Skip to main content

tv   Cybersecurity Intelligence Forum Part 5  CSPAN  June 25, 2018 10:03am-11:00am EDT

10:03 am
across alaska by ferry to the city of haynes, ahead of our stop in fairbanks. be sure to join us july 21st and 22nd when we'll feature our visit to alaska. watch alaska weekend on c-span, or listen on the c-span radio app. >> public and private sector officials discuss cyber security priorities challenges at fed scoop and fire eye. this hour-long portion featured remarks from the arm's major general garret lee and the assistant for attorney general for national security john demmers. >> am i live? okay. i'm sure you had a lot from tom,
10:04 am
chad, at fireeye, and so maybe you had two requests but thank you for making me feel important today. my name is garret lee at the pentagon, here to help, and that was kind of a joke. but what a timely topic for us. it's been timely for the past i would say 2 1/2, three years since we really started to take cyber security seriously and then cyber threat, cyber threat intelligence, which is something, you know, for the army i think is something that's gaining in a lot of traction in terms of understanding what that means for us. i do have a few, you know, high-level messages i would like to put out there first. we have some good news. this past year we commissioned, we direct commissioned our first two cyber security -- cyber officers. two first lieutenants, direct
10:05 am
commissions, and that was something that's been in the works for a while, to be able to do that. the criteria is that you have to have a bachelor's degree and then some demonstrated expertise. maybe a bit subjective on what that is because we're just learning how to bring direct commission into the services, the army has two now, and we'll be doing about five a year for the time being to kind of get us up to speed. they started off as first lieutenants. doesn't mean in the future they may not be at a higher grade but we're trying to learn how to bring direct experience into the force so that's good news for us. we also have at any given day, you know, literally over 100 army soldiers, the number is 178,000 soldiers serving worldwide today in operational assignments. no kidding. you hear about the big ones in the middle east, southwest asia, but let me tell you what around the globe at any given day over
10:06 am
100,000 current number is 178,000. that's an awful lot. you know. on the heels of memorial day this past weekend, which, you know, was, you know, quite an opportunity for me to reflect on why we serve, that kind of number out there and things are happening every day to our brave men and women of all services, really is just time for me to reflect and so i share that with you, that this past week i had with me staying with me, a gold star mom, and, you know, just reconnecting to her. i have known her for over ten years the ability to spend some time and reacquaint and reconnect and why we serve and why we are here today and why i'm here today to talk about how important cyber security and cyber threat intelligence is for our army. the next couple weeks we're going to celebrate the army's 243rd birthday. we've been around for a long time.
10:07 am
here's the thing man, the army has been around longer than the u.s. we are founded in 1775, and we were as a country founded in 1776. let me talk a little bit about modernization. you've heard of the futures command? anyone? in the news lately, a little bit of the futures command. and what does that mean? it's going to be a four-star command. and it's going to happen because the army has tried to figure out how to bring capability to our forces faster, right? and traditionally, those of you that have been associated with the services, and i think many of you have, whether you're working in the private sector or served, we have these stove pipes of excellence. and we say, hey, this organization does requirements, this organization does acquisition, and by the way, we have like a whole operational force that's out there. and the idea of this futures command is to be able to bring the operational folks together
10:08 am
with the acquisition community together with the requirements folks so we can come up with what we need faster, right? and in the cyber world, we're kind of already doing that, right? so, you're kind of already breaking new ground here in this world here, but the idea is, in a bringing the product, you know, to bear faster is the idea of coming up with a minimum viable product, right? anyone heard of that? minimum viable product? a few hands out there. a few. the lean start-up book folks? so, the idea is, you get something you put in the hands of users, fast, and let them work with it and give you some feedback. and then you start working from there. and if that minimum viable product has some promise potential, work with it. if it doesn't, kill it, all right? and i think we do that already quite a bit in this community here. so, i think, in my mind, some of the tangible stuff, the hardware type folks can learn from what we do here in this world.
