Presentation on theme: "UNCLASSIFIED. Definitional - Issues Post Sept 11 th Realizations.. * In drafting Patriot Act, Congress noted: Criminal conduct potentially tied to."— Presentation transcript:
Definitional - Issues
Post Sept 11 th Realizations.. * In drafting Patriot Act, Congress noted: Criminal conduct potentially tied to terrorism is “inexorably woven through the Internet”… * Critical information regarding such tentacles, more often resides with industry or academia long before it migrates into Govt/LE’s hands… *Terrorism support tentacles stretch far, and are often not easily identifiable with known terrorist groups at the outset..
Initiative Based Partnerships
NCFTA = Resource Fusion Center: NCFTA PPA Teams Industry SME’s Law EnforcementAcademia (Intel & Analysis) *Alerts *PSA’s *Proactive Options *Target Initiatives *Impact *Lessons Learned =Training (Output – Benefit)
NCFTA Space FBI Secure Space DPN DB SPAM DB Other DB Contract DB’s Trilogy IDW Fidelity DB’s IDT-BITS DB’s BSA-Other DB’s CIDDAC Intel MRC DB’s Referral to Law Enforcement & Coordination
Nature of the Threat: Complex & more sophisticated,Complex & more sophisticated, Increasingly International in origin or supportIncreasingly International in origin or support Organized Criminal Groups with distinct rolesOrganized Criminal Groups with distinct roles Social Engineering = Common Theme….Social Engineering = Common Theme….
OPERATION RELEAF (Retailers & Law Enforcement Against Fraud) (Retailers & Law Enforcement Against Fraud) 2003 IC3 received 35,000 transactions for a potential economic loss in excess of $10 million. Six week period ending 12/31/2003, IC3 received from 29 Industry members, 1434 fraudulent transactions of a potential loss in excess of $600,000. Of these transactions 733 addresses were identified.
Organized Crime In The 21 st Century International Carder’s Alliance International Carder’s Alliance
Sobig.F 18 August 2003 In a single day, 1 in every 17 s sent worldwide came from Sobig.F. In a single day, 1 in every 17 s sent worldwide came from Sobig.F. Time delayed action. Time delayed action. Due to contact 20 servers for instructions Due to contact 20 servers for instructions Like the Blaster worm, that pointed some 400,000 host PCs to Microsoft's windowsupdate.com at the same time on the same day. Like the Blaster worm, that pointed some 400,000 host PCs to Microsoft's windowsupdate.com at the same time on the same day. windowsupdate.com Picture a future Sobig using millions of infected machines to hack into the servers of a major bank. "The virus-writer world and the hacker world have come together. Picture a future Sobig using millions of infected machines to hack into the servers of a major bank. "The virus-writer world and the hacker world have come together. *From “Attack of the World Wide Worms”Attack of the World Wide Worms Time Magazine, Aug 25, 2003, CERT® Incident Note IN
Industry List serve Joint Triage Team Direct Contact 24/7 With Triage Members Matched with other Teams Input L.E.T.F
Develop & Refine Initiatives
Defining Success (Impact) Disrupt & Disable –Shut Down sites –Label/Banner links-Images –Search/Seizure (Recover customer data) Investigate (Proactively) –Maximize informal intelligence sharing –Keep strategy focused – Tweek periodically Public Service Advisories (PSA’s) –Utilize DPN team to maximize this…
Organized Crime In The 21 st Century 13 Arrests - Estonia 17 Arrests - Estonia 4 Arrests - Russia 4 Arrests - Austria 3 Arrests - Nigeria 4- Va Wash Ariz Calif
Spoofed Website Hosted on the server in China Legitimate Website
Hosted in Germany Source of Spam Harvested Data Victim Login from Romania