Top Banner
Cyber Crimes Cyber Crimes Presented by Presented by Heidi Estrada Heidi Estrada Special Agent Special Agent Federal Bureau of Investigation Federal Bureau of Investigation Austin Resident Agency Austin Resident Agency San Antonio Division San Antonio Division
37

Cyber Crimes Presented by Heidi Estrada Special Agent Federal Bureau of Investigation Austin Resident Agency San Antonio Division.

Mar 26, 2015

Download

Documents

Ashley Graham
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Page 1: Cyber Crimes Presented by Heidi Estrada Special Agent Federal Bureau of Investigation Austin Resident Agency San Antonio Division.

Cyber CrimesCyber Crimes

Presented byPresented by

Heidi EstradaHeidi EstradaSpecial AgentSpecial Agent

Federal Bureau of InvestigationFederal Bureau of Investigation

Austin Resident AgencyAustin Resident AgencySan Antonio DivisionSan Antonio Division

Page 2: Cyber Crimes Presented by Heidi Estrada Special Agent Federal Bureau of Investigation Austin Resident Agency San Antonio Division.

IntroductionIntroduction

RCFL (Regional Computer Forensic RCFL (Regional Computer Forensic

Lab)Lab)

The FBI’s Cyber Investigations The FBI’s Cyber Investigations

New Legislation: Cyber StalkingNew Legislation: Cyber Stalking

Page 3: Cyber Crimes Presented by Heidi Estrada Special Agent Federal Bureau of Investigation Austin Resident Agency San Antonio Division.

Regional Computer Regional Computer Forensic Labs (RCFL)Forensic Labs (RCFL)

One-stop, full service forensics laboratoryOne-stop, full service forensics laboratory Training center - to train all LEO Training center - to train all LEO Devoted to the examination of digital evidence in Devoted to the examination of digital evidence in

support of criminal investigationssupport of criminal investigations

www.rcfl.gov

Page 4: Cyber Crimes Presented by Heidi Estrada Special Agent Federal Bureau of Investigation Austin Resident Agency San Antonio Division.

Texas HB 2703Texas HB 2703

Law signed June 2003Law signed June 2003 Physical evidence not admissible unless Physical evidence not admissible unless

lab or other entity accreditedlab or other entity accredited If not accredited, need to retain sample If not accredited, need to retain sample

of physical evidenceof physical evidence After Sept. 2005 labs required to be After Sept. 2005 labs required to be

accreditedaccredited

Page 5: Cyber Crimes Presented by Heidi Estrada Special Agent Federal Bureau of Investigation Austin Resident Agency San Antonio Division.

The RCFL & YouThe RCFL & You LEO and Private Entity personnel can submit LEO and Private Entity personnel can submit

electronic evidence to the RCFL to be electronic evidence to the RCFL to be examinedexamined

OrOr

A law enforcement agency can join the RCFL:A law enforcement agency can join the RCFL: Send an officer to become a computer forensic Send an officer to become a computer forensic

examinerexaminer RCFL pays for training, equipment, space for that RCFL pays for training, equipment, space for that

examinerexaminer

Page 6: Cyber Crimes Presented by Heidi Estrada Special Agent Federal Bureau of Investigation Austin Resident Agency San Antonio Division.

TrainingTraining

Provided to any law enforcement Provided to any law enforcement personnel free of chargepersonnel free of charge

Use the RCFL classroomsUse the RCFL classrooms For class schedule, descriptions and For class schedule, descriptions and

registration: registration: www.ghrcfl.orgwww.ghrcfl.org Sign up onlineSign up online Forensic classesForensic classes Bag & Tag class / Image Scan class Bag & Tag class / Image Scan class

Page 7: Cyber Crimes Presented by Heidi Estrada Special Agent Federal Bureau of Investigation Austin Resident Agency San Antonio Division.

RCFLs support:RCFLs support:

TerrorismTerrorism HomicideHomicide National SecurityNational Security Violent CrimesViolent Crimes Child PornographyChild Pornography Theft or destruction of Intellectual Theft or destruction of Intellectual

PropertyProperty FraudFraud

Page 8: Cyber Crimes Presented by Heidi Estrada Special Agent Federal Bureau of Investigation Austin Resident Agency San Antonio Division.

