Press "Enter" to skip to content

Why Strong Public and Private Sector Partnerships Are Needed in Cybersecurity

pWhy Strong Public and Private Sector Partnerships Are Needed in Cybersecurity Music My name is Janet Lenaghan and I have the pleasure of serving as dean of the Frank G.

Why Strong Public and Private Sector Partnerships Are Needed in Cybersecurity

Zarb School of Business. Before I begin I would like to recognize and thank President Rabinowitz and the Board of Trustees for their support in the creation and launch of our new stateoftheart Cybersecurity innovation and Research Center. It is also my great pleasure to welcome you to this evenings very special joint event hosted by the Fred DeMatteis School of Engineering and Applied Science and the Zarb School of Business. I know this will be a fascinating discussion on the need for strong public and private sector partnerships in addressing the growing importance of cybersecurity and our brand new Center, which I invite you to tour later this evening is truly a great example of such a partnership.

Funded in part by a 200, 000 Empire State Development grant awarded by the Long Island regional economic development council, its aim is to be a training and educational resource not only for our students but also for local institutions in the metropolitan region. The sophisticated technology in the center will train students to detect and defend against cyber crime. With a hacker attack estimated to occur every 39 seconds cyber crime is growing is a growing threat for all business and government and is estimated to cost six billion dollars globally by 2021 with an alarming shortage of knowledge workers in the field, currently estimated at 300 thousand and expected to grow to 3.5 million in a few years, the Cybersecurity Innovation and Research Center will help prepare the workforce needed to fill this void.

As president Rabinowitz noted at the ribboncutting ceremony last week, and I quote, We have created a center that will train a new generation of cybersecurity experts who can stay ahead of our increasingly sophisticated hackers and safeguard the information technology and technology that power our economy. A key differentiator of a Hofstra education is our commitment to providing innovative and handson learning experiences for our students and this center with the only academic cyber war room in the New York metropolitan area will provide students with the opportunity to use cuttingedge technology and simulation software to create hyperrealistic cyber attack scenarios and work through all the resulting issues in real time. Our faculty both from the DeMatteis school and the Zarb School, who you will meet later tonight, have done a superb job of bringing together all the necessary tools to provide students with the knowledge and skills needed to deal with the challenges of working in an everincreasing virtual world. From a new interdisciplinary MS in cybersecurity offering two concentrations, one in technology and one in management and policy, to an MBA with the concentration in cybersecurity and a BS in cybersecurity, the Hofstra Center for Cybersecurity Innovation and Research will serve as the foundation of integrate innovative curriculum and also to help create partnerships between industry, government and education to analyze analyze threats, strengthen network security, and mitigate the economic impact of cybercrime.

And now, I would like to introduce my dear colleague whose leadership was instrumental in the creation of this Center. Dean Rabbany is the Dean of the Fred DeMatteis School of Engineering and Applied Science Applause Thank you Janet and welcome everyone again. Im pleased to welcome special agent Peter Casson as our keynote speaker tonight for the launch of Hofstras Cybersecurity Innovation and Research Center. Peter is a 1994 graduate of SUNY Maritime College and served in the U.S. Coast Guard from 1994 to 2000.

In March 2000 he began a career in the FBI. For his first 11 years Peter worked on cases focused on international drug trafficking and violent crime. Thereafter from 2012 to 2016 he was the supervisor of an international violent crime squad that focused on translational violent crime and extraterritorial violent crime matters. in April 2016 Peter shifted his focus to cybercrime and joined FBI New York cyber branch. From April 2016 until recently specifically August 2019 he was assigned to squad cy2 and was the lead case agent of various cyber criminal investigations that focused on computer network intrusions.

During that time he also earned a masters degree in cyber security from Fordham University. In September 2019 Peter became the supervisor of the squad cy1 which focuses on cyber national security threats based on Europe and Asia. Please join me in welcoming Mr. Peter Casson.

Applause Good evening. Its a pleasure to be here. Its a nice audience. I have to say I was a little bit freaked out by seeing my picture on the digital billboard outside as I was driving up. I didnt, I didnt expect that but its its nice I guess.

So thank you for having me and this is a really exciting evening I think for Hofstra and you know were here to celebrate the opening of a great new facility that will undoubtedly elevate Hofstra cybersecurity degree programs. This facility will be used to accurately simulate realworld cyberattacks and better prepare students for the types of incident response scenarios they may face as they enter the workforce in this evergrowing field of cybersecurity. We all know that lecture hall work is good but there is no substitute for handson experience. Having used a similar facility to this one not too long ago I participated in a training event with other agencies.

We used IBMs Cyber Range facility very similar to this one up in Cambridge for a couple of days event. It was a really good experience. Some of the best training Ive ever had in this in this area so I really can value what you guys are doing here. Its really gonna be helpful, without a doubt. Its great because you know you you get to contextualize all those principles you learn in the classroom and get to put it to use and then mix it and marry it with some of the more important attributes you need which are things like judgment, communication, team building, and and put it all together and a facility like this is really gonna allow you to do that, so I definitely commend Hofstra for this program and for developing this.

