Presentation is loading. Please wait.

Presentation is loading. Please wait.


Similar presentations

Presentation on theme: "THE UNITED STATES SECRET SERVICE"— Presentation transcript:

Introduction and Bio

2 Secret Service Dual Mission
Protection President Vice-President Former Presidents Candidates for POTUS Foreign Heads of State Others by appointment Investigations Cyber Crimes Hacking Computer / Internet Fraud Data Breaches Counterfeit Currency Treasury Obligations Financial Crimes Identity Crime Check Fraud Access Device Fraud Bank Fraud Mortgage Fraud Already mandated with the mission of protecting the nations monetary system, in 1901, after the assassination of President McKinley, the Secret Service was mandated to provide protection to the President of the United States. Today that protective mission has grown. So too has the Secret Service’s investigative mission. Over the years, the Secret Service has maintained a long history of protecting American consumers, industries and financial institutions from fraud. With the evolution of payment systems and modernization of commerce, the Secret Service continues to evolve to ensure the protection of the economy. The passage of new legislation in the 1980s gave the Secret Service authority for investigating credit card and debit card fraud and parallel authority with other federal law enforcement agencies in identity theft cases. In 1984, Congress gave the Secret Service concurrent jurisdiction to investigate financial crimes as they relate to computers. All of these crimes targeting our economic system have one thing in common – Criminals seeking access to funds and credit that belong to someone else.

3 Secret Service Resources 142 Domestic Offices 24 Foreign Offices
3,500 Special Agents 1,400 Uniformed Division Officers 2,000 technical, professional and support personnel So today the resources the USSS has to accomplish it’s mission are: Secret Service International Offices The main obstacles encountered by agents investigating transnational crimes are jurisdictional limitations. The Secret Service believes that, to fundamentally address this issue, appropriate levels of liaison and partnerships must be established with our foreign law enforcement counterparts. Currently, the Secret Service operates 24 offices abroad. The personal relationships which have been established in those countries are often the crucial element to the successful investigation and prosecution of suspects abroad.

4 Secret Service Resources to Investigate Cyber / Financial Crimes
Electronic Crimes Special Agent Program (ECSAP) Electronic Crimes Task Forces (ECTF) - 31 Financial Crimes Task Forces (FCTF) - 38 Cell Phone Forensic Facility – Tulsa, OK National Computer Forensic Institute (NCFI) – Hoover, AL Computer Emergency Response Team (CERT) DOJ/CCIPS(Computer Crimes and Intellectual Property Section)

5 Secret Service Tulsa Initiative
Partnership with the University of Tulsa, Digital Forensic Center of Information Security Expands the forensic capabilities of law enforcement regarding cellular telephones, smart phones and other mobile computing devices Tulsa supplies interns who specialize in information technology / digital forensics We have learned that the criminals are using many kinds of medium as a platform to store electronic / digital evidence. The methodology of extracting electronic / digital evidence from cell phones, blackberries, iPods, etc… are different than a computer. The Center for Information Security at the University of Tulsa is the most advanced development center in the study of cell phone technology. The University of Tulsa’s institutional research, education and outreach efforts in information assurance and forensics parallel the USSS’ needs for combating electronic crimes. During the summer three interns from the University of Tulsa work at the USSS Headquarters Building in Washington, D.C. We have one SA assigned to the University of Tulsa.

6 National Computer Forensic Institute
Hoover, Alabama The mission of the National Computer Forensic Institute (NCFI) is to provide state and local law enforcement, prosecutors and judicial officials a national standard of training in electronic crimes investigations, network intrusion response, computer forensics and high tech crime prosecution Based on our ECSLP program (Bicep, Nitro, CF) for local and state LEO – plus prosecutors and judges Used to re-pay state and local law enforcement partners for support during protection activities. Used as surge capacity for our investigation during heavy campaign years – protective stops. Pollinating Police Departments with cyber capabilities when they return to their agency. Strategic goal: empower local/state LE with the skill set/training to investigate cases locally and present for prosecution to the District Attorneys Offices (thus alleviating workload on federal LE and the federal judicial system). Travel, lodging, training, and equipment are all provided at no cost by DHS/NPPD. From May 2008 to the present, the Secret Service provided critical training to 564 state and local law enforcement officials representing 300 agencies from 49 states and two U.S. territories. (USSS assets used to support state and local law enforcement also include wireless tracking vehicles, polygraphers, FSD services, and ECSAP examiners)

7 Computer Emergency Response Team (CERT)
Advanced forensic facility in Pittsburgh, PA Carnegie-Mellon University (Collaborative Innovation Center) Provide investigative support to field offices conduct basic and applied research coordinate training opportunities between CERT and the Secret Service Access to over 150 scientists, researchers, and technical experts in the field of computer security 24/7 response with SAs to a location to assist in determining malware used in intrusion / breach when our ECSAP SAs can’t. Two SAs assigned to CERT.

