Presentation on theme: "Trends in Cyber Crime: The Dark Side of the Internet"— Presentation transcript:
1Trends in Cyber Crime: The Dark Side of the Internet Presentation for the Computer & Internet Law Section for the Oregon State Bar AssociationMay 26th, 2011Good afternoon. My name is Sean Hoar, and I am with the U.S. Attorney’s Office in Eugene, Oregon. I am actually moving to the Portland area in the next month, so although for a period of time I’ll continue to manage a Eugene caseload, I hope to have an opportunity to cross paths with you when I transition to our Portland Office. I was asked to speak to day about a cyber crime-related topic, and since the dark side of the internet is what I see on a regular basis when I peer into the files of federal criminal defendants, I thought we all might benefit from learning a bit more about Trends in Cyber Crime: The Dark Side of the Internet.Sean B. HoarAssistant United States AttorneyUnited States Department of Justice
2The Internet . . . a new world . . . In the time it takes for me to make this presentationOver 37,000 blogs will be posted on the InternetOver 180,000 images will be uploaded on flickrOver 1,300,000 “tweets” will be sent on TwitterOver 8,330,000 people will log on to FacebookOver 42,000,000 videos will be watched on YouTubeOver 118,000,000 searches will be conducted on GoogleOver 10,292,000,000 s will be sent, 82% of which will be spam&
3Some perspective . . .To provide some perspective to the role this relatively new digital environment plays in our lives, I have a short video I want to play for you. It was created by a firm in Australia, which is actually on the front edge of technology. I hope you enjoy it.
4The Internet . . . Life changing . . . The Internet has fundamentally changed our way of lifethe way we work, play and communicateA forum for the best of our ideas and the worst of our deedsInsecure web infrastructure and technology produce dark opportunitiesmalware, intrusions, spam, financial fraud, intellectual property theft, sale of illegal substances, child exploitation . . .The way we work – About 12 years ago I had one of the first large identity theft-related cases in the area. The media was fascinated with the case because the criminals, the identity thieves, used a combination of high tech and low tech means to commit the offense. And the high tech means were on the cutting edge of technology for the day – hacking into PCs, inserting sniffer programs to log keystrokes to steal credit card numbers Although years earlier I had tried the first “paperless case” in federal court in Oregon – meaning I wasn’t averse to technology – I was typically nudged by necessity. The identity theft case caused me to realize how quickly the digital environment was developing, and it clearly launched me into it. Now a number of my cases require the creation and used of massive digital databases. I have several cases in which we have digitized over 100 bankers boxes of evidence, and then added substantial amounts of digital evidence to the mix. One of my recent cases involves the digitization of around 120 bankers boxes of evidence, and another 65 or so digital devices, including a couple dozen hard drives and a server from a business – resulting in about 10 terabytes of data. I spend most of my day on my computer, much of it on the Internet. The Internet has clearly changed the way I work.It has also clearly changed the way we play. When I was growing up, I played the conventional sports, football, basketball and baseball. In the fall you could find us playing catch or a football game late in the evening or on weekends. In the winter we would be outside playing basketball until called in for bedtime. In the spring and summer we would always be playing baseball. Now, the Internet and its virtual environments provides stiff competition to athletics. Whether it be watching cool videos on YouTube or playing the most recent reality war video on Sony PlayStation, the Internet has clearly changed the way we play.And it has clearly changed the way we communicate. Years ago I used to communicate primarily by phone. Now I may get one or two phone calls a day, but I respond to between 75 and 150 s a day. Regarding our phones, years ago we were teathered by the lan line in our home or office. Now everyone has a cell phone. We can talk to anyone, anytime, anywhere. And the phone is so small and sleek that it is unobtrusive until it orchestral ring beckons us to a conversation. I’ll never forget being an Assistant District Attorney in Lane County right out of law school in the 1988 or 89 when one of the members of the local defense bar brought his new cell phone into the courthouse. It was like a swamp phone, and could barely fit in his briefcase, but he was proud to be on the front edge at the time. Now you could fit 20 cell phones into the one he had in 1988.
