harold hen der shot 02092003 2
TRANSCRIPT
-
8/8/2019 Harold Hen Der Shot 02092003 2
1/26
CyberCrime 2003
TerroristsActivity
In Cyberspace
-
8/8/2019 Harold Hen Der Shot 02092003 2
2/26
Why would our critical infrastructures be
targeted for attack? National Security
Reduce the U.S.s ability to protect its interests
Public Welfare Erode confidence in critical services and the
government
Economic Strength Damage economic systems
-
8/8/2019 Harold Hen Der Shot 02092003 2
3/26
New Risks and Threats Globalization of infrastructures increases level of
vulnerability
Easy access to infrastructures via Internet and PublicSwitched Telecommunications Network
Interdependencies of systems make attack consequencesharder to predict and perhaps more severe due to thecascading effects
Malicious tools and recipes for new cyber weapons arewidely available and do not require a high degree oftechnical skill to use
Countless players with malicious intent
New cyber threats outpace defensive measures
-
8/8/2019 Harold Hen Der Shot 02092003 2
4/26
Vulnerability Types
Computer based
Poor passwords
Lack of appropriate firewall protection
Network based Unprotected or unnecessarily open entry points
Personnel based
Temporary/Staff firings
Disgruntled personnel Lack of training
Facility based
Servers in unprotected areas
Inadequate physical security measures
-
8/8/2019 Harold Hen Der Shot 02092003 2
5/26
Terrorist Groups
-
8/8/2019 Harold Hen Der Shot 02092003 2
6/26
Terrorists
Attention must be paid to studying the terrorists:
Ideology
History
Motivation
Capabilities
-
8/8/2019 Harold Hen Der Shot 02092003 2
7/26
The Future of Terrorism
Terrorism is carried out by disrupting activities, underminingconfidence, and creating fear.
In the future, cyberterrorism may become a viable option to
traditional physical acts of violence due to: Anonymity
Diverse targets
Low risk of detection
Low risk of personnel injury Low investment
Operate from nearly any location
Few resources are needed
-
8/8/2019 Harold Hen Der Shot 02092003 2
8/26
Terrorist Use Information Technology
Planning
Member Recruitment
Research
Espionage
Propaganda Dissemination
-
8/8/2019 Harold Hen Der Shot 02092003 2
9/26
Terrorism
Hacktivism
Hacktivism is hacking with a cause and is concerned
with influencing opinions on a specific issue.
Example: ELF hacks into the web page of a localski resort and defaces the web page. This is done
to reflect the groups objections to environmentalissues.
-
8/8/2019 Harold Hen Der Shot 02092003 2
10/26
Terrorism
Cyber Facilitated Terrorism
Cyber Facilitated Terrorism is terrorism using
cyber means as a tool for accomplishing theact.
Example: A terrorist sends an email message
to a Senator stating that 50 anonymous lettershave been sent to the office, each containinglarge amounts of anthrax.
-
8/8/2019 Harold Hen Der Shot 02092003 2
11/26
Terrorism
Cyberterrorism
Cyberterrorism occurs when the destructive nature of the actitself is carried out via computers or other cyber/electronic
means.
Example: Terrorists hack critical infrastructure system (such asa telephone switch)causing a loss of communication for an
extended period of time.
-
8/8/2019 Harold Hen Der Shot 02092003 2
12/26
Cyberterrorism
Cyberterrorism is a criminal act perpetrated by theuse of computers and telecommunications
capabilities, resulting in violence, destruction and/ordisruption of services to create fear by causingconfusion and uncertainty within a given population,with the goal of influencing a government or
population to conform to a particular political, social,or ideological agenda.
-
8/8/2019 Harold Hen Der Shot 02092003 2
13/26
Terrorism
Terrorists are becoming more innovative.
Monitoring their activities will require a well-orchestrated mandate of close coordination among
civilian, intelligence, law enforcement, and military
organizations.
-
8/8/2019 Harold Hen Der Shot 02092003 2
14/26
Hacker Tool Availability
Internet newsgroups, web home pages, and IRC channels
include
Automated attack tools (Software Tools)
Sniffers (capture password/log-on)
Rootkits (mask intrusion)
Network Analyzers (SATAN)
Spoofing (smurfing)
Trojan Horses
Worms Attack methodologies
System Vulnerabilities
-
8/8/2019 Harold Hen Der Shot 02092003 2
15/26
What can be done to prevent an electronic
terrorist attack?Effective use of intelligence gathered from all sources
Continued enhancement of resources
Public/Private interaction
Computer security and awareness training
Continuing education regarding terrorist trends and
methodologiesPerpetual readiness to defend against attacks
-
8/8/2019 Harold Hen Der Shot 02092003 2
16/26
How can we deter and respond to terrorism?
U.S. Federal Law Enforcement agencies MUST work
closely with the Intelligence Community both domestic
and foreign, as well as state and local law enforcementagencies and the private sector.
Intense post-incident investigation to determine source
Identify motive and purpose of attack, understanding
that data collection will be extremely difficult.
