Return-Path: <sentto-279987-2900-1002965620-fc=all.net@returns.onelist.com> Delivered-To: fc@all.net Received: from 204.181.12.215 by localhost with POP3 (fetchmail-5.1.0) for fc@localhost (single-drop); Sat, 13 Oct 2001 02:35:07 -0700 (PDT) Received: (qmail 15945 invoked by uid 510); 13 Oct 2001 09:33:27 -0000 Received: from n27.groups.yahoo.com (216.115.96.77) by 204.181.12.215 with SMTP; 13 Oct 2001 09:33:27 -0000 X-eGroups-Return: sentto-279987-2900-1002965620-fc=all.net@returns.onelist.com Received: from [10.1.1.223] by n27.groups.yahoo.com with NNFMP; 13 Oct 2001 09:33:40 -0000 X-Sender: fc@big.all.net X-Apparently-To: iwar@onelist.com Received: (EGP: mail-7_4_1); 13 Oct 2001 09:33:39 -0000 Received: (qmail 88054 invoked from network); 13 Oct 2001 09:33:39 -0000 Received: from unknown (10.1.10.142) by 10.1.1.223 with QMQP; 13 Oct 2001 09:33:39 -0000 Received: from unknown (HELO big.all.net) (65.0.156.78) by mta3 with SMTP; 13 Oct 2001 09:33:37 -0000 Received: (from fc@localhost) by big.all.net (8.9.3/8.7.3) id CAA01998 for iwar@onelist.com; Sat, 13 Oct 2001 02:33:37 -0700 Message-Id: <200110130933.CAA01998@big.all.net> To: iwar@onelist.com (Information Warfare Mailing List) Organization: I'm not allowed to say X-Mailer: don't even ask X-Mailer: ELM [version 2.5 PL1] From: Fred Cohen <fc@all.net> Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com Delivered-To: mailing list iwar@yahoogroups.com Precedence: bulk List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com> Date: Sat, 13 Oct 2001 02:33:37 -0700 (PDT) Reply-To: iwar@yahoogroups.com Subject: [iwar] [fc:USSS-ASAC.BOB.WEAVER(NY).TESTIMONY:CONGRESS:CYBER-TASK.FORCE] Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 8bit U.S. Secret Service Testimony of Mr. Bob Weaver Assistant Special Agent in Charge New York Field Office Before The House Committee on Science U.S. House of Representatives October 10, 2001 Mr. Chairman, members of the committee, thank you for the opportunity to address the committee regarding computer security and how we can protect American computer networks from attack. Mr. Chairman, I want to especially thank you, Mr. Chairman, for your unwavering support and advocacy on behalf of all of the members of our task force. After the dark day of September 11, 2001, your commitment and dedication to our rebuilding efforts has been and remains inspirational to all of us who are committed to public service. The Secret Service fights cyber crime as part of our core mission to protect the integrity of this nation’s financial payment systems. This role has evolved from our initial mandate to suppress the counterfeiting of currency upon our creation in 1865. Since this time, modes and methods of payment have evolved and so has our mission. Computers and other “chip” devices are now the facilitators of criminal activity or the target of such. The perpetrators involved in the exploitation of such technology range from traditional fraud artists to violent criminals – all of whom recognize new opportunities and anonymous methods to expand and diversify their criminal portfolio. In this era of change, one constant that remains is our close working relationship with the banking and finance sector and the telecommunications industry. Our history of cooperation with these industries is a result of our unique responsibilities and status as an agency of the Department of the Treasury. We believe that protection of the banking and financial infrastructure and telecommunications is our “core competency” area. As an agency, we seek to manage and apply our unique investigative resources in the most efficient manner possible for the benefit of our telecommunications financial institution customers. Mr. Chairman, there is no shortage of information, testimony, or anecdotal evidence regarding the nature and variety of cyber-based threats to our telecommunications and banking and financial infrastructures and the need to create effective solutions. There is, however, a scarcity of information regarding successful models to combat such crime in today’s high tech environment. That is where the Secret Service can make a significant contribution to todays and future discussions of successful law enforcement efforts to combat cyber crime. The Secret Service has found a highly-effective formula for combating high tech crime – a formula that has been successfully developed by our New York Electronic Crimes Task Force. While the Secret Service leads this innovative effort, we do not control or dominate the participants and the investigative agenda of the task force. Rather, the task force impacts the community by providing a productive framework and collaborative crime-fighting environment in which the resources of its participants can be combined to effectively and efficiently make a significant impact on electronic crimes. Other law enforcement agencies bring additional criminal enforcement jurisdiction and resources to the task force while representatives from private industry, such as telecommunications providers, for instance, bring a wealth of technical expertise. Within this New York model, established in 1995, there are 50 