Albuquerque FBIand the Domain Initiative “Evil only prevails, when good men do nothing.” Sir Edmund Burke SA Jeanette S. Greene Domain Coordinator Albuquerque Division Overall Classification of this briefing is UNCLASSIFIED
FBI PRIORITIES Protect the United States… From terrorist attack Against foreign intelligence operations/espionage Against cyber-based attacks and high tech crimes FBI Director Mueller June 21, 2002 Congressional Testimony
Domain Program Mission Partnership with public and private entities to protect the national and economic security of the United States through the exchange of information
Counterintelligence Mission IDENTIFY, ASSESS, DETER, NEUTRALIZE, OR EXPLOIT Foreign Intelligence Services' (FIS) collection activities directed against our nation's warfighters, technologies, and secrets.
Espionage Defined The act of obtaining, delivering, transmitting, communicating, or receiving information in respect to the National Defense with an intent or reason to believe that the information may be used to the injury of the United States or to the advantage of any foreign nation.
“Who Are the Bad Guys?” Foreign Intelligence Services (FIS) The Traditional Threat “Order of Battle...” Political Military Non-Traditional Threat Economic Free Research and Development
What Does FIS Want? INFORMATION • US Technology • Military Training • Tactics, Techniques, and Procedures • Free R&D • Future Programs • Personal Information • ANYTHING AND EVERYTHING
What Does FIS Want? • FIS is looking for Unclassified as well as Classified information. • FIS is looking for Proprietary Information. • FIS is looking for personal information
HOW DO FIS GET WHAT THEY WANT?
Targeted Information Personal Information Hobbies Family Likes/Dislikes Vulnerabilities Professional Information Place of Employment Access Co-Workers Performance Ratings Office Numbers
What are they looking for?...Vulnerabilities Aldrich Ames (CIA) Alcohol/Drug Abuse Sex Financial Problems (Greed) Gambling Problems Roderick Ramsey Ego “I am to smart to be caught” Idea of being a Spy Feeling of Importance Ideology Ego Money Revenge/Disgruntled Blackmail Hostage Situations George Trofimoff Ties to a Foreign Country Family/Friend as for Information Ryan Anderson Ideology Identified with Enemy Looking for Acceptance
Collection Techniques • Unsolicited Correspondence - “Shotgunning” • Exploiting Legitimate Access • Direct Submission of RFIs • Social Engineering • Emotional Approach • Eavesdropping • Elicitation • Recruitment • Direct Monitoring • Threats or Blackmail
FIS Cold Approach Methods: • Relentless Pursuit • Ignoring Visit Restrictions • Shotgun Blasting • Divide and Conquer • Exploit National Ties • Last Minute Agenda Change • “Got a light” • “Lost” • “Did not get my briefing”
Elicitation The Process of obtaining information under the guise of a social or professional conversation. If done correctly the SUBJECT does not even know that he/she is being interrogated. The individual is unaware/unwitting that they are providing information. Natural Tendency to Gossip Natural Tendency to Discuss Work Natural Tendency to Correct Mistakes Want to change another person's view point Implied Knowledge Sympathy Provocation Ignorance Flattery Common Interest
Cyber Methods • Cyber Elicitation • Email “Spoofing” • Spear Phishing • Malicious Attachments (.doc, .exl, .ppt) • Social Engineering • Chat rooms and Forums are a collector’s playground • Spyware/ Data Miners • Malicious Websites • Redirections • Laptop Exploitation • Physical/ Wifi • External Media • CD and Thumb Drives
-----Original Message----- From: FBI [mailto:email@example.com] Sent: Tuesday, July 31, 2007 7:02 PM Subject: Dscovered The Federal Bureau of Investigation (FBI), discovered through our intelligence Monitoring Network, that you have an on going transaction with some fraudsters who claim to be legally transacting business with you through the internet. The fraud starts has been arrested and they are right now in the FBI custody. They confessed that they scammed you of some amount of money which we will not disclose to you right now until you fill the form below for verification of ownership. Your money will be sent to you as soon as we have verify that you are the really owner of the money we recovered from the fraudsters. Please not that you have been legally declared innocent in the transaction between you and the fraudsters because you were deceived by the fraudsters and do not know what you were doing, so do not be afraid of filling the form below and have it sent back to us via this email address (firstname.lastname@example.org). PAYMENT RELEASE ORDER FORM 1. FULL NAME 2. AGE/SEX 3. NATIONALITY 4. AMOUNT THAT WAS SCAM 5. RESIDENTIAL ADDRESS 6. PHONE NUMBER 7. HOME ADDRESS Thanks for your understanding and we are sorry for the inconvenience this may has caused you all this while We await your responds to this mail as soon as possible. Regards, +44 70457 36823 Mr. Moore Jolly Classification: UNCLASSIFIED Caveats: NONE
From: JAGNWOP687@Yahoo.com Sent: Thursday, July 07, 2005 9:04 AM To: Subject: Requested Information Hello, I am Ekanga Adani, a Indian AD Officer, who is a grad of OAC 3-98, Ft. Bliss. What I need is Air Defense, particularly SHORAD lessons learned from OIF. I would appreciate your assistance if you could. Please send any information to me by my email EJAdana@protx.com. Thank you. Ekanga Adani, Cpt, AD, IND.