5Overview of presentation Backdrop - insecure web architectureOnline criminal activity trendsFederal offensesProsecution guidelinesInvestigations & prosecutionsSignificant digital evidence issuesSearch & seizureDiscovery and litigation
6Technological & criminal trends Technological evolutionCloud computingIncreased mobilization of computingExplosion of web applicationsTechnological pollutionMalwareIntrusionsPhishingSpamCriminal behaviorFinancial fraudIntellectual property theftChild pornographyEconomic espionage/trade secret theft
7Primary trend - creation & dissemination of malware- Malware (a contraction of "malicious software") refers to software developed for the purpose of doing harm. Malware can generally be classified based onhow it is executedhow it is spread and/orwhat it is intended to doMalware generally takes the form of a virus, a worm, a Trojan horse, a backdoor, crimeware, or spyware
8Malware growth Web insecurity 225% growth in malicious web sites 95% of user-generated comments to blogs, chat rooms/message boards were spam or malicious77% of Web sites with malicious code are legitimate sites that have been compromised, i.e. they are sites that you visit . . .13.7% of searches for trending news/buzz words led to malwareWebsense Security Labs (4th Q 2009)
9Malware dissemination insecurity85.8% of all s were spam81% of s contained a malicious linktens of thousands of Hotmail, Gmail and Yahoo accounts were hacked and passwords stolen and posted onlinephishing lures doubled in the second half of 2009 representing 4% of spam58% of data-stealing attacks done via the WebWebsense Security Labs (4th Q 2009)
10Malware sophistication Cyber criminals continue to go where the money is Crimeware exploits continue unabated . . .
11Malware’s global platform Countries where most attempts to infect the web with malware occurred as of May 3, 2010.The pollution begins at home . . .
12Malware adaptation Web infrastructure & use The top 100 most visited Web properties are social networking and search engines.The next 1,000,000 most visited sites, or the known Web, are primarily current events, regional and genre sites.The next 100,000,000 sites - the “long tail” of the Internet, or the unknown Web, are junk, personal, and scam sites which are specifically set up for fraud and abuse.
13Malware directed to $$ New generation of Web content targeted Driving force behind cyber crime is $$Social networking sites and search engines have evolved rapidlyBusiness growth is driving Web 2.0 adoption in the workplaceConsumer habits have shifted to Web 2.0 appsBecause more businesses and consumers are using Web 2.0 sites, these sites are increasingly targeted for malicious purposesThe primary trend is the continued use of Web 2.0 content to exploit weaknesses within the Web infrastructure to attract the greatest number of victimsHackers creatively leverage user-created content to compromise sites with good reputations
14Malware perpetrator turf wars Zeus vs. Spy EyeTrojan-making toolkitsdesigned to give criminals easy means of creating their own "botnet" networks of password-stealing programsprovide option of deleting other malicious code, i.e. “Kill Zeus” option on Spy Eye
15Attackers capitalize on major events Major events provide fodder for attacks designed to steal personal or business informationWhere there are major events there will be major scamsExample: March 2011Natural catastrophes: Japan earthquake/tsunamiCelebrity events: Elizabeth Taylor’s deathPolitical events: turmoil in Egypt, Libya, Yemen, Bahrain, Tunisia, Syria, etc.
16Attackers capitalize on major events Malicious websitescontent connected in some way to the event‘Nigerian’ letters viaemotional requests for $$ to help sufferingSpam messagescontaining malicious linksTweetsContaining malicious links
17Intrusions Network intrusions Critical infrastructure intrusions Identity theft – multi-billion dollar industry . . .Critical infrastructure intrusionsDomestic and international terrorismSensitive dataSectors necessary to support societyDistributed denial of service attacksPolitical statements; extortionWeb site defacement
18Intrusions/data mining Identity theft/surreptitious softwareKeyloggersExploit security flaws and monitor the path that carries data from the keyboard to other parts of the computer – more invasive than phishing – relying upon infection rather than deceptionTens of millions of machines are infected with keyloggers, putting billions in bank account assets at the fingertips of fraudstersMonitoring programs often hidden within attachments, files shared via p-2-p networks, or embedded in web pages – exploiting browser features
19Data breaches - still a problem? February 15, 2005: 163,000 ChoicePoint records breached when fraudsters presented themselves as legitimate ChoicePoint customers, purchased data profiles on individuals, then used that data to commit identity theft. ChoicePoint settled with FTC for $10 million in civil penalties and $5 million for consumer redress, and $10,000,000 in private class action suit.Data-Breaches_-_Privacy-Rights-Clearinghouse.pdf
20Data breaches - still a problem? June 16, 2005: over 40 million credit card accounts were exposed to potential fraud due to a security breach at CardSystems. Information on 68,000 MasterCard accounts, 100,000 Visa accounts and 30,000 other card brand accounts were confirmed exported by the hackers. The data exported included names, card numbers and card security codes.
