CyberCrime 2003

Terrorists’
Activity
In Cyberspace
Why would our critical infrastructures be
targeted for attack?
 National Security
– Reduce the U.S.’s ability to protect its interests
 Public Welfare
– Erode confidence in critical services and the
government
 Economic Strength
– Damage economic systems
 New Risks and Threats
 Globalization of infrastructures increases level of vulnerability
 Easy access to infrastructures via Internet and Public Switched
Telecommunications Network
 Interdependencies of systems make attack consequences harder
to predict and perhaps more severe due to the cascading effects
 Malicious tools and recipes for new cyber weapons are widely
available and do not require a high degree of technical skill to use
 Countless players with malicious intent
 New cyber threats outpace defensive measures
 Vulnerability Types
 Computer based
– Poor passwords
– Lack of appropriate firewall protection
 Network based
– Unprotected or unnecessarily open entry points
 Personnel based
– Temporary/Staff firings
– Disgruntled personnel
– Lack of training
 Facility based
– Servers in unprotected areas
– Inadequate physical security measures
Terrorist Groups
 Terrorists
 Attention must be paid to studying the terrorists:
– Ideology
– History
– Motivation
– Capabilities
 The Future of Terrorism
 Terrorism is carried out by disrupting activities, undermining
confidence, and creating fear.
 In the future, cyberterrorism may become a viable option to
traditional physical acts of violence due to:
– Anonymity
– Diverse targets
– Low risk of detection
– Low risk of personnel injury
– Low investment
– Operate from nearly any location
– Few resources are needed
Terrorist Use Information Technology
Planning
Member Recruitment
Research
Espionage
Propaganda Dissemination
 Terrorism
Hacktivism
Hacktivism is hacking with a cause and is
concerned with influencing opinions on a specific
issue.

Example: ELF hacks into the web page of a local

ski resort and defaces the web page. This is done
to reflect the groups objections to environmental
issues.
 Terrorism
Cyber Facilitated Terrorism
Cyber Facilitated Terrorism is terrorism using
cyber means as a tool for accomplishing the act.

Example: A terrorist sends an email message to

a Senator stating that 50 anonymous letters
have been sent to the office, each containing
large amounts of anthrax.
 Terrorism
Cyberterrorism
Cyberterrorism occurs when the destructive nature of the “act
itself” is carried out via computers or other cyber/electronic
means.

Example: Terrorists hack critical infrastructure system (such as

a telephone switch) causing a loss of communication for an
extended period of time.
 Cyberterrorism

 Cyberterrorism is a criminal act perpetrated by the

use of computers and telecommunications
capabilities, resulting in violence, destruction and/or
disruption of services to create fear by causing
confusion and uncertainty within a given population,
with the goal of influencing a government or
population to conform to a particular political, social,
or ideological agenda.
 Terrorism

 Terrorists are becoming more innovative.

 Monitoring their activities will require a well-
orchestrated mandate of close coordination among
civilian, intelligence, law enforcement, and military
organizations.
 Hacker Tool Availability
 Internet newsgroups, web home pages, and IRC channels
include
– Automated attack tools (Software Tools)
• Sniffers (capture password/log-on)
• Rootkits (mask intrusion)
• Network Analyzers (SATAN)
• Spoofing (smurfing)
• Trojan Horses
• Worms
– Attack methodologies
– System Vulnerabilities
What can be done to prevent an electronic
terrorist attack?
Effective use of intelligence gathered from all sources
Continued enhancement of resources
Public/Private interaction
Computer security and awareness training
Continuing education regarding terrorist trends and
methodologies
Perpetual readiness to defend against attacks
How can we deter and respond to terrorism?

U.S. Federal Law Enforcement agencies MUST work

closely with the Intelligence Community both domestic
and foreign, as well as state and local law enforcement
agencies and the private sector.
Intense post-incident investigation to determine source
– Identify motive and purpose of attack, understanding
that data collection will be extremely difficult.
 Worst Case