-
8/8/2019 Harold Hen Der Shot 02092003 2
17/26
Worst Case
Although physical threats remain the most likely means of attack
to our nations infrastructures, terrorists can now interrupt critical
infrastructures through cyber attacks via crucial automatedsystems.
However, a crippling attack on our nations information
infrastructure would not be easily carried out. It would entail a
great deal of preparation to include training, reconnaissance anda reasonable amount of skill.
-
8/8/2019 Harold Hen Der Shot 02092003 2
18/26
Cyber Division Objectives
To Consolidate and Focus FBI Resources onCounterterrorism,Counterintelligence , andCriminal Investigative Goals in the Cyber Arena
STATUS Developed an Organizational Structure to support the Objectives of
the Cyber Division
Created the Cyber Crime Section to Investigate Traditional CriminalActivity that has Migrated to the Internet
Moved the Computer Intrusion Section from the NationalInfrastructure Protection Branch to the Cyber Investigations Branch
Developed the concept of a Cyber Action Team at FBIHQ to act as aFly-Away Squad
-
8/8/2019 Harold Hen Der Shot 02092003 2
19/26
Cyber Division Objectives (cont)
To Improve Operational Capabilities byProviding Cutting Edge Technology and Training
to FBI Employees and Partners STATUS
Obtained Authority to create the Special Technologiesand Applications Section
Developed the Cyber Intelligence Center as a FusionPoint of all Cyber related Information Developed throughall FBI Investigative Efforts
Created the Specialized Training Unit
-
8/8/2019 Harold Hen Der Shot 02092003 2
20/26
Cyber Division Objectives (cont)
To Cultivate a Threat-Predicated Intelligence
Base Focused on Preventive Efforts
STATUS Accepted Responsibility to Conduct Tactical Analytical
Support of All Digital Evidence obtained through FBI
Investigative Efforts (the link between the Case Agent and
the CART Examiner) Cyber Intelligence Center
-
8/8/2019 Harold Hen Der Shot 02092003 2
21/26
Department of Homeland
Security Transition
Computer Intrusion Section
Cyber Investigations
BranchDeputy Assistant Director
Assistant Director
Cyber Division
FBI Headquarters
Cyber Crime Section
Outreach, Capability and
Development Section
National Infrastructure
Protection Center
Analysis and Warning Section
Outreach, Training and
Strategy Section
Special Assistant
Operational Support Staff
Special Technologies
And Applications Section
-
8/8/2019 Harold Hen Der Shot 02092003 2
22/26
Cyber Investigations Branch
Cyber Crime/Intellectual
Property Rights Unit
Internet Fraud
Complaint Center
Innocent Images
Unit
Internet Fraud
Unit
Cyber Crime
Section
Criminal Computer
Intrusion Unit
Counterterrorism
Counteringelligence
Computer Intrusion
Unit
Cyber Action Team &
Cyber Intelligence
Center
Computer Intrusion
Section
Infrastructure &
Engineering Unit
Special Technologies
Research &
Development Unit
Technical Analysis
Unit
Cyber Operations
Deployment Unit
Special Technologies and
Applications Section
Specialized Training
Unit
Cyber Task Force
Support Unit
Public and Private
Alliance Unit
International
Investigations Support
Unit
Outreach, Capability and
Development Section
Operational Support
Staff
Deputy Assistant
Director
Cyber Investigations
Branch
-
8/8/2019 Harold Hen Der Shot 02092003 2
23/26
Cyber Division
FBI Field Offices Three types of cyber squads (dependent on
staffing levels and other factors)
Computer Intrusion Squads
Cyber Crime Squads
Consolidated Cyber Squads
-
8/8/2019 Harold Hen Der Shot 02092003 2
24/26
Cyber Task Forces
Atlanta
Baltimore
Boston
Charlotte
Chicago Columbia - USSS
Dallas
Denver
Kansas City Las Vegas
Los Angeles - USSS
Miami
Minneapolis - USSS
New Haven
New York
Pittsburgh Portland
San Antonio
San Diego
San Francisco Seattle
Washington Field Office
-
8/8/2019 Harold Hen Der Shot 02092003 2
25/26
Cyber Division
Initiatives Cyber Task Forces
Public/Private Alliances
International Cyber Investigative Support
Mobile Cyber Assistance Teams
Cyber Action Teams
Cyber Investigators Training Cyber Intelligence Center
Cyber Tactical Analytical Case Support
-
8/8/2019 Harold Hen Der Shot 02092003 2
26/26
Cyber DivisionCyber Division
Federal Bureau of InvestigationFederal Bureau of InvestigationRoom 5863Room 5863
935 Pennsylvania Avenue, NW935 Pennsylvania Avenue, NW
Washington, DC 20535Washington, DC 20535
Harold M. HendershotHarold M. Hendershot
ChiefChief
Computer Intrusion SectionComputer Intrusion Section
[email protected]@fbi.gov
(202) 324(202) 324--03010301