RCFL ServicesRCFL Services

LaboratoryLaboratory - examination of digital evidence - examination of digital evidence TechnicalTechnical - advice on preparing search - advice on preparing search

warrants (digital), seizure of digital evidence, warrants (digital), seizure of digital evidence, techniques for handling digital evidencetechniques for handling digital evidence

TrainingTraining - Free technical training for both - Free technical training for both forensic examiners and non-forensic LEO forensic examiners and non-forensic LEO personnel (investigators)personnel (investigators)

On-SiteOn-Site - RCFL examiners can deploy to - RCFL examiners can deploy to locations to execute search warrants on sitelocations to execute search warrants on site

Page 9: Cyber Crimes Presented by Heidi Estrada Special Agent Federal Bureau of Investigation Austin Resident Agency San Antonio Division.

To Submit Evidence To Submit Evidence to the RCFLto the RCFL

Submit only digital evidenceSubmit only digital evidence Computers, hard drives, CDs, floppies, USB drives, Computers, hard drives, CDs, floppies, USB drives,

cameras, telephonescameras, telephones Separate these items from other evidence (paper Separate these items from other evidence (paper

documents, objects) - store in your own property roomdocuments, objects) - store in your own property room Search warrant or signed consent to search form Search warrant or signed consent to search form

must be with the evidencemust be with the evidence RCFL examiner can also go to a location and RCFL examiner can also go to a location and

make a forensic/digital copy on site (so you do make a forensic/digital copy on site (so you do not have to take the owner’s computer)not have to take the owner’s computer)

Page 10: Cyber Crimes Presented by Heidi Estrada Special Agent Federal Bureau of Investigation Austin Resident Agency San Antonio Division.

FY05: What the RCFLs Did FY05: What the RCFLs Did For UsFor Us

ServicesServices - Provided digital data - Provided digital data processing for state, local and processing for state, local and federal government agenciesfederal government agencies

Program GrowthProgram Growth - Total RCFLs grew - Total RCFLs grew to 9. Available to more than 3500 law to 9. Available to more than 3500 law enforcement agencies in 11 statesenforcement agencies in 11 states

National RecognitionNational Recognition - Harvard - Harvard University’s 2005 Innovations in University’s 2005 Innovations in American GovernmentAmerican Government

Page 11: Cyber Crimes Presented by Heidi Estrada Special Agent Federal Bureau of Investigation Austin Resident Agency San Antonio Division.

FY05: What the RCFLs Did FY05: What the RCFLs Did For UsFor Us

Training - Training - Digital Forensic tools & techniquesDigital Forensic tools & techniques Investigator tools & techniquesInvestigator tools & techniques

Support to Major InvestigationsSupport to Major Investigations Increased Number of Participating Increased Number of Participating

AgenciesAgencies 90 total participating agencies90 total participating agencies

13 state agencies13 state agencies 54 local agencies54 local agencies 23 non-FBI federal agencies23 non-FBI federal agencies

Page 12: Cyber Crimes Presented by Heidi Estrada Special Agent Federal Bureau of Investigation Austin Resident Agency San Antonio Division.

Types of Evidence Types of Evidence ExaminedExamined

Cell Phone Forensic ExamsCell Phone Forensic Exams Audio/Video Forensic ExamsAudio/Video Forensic Exams Computer Exams (Windows, Unix, Computer Exams (Windows, Unix,

Mac)Mac) Digital Media Exams (USB drives, Digital Media Exams (USB drives,

flash memory, CDs, DVDs, etc…)flash memory, CDs, DVDs, etc…) Digital Camera ExamsDigital Camera Exams

Page 13: Cyber Crimes Presented by Heidi Estrada Special Agent Federal Bureau of Investigation Austin Resident Agency San Antonio Division.

Associate Examiner Associate Examiner InitiativeInitiative

Created by San Diego RCFLCreated by San Diego RCFL Allows non-FBI RCFL Forensic Allows non-FBI RCFL Forensic

Examiners to finish their tenure at an Examiners to finish their tenure at an RCFL, then return to their parent RCFL, then return to their parent agency and maintain their agency and maintain their certification and skillscertification and skills

Being implemented nationwide Being implemented nationwide during FY06during FY06

Page 14: Cyber Crimes Presented by Heidi Estrada Special Agent Federal Bureau of Investigation Austin Resident Agency San Antonio Division.

