Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cyber Threat Overview & Threat Reporting

Published byArnold Webb Modified over 5 years ago

Similar presentations

Presentation on theme: "Cyber Threat Overview & Threat Reporting"— Presentation transcript:

1 Cyber Threat Overview & Threat Reporting
UNCLASSIFIED Cyber Threat Overview & Threat Reporting Donald Todd, CFE, CISSP Special Agent UNCLASSIFIED

2 UNCLASSIFIED Cyber Threat Overview (U) State fusion centers are situated at the intersection between federal and local law enforcement, and play a role in sharing threat-related information between federal, SLTT and/or private sector partners. However, state fusion centers vary greatly in their cyber capacity and capability. - Page 13 (U) Though the foundation of fusion centers is the law enforcement intelligence component, center leadership should evaluate their respective jurisdictions to determine what public safety and private sector entities should participate in the fusion center. - Page 19 UNCLASSIFIED

3 What Is Your Threat Model ?
UNCLASSIFIED Threat Actors What Is Your Threat Model ? UNCLASSIFIED

4 UNCLASSIFIED Nation States UNCLASSIFIED

5 Threat Actors – Nation States
UNCLASSIFIED Threat Actors – Nation States Russia: (U) Capabilities: Target infrastructure systems and use cyber espionage. Seek to compromise vendor products. Persistent compromise, access, and exfiltration Assertive in its cyber operations, even when detected. (U) Intent: Information to support decision makers. Influence military and political objectives. Prepare cyber environment for future. From at least January of 2014, continuing through December of 2016, Igor Anatolyevich Sushchin is alleged to have conspired with, among others, known and unknown FSB officers, including Dmitry Aleksandrovich Dokuchaev, to protect, direct, facilitate, and pay criminal hackers, including Alexsey Belan.  Sushchin and his conspirators agreed to, and did, gain unauthorized access to the computer networks of and user accounts hosted at major companies providing worldwide webmail and internet-related services in the Northern District of California and elsewhere. UNCLASSIFIED

6 Threat Actors – Nation States
UNCLASSIFIED Threat Actors – Nation States China: (U) Capabilities: Access networks without using advanced capabilities. Well resourced; indigenously developed exploitation tools. Persistent compromise, access, and exfiltration (U) Intent: Target a broad spectrum of interests. Become less dependent on foreign technology. Economic espionage vs. US companies. On May 1, 2014, a grand jury in the Western District of Pennsylvania indicted five members of the People’s Liberation Army (PLA) of the People’s Republic of China (PRC) for 31 criminal counts, including: conspiring to commit computer fraud; accessing a computer without authorization for the purpose of commercial advantage and private financial gain; damaging computers through the transmission of code and commands; aggravated identity theft; economic espionage; and theft of trade secrets. The subjects, including Sun Kailiang, were officers of the PRC’s Third Department of the General Staff Department of the People’s Liberation Army (3PLA), Second Bureau, Third Office, Military Unit Cover Designator (MUCD) 61398, at some point during the investigation. The activities executed by each of these individuals allegedly involved in the conspiracy varied according to his specialties. Each provided his individual expertise to an alleged conspiracy to penetrate the computer networks of six American companies while those companies were engaged in negotiations or joint ventures or were pursuing legal action with, or against, state-owned enterprises in China. They then used their illegal access to allegedly steal proprietary information including, for instance, exchanges among company employees and trade secrets related to technical specifications for nuclear plant designs. Sun, who held the rank of captain during the early stages of the investigation, was observed both sending malicious s and controlling victim computers. UNCLASSIFIED

7 Threat Actors – Nation States
UNCLASSIFIED Threat Actors – Nation States Iran: (U) Capabilities: Capabilities have evolved, part of national security doctrine. Can access ICS and SCADA of Western companies. (U) Intent: Tool for political retaliation. Support its security priorities, influence events, and counter threats. “Tit-for-tat” approach to responding to cyber operations. Respond to perceived slights. On January 21, 2016, a grand jury in the Southern District of New York indicted seven Iranian nationals for their involvement in conspiracies to conduct a coordinated campaign of distributed denial of service (“DDoS”) attacks against the United States financial sector and other United States companies from 2011 through Each defendant was a manager or employee of ITSecTeam or Mersad, private security computer companies based in the Islamic Republic of Iran that performed work on behalf of the Iranian Government, including the Islamic Revolutionary Guard Corps. UNCLASSIFIED