10:09 am
so, this futures command is going to focus on the six of the army's top priorities. why six? because it's a manageable number, and it's because it allows us to put focus into the separate. so, i'll list them off. and these, just for your awareness, because for every one of these, there's a cyber component to it, right? so, long-range precision fires. next-generation combat vehicle. future vertical lift. the army network, which is where we play heavy in this group here. air and missile defense, which this group plays heavy, also. and soldier lethality, all right? six priorities. six cross-functional teams have been stood up to support each of these, plus two additional cross-functional teams, and
10:10 am
those eight cross-functional teams will make up a part of this futures command. at a location to be determined. all right? so, that's modernization. but as i just rattled off those six, think, what does it mean from a cybersecurity perspective for each of those six areas that i listed off? the network's an easy one, but every one of those has a cybersecurity component and a cyber threat concern. let's talk about the people a little bit. so, people process technologies. the people, the army just this past year certified the 41 active-duty cyber mission forces, and we have 21 additional reserve component cyber teams that will be foc by 2024. so, the army's moved out way ahead to try to get after this. we've built the teams. and what we found was, at first, because i recall, you know, some
10:11 am
years ago trying to figure out how to use some of this capability, and within a very short period of time, we found out that we didn't have enough capability, right? i didn't know i needed that until i went shopping. so, we have the good news is those 41 cpts -- and what that's done for our community collectively inside the military, outside the military, it has raised the bar for what it means to be a cyber professional. it really has. it really has. the training they go through, i got it. you know, there's a lot of training they go through. but just the fact that we've now gone through a rigorous selection process for you to be part of this group of folks, gave you the additional training, give you the tools. not all the tools that we need. there's more that we'd like, but at least they're getting the attention of focus, and now we've raised the bar from within the army, right? and now, now we can't get enough of them, which is great. we talked about the two lieutenants that got
10:12 am
commissioned, and the third thing i'll talk to you about in terms of the people is we have a new army cyber commander that would be tomorrow promoted, and assuming command. that's major general fogarty. and so, you may recall that he used to be the cyber center of excellence commanding general, and then he went to become the chief of staff at cyber com. now he's coming back to the army to be our commanding general of army cyber tomorrow. so, that's great news for us. a little bit about process. by the way, i'm about halfway done, right? they gave me ten minutes. so, as i said earlier, we're changing the way we view cybersecurity, cyberspace, cyberspace operations, right? and in fact, when i came to the pentagon three years ago, yes, painfully, three years ago, you know, oh, my goodness, it was cyber what, you know,
10:13 am
cybersecurity. it was still -- and we are still very much compliance, you know, minded, but it was about why do we have to do that, right? and then a breach here, a breach there, you know? opm here, you know. and you know what, we got this now. we know that it's something that we need to work with, right? and so, you'll see that, you'll see that come out in many different expressions, right? some are more helpful than others, but we get it now. and so, the good news is there's focus now -- well, no, the good news is there's attention. now our challenge is how do we channel focus some of this, right? i just talked to jessica, who just went to the rsa conference recently. who's been to the rsa conference?
10:14 am
so, all right, i went there like last year. 1,100 of the sharpest cyber vendors, you know. it is confusing. it's very difficult to navigate through all of that, right? so, the challenge for us in the army, when we see all this out there, is okay, you know, that sounds good, that sounds good, that sounds good. okay, i didn't know i needed that. okay, give me some of that, too. and i only have so much money, right? how do we prioritize what it is that we need to pursue, right? so, now we do over the past two years have developed a few requirements through a formal process to help provide some focus to us. it's awkward trying to develop a requirement for something in cyber, right? because when you develop a
10:15 am
requirement for future vertical lift, it sounds a lot like a helicopter, doesn't it, you know? or long-range precision fires. okay, that kind of sounds like shooting something out of a tube or something, right? all right. but when you say, i need some -- and we talked about this before -- hey, how much is a pound of cyber worth? i have no idea. we don't know. and that's the challenge all of us in this room all have to figure out and talk to our non cyber ceos about what it costs to have nice things, right? so, we are changing the culture. we are wrestling with reform of risk management framework. and so that is something that is on the compliance side. it's supposed to be more of a risk-informed process, but right now it's still very much a compliance hammer over the head.
