCI offers services supporting the counterintelligence needs of the cleared defense contractor communi ty , p r i va te bus iness , government, utilities, and municipalities with requirements to protect classified information, trade secrets, intellectual
property and other privileged information.
Services include:
Vulnerability Assessments
Threat briefings/Foreign Travel
Briefings/Debriefings
Counterintelligence (CI) Awareness
Training / Insider Threat Training
TSCM services in classified or
unclassified spaces
Facility Security Officer (FSO) In a Box
Consult With a CI Professional
Foreign Travel Briefings and
Debriefings
Intelligence Analysis / Intelligence
Analysts
Plans, SOPs and Regulatory related
materials
Workplace Violence Prevention and
Response
Other matters related to improving CI
related posture
Advantage SCI is a 8(a), SERVICE-D I S A B L E D V E T E R A N - O W N E D BUS IN ES S ( SD VO SB) , SMALL BUSINESS ENTITY (SBE), MINORITY-OWNED BUSINESS ENTITY (MBE), SMALL DISADVANTAGED BUSINESS ENTITY (SDB), WOMAN-OWNED BUSINESS ENTITY (WBE)
928110 - NATIONAL SECURITY
541512 - COMPUTER SYSTEMS DESIGN SERVICES
541519 - OTHER COMPUTER RELATED SERVICES
541611 - ADMIN MGMT/GENERAL MGMT CONSULTING
541612 - CONSULTING SERVICES
541618 - OTHER MANAGEMENT CONSULTING
541690 - OTHER SCIENTIFIC AND TECH CONSULTING
541990 - OTHER PROF, SCIENTIFIC, & TECH SERVICES
561210 - FACILITIES SUPPORT SERVICES
561499 - OTHER BUSINESS SUPPORT SERVICES
561611 - INVESTIGATION SERVICES
561621 - SECURITY SYSTEMS (EXCEPT LOCKSMITHS)
561990 - OTHER SUPPORT SERVICES
611430 - PROFESSIONAL AND MGMT DEVELT TRAINING
611699 - OTHER MISC SCHOOLS AND INSTRUCTION
922190 - OTHER JUSTICE, PUBL ORDER/SAFETY ACTIVITES
NAICS Codes
Securing Tomorrow Today!
Counterintelligence and Cyber News and Views
30
Securing Tomorrow Today!