8 Threat Actors – Nation States
UNCLASSIFIED Threat Actors – Nation States North Korea: (U) Capabilities: Intrusions followed by wiper elements. Has targeted South Korean critical infrastructure. Sponsors criminal hacking that supports the government’s interests. (U) Intent: Cost-effective way to exert its influence and create disorder. Cyber espionage vs U.S. and South Korea Steal data related to security. UNCLASSIFIED

9 Threat Actors – Criminals
UNCLASSIFIED Threat Actors – Criminals (U) Capabilities: Highly technical attacks, depending on skill / size of group. Capability of some organized criminal rings exceeds many state actors Employ Ransomware to exploit victims Steal PII for financial gain (U) Intent: Tool development values exploitation over disruption/destruction Commoditization of malware and exploit tools reduces technical barriers to carrying out criminal activity Target vulnerable systems (e.g., point-of-sale, automated teller machines) for sensitive information UNCLASSIFIED

10 Threat Actors – Criminals
UNCLASSIFIED Threat Actors – Criminals (U) Wisconsin Example: Chinese firm Sinovel Wind Group convicted of theft of trade secrets on 1/24/18. Stole source code from AMSC, formerly American Semiconductor, who was formerly headquartered in Middleton, WI. AMSC lost more than $1 billion in shareholder equity and almost 700 jobs as a result of the theft. Sentencing 6/4/18. This undated photo shows Dejan Karabasevic, who federal prosecutors allege stole source code from a Middleton computer server on behalf of Chinese manufacturer Sinovel Wind Group, in his apartment in Beijing. The image was found on computers seized from Karabasevic by investigators.  Department of Justice Office of Public Affairs FOR IMMEDIATE RELEASE Wednesday, January 24, 2018 Chinese Company Sinovel Wind Group Convicted of Theft of Trade Secrets A manufacturer and exporter of wind turbines based in the People’s Republic of China was convicted today of stealing trade secrets from AMSC, a U.S.-based company formerly known as American Superconductor Inc., announced Acting Assistant Attorney General John P. Cronan of the Justice Department’s Criminal Division and U.S. Attorney Scott C. Blader for the Western District of Wisconsin.  Following an 11-day trial, a jury sitting in Madison, Wisconsin, convicted Sinovel Wind Group Co. Ltd., dba Sinovel Wind Group (USA) Co. Ltd. (Sinovel) of conspiracy to commit trade secret theft, theft of trade secrets, and wire fraud.  Sentencing is set for June 4. “Sinovel nearly destroyed an American company by stealing its intellectual property,” said Acting Assistant Attorney General Cronan.  “As today’s jury verdict demonstrates, this type of conduct, by any corporation – anywhere – is a crime, and won’t be tolerated.  The Department is dedicated to helping foster innovation and growth in our economy by deterring and punishing intellectual property theft from American companies.” “Today’s verdict sends a strong and clear message that the theft of ideas and ingenuity is not a business dispute; it’s a crime and will be prosecuted as such,” said U.S. Attorney Blader.  “Sinovel’s illegal actions caused devastating harm to AMSC.  I commend the efforts of the investigation and prosecution team, and reaffirm the commitment of this office to protect American commerce and prosecute those who would seek to steal intellectual property.” As proven at trial, Sinovel stole proprietary wind turbine technology from AMSC in order to produce its own turbines powered by the stolen intellectual property.  AMSC developed the technology – software that regulates the flow of electricity from wind turbines to electrical grids – in Wisconsin and elsewhere.  At the time of the theft in March 2011, Sinovel had contracted with AMSC for more than $800 million in products and services to be used for the wind turbines that Sinovel manufactured, sold, and serviced.  Sinovel was charged on June 27, 2013, along with Su Liying, the deputy director of Sinovel’s Research and Development Department; Zhao Haichun, a technology manager for Sinovel; and Dejan Karabasevic, a former employee of AMSC Windtec Gmbh, a wholly-owned subsidiary of AMSC.  The evidence presented at trial showed that Sinovel conspired with the other defendants to obtain AMSC’s copyrighted information and trade secrets in order to produce wind turbines and to retrofit existing wind turbines with AMSC technology without paying AMSC the more than $800 million it was owed and promised.  Through Su and Zhao, Sinovel convinced Karabasevic, who was head of AMSC Windtec’s automation engineering department in Klagenfurt, Austria, to leave AMSC Windtec, to join Sinovel, and to steal intellectual property from the AMSC computer system by secretly downloading source code on March 7, 2011, from an AMSC computer in Wisconsin to a computer in Klagenfurt.  Sinovel then commissioned several wind turbines in Massachusetts and copied into the turbines software compiled from the source code stolen from AMSC.  The U.S.-based builders of these Massachusetts turbines helped bring Sinovel to justice.  Su and Zhao are Chinese nationals living in China, and Karabasevic is a Serbian national who lived in Austria, but now lives in Serbia.      According to evidence presented at trial, following the theft, AMSC suffered severe financial hardship.  It lost more than $1 billion in shareholder equity and almost 700 jobs, over half its global workforce. The case was investigated by the FBI’s Madison, Milwaukee, and Boston Offices; the FBI Legal Attachés’ Offices in Vienna, Austria and Beijing; the FBI Criminal Investigative Division; the FBI Intellectual Property Rights program; the Bundeskriminalamt (Federal Criminal Intelligence Service) and the Bundesministerium Fuer Justiz (Federal Ministry of Justice) in Austria; the Landeskriminalamt - Klagenfurt and the Staatsanwaltschaft - Klagenfurt (Criminal Investigative Police and State Prosecutor’s Office – Klagenfurt, Austria); and with the assistance of the Justice Department’s Office of International Affairs and the Cybercrime Laboratory of the Criminal Division’s Computer Crime and Intellectual Property Section (CCIPS).  Senior Counsel Brian L. Levine of CCIPS and Assistant U.S. Attorneys Timothy M. O’Shea and Darren Halverson for the Western District of Wisconsin prosecuted the case, with substantial assistance from CCIPS Trial Attorney Joss Nichols and Digital Investigative Analyst Laura Peterson.  The Department of Justice’s Task Force on Intellectual Property (IP Task Force) contributed to this case.  The IP Task Force is led by the Deputy Attorney General to combat the growing number of domestic and intellectual property crimes, to protect the health and safety of American consumers, and to safeguard the nation’s economic security against those who seek to profit illegally from American creativity, innovation, and hard work.  To learn more about the IP Task Force, go to  UNCLASSIFIED