21Data breaches - still a problem? April 27, 2011: Sony PlayStation Network hacked; 24,600,000 user accounts may have been compromised; 12,000,000 unencrypted credit card accounts may have been compromised.May 24, 2011: 533,686,527 total records breached from 2,503 data breaches made public since 2005 in the U.S.A. alone.
22Data breaches increasingly expensive Data breaches get more expensive$204 per compromised customer record$6.75 million per data breach in 2009Sony says it has already spent over $121 million for April 2011 data breach
23Phishing continues to evolve . . . Phishing is a criminal mechanism employing both social engineering and technical subterfuge to steal consumers’ personal identity data and financial account credentials.
24Phishing via social engineering . . . Social‐engineering schemes use spoofed e‐mails purporting to be from legitimate businesses and agencies to lead consumers to counterfeit websites designed to trick recipients into divulging financial data such as usernames and passwords.
25Phishing via technical subterfuge Technical subterfuge schemes plant crimeware onto PCs to steal credentialsoften using systems to intercept consumers online account user names and passwordsto corrupt local navigational infrastructures to misdirect consumers to counterfeit websites (or authentic websites through phisher -controlled proxies used to monitor and intercept consumers’ keystrokes)
26Password stealing software The number of crimeware‐spreading sites infecting PCs with password‐stealing crimeware reached an all time high of 31,173 in December of 2008, an 827 percent increase from January of
27Phishing reportsThe number of unique phishing reports submitted to APWG in Q described a steady increase with the number for June eclipsing the previous annual high of 30,577 for 2010 reached in March.
28The number of unique phishing websites detected by APWG Unique phishing sitesThe number of unique phishing websites detected by APWGduring the second quarter of 2010 continue to be very high.
30Phishing targets – where the $$ is . . . The payment services sector has surpassed the financial services sector as the most targeted industry sector.
31U.S.A. still the worst . . . The U.S.A. continues to host more phishing sites that any other country.
32Rogue anti-malware products . . . Rogue antivirus products are some of the most efficient – and increasingly preferred ‐ ways to victimize consumers. Unlike banking Trojans, where cybercriminals have to infect a PC, steal data, etc., a rogueware attack simply fools users into paying for worthless software – or forcing them to make a ransom payment. The user is the one willing to pay in order to “disinfect” their PC ‐ or free it from a cybercriminal’s control.
33Rogue anti-malwareCybercriminals profit faster by increasing the proportion of users who pay after downloading rogueware. These techniques had a 13% quarterly increase with new cybercriminals using ransomware – which won’t let you use your PC until you buy a ‘license.’
34Malicious code evolution Crimeware (data-stealing malicious code designed to victimize financial institutions’ customers and to co-opt those institutions’ identities); Generic Data Stealing (code designed to send information from the infected machine, control it, and open backdoors on it); Other (the remainder of malicious code commonly encountered in the field such as auto-replicating worms, dialers for telephone charge-back scams, etc.)
36Spam out of 10 messages4.1 billion messages were processed in March 2011 by the Hosted Infrastructure (over 134 million per day) of which 92.6% of all was spam , 84.1% of spam included an embedded URL , and 3.1% of spam s were phishing attacks.
38Financial fraud Manifests in a variety of forms Identity theft/carding Auction fraudAdvance fee fraud/419 scamsHigh Yield “Investment” ProgramsPyramid schemesPump-and-dump stock scamsPay-per-click advertising fraudEspionage
39Nigerian scams continue to abound Traditional “419” Nigerian letter scamOverpayment scamCheck cashing scamRe-shipping scamTax Refund scamLottery scamInternet romance scamInheritance scamInsurance scamBusiness opportunities scamInvestment scam
40Intellectual property theft IP theft - a huge international problem90% of the software, DVDs, and CDs sold in some countries are counterfeit*The total global trade in counterfeit goods is more than $600 billion a year**IP theft costs U.S.A. businesses an estimated $250 billion annually, as well as 750,000 U.S.A. jobs.****InformationWeek**World Customs Organization; Interpol.*** U.S. Department of Commerce
41Child pornography/child exploitation The manufacture and distribution of child pornography is one of the fastest growing businesses online, and the content is becoming much worse.More than 20,000 images of child pornography are posted every week.Approximately 20% of all Internet pornography involves children.Child pornography is more than a $3 billion annual industry.The number of Internet child pornography images has increased over 1500% in the past twenty years.