I also commend the Long Island regional economic development council for having the foresight and the wisdom to invest in something like this and I definitely want to congratulate D r. Kim and Dr. Fu for putting this together and for getting it done. So this is certainly going to make Hofstras programs better and I think thats pretty obvious. What I want to spend my time doing tonight is try and make an argument that maybe a little bit less obvious: that the opening of this facility is significant for much bigger reasons, reasons that go way beyond just making a university on Long Island a little better.

I want to offer you a little perspective as an FBI agent currently working in the field of cybercrime and tell you I think the creation of this facility is actually a microcosm of what should be done as part of a broader national strategy that will be so vital to our collective efforts in combating cyber threats going forward. The key phrase in that last sentence was collective efforts because thats what its going to take: a layered approach that we rely heavily on strong robust public and private sector partnerships and efforts, a strategy whose nucleus is going to have to be an army of strong private sector cybersecurity professionals that are able to adroitly self defend and respond internally to cyber incidents against their companies networks. And then equally as important understand how the intelligence gleaned from those specific incidences has value to the collective cyber security community and how that value is multiplied the more that information is shared with private sector peers and public authorities. The last part is critical because we are currently living in a cybersecurity culture that seems to frown upon reporting and sharing internal incidents.

We can understand why to some extent. There are liabilities and potential vulnerabilities, reputational and other, that come along with exposing your dirty cyber laundry, but we need to understand that on scale that culture is only helping the enemy. Now the government and the FBI specifically does have a lot to offer and its a critical role to play. But when you juxtapose the size and scale of this threat with the limited resources we have to bear on this issue you can easily see that the gap is Grand Canyon like.

So what that means is to be effective we need to direct our limited resources in the right places, and to do that we need a clear picture of what is going on out there, and that picture will only be accurately portrayed with privatesector input, and even then many cyber threats will still go on address by law enforcement. Thats just a fact. M ore simply stated the FBI, law enforcement in general, the US government will not be able to thwart the expansion of cyber threats alone, not even close.

So as my goal today, to try and make each of you understand that cybercrime is not the FBIs problem or law enforcement problem in general. Its not the NSA or DoDs problem. Its everyones problem and that problem will have to be addressed through through thorough collaboration, partnerships, information sharing, and the smart use of government and law enforcement resources and this facility, this new facility that were were honoring today both in how it was funded and how it was developed and how will be utilized is a perfect example of that model in action. So now in order to effectively make this argument I think its necessary for me to give you a bit of an overview of the current cyber threat landscape as the FBI sees it.

Im gonna warn you its going to be a grim and somewhat dark picture. Im also going to go a little darker and give you a little insight into how we at the FBI are aligned so that you could better understand what I mean by that Grand Canyon type gap I mentioned earlier. In doing that, I also want to manage your expectations a bit about what happens when incidents are reported to the FBI and how there is a very high likelihood that we will not open a case on an incident as reported to us but we still want and need that information.

But fear not, as the true optimist that I am, Im also going to brighten things up a bit by providing you with a few examples of how effective we in law enforcement can be with strong private sector support and cooperation. I will also continue to give you some more hope by speaking a bit of more about how this mindset of public private sector collaboration and information sharing can be so effective to close that gap. So Ill give you an example. So in early 2014 30year old Andre Tieran sat in his apartment in Moscow and using two laptop computers and his 10 to 15 years of selftaught hacking skills, he began scanning various IP addresses that he knew to be publicly associated with JPMorgan Chase the large bank. But it wasnt money that Tieran was after.

Instead he was after customer information and more specifically email addresses and stock portfolios. Why? Because thats what Tieran was hired to do. You see, for the past two years Tieran had been working for a small group of criminal actors that have been leading a largescale hacking campaign that targeted major financial institutions, brokerage firms, and news agencies. Their end goal was to make large amounts of money through stock market manipulation and through the delivery of spam emails designed to drive traffic to their multiple illicit online marketplaces that sell illegal pharmaceuticals, pornography, and hosts online gambling.

Tieran had been born and raised in Moscow, Russia. After spending about three years in Moscow University and five years in the Russian army Tieran began earning money from home doing what he loved best: computer science, specifically Tieran enjoyed hacking and the challenge of defeating network security systems. He was almost exclusively selftaught, very bright guy, and he learned how to monetize that skill by doing freelance blackhat SEO work, which meant using the information he gathered through hacking networks to drive traffic to his clients websites. In 2012 he began working almost exclusively for that aforementioned group of criminals which was paying him anywhere from 50 to 60 thousand dollars a month for his services.

After carefully and meticulously scanning each of JPMorgan IP addresses that he that he had he discovered one platform that allowed users to upload files. Tieran then used this feature to upload a malicious file that contained an executable. That executable contained a tiny backdoor shell that allows Tieran to gain access to that network going forward. From there he conducted several weeks, actually months, of recon until he identified a way to elevate his access privileges to that of administrator Tieran then used that elevated access to gain entry into JP Morgan Chases customer database.