 Although physical threats remain the most likely means of attack

to our nation’s infrastructures, terrorists can now interrupt critical
infrastructures through cyber attacks via crucial automated
systems.
 However, a crippling attack on our nation’s information
infrastructure would not be easily carried out. It would entail a
great deal of preparation to include training, reconnaissance and
a reasonable amount of skill.
 Cyber Division Objectives
 ToConsolidate and Focus FBI Resources on
Counterterrorism,Counterintelligence , and
Criminal Investigative Goals in the Cyber Arena
– STATUS
• Developed an Organizational Structure to support the Objectives of the
Cyber Division
• Created the Cyber Crime Section to Investigate Traditional Criminal
Activity that has Migrated to the Internet
• Moved the Computer Intrusion Section from the National Infrastructure
Protection Branch to the Cyber Investigations Branch
• Developed the concept of a Cyber Action Team at FBIHQ to act as a
Fly-Away Squad
 Cyber Division Objectives (cont)

 To Improve Operational Capabilities by

Providing Cutting Edge Technology and Training
to FBI Employees and Partners
– STATUS
• Obtained Authority to create the Special Technologies
and Applications Section
• Developed the Cyber Intelligence Center as a Fusion
Point of all Cyber related Information Developed through
all FBI Investigative Efforts
• Created the Specialized Training Unit
 Cyber Division Objectives (cont)

 To
Cultivate a Threat-Predicated Intelligence
Base Focused on Preventive Efforts
– STATUS
• Accepted Responsibility to Conduct Tactical Analytical
Support of All Digital Evidence obtained through FBI
Investigative Efforts (the link between the Case Agent and
the CART Examiner)
• Cyber Intelligence Center
 Cyber Division
FBI Headquarters
Assistant Director

Department of Homeland
Special Assistant Security Transition

Cyber Investigations National Infrastructure

Branch Protection Center
Deputy Assistant Director

Operational Support Staff Computer Intrusion Section Outreach, Training and

Strategy Section

Outreach, Capability and

Development Section Cyber Crime Section Analysis and Warning Section

Special Technologies
And Applications Section
 Cyber Investigations Branch
D e p u ty A s s is ta n t
D ir e c to r
C y b e r In v e s tig a tio n s
B ra n ch

C y b e r C rim e C o m p u te r In tr u s io n S p e c ia l T e c h n o lo g ie s a n d O u t r e a c h , C a p a b i li t y a n d O p e r a tio n a l S u p p o rt
S e c tio n S e c tio n A p p lic a tio n s S e c tio n D e v e lo p m e n t S e c tio n S ta ff

C y b e r C r im e /In te lle c tu a l C r im in a l C o m p u te r In fr a s tr u c tu r e & S p e c ia liz e d T r a in in g

P r o p e r t y R i g h t s U n it I n t r u s i o n U n it E n g in e e r in g U n it U n it

In te rn e t F ra u d C o u n te r te r r o r is m S p e c ia l T e c h n o lo g ie s C y b e r T a s k F o rce
C o m p la in t C e n te r C o u n t e r i n g e lli g e n c e R e s e a rc h & S u p p o r t U n it
C o m p u te r In tr u s io n D e v e l o p m e n t U n it
U n it

In n o c e n t Im a g e s C y b e r A c tio n T e a m & T e c h n ic a l A n a l y s is P u b lic a n d P r iv a te

U n it C y b e r In te llig e n c e U n it A ll ia n c e U n it
C e n te r

In te rn e t F ra u d C y b e r O p e r a tio n s In te r n a tio n a l
U n it D e p lo y m e n t U n it In v e s tig a tio n s S u p p o rt
U n it
 Cyber Division
FBI Field Offices
 Three types of cyber squads (dependent on
staffing levels and other factors)
– “Computer Intrusion Squads”
– “ Cyber Crime Squads”
– Consolidated “Cyber Squads”
 Cyber Task Forces
 Atlanta  Miami
 Baltimore  Minneapolis - USSS
 Boston  New Haven
 Charlotte
 New York
 Pittsburgh
 Chicago
 Portland
 Columbia - USSS  San Antonio
 Dallas  San Diego
 Denver  San Francisco
 Kansas City  Seattle
 Las Vegas  Washington Field Office
 Los Angeles - USSS
 Cyber Division
Initiatives
 Cyber Task Forces
 Public/Private Alliances
 International Cyber Investigative Support
 Mobile Cyber Assistance Teams
 Cyber Action Teams
 Cyber Investigators Training
 Cyber Intelligence Center
 Cyber Tactical Analytical Case Support
 Cyber Division
Federal Bureau of Investigation
Room 5863
935 Pennsylvania Avenue, NW
Washington, DC 20535

Harold M. Hendershot
Chief
Computer Intrusion Section

hhendershot@fbi.gov
(202) 324-0301