Case Agent Investigative Case Agent Investigative Review Training (CAIR)Review Training (CAIR)

Purpose:Purpose: for investigators to use the FBI’s for investigators to use the FBI’s Review Net system to review forensic Review Net system to review forensic exam resultsexam results

Review Net:Review Net: a tool which allows a tool which allows investigators to review the forensic results investigators to review the forensic results of an exam via the FBI’s Intranetof an exam via the FBI’s Intranet

CAIR:CAIR: one-day training course, hands-on, one-day training course, hands-on, comes with a “refresher CD” so students comes with a “refresher CD” so students can refer to it after the course is finishedcan refer to it after the course is finished

Page 15: Cyber Crimes Presented by Heidi Estrada Special Agent Federal Bureau of Investigation Austin Resident Agency San Antonio Division.

How an RCFL WorksHow an RCFL Works FBI provides:FBI provides:

Funding, training, laboratory facilityFunding, training, laboratory facility RCFL Director: RCFL Director:

Manages the day-to-day operations. The Manages the day-to-day operations. The Director is a management level individual from Director is a management level individual from an RCFL member agency (state, local, federal). an RCFL member agency (state, local, federal).

Member supervision:Member supervision: Remains with the officers’ or agents’ “home Remains with the officers’ or agents’ “home

agency” for non-RCFL mattersagency” for non-RCFL matters Laboratory procedures outlined by the RCFL Laboratory procedures outlined by the RCFL

Program Office, FBIHQ, Laboratory DivisionProgram Office, FBIHQ, Laboratory Division

Page 16: Cyber Crimes Presented by Heidi Estrada Special Agent Federal Bureau of Investigation Austin Resident Agency San Antonio Division.

On The HorizonOn The Horizon

Expanding the RCFL program: service area Expanding the RCFL program: service area growing from 11 to 16 states during FY06 growing from 11 to 16 states during FY06 (with a total of 11 RCFLs)(with a total of 11 RCFLs)

Implementing Review Net: Implementing Review Net: Currently, only people with access to the FBI’s Currently, only people with access to the FBI’s

Intranet can access Review Net. Intranet can access Review Net. Soon, RCFL participating members from non-Soon, RCFL participating members from non-

FBI agencies will also access it within an RCFL.FBI agencies will also access it within an RCFL. Eventually, participating members from non-Eventually, participating members from non-

FBI agencies will access it from their own office FBI agencies will access it from their own office spacespace

Page 17: Cyber Crimes Presented by Heidi Estrada Special Agent Federal Bureau of Investigation Austin Resident Agency San Antonio Division.

On The HorizonOn The Horizon

ASCLD/LAB AccreditationASCLD/LAB Accreditation - At least - At least four RCFL’s are expected to submit four RCFL’s are expected to submit their accreditation applications their accreditation applications during FY06during FY06

Adding RCFL PersonnelAdding RCFL Personnel - Increased - Increased digital processing caseloads mean digital processing caseloads mean more RCFL examiners are needed more RCFL examiners are needed nationwidenationwide

Page 18: Cyber Crimes Presented by Heidi Estrada Special Agent Federal Bureau of Investigation Austin Resident Agency San Antonio Division.

Member AgenciesMember Agencies

Participating agencies and their Participating agencies and their personnel receive:personnel receive: 7 weeks of forensic examiner training7 weeks of forensic examiner training Exposure to the most technologically Exposure to the most technologically

advanced computer equipment advanced computer equipment availableavailable

Broad experience in a variety of digital Broad experience in a variety of digital forensics casesforensics cases

A stake in the management of the RCFL.A stake in the management of the RCFL.

Page 19: Cyber Crimes Presented by Heidi Estrada Special Agent Federal Bureau of Investigation Austin Resident Agency San Antonio Division.

A+ Certification Training (2

weeks)

Following the course, examiners conduct competency examination on test hard drive and send results to training coordinator

Training culminates in taking nationally recognized A+ certification test

Commercial Commercial VendorVendor

FBIFBI

Net+ Certification

Training(1 week)

Training culminates in taking nationally recognized Net+ certification test

Commercial Commercial VendorVendor

Basic Data Recovery

Analysis (BDRA)(1 week)

Training culminates in end-of-course test

National National White Collar White Collar Crime Crime CenterCenter

FBI Boot Camp(2 weeks)

Moot Court(1week)

Defense attorneys query participants on their examination results

Oral presentation test

Examiner Examiner Training/CertificationTraining/Certification

Examiners must also conduct five searches and five exams under the supervision of an FBI-certified forensic examinerExaminers must also conduct five searches and five exams under the supervision of an FBI-certified forensic examiner

Complete one advanced FBI-sponsored class per year

Complete two additional outside classes per year

Pass yearly proficiency test

To maintain certification:

Page 20: Cyber Crimes Presented by Heidi Estrada Special Agent Federal Bureau of Investigation Austin Resident Agency San Antonio Division.