42Sale of unlawful substances/information Unlawful sale/distribution of narcotics & other controlled substancesUnlawful sale/distribution of classified informationIllegal exports – violation of trade embargos
43Common federal online offenses Computer fraud/intrusion, 18 U.S.C. § 1030Computer intrusion resulting in the theft of information, 18 U.S.C. § 1030(a)(2)Computer intrusion with intent to defraud, 18 U.S.C. § 1030(a)(4)computer intrusion with intent to damage, 18 U.S.C. § 1030(a)(5)Wire (Internet) fraud, 18 U.S.C. § 1343Identity theft, 18 U.S.C. § 1028(a)(7)Aggravated identity theft, 18 U.S.C. § 1028A(a)(1)Credit card fraud, 18 U.S.C. § 1029(a)(2)Threatening communications, 18 U.S.C. § 875(c)Cyber stalking, 18 U.S.C. § 2261ACriminal copyright infringement for financial gain, without financial gain, or distribution of work prepared for commercial distribution, 17 U.S.C. § 506 & 18 U.S.C. § 2319Economic espionage, 18 U.S.C. § 1831Trade secret theft, 18 U.S.C. § 1832Child pornography distribution, receipt, or possession,18 U.S.C. § 2252A(a)(2) and (a)(5)
44Prosecution guidelines for computer fraud (for U. S Prosecution guidelines for computer fraud (for U.S. Attorney’s Office in Oregon)Computer fraud/intrusion related cases may be prosecuted where all of the elements of a federal criminal offense are present and there is a loss (or intended loss) of $70,000 or more or other aggravating factors exist. The federal offense requires one of the following required factors:The offense involved espionage. 18 U.S.C. § 1030(a)(1);The victim is a financial institution or a federal government agency. 18 U.S.C. § 1030(a)(2) and (3);The offense affected use of a protected computer. 18 U.S.C. § 1030(a)(3).The offense was in furtherance of a fraud scheme. 18 U.S.C. § 1030(a)(4).The offense caused “damage” (see definition at § 1030(e)(8)). 18 U.S.C. § 1030(a)(5);The offense involved trafficking in passwords or similar information. 18 U.S.C. § 1030(a)(6). (See also 18 U.S.C. § 1029(a)(3) relating to possession of unauthorized access devices);The offense involved threats or extortion. 18 U.S.C. § 1030(a)(7).
45Prosecution guidelines for computer fraud (for U. S Prosecution guidelines for computer fraud (for U.S. Attorney’s Office in Oregon)If the loss is less than $70,000, the following aggravating factors may justify prosecution:The defendant has a prior criminal record, particularly one involving computers;The offense involved more than one victim;The offense involved sophisticated methods or a conspiracy;The offense involved abuse of a position of trust.The above aggravating factors need not all be present and there may be other factors which justify prosecution on a case-by-case basis.
46Prosecution guidelines for financial fraud (for U. S Prosecution guidelines for financial fraud (for U.S. Attorney’s Office in Oregon)Financial fraud cases may be prosecuted where all of the elements of a federal criminal offense are present and there is a loss (or intended loss) of $70,000 or more or other aggravating factors exist. The following aggravating factors may justify prosecution when the loss is less than $70,000:The defendant has a prior criminal record;The offense involved more than ten victims:The offense was committed through mass marketing;The offense involved misrepresentation that the defendant was acting on behalf of a charitable, educational, religious, or political organization or a government agency; orThe subject matter of the case involves a specific federal interest such as fraud against an Indian Tribe, health care fraud, bankruptcy fraud, fraud involving protected computers, or fraud against a federally-insured financial institution.These aggravating factors need not all be present and there may be other factors which justify prosecution on a case-by-case basis.