Now he had admin access so he was in. Then he began extracting data to tune of over 80 million customer records. From the beginning to end the entire effort took Tieran approximately four months. On August 7 2014, the IT folks at JPMorgan noticed a large X Vil and immediately knew they had a problem.

They then acted swiftly and identified an isolated the IP addresses being used by Tieran and blacklisted them from their networks. He then also performed a few other additional measures that effectively and quickly eradicated the persistent threat being caused by Tieran. But the damage was done.

Those records were gone. Shortly thereafter the FBI New York office was notified of this incident. The complaint was routed to one of our criminal cyber squads and that squad immediately engaged with JPMorgan Chase and the FBI in New York office, our agencys largest field officewe have a branch dedicated to cyber. That branch consists of six squadswe call our team squadseach made up of a supervisor, about five to seven special agents, approximately two intelligence analysts, two to three Task Force officers from various different agencies like the NYPD, the U.S. marshals, CBP, Department of Energy, and others.

The branch also includes several FBI fulltime computer scientists that assists with our case. Technically three of the six squads are dedicated to criminal matters, cyber criminal matters. The other three are dedicated to national security matters, so in total we have about 70 or so professionals working in this threat here in New York. This is not necessarily how every FBI office is arranged though.

Many of our small offices may not have a dedicated cyber branch. Matter of fact, most dont. But they will have agents assigned to the threat. Every field office is now tasked with addressing cyber threats. C yber is considered a top priority by our headquarters so it must be addressed by every field office.

Supporting and guiding all those field office resources is FBIs headquarters cyber division. On the NAT division, headquarter supports the field office towards combating cyber threats by providing funding, complaint management, technical resources, and strategic guidance. In addition to our field office resources, we also have several agents that are trained in cyber matters that are stationed around the globe in various different US embassies as part of our league at program. We call them cyber a lats. We have them in strategic countries where where cybercrime is most prevalent and they help facilitate and and move forward are our cases internationally.

So how many complaints related to cyber does the FBI receive? Well through our ic3 platform which is our online internet complaint platform we receive approximately 900 per day. That cumulates to over 350, 000 per year and the losses reported on that platform exceed 1.5 billion annually. Then at the field office level we also receive complaints pretty routinely probably about a dozen a week at least.

Now while were not the only law enforcement agency that works cybercrime and threats you can still easily see the contrast between the amount of incoming complaints and the amount of resources that we have. Theres a big difference there. So how do we initiate cases and how we decide on which cases to open?

Well I mentioned one before which was complaints. So one of the ways we initiate cases is just by the complaints coming in from those different platforms. We also get complaints and leads from our prosecutor partners SDNY and EDNY.

Theyll sometimes get complaints given to them and then theyll forward them on to us. we initiate some cases through Intel reporting. So our Intel analysts are always looking to see what trends are out there and whats happening in the world of cyber threats and if we see an emerging threat will many open a case on that matter without having a complaint. And then we also rely on sources, confidential human sources. Theyre not as prevalent in cyber as they are in other violations but theyre still there and they still help us initiate investigations, identify targets.

And something that were doing more and more of of late is undercover operations, online undercover operations. Were present in some chat rooms. Were president in some dark markets, and were there and were interacting with the bad guys and were trying to initiate cases that way. Now, what what makes us decide what cases to open?

I mentioned before that huge gap between resources and and demand. Well a couple of factors. Theres no clearcut formula but we consider a few things. One is the amount of loss. So when you have an incident, what was the impact of an incident how much loss was there and what is what is the prosecutors appetite for pursuing a case like that?

Who is the victim? Is it a public sector victim? Is a part of our critical infrastructure? What is the impact of the general public and national priorities?

S good example of that would be right now were looking hard at any incident thats related to election tampering. So if we see it weve already gotten some complaints about some networks that are involved in the election process being port scanned, so were gonna take a close look at that because its a national priority. How an incident correlates to an existing or ongoing case or trend. So we may have a small incident that we may not normally take on its own but if it is connected to our larger case thats already existing then obviously were gonna take a closer look at it.

But the biggest factor is caseload and resource availability Thats just gonna vary from month to month, day to day. Thats going to be a major contributing factors to what we take and what we open and dont open. Getting back to the JP Morgan case. Based on the criteria I just laid out for you, that was a nobrainer we were gonna open a case on that.

A critical infrastructure, a lot of victims, a lot of loss. So in August 2014 FBI agents arrived at JP Morgan Chase to meet with their team handling the crisis. Now, at this point, JP Morgan had a choice to make.

