1 / 44

Computer Crime on the Rise

Computer Crime on the Rise. FBI-San Francisco Computer Intrusion Squad. Computer Security Institute (CSI) Survey FBI Computer Squads How to Prepare for an Attack What to do when You’re a Victim. Overview. CSI and FBI. Computer Security Survey.

forrester
Download Presentation

Computer Crime on the Rise

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Computer Crime on the Rise FBI-San Francisco Computer Intrusion Squad

  2. Computer Security Institute (CSI) Survey FBI Computer Squads How to Prepare for an Attack What to do when You’re a Victim Overview

  3. CSI and FBI Computer Security Survey

  4. Unauthorized use of computer systems within the last 12 months? YES NO DON’T KNOW CSI/FBI 2000 Computer Crime and Security Survey Source: Computer Security Institute

  5. Types of attack or misuse detected within the last 12 months CSI/FBI 2000 Computer Crime and Security Survey Source: Computer Security Institute

  6. Likely sources of attack CSI/FBI 2000 Computer Crime and Security Survey Source: Computer Security Institute

  7. Internet connection is increasingly used as point of attack INTERNAL SYSTEMS REMOTE DIAL-IN INTERNET CSI/FBI 2000 Computer Crime and Security Survey Source: Computer Security Institute

  8. Dollar amount of losses by type CSI/FBI 2000 Computer Crime and Security Survey Source: Computer Security Institute

  9. WWW site incidents:What type of unauthorized access or misuse? CSI/FBI 2000 Computer Crime and Security Survey Source: Computer Security Institute

  10. If your organization has experienced computer intrusion(s) within the last 12 months, which of the following actions did you take? CSI/FBI 2000 Computer Crime and Security Survey Source: Computer Security Institute

  11. The reasons organizations did not report intrusions to law enforcement CSI/FBI 2000 Computer Crime and Security Survey Source: Computer Security Institute

  12. Would your organization consider hiring reformed hackers as consultants? CSI/FBI 2000 Computer Crime and Security Survey Source: Computer Security Institute

  13. The FBI and Computer Intrusion Investigation

  14. Regional Computer Squads • 14 Regional Squads • Supervisor • Investigators • Analysts • Computer Analysis Response Team (CART) • Investigation • Liaison

  15. National Infrastructure Protection CenterNIPC

  16. Approximately 215 Special Agents Today Target 275 SAs FY00 plus Computer Scientists Seattle Boston Chicago New York San Francisco Newark WFO Charlotte Los Angeles Dallas Atlanta San Diego NewOrleans Miami

  17. FBI Program • Specially trained agents in all 56 FBI Divisions • Growing program • Ongoing training • Technical recruiting • Computer Forensic Examiners • FBI Laboratory • Field Agents (CART)

  18. How to Prepare for an Attack

  19. Preparation • Post Warning Banners: • Every system should display banner • Display at every log in • System is property of your organization • System is subject to monitoring • No expectation of privacy while using system • Management and Legal Counsel should approve • DO NOT reveal system purpose/OS/etc.

  20. DoD Banner • “This is a Department of Defense (DoD) computer system. DoD computer systems are provided for the processing of Official US Government information only. All data contained on DoD computer systems is owned by the Department of Defense and may be monitored, intercepted, recorded, read, copied, or captured in any manner and disclosed in any manner, by authorized personnel.”

  21. DoD Banner • “THERE IS NO RIGHT OF PRIACY IN THIS SYSTEM. System personnel may give to law enforcement officials any potential evidence of crime found on DoD computer systems. USE OF THIS SYSTEM BY ANY USER, AUTHORIZED OR UNAUTHORIZED, CONSTITUTES CONSENT TO THIS MONITORING, INTERCEPTION, RECORDING, READING, COPYING or CAPTURING and DISCLOSURE.”