10:16 am
but we are working to try to reform that so that it's actually more practical for us to implement. and at the same time trying to just haul it in, not only the army's priorities, but the department of defense. so, whatever we do, how do we tie that to lethality? how do we tie that to partnerships with our partner nations or whoever we partner with? and then what about reform? how do we do things different? how do we do things better? you know? more effective. right? so, within those three things in mind. so that's process. people, process, technology. on the technology side, the army submitted a report to congress on the first of february. it was due i think january 31st, but we got it there february
10:17 am
1st. and that talked about the army's network way ahead. and who's read that? okay. don't raise your hand. so, that is a public document. you submit that to congress. that tells congress how we intend to move forward. and in fact, it tells congress a little bit of how we plan to spend the money, right? because we're telling them this is what we're doing. or how we won't spend the money. and i say that it's a good thing if you read that, because if you want to know where the army's going, it's in high-level, easy-to-read, 20-something pages, this is what we plan to do, all right? so, that's on your reading list. so, the strategy that we come up with -- i've got two things for you to think about.
10:18 am
you know, we're going to halt a few programs that aren't working, some call cpop, command post of the past. yeah. so, fans, or not so fans. we're going to fix some things to improve our fight capability that ties to lethality, right, for us. then we're going to pivot to a new way of doing business, right? in a lot of different ways. and acquisition is part of that, all right? so, that's the army's high-level strategy. now, you've got to repeat after me. halt. >> halt. >> try again. halt. >> halt. >> fix. >> fix. >> pivot. >> pivot. >> altogether, halt, fix, pivot, right? now you know our strategy, all right?
10:19 am
the last part of technology is that we've come up with some things or characteristics that we want to keep in mind, and there's a whole bunch of them, but we've been able to slim it down to four things so that we could quickly repeat and understand what those are as we go through our day. so we want our network to be flat. i think you know what that means. we have a lot of disparate networks that we're trying to full together to flatten the columns, flatten the network. we want it to be fast, not just high data rates, but we want to be able to make decisions faster. if we can have a capability that informs our leaders to be quicker on the decision-making process, than the adversary, then that's good for us, right? we want to be mobile. and we're getting better at that, but we continue to need a lot of help in that area. and we want to be protected, right? and that's where cybersecurity, cyber threat intelligence comes into play. show we thought it was important enough that of the four things
10:20 am
that we talk about, our network needs to be protected. so, it's flat, fast, mobile, protected. okay, we'll do this again. all right. repeat after me. flat. >> flat. >> fast. >> fast. >> mobile. >> mobile. >> protected. >> protected. >> altogether. flat, fast, mobile, protected. okay, good. give yourselves a hand. all right. so, we are doing things differently in this change that we have. it's not just a bunch of bumper stickers, although they sound pretty good to me. the last time we've had a change this big was like 30 years ago. really. and that was -- you know, i don't even know why -- yeah, that's a long time ago. i was in the army 30 years ago, but i was so new, i didn't know what we were doing at that time, but that was before the internet, that was before bluetooth. that was before wi-fi. that was before social media. that was before all of that.
10:21 am
and so for the army to undertake this change in the network is quite an exciting thing for us to be doing, and it's kind of cool that we're doing it at this time, since we get to be involved in it. i'll just give you a quick story about this protected piece. and although it doesn't really quite fit, i think it's, you know, it highlights the fact that, somehow, we're all vulnerable, right? and about a year ago, i got a call from an attorney who said that a friend of hers was thinking that she was going to marry me, and then she had already given me 2,500 bucks. she said, i looked you up on the internet and you looked like a nice person, you seemed like a nice person, and what had happened was, that this person got catfished, right.
10:22 am
someone had made a fakebook facebook of me, right? they took my picture, my name. and apparently, i was in syria and i needed like 2,500 bucks to come home. and i know it happens. you hear about it. but when it happens to you, you really feel sorry for the person who gave that money up, right? and so, you know, i know a lot of folks get fake accounts made of them and they use that to catfish. and maybe it doesn't bother you, but i felt bad, so i went to facebook and they took it down. and now i check. i check every couple of weeks, because it's so prevalent. i was home on leave last week in california. my daughter just graduated. she works at tesla. and i said, hey, let me show you what happens here. and let me show you how to look. and i type my name into the facebook, you know, search line. and three fake accounts came up.