8 Foster Partnerships and Combine Resources
31 Electronic Crimes Task Forces The U.S. Secret Service Electronic Crimes Task Forces are a strategic alliance of law enforcement, academia, and the private sector dedicated to confronting and suppressing technology-based criminal activity.

9 Electronic Crimes Task Forces
Not listed: London, England Rome, Italy

10 Electronic Crimes Task Force Initiative
In the U.S Secret Service we have developed a law enforcement model that we use for combating cyber crime. This model has worked well for us. We offer it only as a model for your consideration. This model works well in the US system but may not work in all economies. It is not my intent here today to tell you this is the best system or the only way to combat cyber crime. The process of combating cyber crime is changing daily as technology and knowledge of the subject changes. This model is flexible and scalable and can be molded to suit the needs of the situation. In many ways it is very basic and simple. It relies on communication and the development of relationships to be successful. A Different Law Enforcement Model for the Information Age

11 Expansion of National Electronic Crime Task Force Initiative
Providing Appropriate Tools Required to Intercept and Obstruct Terrorism USA PATRIOT ACT OF 2001 HR–3162, 107th Congress, First Session October 26, 2001 Public Law Sec. 105 Expansion of National Electronic Crime Task Force Initiative The Director of the United States Secret Service shall take appropriate actions to develop a national network of electronic crime task forces, based on the New York Electronic Crimes Task Force model, throughout the United States for the purpose of preventing, detecting, and investigating various forms of electronic crimes, including potential terrorist attacks against critical infrastructure and financial payment systems.

12 Critical Infrastructures
Transportation Energy Government Services Water Public Health Critical Infrastructures Defense Industrial Base Emergency Services Agriculture You have heard the discussions about critical infrastructures. In our jurisdictional responsibility with the secret service we have focused in on the protection of Banking and Finance, Telecommunications and certainly the defense of government service and the protection of the US. Chemical Industry Telecommunications Postal & Shipping Banking and Finance Food

13 Goals of an Electronic Crimes Task Force
Establish a strategic alliance of federal, state and local law enforcement agencies, private sector technical experts, prosecutors, academic institutions and private industry. To confront and suppress technology-based criminal activity that endangers the integrity of our nation’s financial payments systems and poses threats against our nation’s critical infrastructure. We have established the goals for our task forces. These goals are to: You can see that we are developing a partnership with others that also have an interest in this problem.

14 Electronic Crimes Task Force
Three principles of a successful Electronic Crime Task Force: Prevention/Response/Resiliency Trusted Partnerships Criminal Investigations The basic principles of the task force are pieces of the puzzle that we are trying to put together to solve this problem. We have learned that it is not just criminal investigations after the crime has occurred that will solve this problem.

15 Prevention The guiding principle of the Electronic Crime Task Force’s approach to both our protective and investigative missions is our “focus on prevention”. “Harden the target” through preparation, education, training and information sharing. Proper development of business policies and procedures before the incident. In the Secret service we also have the responsibility of protecting the President of the US, Vice president and former presidents. We also protect your heads of state and heads of government when they visit the US. Our protective mission has taught us the importance of planning and prevention. We have learned that if we train, prepare and share information we will be much better prepared if an incident occurs.

16 Response & Resiliency Strong documentation and reporting practices starting at the beginning of the incident. Internal computer forensics and log analysis. Technical briefings for law enforcement during the entire course of the investigation. Contingency planning to bring operations back on line. We often meet with victim businesses before a crime occurs. We ask victim business to become prepared and take the necessary steps to help law enforcement in the event of a crime or incident. Some of these steps include: This is not a full list of everything a victim business needs to do. It is just the start and some of the basic issues they will need to deal with.

17 Trusted Partnerships Ongoing Task Force liaison with the business community. Business community provides technical expertise and assistance to law enforcement in the rapidly changing technology world. Development of business continuity plan, risk management assessment and return on investment. Task Force provides “real time” information on issues whenever possible. Table Top exercises with private industry and government. The next important part of the plan to combat cyber crime involves the trusted partnerships between law enforcement and the business community. We also include academia in this with colleges and universities playing a very big role in our task force model. We realize the importance of the issues of running a business with include the return on investment and share holder responsibility. We are very sensitive to the concerns of the business and work to solve these issues. We work closely with CERT and attempt to pass on valuable information to our partners as it becomes available. We do this through list servers and other communication resources. This has been a valuable resource for the Secret Service and our task force partners. Last, we realize the importance in sharing information. We know that, in order for the task force to become successful we must share information with all of our partners. The flow of information must be two way.

18 Criminal Investigations
Liaison and instructions to victims Early law enforcement involvement is critical “Solve the problem” Follow up and ongoing dialogue with the victim For us our role in our criminal investigations is very broad. First we want to establish an ongoing liaison and relationship with as many businesses as possible. In the past law enforcement has had to make an arrest to be successful in an investigation. That is not always possible in cyber crime investigations. We have learned that sometimes you must “solve the problem” to be successful. And that does not always mean an arrest. We have learned that cyber crime investigations must be conducted quickly. Evidence is lost and the link to the suspect can be broken easily.