They could have done only what was legally required to them: immediately make their regulated required notifications and only respond to whatever legal process we served on them, or they could choose to fully cooperate with the FBI and completely assist with the investigation. Luckily they chose the latter. So armed with that already identified list of malicious IP addresses that JP Morgan provided us, which were based out of several different countries, to include Egypt, Poland, Germany, Canada, Brazil, the FBI agents immediately passed those IP addresses to our appropriate cyber ALATs and the overseas assignments along with MLAT requests and MLAT stands for Mutually Legal Assistance Treaty its the legal process by which we we request legal assistance from a foreign country thats a part of the treaty. So along with those IP addresses being passed we made some MLAT requests to ask the host country law enforcement to serve legal process on those ISPs so we can get some information on those on those servers.

You see the criminal organization that hired Tieran set up these proxy servers and they did that to help obfuscate where Tieran was coming from but they also strategically placed those proxy servers in countries that would not seem odd to JP Morgans network to have traffic coming from those, from those particular servers, so it was carefully thoughtout. In addition to overseeing or leveraging our overseas MLAT resources, the FBI partnered up with the Secret Service to add additional investigative resources to this case. As the investigation progressed and returns from those MLAT requests came back, thanks to great cooperation from an international law enforcement partners, we did identify a single email email address that was associated with one of those proxy servers that was of great interest.

It was unique and was unique in that it was clear that it was actually the personal email address of one of the criminal actors in this in his organization. It was a mistake which often times is how we catch criminals they make mistakes. So they mistakenly used a real email address for one of those servers.

We capitalized on that and from that identified one of the criminal actors. That individual was then indicted and arrested in Israel in May of 2016 and soon after that extradited to the United States. That big break led to a series of additional investigative leads and clues which eventually led to the identification of Tieran, Several months later, Tieran was charged by the SDNY in a sealed indictment.

Now the challenge was, how do you arrest the Russian national whos sitting in Russia. Thats a challenge. The answer: patience. We wait and we did that, and in late 2017, the FBI became aware of Tierans intentions to travel home to the country of Georgia. Armed with that knowledge and again with our overseas liaison partners, we worked to put into action a formal request to the Republic of Georgia to arrest Tieran upon his arrival and they agreed to do so.

That operation was successful. A few months later, on September 7, 2018 myself and a team of FBI agents traveled to Georgia on the FBI directors plane to take custody of Tieran to bring him back to the SDNY. Why did we use the FBI plane? Well, first of all its pretty cool.

Its a nice plane. But beyond that we had a very short timetable to go grab him, due to Georgias extradition laws. They gave us a very short period of time in order to come get him otherwise they would have released him.

The other reason why we used the FBI plane was that we knew that he had been visited in prison a couple of times by representatives of the Russian government. So we figured he was coached and one of the things he was probably coached on was that if you took a commercial flight back to the United States and he landed in a layover country he could try and claim asylum and cause problems for us in terms of the extradition. So to avoid that we procured our own plane and flew him straight from from Georgia right to Manhattan. So why did I highlight this case?

Because it showcases the power of collaboration and cooperation. Obviously the cooperation of JP Morgan was critical, but in addition the case also showcased the value of our partnerships with other agencies like The Secret Service, with our international law enforcement partners, as demonstrated to the proxy server information we obtained from from foreign law enforcement, and from the help we received with the overseas arrests and expeditions. It also highlights the immense amount of resources and commitment the FBI does have to bring to bear on specific cases that we do work. So let me give you one more quick example which is much more simpler, much less sophisticated, but still highlights the benefits of good privatepublic sector cooperation and it specifically relates to university security, so it kind of hits home.

On September 6th 2016, the FBI New York office received a complaint from a New York areabased UniversityI wont name the name but its not Hofstraregarding their realization that many many students email accounts have been compromised. What they had noticed was a severe uptick in students complaining about losing access to their student school email accounts. Sensing something was wrong, the university hired a thirdparty mitigation company to come in and audit their email security system and networks.

What that revealed was at one specific IP address, based in Phoenix, Arizona, have been responsible for change in the passwords to over 1, 000 student email accounts from this particular University. They also realized was that. not unlike many US universities unfortunately, the email password reset utility they were using was not very secure and was somewhat easy to defeat. More specifically, the reset questions asked. when the reset questions were prompted to the to the user if you put in a wrong answer over and over again it didnt lock you out. You can keep keep guessing over and over again.

Plus it allows some of the questions to be like Whats your favorite color? so obviously you can you can six or seven tries youre gonna get that one. And that it would also made the University of any University a good target for this scheme is that email directories, email addresses of students, are not that hard to get publicly. Most universities have directories of email addresses or they have a pattern in which they create their email addresses thats pretty easy to decipher: firstname lastname you know at the University dot edu or something like that. So it makes for a very easy way to guess emails or procure emails to then try the password against. Plus when you add the immense amount of social media presence that most collegeage people have, doing social engineering research on those targets is fairly easy to do.

All that together, this particular actor get became very good at defeating these password systems. Nothing all that sophisticatedwasnt a hacker, it wasnt a programmer. He just got good at doing this. Once again, the victim entity was willing to cooperate fully with the FBI and gave their mitigation firm permission to share all the information with us entirely. With that we quickly resolved the IP address back to a large accounting and temp services company that has nationwide branches.