11 Threat Actors – Activists
UNCLASSIFIED Threat Actors – Activists (U) Capabilities: Poor command and control and varying capability Lack of funds and resources Website defacements DDoS attacks Doxing (U) Intent: Goals include publicity and exposing / embarrassing targets Limited lasting effect on actual operations UNCLASSIFIED

12 Threat Actors – Terrorists
UNCLASSIFIED Threat Actors – Terrorists (U) Capabilities: Least capable cyber actors Limited indigenous capability Sophisticated propaganda / recruiting Steal PII / doxing Phishing Targets of opportunity (U) Intent: Conduct disruptive cyber attacks Targets include government and critical infrastructure networks UNCLASSIFIED

13 Threat Reporting (U) Once the fire is out: (U) Intent:
UNCLASSIFIED Threat Reporting (U) Once the fire is out: 888-DCI-WSIC (24x7 on-call) (U) Intent: Assist, within our capabilities With permission, share critical details with CLOs, others Produce analytic products Investigate, within our authorities / scope UNCLASSIFIED

14 UNCLASSIFIED Threat Reporting UNCLASSIFIED

15 Threat Reporting (U) Country of Origin for Malicious IPs Blocked by the State of Wisconsin, 2017 Top 10: China 1992 United States 689 Russia 588 Brazil 364 Taiwan 328 France 276 Germany 238 Netherlands 196 Canada 184 Thailand 181

16 Threat Reporting (U) Country of Origin for Malicious IPs Blocked by the State of Wisconsin, 2017 Rate Per 100,000 Population Top 10: China 1992 United States 689 Russia 588 Brazil 364 Taiwan 328 France 276 Germany 238 Netherlands 196 Canada 184 Thailand 181

17 Threat Reporting (U) State of Origin for Malicious US IPs Blocked by the State of Wisconsin, 2017 Top 10: China 1992 United States 689 Russia 588 Brazil 364 Taiwan 328 France 276 Germany 238 Netherlands 196 Canada 184 Thailand 181

18 Threat Reporting (U) State of Origin for Malicious US IPs Blocked by the State of Wisconsin, 2017 Rate Per 100,000 Population Top 10: China 1992 United States 689 Russia 588 Brazil 364 Taiwan 328 France 276 Germany 238 Netherlands 196 Canada 184 Thailand 181

19 Contacting WSIC www.wifusion.org 608-242-5393 888-DCI-WSIC
UNCLASSIFIED Contacting WSIC 888-DCI-WSIC UNCLASSIFIED

20 UNCLASSIFIED QUESTIONS? UNCLASSIFIED

Download ppt "Cyber Threat Overview & Threat Reporting"

Similar presentations

Cyber Crime and Technology

Cyber Crime and Technology
James D. Brown Chief Engineer and Senior Fellow Information Resource Management L-3 Communications.