different federal, state and local law enforcement agencies represented as well as prosecutors, academic leaders and over 150 different private sector corporations. The wealth of expertise and resources that reside in this task force coupled with unprecedented information sharing yields a highly mobile and responsive machine. In task force investigations, local law enforcement officers hold supervisory positions and representatives from other agencies regularly assume the lead investigator status. These investigations encompass a wide range of computer-based criminal activity, involving e-commerce frauds, intellectual property violations, telecommunications fraud, and a wide variety of computer intrusion crimes. Since 1995, the task force has charged over 800 individuals with electronic crimes valued at more than $525 million. It has trained over 13,000 law enforcement personnel, prosecutors, and private industry representatives in the criminal abuses of technology and how to prevent them. We view the New York Electronic Crimes Task Force as the model for the partnership approach that we hope to employ in additional venues around the country in the very near future. The systemic approach and business model of the task force is based on the principles of prevention, education, training and awareness, pre-incident response risk management, investigations and prosecution. But what I believe separates this task force from all others, what truly gives us our unique brand that has generated so much success, is our commitment to building trusted partnerships and placing the highest priority on that which is in the best interests of the community. Mr. Chairman, the greatest strength of the New York task force is our commitment and contribution to the community. Our core mission has always been simple -- to make a difference, to have an impact on the community, and to respond to the needs of our law enforcement partners, consumers, and private industry. The community has always been our focus. Little did we know, that one fateful day after the destruction of our office and all of our investigative tools and records, that this community would stand by our side and help to rebuild us. Despite losing our building and our equipment, we still had our most precious resource, each other. I cannot tell you how proud I am of not only the men and women of the Secret Service who work tirelessly on the task force day and night, but also the assistance and support of our task force partners that cannot be quantified. Because of this support, I can tell you that within 48 hours of the complete destruction of our New York Field Office, the now battle-tested task force model was operational within 48 hours and fighting back. An important component in our investigative response to cyber crime is the Electronic Crimes Special Agent Program (ECSAP). This program is comprised of approximately 175 special agents who have received extensive training in the forensic identification, preservation, and retrieval of electronically stored evidence. Special Agents entering the program receive specialized training in all areas of electronic crimes, with particular emphasis on computer intrusions and forensics. ECSAP agents are computer investigative specialists, qualified to conduct examinations on all types of electronic evidence, including computers, personal data assistants, telecommunications devices, electronic organizers, scanners and other electronic paraphernalia. The Secret Service ECSAP program relies on the 4 year-old, Treasury-wide Computer Investigative Specialist (CIS) initiative. All four Treasury law enforcement bureaus – the Internal Revenue Service, Bureau of Alcohol, Tobacco and Firearms, U.S. Customs Service and the U.S. Secret Service -- participate and receive training and equipment under this program. Recently, this has been expanded to include state and local law enforcement. All four Treasury bureaus also jointly participate in curriculum development and review, equipment design and distribution of training assets. As a result, financial savings by all Treasury bureaus are realized due to economies of scale. Additionally, agents from different bureaus can work together in the field in an operational capacity due to the compatibility of the equipment and training. In the end, the criminal element suffers and the taxpayer benefits. Because of the recognized expertise of those in ECSAP, other law enforcement agencies regularly request training from the Secret Service or advice concerning their own computer forensics programs. These requests have come from agencies all across the country, as well as foreign countries such as Italy and Thailand. The Secret Service recognizes the need to promote international cooperation and remains proactive in the dissemination of information to law enforcement agencies, both domestically and internationally, regarding program initiatives and current financial and electronic crimes trends. Mr. Chairman, we are committed to working closely with our law enforcement counterparts worldwide in response to cyber crime threats to commerce and financial payment systems. We