So it appeared the individual was using a workbased computer to perpetrate this this crime. Our next move was to contact the internal security IT folks at this firm. We knew that we would need internal help to correlate that IP address to a specific user. They were extremely helpful.

They were quickly able to resolve the IP to an employee named Jonathan Powell. Now the next step was to build a case against Mr. Powell and also determine what his motivation was for these attacks. We assumed it was monetary in some way.

And what the damages were. First, in cooperation with the FBIs investigation the company began monitoring all Powells network traffic and providing that information into the FBI. Network traffic related to his work computer.

We were very quickly able to see how he was frequently visiting university websites almost all day long, every day. Next we needed to get our hands on that company laptop that he was using so we can examine it forensically, so we could build a case. We needed to do so in a way that would not tip him off and so that you wouldnt wipe it before giving it up.

Once again, the companys cooperation was needed and they obliged. At our direction they had a member of their IT department recall the device suddenly, under the ruse that it needed a software update needed to be installed on it. Not thinking anything of it, Powell surrendered his laptop in exchange for a new device. That original device was then handed over to the FBI for a forensic review.

What was found was plenty of evidence of unauthorized email access and several folders of female names containing private sexually explicit photos of those females. Turns out Powell was not in it for the money he was essentially a digital peeping tom and he was after private illicit photos and articles of collegeage girls. This investigation revealed that he had done this effectively to at least six other universities over the course of about a year and he had compromised over 2000 accounts, and the extent of that breach went way beyond the emails, because he would use the access to those email accounts to then hop over to those victims iCloud accounts, Dropbox accounts, social media platforms, a lot of the students would use their their school email address as a recovery email address or as a login for those accounts, so he could easily get into those.

So once again a successful case that resulted in immense cooperation from both the victim University and the company that the subject was basing his operations from. So those are two quick examples, now lets talk more about in general terms what the threat landscape is overall as see it in the FBI. aside How am i doing on time? OK? OK. on mic At the FBI were seeing an increase in the complexity of cyber threats.

