Supervisory Special Agent R. David Mahon 1961 Stout Street, #1823 Denver, Colorado (303) FBI Denver Cyber Squad

Presidential Decision Directive 63 “The US will take the necessary measures to swiftly eliminate significant vulnerability to both physical and cyber attacks on our critical infrastructures, including our cyber systems.” May 22, 1998 May 22, 2003

Increased government security by 2000 Secure information system infrastructure by 2003 Federal agencies to serve as model in reducing infrastructure vulnerabilities Seeks participation of private industry Presidential Decision Directive 63

4 National Infrastructure Assurance Council Critical Infrastructure Coordinating Group Information Sharing and Analysis Center(s) The Private Sector SectorLead Agency Special Function Agencies DoJ / FBI Law Enforcement Internal Security DoD National Defense CIA Intelligence DoS Foreign Affairs National Infrastructure Protection Center Executive Office of the President OSTP (R&D) National Security Advisor National Coordinator Banking & Finance Transportation Electric and Gas & Oil Information / Comms Emergency Law Enforcement Government Services Emergency Fire Public Health Services Water Supply Dept of Treasury Dept of Transportation Dept of Energy Dept of Commerce Dept of Justice FEMA HHS EPA Critical Infrastructure Assurance Office

PDD 63 Requires the FBI through the NIPC to: Serve as national infrastructure threat gathering, assessment, warning, vulnerability & law enforcement investigation/response entity Be linked electronically as a national focal point Establish its own relationships with private sector Be the principal means of coordinating US Govt response, mitigation, investigation and reconstitution efforts.

Coordinate FBI computer intrusion investigations Support other agencies and state & local governments involved in infrastructure protection NIPC Mission Detect, deter, warn of, investigate, and respond to attacks on critical infrastructures

Share, analyze, & disseminate information Provide training for Federal, state and local cyber investigators Clearinghouse for technological developments 24/7 watch and warning capability NIPC Mission

NIPC Organization Location Located at FBIHQ in Washington, D.C., the NIPC is one of the fastest growing investigative areas in the FBI Composition Multiple government agencies Federal, state, and local law enforcement Private sector representatives

NIPC Programs

Key Asset Initiative

Develop Database for specific entities within each infrastructure Key Asset: An organization, group of organizations, system, or group of systems is considered to be a key asset if it is determined that the loss of associated goods or services or information would have widespread and dire economic or social impact. Develop Emergency Points of Contact Cyber and Physical Threats Contingency Planning Vulnerability Assessments for Assets with National Importance Develop Database for specific entities within each infrastructure Key Asset: An organization, group of organizations, system, or group of systems is considered to be a key asset if it is determined that the loss of associated goods or services or information would have widespread and dire economic or social impact. Develop Emergency Points of Contact Cyber and Physical Threats Contingency Planning Vulnerability Assessments for Assets with National Importance

Critical Infrastructures “Critical infrastructures are those physical and cyber-based systems essential to the minimum operations of the economy and government.” Presidential Decision Directive-63 May 1998

Control systems Emergency coordination Control systems Comms Transactions Control systems Comms Control systems Comms Control systems Comms Telecomm site power Power for systems & facilities Emergency backup power Power for systems & facilities Emergency backup power Power for systems & facilities Emergency backup power Power for systems & facilities Emergency backup power Fuels for backup power Fuels for primary or backup power Fuels for backup power Energy for distribution systems Fuels for backup power Fuels for system support Corporate finance Corporate & local government finance Major bridges & crossings Vehicles & routes for system service & response Major bridges & crossings Vehicles & routes for system service & response Major bridges & crossings Vehicles & routes for system service & response Transport of canceled checks, etc. Vehicles & routes for system service & response Cooling water 911 systems Emergency response control Cooling water 911 systems Emergency response services Cooling water 911 systems Emergency response services Drinking water 911 systems Emergency response services Cooling water 911 systems Emergency response services Information & Communications Electrical Power Gas & Oil Storage & Distribution Banking & Finance Physical Distribution Vital Human Services Information & Communications Electrical Power Gas & Oil Storage & Distribution Banking & Finance Physical Distribution Vital Human Services How are infrastructures on the left reliant on infrastructures across the top? New Thinking Required To Appreciate Infrastructure Interdependencies

Pipeline disruption Power outage Submarine cable lost Bomb threats in two buildings Threat to water supply Two bridges down Oil refinery fire Telephone service disrupted FBI phones jammed 911 unavailable Two regional ISP’s out of service What if…...

Computer Intrusion Program

Vulnerabilities: A New Dimension Physical vulnerabilities and threats are known. Cyber vulnerabilities are growing and are not well understood.

