Presentation on theme: "THE UNITED STATES SECRET SERVICE"— Presentation transcript:
1THE UNITED STATES SECRET SERVICE Introduction and Bio
2Secret Service Dual Mission ProtectionPresidentVice-PresidentFormer PresidentsCandidates for POTUSForeign Heads of StateOthers by appointmentInvestigationsCyber CrimesHackingComputer / Internet FraudData BreachesCounterfeitCurrencyTreasury ObligationsFinancial CrimesIdentity CrimeCheck FraudAccess Device FraudBank FraudMortgage FraudAlready mandated with the mission of protecting the nations monetary system, in 1901, after the assassination of President McKinley, the Secret Service was mandated to provide protection to the President of the United States. Today that protective mission has grown.So too has the Secret Service’s investigative mission. Over the years, the Secret Service has maintained a long history of protecting American consumers, industries and financial institutions from fraud. With the evolution of payment systems and modernization of commerce, the Secret Service continues to evolve to ensure the protection of the economy. The passage of new legislation in the 1980s gave the Secret Service authority for investigating credit card and debit card fraud and parallel authority with other federal law enforcement agencies in identity theft cases. In 1984, Congress gave the Secret Service concurrent jurisdiction to investigate financial crimes as they relate to computers.All of these crimes targeting our economic system have one thing in common – Criminals seeking access to funds and credit that belong to someone else.
3Secret Service Resources 142 Domestic Offices 24 Foreign Offices 3,500 Special Agents1,400 Uniformed Division Officers2,000 technical, professional and support personnelSo today the resources the USSS has to accomplish it’s mission are:Secret Service International OfficesThe main obstacles encountered by agents investigating transnational crimes are jurisdictional limitations. The Secret Service believes that, to fundamentally address this issue, appropriate levels of liaison and partnerships must be established with our foreign law enforcement counterparts. Currently, the Secret Service operates 24 offices abroad. The personal relationships which have been established in those countries are often the crucial element to the successful investigation and prosecution of suspects abroad.
4Secret Service Resources to Investigate Cyber / Financial Crimes Electronic Crimes Special Agent Program (ECSAP)Electronic Crimes Task Forces (ECTF) - 31Financial Crimes Task Forces (FCTF) - 38Cell Phone Forensic Facility – Tulsa, OKNational Computer Forensic Institute (NCFI) – Hoover, ALComputer Emergency Response Team (CERT)DOJ/CCIPS(Computer Crimes and Intellectual Property Section)
5Secret Service Tulsa Initiative Partnership with the University of Tulsa, Digital Forensic Center ofInformation SecurityExpands the forensic capabilities of law enforcement regarding cellulartelephones, smart phones and other mobile computing devicesTulsa supplies interns who specialize in information technology / digitalforensicsWe have learned that the criminals are using many kinds of medium as a platform to store electronic / digital evidence.The methodology of extracting electronic / digital evidence from cell phones, blackberries, iPods, etc… are different than a computer.The Center for Information Security at the University of Tulsa is the most advanced development center in the study of cell phone technology.The University of Tulsa’s institutional research, education and outreach efforts in information assurance and forensics parallel the USSS’ needs for combating electronic crimes.During the summer three interns from the University of Tulsa work at the USSS Headquarters Building in Washington, D.C. We have one SA assigned to the University of Tulsa.
6National Computer Forensic Institute Hoover, AlabamaThe mission of the National Computer Forensic Institute (NCFI) is to provide state and local law enforcement, prosecutors and judicial officials a national standard of training in electronic crimes investigations, network intrusion response, computer forensics and high tech crime prosecutionBased on our ECSLP program (Bicep, Nitro, CF) for local and state LEO – plus prosecutors and judgesUsed to re-pay state and local law enforcement partners for support during protection activities.Used as surge capacity for our investigation during heavy campaign years – protective stops.Pollinating Police Departments with cyber capabilities when they return to their agency.Strategic goal: empower local/state LE with the skill set/training to investigate cases locally and present for prosecution to the District Attorneys Offices (thus alleviating workload on federal LE and the federal judicial system).Travel, lodging, training, and equipment are all provided at no cost by DHS/NPPD.From May 2008 to the present, the Secret Service provided critical training to 564 state and local law enforcement officials representing 300 agencies from 49 states and two U.S. territories.(USSS assets used to support state and local law enforcement also include wireless tracking vehicles, polygraphers, FSD services, and ECSAP examiners)
7Computer Emergency Response Team (CERT) Advanced forensic facility in Pittsburgh, PACarnegie-Mellon University (Collaborative Innovation Center)Provide investigative support to field officesconduct basic and applied researchcoordinate training opportunities between CERT and the Secret ServiceAccess to over 150 scientists, researchers, and technical experts in the field of computer security24/7 response with SAs to a location to assist in determining malware used in intrusion / breach when our ECSAP SAs can’t.Two SAs assigned to CERT.
