UNITED STA TES SECERT SERVICE Secret Service Dual Mission Protection President Vice-President Former Presidents Candidates for POTUS Foreign Heads of State Others by appointment United States Secret Service Investigations Cyber Crimes Hacking Computer Internet Fraud Data Breaches Counterfeit Currency Treasury Obligations Financial Crimes Identity Crime Check Fraud Access Device Fraud Bank Fraud Mortgage Fraud Secret Service Resources • 142 Domestic Offices • 24 Foreign Offices • 3 500 Special Agents • 1 400 Uniformed Division Officers • 2 000 technical professional and support personnel United States Secret Service Secret Service Resources to Investigate Cyber Financial Crimes  Electronic Crimes Special Agent Program ECSAP  Electronic Crimes Task Forces ECTF - 31  Financial Crimes Task Forces FCTF - 38  Cell Phone Forensic Facility – Tulsa OK  National Computer Forensic Institute NCFI – Hoover AL  Computer Emergency Response Team CERT  DOJ CCIPS Computer Crimes and Intellectual Property Section United States Secret Service Secret Service Tulsa Initiative • Partnership with the University of Tulsa Digital Forensic Center of Information Security • Expands the forensic capabilities of law enforcement regarding cellular telephones smart phones and other mobile computing devices • Tulsa supplies interns who specialize in information technology digital forensics United States Secret Service National Computer Forensic Institute Hoover Alabama The mission of the National Computer Forensic Institute NCFI is to provide state and local law enforcement prosecutors and judicial officials a national standard of training in electronic crimes investigations network intrusion response computer forensics and high tech crime prosecution United States Secret Service Computer Emergency Response Team CERT  Advanced forensic facility in Pittsburgh PA  Carnegie-Mellon University Collaborative Innovation Center  Provide investigative support to field offices  conduct basic and applied research  coordinate training opportunities between CERT and the Secret Service  Access to over 150 scientists researchers and technical experts in the field of computer security United States Secret Service Foster Partnerships and Combine Resources 31 Electronic Crimes Task Forces The U S Secret Service Electronic Crimes Task Forces are a strategic alliance of law enforcement academia and the private sector dedicated to confronting and suppressing technology-based criminal activity Dept of Homeland Security U S Secret Service Electronic Crimes Task Forces Not listed United States Secret Service London England Rome Italy Electronic Crimes Task Force Initiative A Different Law Enforcement Model for the Information Age United States Secret Service U FOUO Providing Appropriate Tools Required to Intercept and Obstruct Terrorism USA PATRIOT ACT OF 2001 HR–3162 107th Congress First Session October 26 2001 Public Law 107-56 Sec 105 Expansion of National Electronic Crime Task Force Initiative The Director of the United States Secret Service shall take appropriate actions to develop a national network of electronic crime task forces based on the New York Electronic Crimes Task Force model throughout the United States for the purpose of preventing detecting and investigating various forms of electronic crimes including potential terrorist attacks against critical infrastructure and financial payment systems Transportation Government Services Public Health Water Defense Industrial Base Chemical Industry Banking and United States Finance Secret Service Energy Critical Infrastructures Emergency Services Agriculture Telecommunications Food Postal Shipping Goals of an Electronic Crimes Task Force  Establish a strategic alliance of federal state and local law enforcement agencies private sector technical experts prosecutors academic institutions and private industry  To confront and suppress technology-based criminal activity that endangers the integrity of our nation’s financial payments systems and poses threats against our nation’s critical infrastructure United States Secret Service Electronic Crimes Task Force Three principles of a successful Electronic Crime Task Force  Prevention Response Resiliency  Trusted Partnerships  Criminal Investigations United States Secret Service Prevention  The guiding principle of the Electronic Crime Task Force’s approach to both our protective and investigative missions is our “focus on prevention”  “Harden the target” through preparation education training and information sharing  Proper development of business policies and procedures before the incident United States Secret Service Response Resiliency  Strong documentation and reporting practices starting at the beginning of the incident  Internal computer forensics and log analysis  Technical briefings for law enforcement during the entire course of the investigation  Contingency planning to bring operations back on line United States Secret Service Trusted Partnerships  Ongoing Task Force liaison with the business community  Business community provides technical expertise and assistance to law enforcement in the rapidly changing technology world  Development of business continuity plan risk management assessment and return on investment  Task Force provides “real time” information on issues whenever possible  Table Top exercises with private industry and government United States Secret Service Criminal Investigations  Liaison and instructions to victims  Early law enforcement involvement is critical  “Solve the problem”  Follow up and ongoing dialogue with the victim United States Secret Service “Cyber Intelligence Section” U S Department of Homeland Security United States Secret Service Dept of Homeland Security U S Secret Service USSS-Cyber Intelligence Section CIS Analysis Exploitation Unit Cyber Threat Unit Investigations Group Belgium Latvia United States Secret Service Transnational Groups Ukraine UK Operations Group Netherlands Lithuania Cyber Threat Unit Investigative Group – responsible for investigating large scale data breaches or other major cyber related cases Operations Group – responsible for conducting proactive undercover investigations against major cyber criminals and organized groups Transnational Group – Temporary Duty Assignments around the world to liaison and actively work with foreign law enforcement entities Dept of Homeland Security U S Secret Service Cyber Intelligence Section  Databases of over 15 years worth of cyber evidence  Seized media  E-mail search warrants  Images of criminal forums sites  Data from when experienced criminals were new  Combination of agents and analysts  Liaison with cyber components of domestic and foreign agencies  US law enforcement and intelligence  Foreign law enforcement  Private sector research Dept of Homeland Security U S Secret Service United States Secret Service Questions Brian Busony Assistant to the Special Agent in Charge San Francisco Field Office Electronic Crimes Task Force 415 273-8504 Brian Busony@usss dhs gov United States Secret Service U FOUO Data Breach Study US Secret Service and Verizon Business  Publication based on real case statistics  Law Enforcement Perspective  Incident Response Perspective  Goal  Make business decisions based on real data  Focus resources on true threat 24 Summary WHEI I5 BEHIND DATA 9 3% stemmed agents WHAT Ell-'1 MDHALITIES Ell 4% F g cuflrictirns 1 by tlu siness partners an 9 6% cut atta were at high difficult all data mama a 94 at all data aaraara l l avail 85% cut breach es rru lre HEIW DD EHEAEHES 92% cut incidents were disc-altered by a third party util'Eed sclme farm at Es cut tlreach as were sirrlp e 695a inmrp rated mm are 'Lhte nTlediate Is 156 9 6% cut victims subject D55 had achieved 1 5'3 physical attacks l'El'ia sclcial tactics II-al'i'aE-J 5% resulted privilege misuse ESE-J U FOUO 2012 Data Breach Investigations Report • Law Enforcement Participation • • • • • USSS Dutch National High Tech Crime Unit NHTCU Australian Federal Police AFP Irish Reporting Information Security Service IRISSCERT London Metropolitan Police Central e-Crime Unit PCeU • Over 855 new breaches since the last report - Total for all years 2500 • Just under 174 million records compromised - Total for all years 2008 -2012 1 08 Billion Demographics Flgu re 3 Industry greups represented by percent ef breaches Acc aticnn and Feed Se reices FietailTra de Finance and Insurance Health Care and Secial Assistance Information 3th er Figure 5 Industry greups represented by percent df breaches LARGER DRGS Financ and Ins rance atie F-letail Trad Manufacturing Public minist ratie Tra sp prtatipn a nd Wa re I'Icnu si ng Either External Agents Flgure of external agents by percent efbreachea withln External sxn 1-55 satay 3% 15 merit arth RENE Eurape-West 495 '1 it Table at external agegte by percent afbreaehea External and percentof rerords 395' All rga Larger lDrga I 19E- Urganlzecl 8393 35% 33915 36% 495' tax 1x 31% tee 15-5155 thl'r I196 perenn a 4% 9 3 10% '95 Sautheast 4915- 2'36 5393 219-6 2915- Ul'l'lEF I 3% 1913 '93 593 '95 Asia-E ast Africa 1'36 0% 2% ex Larger Orga- Internal Agents Tattle E Types eflnternal agents by percent at breaches Internal 2 ash e r u Telle rfWa ter an agerff Regular ernpleyeefend-us er Flnancef t staff Ely-ate mg etwe he 1 te Ea l'-'1ana gernent Inte rnal system arslte Unltnewn 559E We lwpetl'iesiae that many insider tzr'irnes gs Llrireperted because the 1r they decide fer pelitical reasens te handle it internally U FOUO 2013 Data Breach Investigative Report  Due out this spring  Significant increase of data contributors  Contains analysis of over 45 000 reported security incidents and 600 confirmed data breaches U FOUO 2013 Data Breach Investigative Report Contributors  US Secret Service  G-C Partners LLC  Australian Federal Police AFP  Guardia Civil Civil Guard of Spain  CERT Insider Threat Center at Carnegie Mellon University  Industrial Control Systems Cyber Emergency Response Team ICSCERT  Consortium for Cybersecurity Action  Danish Ministry of Defence Center for Cybersecurity  Danish National Police National IT Investigation Section NITES  Deloitte  Dutch Police National High Tech Crime Unit NHTCU  Electricity Sector Information Sharing and Analysis Center ES-ISAC  European Cyber Crime Center EC3  Irish Reporting and Information Security Service IRISS-CERT  Malaysia Computer Emergency Response Team MyCERT CyberSecurity Malaysia  National Cybersecurity and Integration Center NCCIC  ThreatSim  US Computer Emergency Readiness Team US-CERT