47Prosecution guidelines for copyright infringement (for U. S Prosecution guidelines for copyright infringement (for U.S. Attorney’s Office in Oregon)Cases involving the criminal infringement of copyright will be considered on a case-by-case basis. A significant factor in the charging decision should be the volume of counterfeited or pirated material. The role of a potential defendant in the counterfeiting or infringement scheme should also be considered and may be critical in proving criminal intent.While the potential civil remedy is not a substitute for criminal prosecution in appropriate cases, the availability of civil remedies should receive serious consideration. This will be especially true where there is a reasonable concern about substantive legal issues or where proof of criminal intent may be insufficient.
48Prosecution guidelines for economic espionage/theft of trade secrets (for U.S. Attorney’s Office in Oregon)Economic espionage and theft of trade secret cases may be prosecuted where all of the elements of a federal criminal offense are present and there is a loss (or intended loss) of $70,000 or more or other aggravating factors exist.The following aggravating factors may justify prosecution when the loss is less than $70,000: (1) the defendant has a prior criminal record; (2) the offense involved more than one victim; (3) the offense involved sophisticated methods or a conspiracy; (4) the offense involved abuse of a position of trust.These aggravating factors need not all be present and there may be other factors which justify prosecution on a case-by-case basis.
49Prosecution guidelines for child pornography (for U. S Prosecution guidelines for child pornography (for U.S. Attorney’s Office in Oregon)Assuming a provable child pornography case exists, cases may be prosecuted where the evidence establishes any of the following conduct by the potential defendant: (1) sexual abuse of a minor; (2) production of child pornography; (3) importation of child pornography; (4) distribution of child pornography for profit; (5) origination of child pornography into cyberspace; (6) intentionally furnishing child pornography to a minor for a sexual purpose; (7) prior criminal conviction involving child pornography or sex offense.Absent these factors, prosecution will nonetheless be considered where the evidence indicates that a defendant has (1) engaged in the distribution of a substantial quantity of child pornography without profit or received or possessed a substantial quantity of child pornography, exclusive of any materials obtained through a government sting operation; or (2) where a person in a position of trust with a minor (school teacher, foster parent, day care provider) receives or possesses child pornography.Absent any of the above factors, prosecution will be declined and matters involving small quantities of child pornography will be referred to state authorities.
62Copyright infringement/auction fraud identity theft United States v Copyright infringement/auction fraud identity theft United States v. MondelloOverviewSouth Eugene High School graduateComputer geniusUniversity of Oregon studentBetween December 2005 and October 2007initiated thousands of separate online auctionsused more than 40 fictitious usernames and online payment accounts to sell copies of counterfeit softwaregenerated more than $400,000 in personal profit
63Copyright infringement/auction fraud identity theft United States v Copyright infringement/auction fraud identity theft United States v. MondelloSchemeMondello acquired victims’ names, bank account numbers and passwords by using a computer keystroke logger.The keystroke logger installed itself on victims’ computers and recorded victim’s name and bank account information as information was being typed.The program then electronically sent the information back to Mondello which he then used to establish fictitious usernames and online payment accounts.
64Copyright infringement/auction fraud identity theft United States v Copyright infringement/auction fraud identity theft United States v. MondelloOutcomePled guilty to criminal copyright infringement, aggravated identity theft and mail fraudConsented to the forfeiture of more than $225,000 in cash proceeds, and also forfeited computer-related equipment used to commit the crime.Sentenced to serve 48 months in prisonOrdered to serve three years of supervised release and perform 450 hours of community service during that timeMade anti-piracy video for RIAA
65Internet fraud United States v. Daniel Wheatley et al OverviewProfits4investingtoo.com was a High Yield Investment Program (HYIP) operated by Daniel Wheatley with the assistance of Sunshine Simmons and Edwin Garcia.claimed to be a long term high yield private loan program, “intended for people willing to achieve their financial freedom but unable to do so because they’re not financial experts.”claimed to be “backed up by investing in various funds and activities.”claimed that “profits from these investments are used to enhance our program and increase its stability for the long term.”