  22. Preparation • Be Proactive to Prevent Incidents • Establish Security Policy • Monitor and Analyze Network Traffic • Assess Vulnerabilities (System Scans) • Configure Systems Wisely • Limit Services (FTP/telnet) • Patches • Establish Training for Employees

  23. Preparation • Establish Policy on Employee Privacy • E-mail: Owned by Corp. or Employee • Data Files • Encryption okay? • Keys • Disgruntled Employees

  24. Preparation • Establish Organizational Approach to Intrusions (2 ways) • Contain, Clean and Deny Further Access • STOP Intruder • Remove from Network • Repair System • IP Filtering, Firewalls, etc. • Monitor and Gather Information • Intruder in a Fishbowl

  25. Preparation • Policy for Peer Notification • DDOS • Network Attacks • Remote Computing • Telecommuters • Laptop Privacy (temps, contractors too) • Acceptable Use Policy (Sign Yearly) • Revoke Access when no longer required • Log Remote Access (Radius/Caller ID/Remote Callback)

  26. Preparation • Develop Management Support • Develop a Team • Assign Specific Duties • Call - out duty and phone list • Legal Counsel • PR/Law Enforcement Liaison • Assign a Person to be Responsible for Incident

  27. System Preparation • System Backups • Original O/S • Log Files • Admin Files/Applications • Data • Don’t re-introduce problem

  28. System Preparation • Install and Configure • Intrusion Detection System • Firewall • Auditing/Logging • Monitor • Industry information • Intrusion/hacker techniques

  29. The Security Investment • Recruit and hire security capable staff • “Reformed” Hackers? • Keep current on system vulnerabilities • Ensure networked systems are maintained and patched • Train administrators and users of systems in security and protection measures

  30. Preparation • Have a plan in place PRIOR to an attack • You WILL be attacked!

  31. I’ve Been Hacked!orWhat to do when you’re a Victim

  32. What the FBI can do • Combine technical skills and investigative experience • National and Global coverage (LEGATS) • Apply more traditional investigative techniques • Long-term commitment of resources • Integration of law enforcement and national security concerns • Pattern analysis - BIG PICTURE • Can provide deterrent effect . . . even if hacker not prosecuted

  33. What the FBI won’t do: • Take over your systems • Repair your systems • Share proprietary information with competitors • Provide investigation-related information to the media or your shareholders

  34. When You’re a Victim • Stop and Think -- REMAIN CALM • Take detailed notes (who, what, why, where, when, and how) • Notify appropriate persons • Supervisor • Security Coordinator • Legal Counsel • Enforce a Need to Know Policy

  35. When You’re a Victim • Communicate Wisely • email/chat -- intruder may be listening • Use telephone/voicemail/fax/etc. • If email, use encryption • Remove system from Network • Disable Internet Access

  36. When You’re a Victim • Make a Bit by Bit copy of system • Use NEW media & VERIFY the backup!! • Initial and date backup…time stamp • Secure in a locked, limited access location • Maintain Chain of Custody • Collect other evidence in the same manner • Always preserve originals!

  37. When You’re a Victim • Best Evidence Rule • Original Drives • Bit by Bit Copy (dd) • Copy of relevant files

  38. When You’re a Victim • Begin analysis to determine what happened • Work from copy if possible • Review system, firewall, router logs • Look for “Trojaned” system files • Look for new, suspicious users • Contact ISP for logs and possible filtering • Consider contacting attacking host sys admin

  39. When You’re a Victim • Start to determine cost of attack • Recovery costs • Lost business • Legal expenses • Salaries • Technical and Security Contractors • Maintain incident log and chronology

  40. When You’re a Victim • Know When to Contact Law Enforcement • Intrusions, theft, espionage, child pornography, hate crimes, threats, and fraud • Dollar losses due to intrusions exceed $5K • Law Enforcement Difficulties • keystroke monitoring • legal restrictions (victim as agent)

  41. Networking • Establish relationships within industry • Participate in computer security forums • All industries have common cyber-link • SANS, CSI, others provide useful security programs, plans

  42. Infragard • Cooperative effort between government and industry • Local chapters meet regularly • Secure web site for sharing information • Security bulletins e-mailed to members

  43. Final Thoughts • Any computer system is vulnerable • Internet • Local user • Private and Public sector need to work together

  44. Contact Us FBI - San Francisco Computer Intrusion Squad 22320 Foothill Blvd., Suite 530 Hayward, CA 94541-2700 (510) 886-7447 (415) 553-7400 [24 hrs.] nccs-sf@fbi.gov

More Related