Cyber vulnerability stems from easy accessibility to infrastructures via Internet New Risks and Threats Tools to do harm are widely available and do not require a high degree of technical skill Globalization of infrastructures increases exposure to potential harm Interdependencies of systems make attack consequences harder to predict and perhaps more severe

CSI/FBI 2001 Computer Crime and Security Survey Source: Computer Security Institute Likely Sources of Attack 76% 81% 49% 31% 25% Independent Hackers Foreign Competitors

CSI/FBI 2001 Computer Crime and Security Survey Source: Computer Security Institute Unauthorized use of computer system within the last 12 months 64% 25% 11% YesNo Don’t Know

CSI/FBI 2001 Computer Crime and Security Survey Source: Computer Security Institute Types of Attacks 26 40% 36% 64% 49% 91% 94% Theft of Proprietary Info System Penetration Denial of Service Laptop Unauthorized Access by Insider Insider Abuse of Net Access Virus

Structured Threats Organized Crime Industrial Espionage Hacktivists National Security Threats Terrorists Intelligence Agencies Information Warfare Unstructured Threats Insiders Recreational Hackers Institutional Hackers Cyber Threats

Hackers

Types of Attacks Denial of Service Hijacked Domain Names Defacement of Web Page Denial of Service Hijacked Domain Names Defacement of Web Page

Vladimir Levin In 1994, hackers compromised passwords to impersonate account holders Attempted 40 transfers totaling $10 million Actual losses of $400,000 5 individuals arrested All pled guilty to either bank fraud or conspiracy to commit bank fraud

CREDIT CARD EXTORTION Russian hackers break into more than 40 e- commerce businesses/databases in 10 states One business had 38,000 credit-card numbers compromised; another had 15,700 credit cards numbers stolen Businesses contacted by subjects – they offered to “fix” the problem for a price. And, one victim company hired a hacker as a computer security consultant!!

CREDIT CARD HACKERS… November, 2000: Undercover sting set up in Seattle; two subjects lured to US Subjects demonstrate their hacking prowess for their new “employers,” then arrested on the spot 250 gigabytes of stolen data recovered through a “reverse hack” into the subjects’ computers

Terrorist Groups Aum Shinrikyo Usama Bin Laden

Terrorist fundraising, communications on Internet Ramzi Yousef: –Plotted to bomb 11 U.S. airliners in Pacific –Details of plot encrypted on laptop Ramzi Yousef: –Plotted to bomb 11 U.S. airliners in Pacific –Details of plot encrypted on laptop Tamil Tigers: web site defacement Zapatista National Liberation Army (EZLN) Terrorists

“Several countries have or are developing the capability to attack an adversary’s computer systems.” “Developing a computer attack capability can be quite inexpensive and easily concealable: it requires little infrastructure, and the technology required is dual-use.” George Tenet, CIA Director 2/2/99 Information Warfare

"... attaining one hundred victories in one hundred battles is not the pinnacle of excellence. Subjugating the enemy's army without fighting is the true pinnacle of excellence." Sun Tzu, The Art of War c. 350 B.C. “Information warfare is the use of, destruction or manipulation of information on a computer network to destroy the enemy’s telephone network, fuel pipelines, electric grid, transportation control system, national funds transfer system...in order to achieve a strategic victory.” --Beijing Jianchuan Zhishi (Chinese Press) 30 June, 1999

Ownership of Problem Risk is shared among public and private interests Risk is shared among public and private interests Partnership is the Foundation for Infrastructure Protection Partnership is the Foundation for Infrastructure Protection

INFRAGARD A Government and Private Sector Alliance

InfraGard Overview Voluntary Program/Public and Private Sectors National Identity, yet Locally Flexible Information Shared Locally and Nationally Fosters Trust Between Members, Locally and Nationally

Forum for members to communicate Prompt dissemination of threat warnings Help in protecting computer systems Education and training on infrastructure vulnerabilities A community that shares information in a trusted environment Membership Benefits

Primary Features Secure Web Site Intrusion Alert Network Seminars and training

Intrusion Alert Network NIPC transmits sanitized description to other members via NIPC analyzes incident –Trends identified and reported –Investigation opened if appropriate Member sends encrypted message about attack to NIPC and FBI Field Office via –Detailed description –Sanitized description

Secure Web Site Information about recent intrusions Archives of intrusion incidents Original research on security issues Chat and conference with other members InfraGard news Links to other security sites Contact information

Chapter begun November 15, 2000 Membership from every infrastructure sector Quarterly meetings of general membership Individual sectors meet more frequently Training planned on vulnerabilities, risk assessment, solutions Denver InfraGard Chapter

DENVER INFRAGARD CEO/Senior level briefing projects planned Educational initiatives underway involving computer forensic training; regional cyber crimes survey “Action” item projects underway with private sector

IFCC MISSION STATEMENT To develop a national strategic plan to address fraud over the Internet, and to provide support to law enforcement and regulatory agencies at all levels of government for crimes that occur over the Internet.

PURPOSE OF THE IFCC DEVELOP NATIONAL STRATEGY IDENTIFY AND TRACK FRAUD ANALYZE INTERNET CRIME TRENDS TRIAGE INTERNET COMPLAINTS DEVELOP INVESTIGATIVE PACKETS FORWARD INFO TO APPROPRIATE AGENCY

ADVANTAGES WHICH THE INTERNET PROVIDES CRIMINALS Identification and Location of victims Victims do not see or speak to fraudsters Accepted vehicle for commerce Minimal cost to set up web page Technology has made Internet company set up very easy

IFCC INTERNET COMPLAINTS 2000 AVG 1,848 PER MONTH 2000* TOTAL 14, AVG 4,155 PER MONTH 2001 TOTAL 49, AVG 5,942 PER MONTH 2002** TOTAL 35,657 * MAY 8, 2000 THROUGH DECEMBER 31, 2000 ** JANUARY 1, 2002 THROUGH JUNE 1, 2002

Federal Bureau of Investigation FBI – Denver Division Cyber Squad Tel: (303) Stout Street Suite 1823 Fax: (303) Denver, Colorado