currently have 18 offices in foreign countries and a permanent assignment at Interpol, as well as several overseas initiatives. Our foreign presence increases our ability to become involved in foreign investigations that are of significant strategic interest. In addition to providing law enforcement with the necessary technical training and resources, a great deal more can be accomplished in fighting cyber crime if we are able to harness additional resources that exist outside government in the private sector and academia. The Secret Service believes there is value in exploring new methods within the legal framework with both those in the private sector and academia who are devoting substantial resources to protecting their networks and researching new solutions. Finally, law enforcement in general is not sufficiently equipped to train the masses nor can it compete with academic institutions of higher learning in the area of research and development. However, our partnerships with industry and academia have demonstrated that this should be an integral part of the solution. Partnerships are a very popular term in both government and the private industry these days and everyone agrees that there is great benefit in such an approach. Unfortunately, however, partnerships cannot be legislated, regulated, or stipulated. Nor can partnerships be purchased, traded or incorporated. Partnerships are built between people and organizations who recognize the value in joint collaboration toward a common end. They are fragile entities which need to be established and maintained by all participants and built upon a foundation of trust. The Secret Service, by virtue of the protective mission for which we are so well known, has always emphasized discretion and trust in executing our protective duties. We learned long ago that our agency needed the full support and confidence of local law enforcement and certain key elements of the private sector to create and maintain a successful and comprehensive security plan. Furthermore, we are also keenly aware that we need to maintain a trusted relationship with our protectees so that we can work with them and their staffs to maintain the delicate balance between security and personal privacy. Everyone knows the Secret Service “protects and serves;” now, in the Information Age, our mission is to also “protect servers.” Our predisposition towards discretion and trust naturally permeates our investigative mission where we enjoy quiet successes with our private sector partners. We have successfully investigated many significant cases with the help of our private sector partners such as network intrusions and compromises of critical information or operating systems. In such cases, even though we have technical expertise that is second to none, we still rely on our private sector counterparts to collaborate with us in identifying and preserving critical evidence to solve the case and bring the perpetrator to justice. Equally important in such cases is conducting the investigation in a manner that avoids unnecessary disruption or adverse consequences to the victim or business. With the variety of operating platforms and proprietary operating systems in the private sector, we could not accomplish these objectives without the direct support of our private sector partners. In fact, in one recently completed complex investigation involving the compromise of a wireless communications carrier’s network, our case agent actually specified in the affidavit of the federal search warrant that representatives of the victim business be allowed to accompany federal agents in the search of the target residence to provide technical assistance. This is unprecedented in the law enforcement arena and underscores the level of trust we enjoy with those we have built relationships with in the private sector. It is also indicative of the complexity of many of these investigations and serves to highlight the fact that we in law enforcement must work with private industry to be an effective crime fighting force. In approving this search warrant, the court recognized that in certain cases involving extraordinarily complex systems and networks, such additional technical expertise can be a critical, and sometimes imperative, component of our investigative efforts. Recently-concluded investigations demonstrate the breadth of cases the Secret Service is working, and provide concrete evidence of the continuing success of ECSAP. Examples of such cases include an intrusion into a telecommunication provider’s network and an attack on a private investment company’s trading network. The first case was initiated on February 20, 2001, a case with obvious critical infrastructure implications, when two major wireless telecommunications service providers notified the New York Electronic Crimes Task Force that they had identified two hackers in different remote sites who were attacking their systems. These hackers were manipulating the systems to obtain free long distance service, re-route numbers, add calling features, forward telephone numbers, and install software that would ensure their continued unauthorized