Virtually every national security threat and crime problem the FBI faces is cyber based or facilitated. Were seeing an evolution and the impact scale and speed of these threats for example a single cyber intrusion can impact million of it millions of individuals with the click of a download button the FBI in our partners in state and local government and the US government international partners and private industry are also worried about the wider than ever range of threat actors for multinational cyber criminal syndicates to nationstate adversaries to terrorists using social media for recruiting around radicalization weve seen a rise we are referring to as blended or hybrid threats one of the threats are hybrid threats of nationstates working in tandem or criminal actors to target us u.s. its businesses and its people the methods methods and tools used by these malicious cyber actors are increasingly sophisticated the scale of criminal tools and services on the dark web makes it easier for actors and all skill levels to partake in nefarious cyber activities the tools themselves are becoming more sophisticated we had the FBI separate cyber threat categories into two main buckets national security or nationstate threats and criminal threats on the nationstate threat side as a Director of National Intelligence stated in 2019 worldwide threat assessment testimony our adversaries and strategic competitors will increasingly use cyber capabilities including cyber espionage attack an influence to seek political economical and military advantage over United States and its allies and partners at present China and Russia posed the greatest espionage and cyber attack threats but we anticipate that all of our adversaries and trusteeship competitors will increase build and integrate cyber espionage attack and influence capabilities into their efforts influence US policies and advance their own national security interests for years our adversaries intra teacher competitors have conducted cyber espionage to collect intelligence and target our critical infrastructure to hold it at risk they are now becoming more adept using social media and altar hats alter how we think behave and decide as we connect and integrate billions of new digital devices into our lives and business processes malicious actives almost certainly will gain greater insight into into and access to our protected information China Russia Iran North Korea increasingly used cyber operations to threaten both minds and machines in an expanding number of ways to steal information to influence our students its ins and to disrupt our critical infrastructure the FBI is also engaged in a full spectrum of criminal threats as I mentioned before which range from oneoff criminals and insider threats to criminal enterprises nationstate proxies nationstate actors supplementing their income through cybercrime and mercenary elements to counter cyber criminal threats the FBI is building capabilities strengthening partnerships both domestic and foreign and imposing a cost or when possible using all sorts of tools we at the FBI are taking an enterprise approach to criminal cyber threats this means that our strategy is disrupt and ultimate its mantle the most significant cyber criminal enterprises by cyber Enterprise I mean that we are we are we use our resources to undercover and the hierarchy global infrastructure and money laundering networks that are essentially these criminal services and associated with criminal cyber crime some of the current cyber threats that were seeing currently is more and more sophisticated officers Gatien techniques ways that criminals are office skating where they are thats getting more and more sophisticated and more complicated we are seeing more threat theft fraud an illegal activity associated with the use of site of crypto currencies we are seeing obviously an increase in ransomware we are seeing an increase in reported east skimming or online skimming in which cyber criminals use malicious code on websites to steal online payment data real time we have seen an uptick in business email compromised costing victims billions of dollars in fraud losses over the past five years so when you digest all what I just provided you what are some of the characteristics that stand out about cyber threats and make this very different threat for law enforcement than weve encountered before Ill say first and foremost is two main challenges its visibility and its scale my visibility Im referring to the inability for law enforcement to know what is happening on private networks without those private entities reporting those activities back to us this is especially true of course in the United States where we protect privacy and restrain our law enforcement agencies from having access to our networks without proper legal process or probable cause this is of course a good thing but it does create a visibility problem the results of traditional crime tend to be much more apparent and obvious the occurrence of a homicide or a bank robbery is awfully difficult to prevent law enforcement for noticing it its gonna be obvious but network intrusions is almost impossible for us to know about if its not reported the other visibility issue is just attribution the cyber platform platforms to include proxies VPNs etc make it very easy for perpetrators to remain anonymous with regard to scale Im referring to tremendous scope of cyber threats as well as the borderless nature of the threat with scope being that almost all data is now digital the risk profile is astronomical the amount of potential targets and methods that can be deployed against those targets or too large to even quantify then being that the internet connects the entire world every nefarious actor in the world is only one command line entry away one SSH connection RDP connection URL can enter you away from knocking on your networks door so a potential number of a perpetrator is an endless contrast this to the FBI efforts to combat Italian organized crime in a latter part of the 20th century for example which we were very successful in doing how many total LCN gangsters will be dealing with back then a few thousand may be located primarily in a few main cities like New York Philadelphia Chicago on this front the cyber front were looking at millions spread all over the world in every corner and every basement another characteristic about this threat that is important to consider is a technical aspect investigating these types of cases does require a level of technical ability an acumen that is not yes yet not yet ubiquitous among law enforcement officers we have gotten much better in this area and we continue to do so but there still a dearth of skill set in this area that needs to be improved upon and currently further limits our capabilities so what is my point to all this my point is dont expect law enforcement to solve this problem we will undoubtedly be a big part of this solution and will play a critical low going political role going forward but due to the scale and scope of this matter every company or entity that relies on a computer network must learn how to self defend private sector cyber professionals must fill that gap and beyond self defence we must we must be better at sharing information and intelligence with one another most attacks are deployed using methods and techniques and signatures that are not unique to that specific victim as a victim whenever youre you experiencing on your network is almost definitely happening to several other networks as well probably to other entities in your same profession finding different ways to safely share and collaborate and in the near real time can be a game changer in stemming the tide of attacks also reporting these incidents and experiences to law enforcement understanding that we may not be able to action all of them its still needed why because it allows us to have a better visibility and therefore a more limited but powerful resources and methods in the right place another gamechanger so I mentioned in my opening remarks what makes me so impressed with this new facility that we are celebrating today is that on a micro level this war room embodies all of those virtues that will be needed in our national fight against cyber crime it was funded by the Long Island regional economic development council in part which is a New York State in New York State and private sector partnership it will be used to teach students how to be effective cyber security