66Internet fraud United States v. Daniel Wheatley et al The scheme (“investment plans”)Profits4investingtoo.com offered several “investment” programs38% dailyPLAN AMOUNT DAILY PROFIT (%)Plan 1 $1 - $Plan 2 $101- $2,Plan 3 $2,501 – and more 38.004 day deposit - 156% after 4 daysPlan 4 $5 - $Plan 5 $101 - $1,Plan 6 $1,001 - $4,
67Internet fraud United States v. Daniel Wheatley et al The scheme (“investment plans”)10 day deposit - 425% after 10 daysPLAN AMOUNT DAILY PROFIT (%)Plan 7 $10 - $Plan 8 $501 - $2,Plan 9 $2,501 - $4,15 day deposit - 650% after 15 daysPlan 10 $250 - $2,Referral programEarn up to 9.00% of referral deposits
68Internet fraud United States v. Daniel Wheatley et al The scheme (payment processing)“Investors” were directed to use Stormpay or E-gold, money processors similar to PayPal, and to fund accounts with cash, credit cards, or checking accounts.They then directed their “investment,” via Stormpay, to Garcia’s Stormpay account.Wheatley recruited Garcia to process money through Garcia’s Stormpay account because Wheatley’s account had been shut down due to his involvement in a previous HYIP scheme.
69Internet fraud United States v. Daniel Wheatley et al The scheme (payment processing)Garcia directed Stormpay to wire investor money to his checking account. He then wired a portion of the money to Wheatley’s bank account.Between December 13, 2005, and March 8, 2006, 27,330 transactions were conducted through Garcia’s Stormpay account.These transactions included moneys invested, money paid to some investors with other investor money, and charge-backs resulting from customer complaints.
70Internet fraud United States v. Daniel Wheatley et al The scheme (payment processing)Money from new “investors” was used to pay old investor obligations, consistent with a “Ponzi” scheme.If investors were paid, it was not always on time nor for the amount promised.To delay investor complaints, Profit4investingtoo.com made a variety of representations, including that they were experiencing “denial of service” attacks, having other technical difficulties with the site, or were suffering personal medical emergencies.
71Internet fraud United States v. Daniel Wheatley et al The scheme (payment processing)In one 30 day period of time, $664, was wired into Garcia’s Stormpay account, $435,675 of which was wired to Wheatley’s bank account.None of the money was invested.it was spent on personal and real property, including a home in Springfield, Oregon, a 2005 Mercedes Benz C230, a 2004 Hummer, electronics, furniture and jewelry.When Profits4investingtoo.com finally shut down, all unpaid investors lost their money.
72Internet fraud United States v. Daniel Wheatley et al The outcomeWheatley pled guilty to Internet fraud and money laundering. Garcia pled guilty to Internet fraud. Simmons pled guilty to a tax violation.Wheatley was sentenced to 46 months, Garcia to 33 months, and Simmons to probation.All were ordered to pay restitution of $124,446.74, jointly and severally, to the 174 people who claimed to be victims . . .All seized proceeds of the fraud were forfeited, including a home in Springfield, Oregon, a 2005 Mercedes Benz C230, a 2004 Hummer, jewelry and furniture.
73Digital evidence issues Right to privacy in stored communicationsTheofel v. Farey-Jones, 359 F.3d 1066 (9th Cir. 2004)United States v. Warshak, 631 F.3d 266 (6th Cir. 2010)Third party privacy interest in stored contentUnited States v. Comprehensive Drug Testing, Inc., 621 F.3d 1162 (9th Cir. 2010)Digital database creation and useInvestigation; discovery; litigation
74Impediments to enforcement of cyber crime Technically complex subject matterLack of technically trained investigators, prosecutors, judges and jurorsTechnical forensic process required to acquire and preserve evidenceTime sensitiveEvidence may be fleetingSpecial legal process may be required to acquire and preserve evidence
75Impediments to enforcement of cyber crime Limited resourcesData intensiveCompetes with other prioritiesTransnationalSeparate sovereignsLack of treaties or dual criminality provisionsSlow, cumbersome MLAT processLanguage barriers
76Solutions to enforcement of cyber crime Increased human and monetary resourcesIncreased technical trainingAdequate technologyIncreased language trainingIncreased international cooperationFundamental dual criminality standards between all countriesExpansion of informal networks for immediate assistance
77Solutions to enforcement of cyber crime Increased international cooperation (continued)Uniform financial standards for certain types of transactions/sitesUniform financial standards for suspicious monetary transaction alertsUniform agreements to share seized assets, which constitute proceeds of fraud, with assisting agencies/governments
79Trends in Cyber Crime: The Dark Side of the Internet Presentation for the Computer & Internet Law Section for the Oregon State Bar AssociationMay 26th, 2011Sean B. HoarAssistant United States AttorneyUnited States Department of Justice