10:23 am
i've had about a dozen fake accounts over the past year. but it was just interesting that right when i said, hey, look, here's how you look yourself up, three fake ones came up. sent a note to facebook and they took it down right away, you know. the one that was probably the most disturbing to me was about maybe three or four months ago, and you could do this, you could put your face into the search bar of google, and it will, like, find images of you, right? well, i found out that i was on a filipino dating site. that wasn't as disturbing as the fact that i didn't have very many hits on that one there. so, anyway. but anyway, that highlights just how vulnerable we are today. and when it comes in to building cybersecurity into whatever capability we're building with these, you know, cross-functional teams and our future networks or whatever, how do you -- we talk about this all the time -- how do you bake in
10:24 am
cybersecurity into something, right? and part of it is there's a hardy aspect, a resiliency aspect, but also just an avoidance aspect of it, right? and that's where we have to be able to take some -- at this point, until we get better at what we're doing, at least in the army, take an appetite suppressant, because if you want bluetooth-enabled xyz device or want it to be wi-fi-enabled, you really don't need it, then maybe you don't need it, right? so there's a nice to have and need to have. and we have so many capabilities nowadays with you name it, internet and things, that we really could put ourselves in a tough position to clean ourselves up later on, which we are trying to do, especially in the medical community. a lot of devices out there that are, like, bluetooth, wi-fi-enabled, et cetera, that we now have to go back and make sure we lock them down, right? so, a way to bake in is also avoidance.
10:25 am
i liken it to the rich dad-poor dad book, that one a few years ago. the guy that says, hey, if i gave you a car, did i give you an asset or a liability? some might say, hey, i got an asset. but the smart guy would say, the rich uncle would say, no, that's a liability. now i have to fuel the thing, insure the thing, pay for maintenance, et cetera, right? so, if i gave you a really cool, you know, technical capability, i might have given you a vulnerability, right? and so, as we go through department of defense and looked at all of our infrastructure and our systems and all the things that are maybe legacy but we bolted things onto it, you know, that's a cleanup job for us in aisle nine. i'm going to close first by saying thanks again for inviting me, thank you to our hosts. thank you for a very attentive crowd today.
10:26 am
you know, partnerships are the key. we say that all the time. and how do you do it, though? how do you have partnerships? well, one way that, you know, i think, is i know some of you have joined us down at ft. gordon later on in june for cyberquest 2019, and that's where that's kind of a devops-like feel, where we're trying capability that we haven't had before, we're trying it out on soldiers that are like brand new to the army, or like e-1, e-2, e-3, very low, to show it's usable, right? and that's a way. get yourself onto those. when we ask for requests for proposals or requests for papers, you know, throw something at it. that's how you do it, you know? and here's one thing that we all need to be doing. now, i don't come from a traditional signal background, but i know a lot of folks in this community have, you know, deep intel background. what we need to be doing better
10:27 am
is talking, if we use army terms, you know, the signal folks need to be talking to the intel folks better, right? and that is a challenge for us, because we grew up in one of the two worlds and we get good at that, and i'm getting the hook. but you know, the more that we talk together, the more that i think the solutions that come to us will be better for us in the end. so i ask for your continued partnership in however we do it, be nice to us, we'll be nice to you, be nice to each other. thank you for having me here today. [ applause ] >> thank you so much, major general yee. thank you for joining us. let's give him another round of applause. [ applause ] i'm excited to introduce our next speaker. she's going to be talking about cyber threats to veterans' health care, something that i know we all care a lot about. very interesting topic as well. she's a senior analyst at
10:28 am
fireeye. please, put your hands together and give a warm welcome to sarah geary. ♪ >> hello. i want to start by giving a big thank you to our veterans in the room today. [ applause ] you have protected, fought to protect our country and our freedoms against adversaries, and that deserves our deepest gratitude. and you're still in the fight. over the next few minutes, i'll be speaking about how adversaries are still interested in targeting veterans in cyberspace. my name's sarah geary. i'm a senior analyst in fireeye global intelligence, and i come from a decade of government, government service, myself.