8Foster Partnerships and Combine Resources 31 Electronic Crimes Task ForcesThe U.S. Secret Service Electronic Crimes Task Forces are a strategic alliance of law enforcement, academia, and the private sector dedicated to confronting and suppressing technology-based criminal activity.
9Electronic Crimes Task Forces Not listed: London, EnglandRome, Italy
10Electronic Crimes Task Force Initiative In the U.S Secret Service we have developed a law enforcement model that we use for combating cyber crime. This model has worked well for us. We offer it only as a model for your consideration. This model works well in the US system but may not work in all economies. It is not my intent here today to tell you this is the best system or the only way to combat cyber crime. The process of combating cyber crime is changing daily as technology and knowledge of the subject changes.This model is flexible and scalable and can be molded to suit the needs of the situation. In many ways it is very basic and simple. It relies on communication and the development of relationships to be successful.A Different Law Enforcement Modelfor the Information Age
11Expansion of National Electronic Crime Task Force Initiative Providing Appropriate Tools Required to Intercept and Obstruct TerrorismUSA PATRIOT ACT OF 2001 HR–3162, 107th Congress, First Session October 26, 2001 Public LawSec. 105Expansion of National Electronic Crime Task Force InitiativeThe Director of the United States Secret Service shall take appropriate actionsto develop a national network of electronic crime task forces, based on theNew York Electronic Crimes Task Force model, throughout the United Statesfor the purpose of preventing, detecting, and investigating variousforms of electronic crimes, including potential terrorist attacks against criticalinfrastructure and financial payment systems.
12Critical Infrastructures TransportationEnergyGovernment ServicesWaterPublicHealthCritical InfrastructuresDefense Industrial BaseEmergencyServicesAgricultureYou have heard the discussions about critical infrastructures. In our jurisdictional responsibility with the secret service we have focused in on the protection of Banking and Finance, Telecommunications and certainly the defense of government service and the protection of the US.ChemicalIndustryTelecommunicationsPostal & ShippingBankingandFinanceFood
13Goals of an Electronic Crimes Task Force Establish a strategic alliance of federal, state and local law enforcement agencies, private sector technical experts, prosecutors, academic institutions and private industry.To confront and suppress technology-based criminal activity that endangers the integrity of our nation’s financial payments systems and poses threats against our nation’s critical infrastructure.We have established the goals for our task forces. These goals are to:You can see that we are developing a partnership with others that also have an interest in this problem.
14Electronic Crimes Task Force Three principles of a successful Electronic Crime Task Force:Prevention/Response/ResiliencyTrusted PartnershipsCriminal InvestigationsThe basic principles of the task force are pieces of the puzzle that we are trying to put together to solve this problem.We have learned that it is not just criminal investigations after the crime has occurred that will solve this problem.
15PreventionThe guiding principle of the Electronic Crime Task Force’s approach to both our protective and investigative missions is our “focus on prevention”.“Harden the target” through preparation, education, training and information sharing.Proper development of business policies and procedures before the incident.In the Secret service we also have the responsibility of protecting the President of the US, Vice president and former presidents. We also protect your heads of state and heads of government when they visit the US.Our protective mission has taught us the importance of planning and prevention. We have learned that if we train, prepare and share information we will be much better prepared if an incident occurs.
16Response & ResiliencyStrong documentation and reporting practices starting at the beginning of the incident.Internal computer forensics and log analysis.Technical briefings for law enforcement during the entire course of the investigation.Contingency planning to bring operations back on line.We often meet with victim businesses before a crime occurs. We ask victim business to become prepared and take the necessary steps to help law enforcement in the event of a crime or incident. Some of these steps include:This is not a full list of everything a victim business needs to do. It is just the start and some of the basic issues they will need to deal with.
17Trusted PartnershipsOngoing Task Force liaison with the business community.Business community provides technical expertise and assistance to law enforcement in the rapidly changing technology world.Development of business continuity plan, risk management assessment and return on investment.Task Force provides “real time” information on issues whenever possible.Table Top exercises with private industry and government.The next important part of the plan to combat cyber crime involves the trusted partnerships between law enforcement and the business community. We also include academia in this with colleges and universities playing a very big role in our task force model.We realize the importance of the issues of running a business with include the return on investment and share holder responsibility. We are very sensitive to the concerns of the business and work to solve these issues.We work closely with CERT and attempt to pass on valuable information to our partners as it becomes available. We do this through list servers and other communication resources. This has been a valuable resource for the Secret Service and our task force partners.Last, we realize the importance in sharing information. We know that, in order for the task force to become successful we must share information with all of our partners. The flow of information must be two way.
18Criminal Investigations Liaison and instructions to victimsEarly law enforcement involvement is critical“Solve the problem”Follow up and ongoing dialogue with the victimFor us our role in our criminal investigations is very broad.First we want to establish an ongoing liaison and relationship with as many businesses as possible.In the past law enforcement has had to make an arrest to be successful in an investigation. That is not always possible in cyber crime investigations. We have learned that sometimes you must “solve the problem” to be successful. And that does not always mean an arrest.We have learned that cyber crime investigations must be conducted quickly. Evidence is lost and the link to the suspect can be broken easily.
