Download presentation
Presentation is loading. Please wait.
Published bySteven Allison Modified over 9 years ago
1
UNCLASSIFIED
2
Definitional - Issues
4
Post Sept 11 th Realizations.. * In drafting Patriot Act, Congress noted: Criminal conduct potentially tied to terrorism is “inexorably woven through the Internet”… * Critical information regarding such tentacles, more often resides with industry or academia long before it migrates into Govt/LE’s hands… *Terrorism support tentacles stretch far, and are often not easily identifiable with known terrorist groups at the outset..
5
Initiative Based Partnerships
7
NCFTA = Resource Fusion Center: NCFTA PPA Teams Industry SME’s Law EnforcementAcademia (Intel & Analysis) *Alerts *PSA’s *Proactive Options *Target Initiatives *Impact *Lessons Learned =Training (Output – Benefit)
8
NCFTA Space FBI Secure Space DPN DB SPAM DB Other DB Contract DB’s Trilogy IDW Fidelity DB’s IDT-BITS DB’s BSA-Other DB’s CIDDAC Intel MRC DB’s Referral to Law Enforcement & Coordination
9
Nature of the Threat: Complex & more sophisticated,Complex & more sophisticated, Increasingly International in origin or supportIncreasingly International in origin or support Organized Criminal Groups with distinct rolesOrganized Criminal Groups with distinct roles Social Engineering = Common Theme….Social Engineering = Common Theme….
10
OPERATION RELEAF (Retailers & Law Enforcement Against Fraud) (Retailers & Law Enforcement Against Fraud) 2003 IC3 received 35,000 transactions for a potential economic loss in excess of $10 million. Six week period ending 12/31/2003, IC3 received from 29 Industry members, 1434 fraudulent transactions of a potential loss in excess of $600,000. Of these transactions 733 addresses were identified.
12
Recruiting Methods
13
UNCLASSIFIED
17
Organized Crime In The 21 st Century International Carder’s Alliance International Carder’s Alliance
18
Sobig.F 18 August 2003 In a single day, 1 in every 17 emails sent worldwide came from Sobig.F. In a single day, 1 in every 17 emails sent worldwide came from Sobig.F. Time delayed action. Time delayed action. Due to contact 20 servers for instructions Due to contact 20 servers for instructions Like the Blaster worm, that pointed some 400,000 host PCs to Microsoft's windowsupdate.com at the same time on the same day. Like the Blaster worm, that pointed some 400,000 host PCs to Microsoft's windowsupdate.com at the same time on the same day. windowsupdate.com Picture a future Sobig using millions of infected machines to hack into the servers of a major bank. "The virus-writer world and the hacker world have come together. Picture a future Sobig using millions of infected machines to hack into the servers of a major bank. "The virus-writer world and the hacker world have come together. *From “Attack of the World Wide Worms”Attack of the World Wide Worms Time Magazine, Aug 25, 2003, CERT® Incident Note IN-2003-03
19
Industry List serve Joint Triage Team Direct Contact 24/7 With Triage Members Matched with other Teams Input L.E.T.F
20
Develop & Refine Initiatives
21
Defining Success (Impact) Disrupt & Disable –Shut Down sites –Label/Banner links-Images –Search/Seizure (Recover customer data) Investigate (Proactively) –Maximize informal intelligence sharing –Keep strategy focused – Tweek periodically Public Service Advisories (PSA’s) –Utilize DPN team to maximize this…
23
Organized Crime In The 21 st Century 13 Arrests - Estonia 17 Arrests - Estonia 4 Arrests - Russia 4 Arrests - Austria 3 Arrests - Nigeria 4- Va Wash Ariz Calif
25
Spoofed Website Hosted on the server in China Legitimate Website
26
Hosted in Germany Source of Spam Harvested Data Victim Login from Romania
28
*FBI*FTCWorking: *Postal*DHSUSSS? *NW3C*TargetDHL *State and LocalsSEC Others.. CIRFU * FBI *Postal *DHS *State *Local *USCERT INDUSTRY Co-Located IN HOUSE *Discover *BSA *Fidelity *Microsoft *PNC *Target *Pfizer IN THE WORKS *eBay/Pay Pal *Symantec *Google *Fiserv *Merril Lynch *PSI Intel Products PSA’s-Alerts Case Referrals 500-700/year to L.E.T.F Follow-up /Support. T.F and International L.E. Out-Put,Products Industry Intel not turned on yet….. *Western Union *NRF *Mastercard *CypherTrust *VISA *Escrow.com *Experian *Autotrader *Corillean RELEAF 80+ Industry DPN 60+ Industry Anti-S 95 Industry MRC 800 Industry DHL,UPS, Fed EX Consumer Complaint Website 18K/Month www.ic3.gov www.lookstoogood.com PSA’s Joint Training Govt Agency Input FBI.Postal,DHS,FTC, SEC,USCERT,IRS Non-Profit 501 ©
29
Why Bother?? Critical Intelligence = Fast! Exponential SME Analysis – Input 2 Way Information Sharing Alerts PSA’s Other Intel Products Voluntary Data Input (minimize legal process needs) 1-Stop Shop Stake Holders Define Threat/Problem
30
UNCLASSIFIED
Similar presentations
© 2024 SlidePlayer.com Inc.
All rights reserved.