access. The level of access obtained by the hackers was virtually unlimited, and had they chosen to do so, they could have shut down telephone service over a larg e geographic area, including “911” systems, as well as service to government installations and other critical infrastructure components. On March 20, 2001, the Secret Service simultaneously executed search warrants in New York City and Phoenix and computer equipment was seized at both locations. One suspect was arrested on federal computer fraud charges, while the other suspect is pending indictment for computer tampering under Arizona state statute. The partnership and teamwork with the telecommunications service providers made all the difference in the successful and final outcome. They were included from start to finish in the investigative and prosecutorial strategies to better protect their information and operational effectiveness. The second case occurred from March 9, 2000, through March 14, 2000, when a company located in New York, NY, received several Internet-based “denial of service” attacks on its servers. A “denial of service” attack occurs when a perpetrator launches malicious programs, information, codes, or commands to a target or victim computer which causes a degradation of service or shutdown, thereby denying access by legitimate customers to those computers. In this instance, the company was a prominent provider of electronic trading services on Wall Street. While the attacks were still occurring, the company’s CEO contacted the New York Electronic Crimes Task Force. The CEO identified a former employee as a suspect, based upon the fact that the attacks preyed on vulnerabilities which would only be known to the former employee. These attacks continued through March 13, 2000, when ECSAP agents and task force members identified the attacking computer and arrested the former employee for violating Title 18, USC, Section 1030 (Computer Fraud). In a post-arrest statement, the suspect admitted that he was responsible for the denial of service attacks. As a result of the attacks, the company and its customers lost access to trading systems. Approximately $3.5 million was identified in lost trading fees, commissions, and liability as a result of the customers’ inability to conduct any trading. Let me relate the Secret Service’s mission in fighting cyber crime to the bigger picture of critical infrastructure protection. As previously stated, we target cyber crime as it may affect the integrity of our nation’s financial payment and banking systems. As we all know, the banking and finance sector comprises a very critical infrastructure sector and one which we have historically protected and will continue to protect. In this context, our efforts to combat cyber assaults which target information and communication systems which support the financial sector are part of the larger and more comprehensive critical infrastructure protection scheme. The whole notion of infrastructure protection embodies an assurance and confidence in the delivery of critical functions and services that in today’s world are increasingly interdependent and interconnected. To put this all in perspective, the public’s confidence is lost if such delivery systems and services are unreliable or unpredictable regardless of the cause of the problem. We also recognize that our unique protective responsibilities, including our duties as the lead federal agency for coordinating security at National Special Security Events, demand heightened electronic security awareness and preparation. A well-placed cyber attack against a weak technology or support infrastructure system can render an otherwise sound physical security plan vulnerable and inadequate. Mr. Chairman, it should also be noted that all deliberate infrastructure attac ks, before they rise to such a threshold, are also cyber crimes and are likely to be dealt with initially by law enforcement personnel, both federal and local, in the course of routine business. In fact, I don’t believe there is universal agreement as to when a “hack” or network intrusion rises to the threshold of an infrastructure attack and corresponding national security event but we would all probably recognize one when it reached catastrophic proportions. Given this continuum and interplay between computer-based crimes and national security issues, the Secret Service recognizes that its role in investigating computer-based attacks against the financial sector can be significant in the larger plan for the protection of our nation’s critical infrastructures. When we arrest a criminal who has breached and disrupted a sensitive communications network and are able to restore the normal operation of the host --be it a bank, telecommunications carrier, or medical service provider -- we believe we have made a significant contribution towards assuring the reliability of the critical systems that the public relies upon on a daily basis. As a footnote, the task force meets regularly with representatives from Wall Street and the Financial Services Information Sharing and Analysis Center (FS/ISAC) that was created pursuant to Presidential