19“Cyber Intelligence Section” Today’s cyber criminals are experts in stealing data at rest, data in-transit, and encrypted data. They operate within or have access to a Russian speaking infrastructure that is based on trust, long standing criminal relationships, high levels of operational security and professionalism. This infrastructure has evolved over a decade, is non-state sponsored, is transnational, and has banned the English speaking cyber criminal making access almost impossible. It is members of this infrastructure that has created uncertainty as to whether data can truly be secured. The Heartland investigation included other Fortune 500 companies and is the largest identity theft case in history. The investigation reflects that even the largest and most successful identity thieves are likely to be caught. In this case cyber criminals took advantage of vulnerabilities in wireless networks used at retail store locations, gained access to the computer networks processing payment card transaction data, located and stole sensitive files and data on those networks, and sold track 2 data in the United States and Eastern Europe for fraudulent use, as well as used the information directly to obtain large sums on money from ATM’s globally. Between the Dave & Busters, TJX and Heartland Investigations over 180 Million credit and debit card numbers were stolen, and one hacker told me that at one point the group had access to 75% of the worlds credit cards.So lets talk about their infrastructure, our infrastructure and your infrastructure.U.S. Department ofHomeland SecurityUnited States Secret Service
20USSS-Cyber Intelligence Section (CIS) Cyber Threat UnitAnalysis & Exploitation UnitInvestigationsGroupTransnationalGroupsOperationsGroupWe are embedded with numerous LE agencies to specifically target cyber crime some agencies include SOCA, Latvian State Police, Netherlands High Tech Crime Unit, Europol and others.22 Foreign Offices.BelgiumUkraineNetherlandsLatviaLithuaniaUK
21Cyber Threat UnitInvestigative Group – responsible for investigating large scale data breaches or other major cyber related cases.Operations Group – responsible for conducting proactive undercover investigations against major cyber criminals and organized groups.Transnational Group – Temporary Duty Assignments around the world to liaison and actively work with foreign law enforcement entities.
22Cyber Intelligence Section Databases of over 15 years worth of cyber evidence:Seized mediasearch warrantsImages of criminal forums/sitesData from when experienced criminals were newCombination of agents and analysts.Liaison with cyber components of domestic and foreign agencies:US law enforcement and intelligenceForeign law enforcementPrivate sector researchThere are three principles for successful Electronic Crime Task Forces:Prevention - “Harden the target” through preparation, education, training and information sharing. In the Secret service we also have the responsibility of protecting the President of the US, Vice president and former presidents. We also protect your heads of state and heads of government when they visit the US.Our protective mission has taught us the importance of planning and prevention. We have learned that if we train, prepare and share information we will be much better prepared if an incident occurs. Trusted Partnerships - Ongoing Task Force liaison with the business community. Task Force provides “real time” information on issues whenever possible. We realize the importance of the issues of running a business with include the return on investment and share holder responsibility. We are very sensitive to the concerns of the business and work to solve these issues.Criminal Investigations – Respond quickly to investigate cyber crime incidents.22
23United States Secret Service Questions?Brian BusonyAssistant to the Special Agent in ChargeSan Francisco Field OfficeElectronic Crimes Task Force415/Thank you for your assistance.
24Data Breach Study US Secret Service and Verizon Business Publication based on real case statisticsLaw Enforcement PerspectiveIncident Response PerspectiveGoalMake business decisions based on real dataFocus resources on true threat
262012 Data Breach Investigations Report Law Enforcement Participation:USSSDutch National High Tech Crime Unit (NHTCU)Australian Federal Police (AFP)Irish Reporting & Information Security Service (IRISSCERT)London Metropolitan Police Central e-Crime Unit (PCeU)Over 855 new breaches since the last report- Total for all years = 2500+Just under 174 million records compromised- Total for all years = 1.08 Billion
302013 Data Breach Investigative Report Due out this springSignificant increase of data contributorsContains analysis of over 45,000 reported security incidents and 600 confirmed data breaches.
312013 Data Breach Investigative Report Contributors US Secret ServiceAustralian Federal Police (AFP)CERT Insider Threat Center (at Carnegie Mellon University)Consortium for Cybersecurity ActionDanish Ministry of Defence, Center for CybersecurityDanish National Police, National IT Investigation Section (NITES)DeloitteDutch Police: National High Tech Crime Unit (NHTCU)Electricity Sector Information Sharing and Analysis Center (ES-ISAC)European Cyber Crime Center (EC3)G-C Partners, LLCGuardia Civil (Civil Guard of Spain)Industrial Control Systems Cyber Emergency Response Team (ICS- CERT)Irish Reporting and Information Security Service (IRISS-CERT)Malaysia Computer Emergency Response Team (MyCERT), CyberSecurity MalaysiaNational Cybersecurity and Integration Center (NCCIC)ThreatSimUS Computer Emergency Readiness Team (US-CERT)