19 “Cyber Intelligence Section”
Today’s cyber criminals are experts in stealing data at rest, data in-transit, and encrypted data. They operate within or have access to a Russian speaking infrastructure that is based on trust, long standing criminal relationships, high levels of operational security and professionalism. This infrastructure has evolved over a decade, is non-state sponsored, is transnational, and has banned the English speaking cyber criminal making access almost impossible. It is members of this infrastructure that has created uncertainty as to whether data can truly be secured. The Heartland investigation included other Fortune 500 companies and is the largest identity theft case in history. The investigation reflects that even the largest and most successful identity thieves are likely to be caught. In this case cyber criminals took advantage of vulnerabilities in wireless networks used at retail store locations, gained access to the computer networks processing payment card transaction data, located and stole sensitive files and data on those networks, and sold track 2 data in the United States and Eastern Europe for fraudulent use, as well as used the information directly to obtain large sums on money from ATM’s globally. Between the Dave & Busters, TJX and Heartland Investigations over 180 Million credit and debit card numbers were stolen, and one hacker told me that at one point the group had access to 75% of the worlds credit cards. So lets talk about their infrastructure, our infrastructure and your infrastructure. U.S. Department of Homeland Security United States Secret Service

20 USSS-Cyber Intelligence Section (CIS)
Cyber Threat Unit Analysis & Exploitation Unit Investigations Group Transnational Groups Operations Group We are embedded with numerous LE agencies to specifically target cyber crime some agencies include SOCA, Latvian State Police, Netherlands High Tech Crime Unit, Europol and others. 22 Foreign Offices. Belgium Ukraine Netherlands Latvia Lithuania UK

21 Cyber Threat Unit Investigative Group – responsible for investigating large scale data breaches or other major cyber related cases. Operations Group – responsible for conducting proactive undercover investigations against major cyber criminals and organized groups. Transnational Group – Temporary Duty Assignments around the world to liaison and actively work with foreign law enforcement entities.

22 Cyber Intelligence Section
Databases of over 15 years worth of cyber evidence: Seized media search warrants Images of criminal forums/sites Data from when experienced criminals were new Combination of agents and analysts. Liaison with cyber components of domestic and foreign agencies: US law enforcement and intelligence Foreign law enforcement Private sector research There are three principles for successful Electronic Crime Task Forces: Prevention - “Harden the target” through preparation, education, training and information sharing. In the Secret service we also have the responsibility of protecting the President of the US, Vice president and former presidents. We also protect your heads of state and heads of government when they visit the US. Our protective mission has taught us the importance of planning and prevention. We have learned that if we train, prepare and share information we will be much better prepared if an incident occurs.  Trusted Partnerships - Ongoing Task Force liaison with the business community. Task Force provides “real time” information on issues whenever possible. We realize the importance of the issues of running a business with include the return on investment and share holder responsibility. We are very sensitive to the concerns of the business and work to solve these issues. Criminal Investigations – Respond quickly to investigate cyber crime incidents. 22

23 United States Secret Service
Questions? Brian Busony Assistant to the Special Agent in Charge San Francisco Field Office Electronic Crimes Task Force 415/ Thank you for your assistance.

24 Data Breach Study US Secret Service and Verizon Business
Publication based on real case statistics Law Enforcement Perspective Incident Response Perspective Goal Make business decisions based on real data Focus resources on true threat

25 Summary

26 2012 Data Breach Investigations Report
Law Enforcement Participation: USSS Dutch National High Tech Crime Unit (NHTCU) Australian Federal Police (AFP) Irish Reporting & Information Security Service (IRISSCERT) London Metropolitan Police Central e-Crime Unit (PCeU) Over 855 new breaches since the last report - Total for all years = 2500+ Just under 174 million records compromised - Total for all years = 1.08 Billion

27 Demographics

28 External Agents

29 Internal Agents

30 2013 Data Breach Investigative Report
Due out this spring Significant increase of data contributors Contains analysis of over 45,000 reported security incidents and 600 confirmed data breaches.

31 2013 Data Breach Investigative Report Contributors
US Secret Service Australian Federal Police (AFP) CERT Insider Threat Center (at Carnegie Mellon University) Consortium for Cybersecurity Action Danish Ministry of Defence, Center for Cybersecurity Danish National Police, National IT Investigation Section (NITES) Deloitte Dutch Police: National High Tech Crime Unit (NHTCU) Electricity Sector Information Sharing and Analysis Center (ES-ISAC) European Cyber Crime Center (EC3) G-C Partners, LLC Guardia Civil (Civil Guard of Spain) Industrial Control Systems Cyber Emergency Response Team (ICS- CERT) Irish Reporting and Information Security Service (IRISS-CERT) Malaysia Computer Emergency Response Team (MyCERT), CyberSecurity Malaysia National Cybersecurity and Integration Center (NCCIC) ThreatSim US Computer Emergency Readiness Team (US-CERT)


Similar presentations

Ads by Google