Decision Directive (PDD) 63. The directive mandated the Department of the Treasury to work with members of the banking and finance sector to enhance the security of the sector’s information systems and other infrastructures, a responsibility managed by Treasury’s Assistant Secretary of Financial Institutions. The role of the FS/ISAC is to devise a way to share information within the financial services industry relating to cyber threats and vulnerabilities. The Secret Service feels that it can make a significant contribution to the work of the FS/ISAC and is exploring common areas of interest with the FS/ISAC, to include information sharing, information technology, and expertise in technical, physical security and administrative areas of concern The Secret Service is also continuing to receive requests from local law enforcement agencies and others for assistance, and we welcome those requests. On an alarmingly increasing basis, our local field offices and the Financial Crimes Division of the Secret Service receive desperate pleas from local police departments for physical assistance, training and equipment in the area of computer forensics and electronic crimes so that they can continue to provide a professional level of service and protection for their citizens. In short, the Secret Service has become another option for local law enforcement, the private sector and others to turn to when confronted with network intrusions and other sophisticated electronic crimes. Over the past 3 years, Secret Service ECSAP agents completed 2,122 examinations on computer and telecommunications equipment. Although the Secret Service did not track the number of exams done for other law enforcement agencies during this period, it is estimated that some 10 to 15 percent of these examinations fell in this category. Many of the examinations were conducted in support of other agencies’ investigations such as those involving child pornography or homicide cases simply because the requesting agency did not have the resources to complete the examination itself. In spite of our limited resources, we do provide physical assistance on a regular basis to other departments, often sending ECSAP agents overnight to the requesting venue to perform computer related analyses or technical consultation. In fact, so critical was the need for even basic training in this regard that the Secret Service joined forces with the International Association of Chiefs of Police and the National Institute for Justice to create the “Best Practices Guide to Searching and Seizing Electronic Evidence” which is designed for the line officer and detective alike. We have also worked with this group to produce the interactive, computer-based training program known as “Forward Edge” which takes the next step in training officers to conduct electronic crime investigations. Forward Edge incorporates virtual reality features as it presents three different investigative scenarios to the trainee. It also provides investigative options and technical support to develop the case. Copies of state computer crime laws for each of the fifty states as well as corresponding sample affidavits are also part of the two-CD training program and are immediately accessible for instant implementation. Thus far we have dispensed over 220,000 “Best Practices Guides” to local and federal law enforcement officers and we are preparing to distribute, free of charge, over 20,000 Forward Edge training CDs. In an additional effort to further enhance information sharing between the law enforcement community and the financial industry, the Secret Service recently created the “E Library” Internet website which serves as a mechanism for all members to post specific information, images and alerts relating to fictitious financial instruments, counterfeit checks, and credit card skimming devices. This website is accessible free of charge to all members of the law enforcement and banking communities and is the only such tool of its kind. In today’s high tech criminal environment, the challenge to federal law enforcement and government is to identify existing repositories of expertise and provide a framework for inclusion and productive collaboration amongst the many government agencies and their respective industry and academic co unterparts. The Secret Service is convinced that building trusted partnerships with the private sector and local law enforcement is the model for combating electronic crimes in the Information Age. Mr. Chairman, that concludes my prepared statement, and I would be happy to answer any questions that you or other members of the subcommittee may have. ------------------------ Yahoo! Groups Sponsor ---------------------~--> Pinpoint the right security solution for your company- Learn how to add 128- bit encryption and to authenticate your web site with VeriSign's FREE guide! http://us.click.yahoo.com/yQix2C/33_CAA/yigFAA/kgFolB/TM ---------------------------------------------------------------------~-> ------------------ http://all.net/ Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
This archive was generated by hypermail 2.1.2 : 2001-12-31 20:59:54 PST