Several Possible Espionage Indicators • Excessive Copying • Change in Work Habits (Working Hours) • Repeated Security Violations • Unauthorized Access or Removal of Information • Unexplained Affluence • Unreported Foreign Contact • Joking or Bragging About Working for FIS
Espionage Indicators Clyde Conrad Refused Promotion to Avoid PCSing Had Numerous Minor Security Violations Worked Long Past Necessary Duty Hours Made Numerous Copies of Classified Documents Johnathan Pollard Lead a Very Lavish Lifestyle (FIS Retainer) Bragged about Working for MASSAD Took Numerous Documents Home Took Numerous trips to Israel and Europe Ana Montes Sought Positions with Better Access Accessed Information Outside Her Duty Scope
Markus Wolf, Head of East German IntelligenceDuring the Cold War “It was our experience that a simple Sergeant in the U.S. Army, was perhaps more important and resulted in better, more secret information, than any (information) provided by a high official or a higher officer.”
Something to think about… In your office, who has access to every room? When they come into your office, do you usually leave? Who has the authorization to remove items from every office? Who comes in early and leaves late or works after hours? Who has the placement and access to ease drop?
Why am I here? Increase Awareness Increased Capability Identity Theft Incident Reporting
Who is at risk? Systems Network Program Paycheck Everyone...
A STUDY CONDUCTED BY R.J. HEFFERNMAN ASSOCIATESINVOLVING 246 OF THE FORTUNE 500 COMPANIES REVEALED THAT 49 PERCENT OF THE COMPANIES STATED THEY HAD BEEN VICTIMS OF INDUSTRIAL ESPIONAGE. IT WAS ESTIMATED THAT THE UNITED STATES MAY BE LOSING UP TO $20 BILLION IN BUSINESS PER YEAR AS THE RESULT OF SUCH ACTIVITIES.
IN A SEPARATE STUDY, THE AMERICAN SOCIETY FOR INDUSTRIAL SECURITY’S COMMITTEE ON SAFEGUARDING PROPRIETARY INFORMATION ESTIMATED THAT THE 32 LARGEST U.S. COMPANIES LOST DATA VALUED AT OVER $2 BILLION. THE STUDY SHOWED THAT 70% OF THE INFORMATION LOST WAS COMPROMISED BY FORMER OR CURRENT EMPLOYEES.
Cost of Espionage • Espionage costs the US Economy Money and lowers the US Standard of Living. • Espionage costs Soldiers lives
What to Report? Unsolicited Correspondence Unauthorized Request for Information Deliberate Security Compromise Exploiting Legitimate Access Suspected Approaches Unusual/Suspicious Incidents Photography Suspicious Telephone Calls Suspected or Known Computer Intrusions Attempts to Obtain Unauthorized Information (Classified or Unclassified) Unofficial Contact with a Foreign National
YOU ARE THE FIRST LINE OF DEFENSE. YOU ARE OUR EYES AND EARS.
Who do you call? Federal Bureau of Investigation Defense Security Services Army CI, AFOSI, MDA, DCIS, NCIS When in Doubt Just Call Any Of the Above and We Will Do the Rest. The Important Thing to Do is Just Call.