Harold Hen Der Shot 02092003 2

8/8/2019 Harold Hen Der Shot 02092003 2

1/26

CyberCrime 2003

TerroristsActivity

In Cyberspace


2/26

Why would our critical infrastructures be

targeted for attack? National Security

Reduce the U.S.s ability to protect its interests

Public Welfare Erode confidence in critical services and the

government

Economic Strength Damage economic systems


3/26

New Risks and Threats Globalization of infrastructures increases level of

vulnerability

Easy access to infrastructures via Internet and PublicSwitched Telecommunications Network

Interdependencies of systems make attack consequencesharder to predict and perhaps more severe due to thecascading effects

Malicious tools and recipes for new cyber weapons arewidely available and do not require a high degree oftechnical skill to use

Countless players with malicious intent

New cyber threats outpace defensive measures


4/26

Vulnerability Types

Computer based

Poor passwords

Lack of appropriate firewall protection

Network based Unprotected or unnecessarily open entry points

Personnel based

Temporary/Staff firings

Disgruntled personnel Lack of training

Facility based

Servers in unprotected areas

Inadequate physical security measures


5/26

Terrorist Groups


6/26

Terrorists

Attention must be paid to studying the terrorists:

Ideology

History

Motivation

Capabilities


7/26

The Future of Terrorism

Terrorism is carried out by disrupting activities, underminingconfidence, and creating fear.

In the future, cyberterrorism may become a viable option to

traditional physical acts of violence due to: Anonymity

Diverse targets

Low risk of detection

Low risk of personnel injury Low investment

Operate from nearly any location

Few resources are needed


8/26

Terrorist Use Information Technology

Planning

Member Recruitment

Research

Espionage

Propaganda Dissemination


9/26

Terrorism

Hacktivism

Hacktivism is hacking with a cause and is concerned

with influencing opinions on a specific issue.

Example: ELF hacks into the web page of a localski resort and defaces the web page. This is done

to reflect the groups objections to environmentalissues.


10/26

Terrorism

Cyber Facilitated Terrorism

Cyber Facilitated Terrorism is terrorism using

cyber means as a tool for accomplishing theact.

Example: A terrorist sends an email message

to a Senator stating that 50 anonymous lettershave been sent to the office, each containinglarge amounts of anthrax.


11/26

Terrorism

Cyberterrorism

Cyberterrorism occurs when the destructive nature of the actitself is carried out via computers or other cyber/electronic

means.

Example: Terrorists hack critical infrastructure system (such asa telephone switch)causing a loss of communication for an

extended period of time.


12/26

Cyberterrorism

Cyberterrorism is a criminal act perpetrated by theuse of computers and telecommunications

capabilities, resulting in violence, destruction and/ordisruption of services to create fear by causingconfusion and uncertainty within a given population,with the goal of influencing a government or

population to conform to a particular political, social,or ideological agenda.


13/26

Terrorism

Terrorists are becoming more innovative.

Monitoring their activities will require a well-orchestrated mandate of close coordination among

civilian, intelligence, law enforcement, and military

organizations.


14/26

Hacker Tool Availability

Internet newsgroups, web home pages, and IRC channels

include

Automated attack tools (Software Tools)

Sniffers (capture password/log-on)

Rootkits (mask intrusion)

Network Analyzers (SATAN)

Spoofing (smurfing)

Trojan Horses

Worms Attack methodologies

System Vulnerabilities


15/26

What can be done to prevent an electronic

terrorist attack?Effective use of intelligence gathered from all sources

Continued enhancement of resources

Public/Private interaction

Computer security and awareness training

Continuing education regarding terrorist trends and

methodologiesPerpetual readiness to defend against attacks


16/26

How can we deter and respond to terrorism?

U.S. Federal Law Enforcement agencies MUST work

closely with the Intelligence Community both domestic

and foreign, as well as state and local law enforcementagencies and the private sector.

Intense post-incident investigation to determine source

Identify motive and purpose of attack, understanding

that data collection will be extremely difficult.


17/26

Worst Case

Although physical threats remain the most likely means of attack

to our nations infrastructures, terrorists can now interrupt critical

infrastructures through cyber attacks via crucial automatedsystems.