warriors and it will be made available to IT members of local businesses and municipalities so they can get better at cyber security as well that sharing part will also work to foster and encourage collaboration and partnerships so once again to collect congratulations on getting this done so I wanted to take the remaining few minutes of my time how am i doing on time okay okay Im just talking about appealing to the students the young adults in this room who maybe have an interest in pursuing a career in the FBI or law enforcement with regards to cybersecurity because that that is something I recommend and I definitely encourage you to do so so Ill just talk a few minutes about how to get involved with cyber in the FBI or how to get involved in the FBI in general so if you had an interest in working cyber with the FBI you can do it in a couple of different paths you could apply to be an FBI agent you could apply to be an Intel analyst and you can apply to be a computer scientist specialist now the first two I mentioned agent and analyst if you apply for those positions you dont apply specifically for cyber you have to apply for for those roles in the agency so there is a there is a possibility that youll get hired as an FBI agent or get hired as an Intel analyst and not be a scientist either but thats okay because if you do have some cyber skills and you do have an education in cyber which is which is really needed in the FBI Im quite confident you can get eventually get transferred over to a cyber squad or division just may take a little bit of time wouldnt surprise me if you got put there right away now as a computer scientist specialist which we do have positions there obviously there you will work cyber immediately those those computer scientists are basically embedded with us in our squads and they bring that cyber expertise that some of us agents dont have to help us analyze logs and look to look through forensic evidence and so forth so myself you heard a little bit about my career in the introductory remarks Im fairly new to cyber Im not a technical person I dont have a bachelors degree or undergraduate degree in computer science I was what we call in the FBI a knuckledragger for many many years which was violent crime drug trafficking gangs things of that nature you know the fun stuff so I did that for a very long time and decided that cyber was where was at and thats the emerging threat and where everything was going so I wanted to challenge myself and I wanted to learn so I was able to I actually demoted myself from a supervisor back down to an agent so I can come over and Ive been a student ever since and its been a really rewarding and an interesting experience so there are many different paths to to getting where Im at now but if you are a cybersecurity student and youre pursuing this academically its going to be a much easier path a much easier way to get there assuming that youre able to be hired by the FBI so Ill leave it at that and open it up for a few questions okay you that come to the microphone I think him is most folks here New Yorkers ok so then you appreciate how fast I talk so I probably apologize for the fast talking but its just my nature so Ill keep this simple my question is more on a macro scale how do we cut off the problem before it becomes a problem and help educate our lawmakers and regulators in how big of an issue this is because Ive spent the last five years arguing with the SEC along with the entire financial industry and I know that you know exactly what Im talking yeah yes so I will say that I I know for sure that our laws as it pertains to cyber intrusions on authorized access are very antiquated and need to be updated I assume thats going to happen sometime soon I dont know when its up to Congress obviously but everybodys familiar with gdpr Im sure what your point through I I anticipate at some point were gonna see something like that United States not on the scale of that I think I dont think the United States has the appetite for that level of control but I do think that we are going to be we should be seeing some sort of update to our legislation we are dealing right now with laws were charging laws that were on the books in the early 80s and a lot of it is just not practical to what were dealing with now a lot of venue issues with with how the old statutes are written when the when people doing cyber attacks back then did it from the actual place that they were sitting now that doesnt happen anymore so so yes I dont have that answers your question but but we definitely need to update our laws but in terms of getting out ahead of threats thats thats not an easy easy answer well I think partnerships and and more and more task forces and partnerships is probably one answer to that question but thats a very complicated um very complex of a question sure I think I want you to go to the microphone Im sorry yeah thank you for a great presentation sure most of the hackers coming from or the particular countries yeah we definitely see an increased volume out of Eastern European countries lot from Russia and a lot from from Asia on the you know so I mentioned it earlier in my presentation obviously the national security side its its the big players or North Korea China Russia but the criminal actors are also pretty prevalent there as well and I would say Eastern European countries as well and surprisingly more than you would probably would think out of Canada what surprised you surprised me sure a question on the guest behalf of the students cybersecurity is a topic is a milewide you break us on one particular slice of that from the standpoint of somebody interested in the topic how would you sort of summarize the nature of the work you do and the characteristics of the kind of person who would both excel at and enjoy the kind of work that you do how could somebody look at themselves and say thats for me yeah so um well first I think you have to have somewhat of a interest in desire in law enforcement in general obviously because the mission is still the law enforcement mission it is a service mission so I think you have to have that that as a basis but to work cyber and particularly definitely having a technical acumen definitely having an engineering or technical type of mindset is going to be extremely helpful look at the end of the day traditional investigations I like to make it seem like its all about complex or all that you know difficult but really its a lot of common sense when it comes to regular cases really what makes a successful agent in my mind is attitude work ethic common sense all of those things or what makes a good agent so you take those those traditional attributes and you add to it little technical ability to handle the more complex types of evidence we deal with from cyber I think you got yourself a pretty good cyber agent right there in your cases how common is it that you come across like organizations like underground organizations Im sorry what kind of organizations in your cases like is crime is cybercrime organised usually oh yes thats so both there are a lot of freelancers out there there are a lot of individual oneoffs that are doing this stuff but in the JPMorgan Chase example I gave you earlier and by the way there was other arrests made in that case I didnt want to take up too much time but that was a small criminal organization that hired that individual to do the hacking but they were a group somewhere around five to six actors that were working together located different parts of the world but they were they were organized and working together so we do see that we dont see large organizations I did mention in my in my remarks that we are seeing some criminal activity being funded and being supported by nation states so if you want to call that an organization but beyond that were not seeing largescale organizations where we are seeing groups of five to ten individuals working together as a team so definitely we see that and now we see a lot of individuals as well oh yeah go first Oh well do what this gentleman first I would just I was just wondering how would you suggest we protect ourselves like what browsers to use with VPNs to use things of that nature yeah look thats not really Im not really in that business but I mean I think its some commonsense stuff I mean yeah I I actually dont think VPNs are secure as you may think they are so Ill just leave it at that but just being cognizant of what your settings are on your phone or on