RCFLs in TexasRCFLs in Texas

North TX RCFL North TX RCFL (Dallas)(Dallas) Dallas PDDallas PD FBI - Dallas DivisionFBI - Dallas Division Garland PDGarland PD Grand Prairie PDGrand Prairie PD Plano PDPlano PD Richardson PDRichardson PD TX AGTX AG US Attorney - NDTXUS Attorney - NDTX

Greater Houston Greater Houston RCFLRCFL FBI - HoustonFBI - Houston Harris County - Pct 4 Harris County - Pct 4

Constable’s OfficeConstable’s Office Harris County - Pct 5 Harris County - Pct 5

Constable’s OfficeConstable’s Office Harris County SOHarris County SO Houston PDHouston PD Pasadena PDPasadena PD Tomball PDTomball PD

Page 21: Cyber Crimes Presented by Heidi Estrada Special Agent Federal Bureau of Investigation Austin Resident Agency San Antonio Division.

RCFLs NationwideRCFLs Nationwide

North TX RCFL North TX RCFL (Dallas)(Dallas)

Chicago RCFLChicago RCFL Heart of America Heart of America

RCFL (Kansas City)RCFL (Kansas City) New Jersey RCFLNew Jersey RCFL Silicon Valley RCFL Silicon Valley RCFL Greater Houston Greater Houston

RCFLRCFL

Intermountain Intermountain West RCFL (Salt West RCFL (Salt Lake City, Utah)Lake City, Utah)

Northwest RCFL Northwest RCFL (Portland, OR)(Portland, OR)

San Diego RCFLSan Diego RCFL

Page 22: Cyber Crimes Presented by Heidi Estrada Special Agent Federal Bureau of Investigation Austin Resident Agency San Antonio Division.

RCFLs to be addedRCFLs to be added

Rocky Mountain RCFL - Denver, CORocky Mountain RCFL - Denver, CO Miami Valley RCFL - Dayton, OHMiami Valley RCFL - Dayton, OH Philadelphia RCFL - Philadelphia, PAPhiladelphia RCFL - Philadelphia, PA Western New York RCFL - Buffalo, NYWestern New York RCFL - Buffalo, NY

Page 23: Cyber Crimes Presented by Heidi Estrada Special Agent Federal Bureau of Investigation Austin Resident Agency San Antonio Division.

www.rcfl.govwww.rcfl.gov

Training Portal - course descriptions, Training Portal - course descriptions, schedule, registrationschedule, registration

National Program - employment National Program - employment opportunities, accreditation, opportunities, accreditation, locationslocations

Virtual Newsroom - Annual Report, Virtual Newsroom - Annual Report, Resource Kit, speeches, statementsResource Kit, speeches, statements

Page 24: Cyber Crimes Presented by Heidi Estrada Special Agent Federal Bureau of Investigation Austin Resident Agency San Antonio Division.

Dennis Williams, Director

Greater Houston RCFL

713-316-7878

www.rcfl.gov

Need to Contact the Need to Contact the Greater Houston Greater Houston

RCFL?RCFL?

Page 25: Cyber Crimes Presented by Heidi Estrada Special Agent Federal Bureau of Investigation Austin Resident Agency San Antonio Division.

Break !!Break !!

Block 2 beginsBlock 2 begins

10:00 am10:00 am

The FBI’s Cyber InvestigationsThe FBI’s Cyber Investigations

New Legislation: Cyber New Legislation: Cyber StalkingStalking

Page 26: Cyber Crimes Presented by Heidi Estrada Special Agent Federal Bureau of Investigation Austin Resident Agency San Antonio Division.

Cyber Crimes OverviewCyber Crimes Overview

Types of Cyber Crimes the FBI investigatesTypes of Cyber Crimes the FBI investigates

Counterterrorism IntrusionsCounterterrorism Intrusions

Counterintelligence IntrusionsCounterintelligence Intrusions

Crimes Against Children / ExploitationCrimes Against Children / Exploitation

Intellectual Property Rights ViolationsIntellectual Property Rights Violations

Identity Theft / FraudIdentity Theft / Fraud

Page 27: Cyber Crimes Presented by Heidi Estrada Special Agent Federal Bureau of Investigation Austin Resident Agency San Antonio Division.

What Does the FBI Consider What Does the FBI Consider a Cyber Crimea Cyber Crime??