James D. Brown Chief Engineer and Senior Fellow Information Resource Management L-3 Communications.
Introduction and Overview of Digital Crime and Digital Terrorism

Introduction and Overview of Digital Crime and Digital Terrorism
UNCLASSIFIED Cybercrime: The Australian Experience Australian Cybercrime Online Reporting Network (ACORN) Conference Assistant Commissioner Tim Morris.

UNCLASSIFIED Cybercrime: The Australian Experience Australian Cybercrime Online Reporting Network (ACORN) Conference Assistant Commissioner Tim Morris.
Classification The Threat Environment Joyce Corell, NCSC Assistant Director for Supply Chain National Defense Industrial Association Global Supply Chain.

Classification The Threat Environment Joyce Corell, NCSC Assistant Director for Supply Chain National Defense Industrial Association Global Supply Chain.
Cyber Security and the Global Business Environment Jeremy Schaar:)

Cyber Security and the Global Business Environment Jeremy Schaar:)
Robert Morgester Deputy Attorney General of California Deputy Attorney General of California.

Robert Morgester Deputy Attorney General of California Deputy Attorney General of California.
Ray Greenlaw, School of Computing Armstrong Atlantic State University 1 Regional Center for Cyber Security Education and Training January 2003.

Ray Greenlaw, School of Computing Armstrong Atlantic State University 1 Regional Center for Cyber Security Education and Training January 2003.
Chapter 14 Crime and Justice in the New Millennium

Chapter 14 Crime and Justice in the New Millennium
EXAMINING CYBER/COMPUTER LAW BUSINESS LAW. EXPLAIN CYBER LAW AND THE VARIOUS TYPES OF CYBER CRIMES.

EXAMINING CYBER/COMPUTER LAW BUSINESS LAW. EXPLAIN CYBER LAW AND THE VARIOUS TYPES OF CYBER CRIMES.
Chapter 1 Introduction to Security

Chapter 1 Introduction to Security
IT Security Readings A summary of Management's Role in Information Security in a Cyber Economy and The Myth of Secure Computing.

IT Security Readings A summary of Management's Role in Information Security in a Cyber Economy and The Myth of Secure Computing.
Citadel Security Software Presents Are you Vulnerable? Bill Diamond Senior Security Engineer

Citadel Security Software Presents Are you Vulnerable? Bill Diamond Senior Security Engineer
Cybercrime & Breach Impact Questions www.pwc.com American Bar Association Criminal Justice Section June 6, 2014.

Cybercrime & Breach Impact Questions American Bar Association Criminal Justice Section June 6, 2014.
Texas House of Representatives Committee on Criminal Jurisprudence Testimony of Randall S. James Banking Commissioner Texas Department of Banking August.

Texas House of Representatives Committee on Criminal Jurisprudence Testimony of Randall S. James Banking Commissioner Texas Department of Banking August.
Federal Bureau of Investigation

Federal Bureau of Investigation
Computer Law University of Palestine University of Palestine Eng. Wisam Zaqoot Eng. Wisam Zaqoot Feb 2010 Feb 2010 ITSS 4201 Internet Insurance and Information.

Computer Law University of Palestine University of Palestine Eng. Wisam Zaqoot Eng. Wisam Zaqoot Feb 2010 Feb 2010 ITSS 4201 Internet Insurance and Information.
China Is the Market Rigged? The Implications for IP-based Transactions Bruce A. Lehman Chairman, International Intellectual Property Institute Senior Advisor,

China Is the Market Rigged? The Implications for IP-based Transactions Bruce A. Lehman Chairman, International Intellectual Property Institute Senior Advisor,
Cybersecurity and the Department of Justice Vincent A. Citro, Assistant United States Attorney July 9-10, 2014 Unclassified – For Public Use.

Cybersecurity and the Department of Justice Vincent A. Citro, Assistant United States Attorney July 9-10, 2014 Unclassified – For Public Use.
Unethical use of Computers and Networks

Unethical use of Computers and Networks

Similar presentations

Ads by Google