10:29 am
focus mostly on cyber intelligence. it's a real honor to be here with you today. so one of our main goals in fireeye intelligence is to know the adversary better than anyone else does. malware can change and cases of compromise can vary by intrusion, but the adversaries themselves and their underlying motivations remain rather constant. so, that's the best way to get ahead of the threat is to focus on the threat and who's behind it. so at fireeye, we've categorized four mean motivations that adversaries take to motivate them to go after veterans. one is espionage, financial, ideological, and then attack or cyber physical. and i'll walk through each of those and specifically how they apply to veterans now. so, let's start with espionage.
10:30 am
for an intelligence agency, one of their main priorities is to find out as much information as possible about foreign military -- their capabilities, their people. fireeye, we've seen evidence of that within the cyber espionage space, even back to our first advanced persistent threat that we tracked, apt-1, which we attribute to china. what we saw with apt-1 is they were interested in stealing military work charts to include the contact information of military personnel and their roles and responsibilities. and a reason a nation state would be interested in this is to figure out who to target. what they're looking for, some of the main criteria, is someone who would know a lot about the military, someone who even after the military would be a natural leader in the defense or political spaces.
10:31 am
and then someone who's well connected and could lead them to other targets. and veterans fit the bill in all of those three criteria. if you remember the opm breach and the anthem hack, both of those happened around the same time, and fireeye, we believe that -- and they're both attributable to china -- so, it's really quite plausible that china is correlating both of those databases, going through the opm database to find military members or those who used to serve in the u.s. military, and then running those names through the medical records to find the specific in-depth personal information about those military members. that's one of the reasons why in this presentation we're focused on health care, because of how extensive medical records are and how sensitive the information is within them.
10:32 am
it's perfect targeting data for a nation state. so, just hypothetically, if china were able to put two and two together with those databases and then use that medical information to craft a very tailored spearfishing e-mails to go after a veteran, not many people would think twice if they saw an e-mail in their inbox that seemed to come from their medical provider with an attachment related to the symptoms that they had been having. who wouldn't click on the attachment, potentially enable the macros and find out what their doctor is saying to them? well, in this hypothetical scenario, if that happened, their personal e-mail could be hacked, and then china would have access not just to more of their personal information, but also to their contacts, many of whom would be other military
10:33 am
members and veterans as well. and china's network and understanding of the u.s. military would continue to expand. the veterans have also fallen victim of cyber criminals who routinely try to steal personally identifiable information, pii, and sell it, monetize it somehow online. now, they're specifically interested in medical records, given how lucrative they are and valuable when they go to resell. now, fireeye, we have a team of researchers that comb the dark web specifically looking for these sorts of threats. the picture here, the chart on the slide is from a hacker who calls himself the dark overlord and is trying to sell the medical records that he claims to have obtained. now, that's not the only method that we've seen the dark overlord employ.
10:34 am
sometimes, instead of stealing it, or instead of trying to sell it, he'd go and contact the medical establishment and try to extort them and say, if you do not pay up, i'm going to publish all this information publicly online. so, that brings us to our next motivation, ideological. now, hactivists, if you've heard the term, it's activist hackers, and they're known to be of less sophistication than say a nation state advanced persistent threat, but you don't really need to be that sophisticated if the information is already freely available online. so, a hactivist group might be interested, especially if they're motivated by antiwar ideologies or an agenda, to take veterans' personal information, medical information, publish it online with the intent of embarrassing a vet or
10:35 am
potentially trying to spin it as, well, look, war is detrimental to everyone, or however they seek to spin it. terrorists would also be interested in publicizing a vet's contact information, their addresses, their family members. we saw this with isis-affiliated hackers in their kill lists. what was even perhaps more concerning in that specific instance is fireeye believes that they got that information, didn't even need a hack. it was all available online for them. and then you've got groups like the cyber caliphate who, they've been in the news recently. they've been texting death threats to spouses of u.s. military members. now, a couple years back, fireeye had done some research into that group, and we don't believe it's a hactivist
10:36 am
group. we also don't believe it's a terrorist group. instead, we think it's a false hactivist persona set up and leveraged by russian state sponsored cyber actors. these cyber actors are using the hactivist group to advance russia's political agenda at the expense of u.s. military families. lastly, we have cyber attack. so, this goes beyond publicizing the personally identifiable information and medical records online. this is actually involving attacking the medical devices themselves. now, i have some good news. there have been no attacks on medical devices to date. but unfortunately, there are often vulnerabilities, and there are many vectors for such exploitation. so it could be just a matter of time, unfortunately. one such vector would be the supply chain, and that's a very
10:37 am
insidious vector as well. mandiant, a fireeye company, was called in to do an investigation on a medical device manufacturer. and sure enough, we discovered that there is apt-18 on their networks, and that's the chinese advanced persistent threat. that apt-18 had been on their networks for 60 days before being detected. that's plenty of time for any adversary, if they so desired, to subtly manipulate the specs of the medical devices. thankfully, that didn't happen in this case, but it just shows how such a threat could take place. but even when the devices are manufactured according to the right specifications, there can still be vulnerabilities. just last year, ics published vulnerabilities of a certain brand of pacemakers, and it took a while for that vulnerability to be patched.