Is the computer a target?Intrusions

Or…. is the computer a tool?Computer Facilitated Crime/

Internet Fraud

Page 28: Cyber Crimes Presented by Heidi Estrada Special Agent Federal Bureau of Investigation Austin Resident Agency San Antonio Division.

IntrusionIntrusion Motive: Motive:

To impair, damage, alter the computer systemTo impair, damage, alter the computer system To steal valuable data (credit card #s, SSANs)To steal valuable data (credit card #s, SSANs)

Can evolve into other substantive violationsCan evolve into other substantive violations An intrusion into a bank for the purpose of An intrusion into a bank for the purpose of

stealing $$$stealing $$$ An intrusion into a business or university An intrusion into a business or university

database for the purpose ofdatabase for the purpose of stealing SSANsstealing SSANs

COMPUTERS AS A COMPUTERS AS A TARGETTARGET

Page 29: Cyber Crimes Presented by Heidi Estrada Special Agent Federal Bureau of Investigation Austin Resident Agency San Antonio Division.

COMPUTERS AS A TOOLCOMPUTERS AS A TOOLComputer Facilitated CrimesComputer Facilitated Crimes

A convenient way to commit a host A convenient way to commit a host of crimesof crimes

Examples include:Examples include: bank fraudbank fraud phishingphishing credit card fraudcredit card fraud child pornographychild pornography identity theftidentity theft theft of intellectual propertytheft of intellectual property

Page 30: Cyber Crimes Presented by Heidi Estrada Special Agent Federal Bureau of Investigation Austin Resident Agency San Antonio Division.

What Does a Hacker What Does a Hacker Look Like?Look Like?

StudentStudent EmployeeEmployee AdolescentAdolescent Parent Parent CompetitorCompetitor Foreign Foreign

governmentgovernment

Page 31: Cyber Crimes Presented by Heidi Estrada Special Agent Federal Bureau of Investigation Austin Resident Agency San Antonio Division.

New Legislation: Cyber New Legislation: Cyber StalkingStalking

47 United States Code 223 - 47 United States Code 223 - telecommunications harassment telecommunications harassment statutestatute

Amended January 5, 2006Amended January 5, 2006 Section 113 of the Violence Against Section 113 of the Violence Against

Women Act - addition to 47 USC 223Women Act - addition to 47 USC 223

Page 32: Cyber Crimes Presented by Heidi Estrada Special Agent Federal Bureau of Investigation Austin Resident Agency San Antonio Division.

Section 113Section 113

Prohibits anyone from using a Prohibits anyone from using a telephone or telecommunications telephone or telecommunications device without disclosing his identity device without disclosing his identity and and with intent to annoy, abuse, with intent to annoy, abuse, threaten, or harass any personthreaten, or harass any person

Penalties: Up to 2 years Penalties: Up to 2 years imprisonment or finesimprisonment or fines

Page 33: Cyber Crimes Presented by Heidi Estrada Special Agent Federal Bureau of Investigation Austin Resident Agency San Antonio Division.

ChallengesChallenges

The new law is intended to curb free The new law is intended to curb free speechspeech

Has a “chilling effect” on First Has a “chilling effect” on First Amendment rightsAmendment rights

ACLU: subjective nature of the word ACLU: subjective nature of the word “annoy” means law too vague, thus “annoy” means law too vague, thus unconstitutionalunconstitutional

Page 34: Cyber Crimes Presented by Heidi Estrada Special Agent Federal Bureau of Investigation Austin Resident Agency San Antonio Division.

Who is Affected by this Who is Affected by this Law?Law?

Internet users: blogs, online bulletin Internet users: blogs, online bulletin boards/opinion sites, message boards/opinion sites, message boardsboards

AdvertisersAdvertisers Political Activists Political Activists

Page 35: Cyber Crimes Presented by Heidi Estrada Special Agent Federal Bureau of Investigation Austin Resident Agency San Antonio Division.

OPEN DISCUSSION !OPEN DISCUSSION !

Page 36: Cyber Crimes Presented by Heidi Estrada Special Agent Federal Bureau of Investigation Austin Resident Agency San Antonio Division.

Cyber CrimesCyber Crimes

Heidi EstradaHeidi Estrada512-794-3102512-794-3102

[email protected]@leo.gov

Austin Resident Agency/San Antonio DivisionAustin Resident Agency/San Antonio Division

Page 37: Cyber Crimes Presented by Heidi Estrada Special Agent Federal Bureau of Investigation Austin Resident Agency San Antonio Division.

Lunch !!Lunch !!

Return at 1:30Return at 1:30

Next SessionNext Session