Upload
others
View
1
Download
0
Embed Size (px)
Citation preview
Federal Bureau of Investigation
SSA John Caruthers Cyber Criminal Section
SSA Kenneth Schmutz Cyber National Security Section
April 11, 2012 UNCLASSIFIED
FBI Mission
Cyber Threats
FBI Response
UNCLASSIFIED
1. Protect the United States from Terrorist Attack
2. Protect the United States against foreign
intelligence operations and espionage
3. Protect the United States against cyber based
attacks and high technology crimes
UNCLASSIFIED
• Reporting indicates shift to ICS • Growing presence of terrorist organizations on the
Internet • “Cyber Jihad”
• Internet being used not to just recruit or radicalize, but to incite
• Growing use of social networking sites to collaborate and promote violence
UNCLASSIFIED
• Espionage
• Today our adversaries can attain access to any
network
• Global access
• Who are they?
• Nation-State Actors
• Mercenaries for Hire
• Rogue Hackers
• Trans-national Criminal Syndicates
UNCLASSIFIED
• What are they after?
• Technology
• Intelligence (Policy maker decisions)
• Intellectual Property
• Military Weapons
• Military Strategy
• They have everything to gain
• we have a great deal to lose
UNCLASSIFIED
Insider with access
• Directed by foreign power • Paid money to do a task
Disgruntled employee
• Terminated • Policy change • Disagreement with management
UNCLASSIFIED
UNCLASSIFIED
Criminal National Security
Goal • prosecution • intelligence gathering
• sharing of intel with
trusted USIC partners
• protection of critical
infrastructure
Evidence • “discoverable” by the
DEFENDANT
• typically CLASSIFIED at
SECRET level or above
• NOT released to public
Publicity • court documents will
eventually be UNSEALED
• FBI will NOT proactively
divulge information to the
media
• cases DO NOT go to court
• ID of asset owner will
NEVER be released by FBI
UNCLASSIFIED
Why? • to protect the United States
What? • pertinent information related to intrusion vectors, vulnerabilities,
SOURCE-provided intelligence, etc.
• FBI DOES NOT share Top Secret information when:
1. The information is “single-sourced” and would compromise an asset
2. Release of the information would jeopardize the National Security of the
United States
How? • intelligence reports, bulletins, notes
• face-to-face in CLASSIFIED briefings
With Whom? • member of your company with a CLEARANCE
• USIC
Criminal Threats to Internet Users
• Cyber Extortion
• Individuals threaten to use “Social Networking” power
• Extortion-based DDoS attacks
• Scareware/Fraudulent Antivirus Software
• Phishing
• Botnets
• Enable other criminal activity, Spam, distribution of additional Malware (Keyloggers, DNSChanger etc.)
One type of Cyber Extortion
a. These things, unless you honor the below claim, WILL HAPPEN on March 8, 2010.
b. As you have denied my claim I can only respond in this way. You no longer have a choice in the matter, unless of course you want me to continue with this outlined plan. I have nothing to lose, you have everything to lose.
c. My demand is now for $198,303.88. This amount is NOT negotiable, you had your chance to make me an offer, now I call the shots.
d. I have 6 MILLION e-mails going out to couples with children age 25-40, this e-mail campaign is ordered and paid for. 2 million go out on the 8th and every two days 2 million more for three weeks rotating the list. Of course it is spam, I hired a spam service, I could care less, The damge [sic] will be done.
e. I am a huge social networker, and I am highly experienced. 200,000 people will be directly contacted by me through social networks, slamming your integrity and directing them to this website within days.
f. I think you get the idea, I am going to drag your company name and reputation, through the muddiest waters imaginable. This will cost you millions in lost revenues, trust and credibility not to mention the advertising you will be buying to counter mine. Sad thing is it’s almost free for me!
g. The process is in motion and will be released on March 8th, 2010. If you delay and the site goes live, The price will then be $3,000,000.00.
DDoS Extortions
• Recent trend targeting online product
retailers
• Company receives an extortion threat via
email, online chat or their 1-800 telephone
number
• Demand to “pay $ within five minutes or your
website will be shut down…”
• Many go unreported
• Victims appear to be targets of opportunity
Attempt to cause disruption to networks and service and loss of
data
• “Felony Annoyance”
Actions are non-violent and not aimed at individuals, but rather a
company or government entity
Recent reporting indicates the targeting of ICS by Anonymous
Retaliation
UNCLASSIFIED
Scareware – also a form of Cyber Extortion
Criminal Threats to Internet Users
• Cyber Extortion
• Individuals threaten to use “Social Networking” power
• Extortion-based DDoS attacks
• Scareware/Fraudulent Antivirus Software
• Phishing
• Botnets
• Enable other criminal activity, Spam, distribution of additional Malware (Keyloggers, DNSChanger etc.)
Example of Phishing Emails Sent to Customers of U.S.-based Bank
Criminal Threats to Internet Users
• Cyber Extortion
• Recent trend in Health Care Services Industry
• Threatening to use “Social Networking” power
• Scareware/Fraudulent Antivirus Software
• Phishing
• Botnets
• Enable other criminal activity, Spam, distribution
of additional Malware (Keyloggers, DNSChanger
etc.)
Criminal Threats to Internet Users
• ACH Transaction Fraud
• Anyone with authority to pay, transfer funds, manage,
control, or effect banking activity can be a victim
• New attack vectors such as Malvertising
• JabberZeus variant to compromise Two-Factor
Authentication
• Confederation of Cyber Criminal Organizations
• The ‘Web within the Web’
• Exchange of Tools for Criminal Activity
• Distributed expertise among group members
Threats to Corporate Entities
• Companies with financial databases are
the targets of criminal hacker groups
• Why? That’s where the money is!
• and…better work hours, large potential
for return vs. risk, less chance of getting
caught and/or shot than, say, being a
drug dealer
• Criminals’ perception that they can hide
behind complex international laws
• 15,730 attempted transactions worth $10.2M
• 14,544 successful transactions worth $9.7M
• $9.4M (97%) was withdrawn on Nov 8 2008
• 2,136 ATM terminals were accessed in over 28
countries
Scope of the Scheme
Financial Services Intrusion
The FBI Cyber Division
• 56 Field Offices with Cyber Squads
• 75 FBI Legal Attaché Offices around the world
• Cyber Trained Agents embedded with foreign police forces
• Cyber Action Team
• Threat Focus Cells
• These groups consist of agents, officers, and analysts from different agencies
• i.e. ICS/SCADA TFC – FBI, DHS, and OGA partnering together
#21
FBI Resources
UNCLASSIFIED
• Training provided to domestic and international law enforcement
community
• National Cyber Investigative Joint Task Force
• Establishing cooperative working relationships with regulatory
groups and agencies
• We can provide briefings to your employees regarding economic
espionage, counterintelligence, APT, etc.
• InfraGard
#22
FBI Resources cont.
UNCLASSIFIED
UNCLASSIFIED