your laptop being in public places which are WiFi on Bluetooth and things of that nature there are a lot of attacks that happen that way so its just a lot of common sense stuff just being diligent about that you know it sounds really silly and arbitrary but but just good passwords I think passport is gonna go away eventually but youll be surprised how many cases we have where the entry point was just a really bad password I mean its surprising to me but but it but it happens a lot and and and not cross pollinating your passwords which we all do Ive done it too well you have that one password that you use across multiple accounts that could be devastating because if that one password is compromised the hacker today they know that and theyll hit every single platform they think youre on and if you use the same password across all of them theyll still be in all those accounts just like that so you know using unique passwords its a pain it really is but thats a big one and just being just being aware of what your settings are what your environment is where you are I think that goes a long way I think a lot which cyber threats today this is both personal and on a network scale comes down to a lot of you know the lowhanging fruit what were seeing a lot is that because network security systems have gotten very good and there are a lot of good firewall Sims and those and things of that nature the hackers are really looking for easy targets its a I look at it as the equivalent of driving down the street and just looking to see whose windows are open its a lot of whats happening out there so if youre just not as weak as the next guy next to you I think youre in pretty good shape but you know thats its actually true so I dont know I dont that really is and Im not really a cybersecurity consultant I really couldnt give you a whole array I would just say just just those points all right do you think private and public sector are taking full advantage of the general public with the rise of things like bug bounty programs you know some companies will invest in stuff like that but its still very miniscule in terms of the overall big picture and I think theres a lot of people in the cyber field who would be willing to do free work almost or find things but are just too scared to report them and those things then go unnoticed under the radar and might get take advantage of later well its trance your question is no I dont think were doing it is not enough of that that was kind of I think the premise of my my presentation well not really but sort of you know I I think there is this is understandable there is this culture of privacy around cyber threats if youre breached as an individual or a company theres theres a particular amount of shame associated with that obviously and theres a theres a tendency to not want to share that and its understandable to some extent but but you know just understand that when youre not sharing that information or or doing something collaborative that way youre not helping the greater cause so it is a balance there and you know like for example we at the FBI will tell folks when we going to do our outreach to companies like we dont even if we want to open a case we dont necessarily have to like you can communicate to us you could tell us about a breach that you had in your network and you could say look we want to tell you about this we really dont want you to investigate it we probably wont do that we may push you a little more if youre if youre a critical infrastructure component or if you have some other Association that were more interested in but generally speaking if you want to be if you dont want to investigated were usually finally that we have plenty of the cases to go around but we want the information because the information helps us identify the landscape so the identification of that landscape which I think its kind of in the premise of your question is whats needed across the board cyber to the cyber security community has to start thinking of herself as a community it has to start sharing information collaboratively if we do that were going to do a lot too what I call the enemy thank you good presentation thank you great awareness as the FBI the only division in the government thats actually handling cybersecurity No and there isnt okay and do you guys just react does the FBI just react to attacks or is there a big grand plan to see the big picture and especially the some of the attacks that cause economic doom to a lot of organizations namely the city of Baltimore recently yeah hospitals in California where like ransomware attacks just can put a business out is there a big grand plan to maybe help educate the private sector helping with tools to from a government perspective because you cant combat you know nationstates that right in this small private sector yeah thank you so there is a national strategy it has to come out of the White House its more its more really geared towards a major incident response and so Ill break down your question and a couple different parts as far as who handles cyber threats the way we look at it nationally if we had a national event or a globe or a largescale cyber attack what the White House policy says is that the three main entities that are going to be involved in that are going to be homeland security HSI the FBI and DOD HSI is going to be the point for mitigation and for getting critical infrastructure back up and running and for solving that problem were going to be the lead on the investigation trying to figure out whos behind it and getting attribution and then DoD is going to play a role if its if its a nationstate and and maybe even do some sort of offensive retaliation or something thats of that nature so theyre always going to play a role thats sort of how were laid out that but more at the street level a couple of different agencies law enforcement federal agencies work cybercrime outside the FBI Secret Service does HSI does as well so Im not sure how they stack up bi I would probably I would imagine has the most resources on the federal level apply to this threat but but other agencies do as well now as far as a national strategy on how were combating cyber crime Im not aware of a national plan and we at the FBI have a net have a plan we have a strategic plan that is updated every year that is farmed out to the field offices and helps dictate to us how we align our cyber resources and what were going to be going after one thing we do do which you mentioned in your earlier part of your of your question in terms of educating the the the the private sector a couple of different things we do things call flashes and pins well well send out basically like flyers notifications to certain industries that will advise them of trends that were seeing that may impact them or some some guidance about how they can make their networks better so we do have those those some circulations we have InfraGard as well which is a partnership that we have with the private sector where we have members who become part of InfraGard and and then they are they are associating with us and meeting with us and were having more collaboration with them so theres a couple different ways that we do that and we do quite a bit of outreach as well thank you sure thank you very much for the informative presentation as my colleague Dean Lanigan alluded earlier at Hofstra we offer a range of degrees from bachelors to masters level for the students who are entering the early part of their education the bachelors in computer science and cybersecurity is seeking NSA accreditation so thats an accreditation you need to be able to work at a place like FBI and we are hoping our close proximity with FBI New York City office would also enable us to hopefully have a coop programs or students in the program can spend some time at their organization as well and we serve our facilities obviously for FBI New York City so they dont have to go all the way up to Cambridge and they be able to take advantage of our facility so please join us for a tour of our facility next door yeah the cybersecurity Center theres going to be technical demonstrations and you will get to see the sophisticated technology which is available to the students when theyre taking courses at Hofstra refreshment will also be served once again please join me to thank a special agent for this informative presentationp

Be First to Comment

Leave a Reply

Your email address will not be published. Required fields are marked *