FBI Albany



Protect the United States from terrorist
attack
Protect the United States against foreign
intelligence operations and espionage
Protect the United States against cyberbased attacks and high-technology crimes




New York State Police
Multi-State ISAC
NY State Office of Cyber Security
NY State Department of Homeland Security


The “old school” hacker
Characteristics
 Notoriety
 Break technological barriers
 Unorganized
 Not typically motivated by money


The “neo” hacker
Characteristics
 Professionals
 Organized
 Eastern Europe and Asia
GOAL – Money

Common Scams




Lottery
Over payment for products
“I’m stranded overseas, send cash”
Trolling large call centers

Phishing
 Same look and feel as a website or e-mail you may
be accustomed to seeing
 Attempt to gain usernames, passwords, CC
information, etc

Example of Phishing
(website)
http://citibusinessonline.da.us.citibank.com.citionline.ru

Example of Phishing
(e-mail)

Orphaned / Counterfeit Hardware
 USB flash drives containing malware
 DVD/CD containing malware
▪ Utilizing AutoPlay
 “Free” Computers
 Bargain priced equipment which has been altered
▪ Routers
▪ Desktop/Laptop systems




Also referred to as Viruses, Trojans, Spyware
Key Logging
Remote access
Screen capturing processes

Most common malware
 SpyEye
 Zeus (aka Zbot)
 Qakbot
All have ability to log keystrokes and provide
remote access to malicious actors. Qakbot can
propagate itself across a local network.

Sources of Malware
 Phishing e-mails
 Phishing websites
 Children’s games
 Hacking, torrent, piracy websites
 Pornographic websites
Intrusive advertising for fraudulent Anti-Virus and
Anti-Malware products
 Usually prompts for payment and/or personal
information
 Almost always a sign of an “infected” system
 Persistent even after closing web browser

Victims involved two academic institutions and one sole
proprietorship.
 Losses ranged from $70,000 to $500,000 – and in every case
the losses were never recovered.
 All involved malware on a windows system, with at least one
instance involving Zeus and another involving Qakbot.
 All matters involved actors overseas, and in one case, the
investigation contributed to the arrest of bad actors residing
in these countries.
 In each case, employees were doing something they were
not supposed to be doing, or did not have sufficient realtime malware protection in place.


You may acquire malware just by viewing a website or
opening an e-mail (without even opening attachment)

There is no patch available for the vulnerability

Times Union website, advertising images

FACEBOOK, LINKEDIN, MYSPACE, TWITTER, ETC

May supply potential crooks with personal information used
to exploit or extort

Very few laws to protect personal content

Limit access to personal information and photographs

Local School
 Student created 120 duplicate facebook accounts of other students
 Created an intricate network of pictures, updates, statuses, chats
 Most profiles were not well protected, or were completely public
 Damaging to students reputations, fear to parents

Local businessman
 Extorted by actors overseas, based on information provided on social
network sites
 Involved co-workers and family in order to become more convincing
Prevention
Internet

Golden Rule:
“if it sounds too good to be true…”

Monitor your children’s activities on the
computer

Try to keep one system “pure” for online
banking, and personal business – have
another for recreational activities
Update your Malware/Virus definitions on your
network
 Educate end users on Social Networking tactics and
other common exploits
 Wireless security – Avoid open networks and WEP
encryption
 Physical security – Protect physical resources and
information


Never trust a “free” public wi-fi network
 Consider a 3G/4G wi-fi solution for true protected
access

Never access your financial institution from a
public computer at a hotel, library or public
wireless access point

Standalone system
 Not attached to local network
 Used for one purpose ONLY
 Possibly non-standard Operating System

Bootable / Flash drive browsers and Operating Systems
 Contained on a CD/DVD or flash drive
 Impervious to most malware

Web traffic monitoring/blocking
 Block keywords (Websense)
 Filter traffic and e-mail attachments (based on type, size, hash)







Shred your documents
Don’t leave your trash out
Don’t leave your mail out, or consider a PO
Box
Opt for electronic statements
Get regular credit reports, check statements
Watch for skimming devices at the pump and
ATM machine
Talk to your bank about EFT transactions

Microsoft Windows
 88% desktop market share
 Primary target for hackers; most “bang for the buck”
 Although vulnerable, very robust security features

Mac OS X
 7% desktop market share
 Less secure overall than windows
 May appear more secure due to low market share

Linux

1% desktop market share
 Secure, but may not practical for mainstream users

Mobile Devices (iPhone, Android, etc)

Not ideal for hackers due to small population of devices
 iPhone 2%, Android .64%



Partnership between the FBI, National White
Collar Crime Center, and Bureau of Justice
Assistance
Receive, Develop, Refer complaints for
internet related crimes
Tips, current schemes

Partnership between the FBI and the private
sector
Businesses, Academic Institutions,
State/Local Authorities, Critical
Infrastructure, and other participants

www.infragardalbany.com