10:38 am
and when you look at it, the patching process itself and the updates could be another way to introduce additional vulnerabilities. this example is demonstrated to us back in 2012 at a va hospital in tampa. over 100 medical devices were infected with the conficker worm. we believe that that was the result of a vendor going in to update those devices with a thumb drive that was unknowingly compromised. so, just to summarize, the importance of knowing who the adversaries are, knowing what their interests are, how they might go about exploiting their targets and accomplishing their end objectives is so important. this is just a quick example of the type of strategic threat intelligence that we briefed to our customers to help them
10:39 am
prioritize where to focus. and the last word here, i just want to speak to our veterans. you have protected us, and we want to protect you against cyber threats in the health care sector. thank you. [ applause ] >> thank you so much, sarah. let's give her another round of applause. [ applause ] all right. i'm thrilled to introduce our closing keynote. he's going to be talking about is government a friend or foe. he is the assistant attorney general of the national security division at department of justice. please put your hands together and give a warm welcome to john demers. ♪ >> all right, thank you, goldy. thank you to fireeye. thanks to all of you for being
10:40 am
here today focused on this very important topic for all of us. so, i'm here to talk to you today -- by the way, the answer to that question is friend. i'm here to talk to you today, to talk about the importance of collaboration in confronting the national security cyber threat. protecting the nation from national security threats is the mission of the national security division, which i head. altogether nsd was created in response to the terrorist attacks on september 11th, its mission goes well beyond terrorism. in the past years, it has come increasingly to include a focus on cyber as part of the threat posed by certain foreign nations. as we do with respect to terrorism, nsd drives collaboration among prosecutors, law enforcement officials, intelligence attorneys, and the intelligence community to ensure that we approach the national security cyber threat using
10:41 am
every tool and resource available to the federal government. some of you in this room come from the private sector. companies large and small. companies that consult and provide advice and companies that make things. others come from federal, state, and local governments or from other countries. your work may be diverse, but you all appreciate one thing. you know that there are countries in this world that want what you have. they want our sensitive information, our technology, our intellectual property, and they want to destroy any competitive advantage that we may have. around the world, there are people who wake up every morning thinking about how they're going to get it, and they go to bed every night all too often thinking about a job well done. one thing they're not spending a lot of time thinking about is our laws and international cyber
10:42 am
norms. you don't have to be a defense contractor to be worried about this. recently, we've prosecuted cases of folks who stole seeds of rice and kernels of corn. no one is immune. if you're in business, if you're in government, if you're in medicine, if you're in academic research, you have something of value to someone else. and to get it, foreign countries will use all means, including computer intrusions. you're not going to stop these countries on your own. no private company or institution has the resources of a determined nation state. nor is anyone part of the federal government or a state or local government going to stop these adversaries on its own. we'll only succeed in defending the nation's firepower and the fruits of our brainpower if we're partnered together. in recent years, nsd has
10:43 am
furthered the government's efforts to deter and disrupt malicious national security cyber threats by charging hackers acting on behalf of china, russia, iran, and isis. but not every cyber disruption needs to be a prosecution. in fact, just last week, the department announced that it obtained a court order to disrupt a global botnet known as the vpn filter that had infected hundreds of thousands of home and office routers controlled by a well-known malicious cyber hacking organization. the botnet provided the sofecy group the ability to undertake all manner of malicious cyber activity, from unlawful surveillance to theft of valuable information, to disruptive attacks. the department could not have begun to neutralize this threat alone. we worked closely with the private sector, including private security researchers and other government partners, such as the department of homeland
10:44 am
security. if we continue to work together, we will do much, much more. let me provide two other illustrations of the good that can happen when the private sector and the government work together. let's take the case of yahoo! i'm sure you're all familiar with it. yahoo was the victim of a breach in 2013, only to discover three years later that it had been the victim of another breach, more massive one, in 2014. when this information came to light, yahoo notified the government and provided valuable assistance to the fbi, fully cooperating at every stage of the investigation. as a result of this effective collaboration, yahoo and the fbi determined that hackers working both for financial gain and on behalf of russian intelligence officers had stolen information from at least 500 million yahoo accounts and used that stolen information to obtain access to the contents of accounts hosted by yahoo, google, and other providers.