However, a crippling attack on our nations information

infrastructure would not be easily carried out. It would entail a

great deal of preparation to include training, reconnaissance anda reasonable amount of skill.


18/26

Cyber Division Objectives

To Consolidate and Focus FBI Resources onCounterterrorism,Counterintelligence , andCriminal Investigative Goals in the Cyber Arena

STATUS Developed an Organizational Structure to support the Objectives of

the Cyber Division

Created the Cyber Crime Section to Investigate Traditional CriminalActivity that has Migrated to the Internet

Moved the Computer Intrusion Section from the NationalInfrastructure Protection Branch to the Cyber Investigations Branch

Developed the concept of a Cyber Action Team at FBIHQ to act as aFly-Away Squad


19/26

Cyber Division Objectives (cont)

To Improve Operational Capabilities byProviding Cutting Edge Technology and Training

to FBI Employees and Partners STATUS

Obtained Authority to create the Special Technologiesand Applications Section

Developed the Cyber Intelligence Center as a FusionPoint of all Cyber related Information Developed throughall FBI Investigative Efforts

Created the Specialized Training Unit


20/26

Cyber Division Objectives (cont)

To Cultivate a Threat-Predicated Intelligence

Base Focused on Preventive Efforts

STATUS Accepted Responsibility to Conduct Tactical Analytical

Support of All Digital Evidence obtained through FBI

Investigative Efforts (the link between the Case Agent and

the CART Examiner) Cyber Intelligence Center


21/26

Department of Homeland

Security Transition

Computer Intrusion Section

Cyber Investigations

BranchDeputy Assistant Director

Assistant Director

Cyber Division

FBI Headquarters

Cyber Crime Section

Outreach, Capability and

Development Section

National Infrastructure

Protection Center

Analysis and Warning Section

Outreach, Training and

Strategy Section

Special Assistant

Operational Support Staff

Special Technologies

And Applications Section


22/26

Cyber Investigations Branch

Cyber Crime/Intellectual

Property Rights Unit

Internet Fraud

Complaint Center

Innocent Images

Unit

Internet Fraud

Unit

Cyber Crime

Section

Criminal Computer

Intrusion Unit

Counterterrorism

Counteringelligence

Computer Intrusion

Unit

Cyber Action Team &

Cyber Intelligence

Center

Computer Intrusion

Section

Infrastructure &

Engineering Unit

Special Technologies

Research &

Development Unit

Technical Analysis

Unit

Cyber Operations

Deployment Unit

Special Technologies and

Applications Section

Specialized Training

Unit

Cyber Task Force

Support Unit

Public and Private

Alliance Unit

International

Investigations Support

Unit

Outreach, Capability and

Development Section

Operational Support

Staff

Deputy Assistant

Director

Cyber Investigations

Branch


23/26

Cyber Division

FBI Field Offices Three types of cyber squads (dependent on

staffing levels and other factors)

Computer Intrusion Squads

Cyber Crime Squads

Consolidated Cyber Squads


24/26

Cyber Task Forces

Atlanta

Baltimore

Boston

Charlotte

Chicago Columbia - USSS

Dallas

Denver

Kansas City Las Vegas

Los Angeles - USSS

Miami

Minneapolis - USSS

New Haven

New York

Pittsburgh Portland

San Antonio

San Diego

San Francisco Seattle

Washington Field Office


25/26

Cyber Division

Initiatives Cyber Task Forces

Public/Private Alliances

International Cyber Investigative Support

Mobile Cyber Assistance Teams

Cyber Action Teams

Cyber Investigators Training Cyber Intelligence Center

Cyber Tactical Analytical Case Support


26/26

Cyber DivisionCyber Division

Federal Bureau of InvestigationFederal Bureau of InvestigationRoom 5863Room 5863

935 Pennsylvania Avenue, NW935 Pennsylvania Avenue, NW

Washington, DC 20535Washington, DC 20535

Harold M. HendershotHarold M. Hendershot

ChiefChief

Computer Intrusion SectionComputer Intrusion Section

[email protected]@fbi.gov

(202) 324(202) 324--03010301

Harold Hen Der Shot 02092003 2

Documents

Transcript of Harold Hen Der Shot 02092003 2