MARYLAND ELECTRONIC CRIMES TASK FORCE A Look at Fraud, - PowerPoint PPT Presentation

MARYLAND ELECTRONIC CRIMES TASK FORCE A Look at Fraud, Counterfeiting, and Cyber Crimes

United States Secret Service History Legislation passed on April 14, 1865 to create Secret Service to suppress • counterfeiting (was formed under the Department of Treasury) 1901 President William McKinley assassinated, Congress asks Secret Service to • begin protecting POTUS. 1902 formal protection began at White House • 1908 Attorney General Bonaparte created the FBI from 10 Secret Service agents • • 1951 Protection for President’s family and Vice-President 1965 Protection of Former Presidents • 1971 Protection for Heads of State of foreign countries visiting United States • 1984 Laws expanded allowing Secret Service to investigative more types of • financial fraud • 2000 National Security Special Events 2001 Patriot Act – Cyber Investigations born • 2002 removed from Treasury Department, placed under DHS •

United States Secret Service Dual Mission Investigation • Financial Crimes Identity Crimes • • Check Fraud Access Device Fraud • Bank Fraud • • Mortgage Fraud • Counterfeit Currency • Treasury Obligations • Electronic/Cyber Crimes • • Telecommunications Network Intrusions • Child Pornography •

Latest Threats in Financial Crimes Identity Theft & Access Device Fraud How Bank Account Numbers Are Obtained Consumer Level: • Card skimming • • Wireless skimming Gas pump skimming • ATM skimming • Phishing • • Industry Level: Network Intrusions / Data Breaches • Collusive employees • Malware, Trojans, Worms •

Point-of-Sale Breach / Network Intrusion • Infiltration (malware/keyloggers/sniffers) • Aggregation • Exfiltration (email accounts/servers) Data Flow

What Do The Criminals Do Next? • Carding portals • Transactional Site (People Doing Business) • Stolen Credit Card Data • Stolen Databases of Personal Data • Knowledge Sharing Technical vulnerabilities • Sensitive info. on how the financial system works • How to defeat security and anti-fraud measures • • Criminal Infrastructure • Hacking services / custom malware development Phishing services • • Specialized equipment (card writers, embossers, blank credit cards, holograms, etc.

Carding Forums

Counterfeit Card Lab

Latest Threats in Electronic and Cyber Crimes • Examples of Internet-Related Investigations • Use of web browser to view websites and/or download files • Use of webmail or email client software, including newsgroup readers • Online communication via IM, IRC and other chat applications • Peer-to-Peer file sharing • Social networking websites • YouTube and other online multimedia • Online auctions, gambling, pharmacies, stores, classifieds, etc. • Website defacement, hacking, compromised systems, botnets, etc. • Spam, phishing, identity theft and other online scams

Social Networks History 2007 2012

Social Networks History Today

Positive Aspects to Social Media • Personal • Instantaneous constant contact with “friends” • Saves money and time by avoiding invitations by mail • Business Eases logistical delays • Saves money by offering free online live communications • including video

Vulnerabilities of Social Media • Business colleagues may view your profile and see the real you, good or bad • Your data is only as secure as your friends and their friends, and their friends, etc. • If a friends computer was infected and you open an attachment which contains malware, you may be affected by trusting their emails

Anything and Everything is Exploitable on your computer • Finances • Pictures of your computer • Personal letters/correspondence • Personal & Business address book • Vacation logistics, etc.

Social Engineering • The act of manipulating people into performing actions or divulging confidential information for the purpose of information gathering, fraud, or computer system access; in most cases the attacker never comes face-to-face with the victim 85% of phishing attacks in the US • were directed towards social networking sites – Microsoft • Social networking sites are a treasure trove of personal data

Types of Social Engineering • The following are the few skills to exploit users to get access to your system: • Impersonating staff • Playing on users’ sympathy • Intimidation tactics • Hoaxing • Creating confusion • Dumpster diving • Reverse social engineering • Mail

Statistics • 172% increase in the reported number of ransomware incidents for the first half of 2016. • $209 million worth of ransomware related monetary losses for the first three months of 2016 • 71% of ransomware delivered via spam; 18% via exploit kits

Business E-mail Compromise Over 22,000 enterprises across the globe became victims of BEC during the first half of 2016 costing victims over $3 billion. The most targeted position in BEC scams are company CFO’s The most spoofed position in BEC related emails come from supposed CEO’s

Protective Measures Against Cyber Crimes • Migrate to a modern operating system • Establish a secure baseline with a fresh operating system installation • Smart password management (8 or more characters using capitalization, numbers, special characters); have different passwords for different accts. • Utilize the security protocols provided by the site • Stick with who you know • Limit the amount of personal information you post • Be skeptical • Use and maintain anti-virus software

Protective Measures Against Cyber Crimes • Before submitting personal data, ensure that it is encrypted • Read the domain name carefully • Take advantage of your web browser’s ability to identify malicious sites • Take advantage of private browsing • Cookies and internet history will be automatically deleted

Network Recommendations • Minimize use of public networks • Use cellular network • If forced to use wireless access point, avoid using credentials or personal information • Implement WPA2 on wireless networks at home • Do not use WEP, it is not secure • Make your password long and change it frequently, every 90 days is recommended • Use a separate personally owned routing device that connects to the ISP provided router/cable modem • Disable SSID broadcast • Reduce the dynamic IP address pool or configure static IP addresses

Special Agent Michael Dickson United States Secret Service Baltimore Field Office 443-263-1130 Duty Desk U.S. Department of Homeland Security United States Secret Service

Questions?