10:45 am
russian journalists, u.s. and russian government officials, private-sector employees of financial transportation and other companies had all been targeted. thanks to the close cooperation of yahoo, google, and others, doj prosecutors and the fbi were able to identify and expose the hackers without further compromising the privacy of the account holders. three of the defendants were russian nationals residing in russia, two federal security service agents, and a known russian hacker, an fbi most-wanted criminal, alexsey belan. the fourth defendant was a 22-year-old hacker named karim baratov, who resided in canada. following the u.s. indictment, canada captured and arrested baritof. he was brought to the u.s. and pleaded guilty to eight criminal counts, including conspiracy to commit computer fraud and abuse and aggravated identity theft.
10:46 am
earlier this week, he was sentenced to five years in jail. the second case demonstrates that cooperating with the government and benefiting from its knowledge and tools can help a company that has been hacked see things for what they really are. a few years ago a company was the victim of what appeared to be a run-of-the-mill intrusion. an intruder obtained authorized access to their customer database and had obtained personally identifiable information for their customers. the company's i.t. personnel worked diligently to eject the hacker from their network, but he kept coming back. eventually the hacker threatened to expose the company's customer information unless he was paid a ransom. around that time, the company contacted the fbi. the fbi determined that a deep kosovo citizen studying
10:47 am
computer science in malaysia" one of the hackers who had gained unauthorized access to the victim company's pi. all though the hacker had a financial motive in demand ago i -- demanding a ransom from the company, the customer pii he stole was not des it tinned for the black market. that was of interest because among the tens of thousands of customer names and thousands of e-mail accounts that he stole, there were more than 1,000 e-mail addresses that ended ultimately he used that information to create a list for pi, for approximately 1300 u.s. government civilian employees and military personnel. he provided the information to a syrian based isis member. a few months earlier hussein acting in the name of the islamic state hacking division had posted a kill list that purported to include the names and addresses of 100 members of the u.s. military. he wanted to help him create and disseminate a second kill list.
10:48 am
in fact, soon after he received the information from feresi husain used twitter to publish the pii of all 1300 u.s. government and military customers of the company. in his tweet, he threatened the, quote, crusaders who were conducting a bombing campaign against the muslims. doj charged the hacker with violations of the computer fraud and abuse act and with conspiring to provide material support to isis. we were successful in obtaining his extradition from malaysia to the united states and he ultimately pled guilty. in september, 2016, he was sentenced to 20 years in prison. he was also ordered to pay $50,000 in restitution to the company. even though the prosecution of the hacker was public, the name of the company was never revealed. we are often asked why we would bring a case against foreign nationals located outside the u.s.
10:49 am
well, for one, as the yahoo! and farecy cases show, we may well get more than one of them. the u.s. government has extradition agreements with more than 100 countries, so it's not enough for those defendants to forego a visit to disney world. for the rest their lives they will be unable to travel to more than half the countries in the world without fear of arrest and extradition to the united states. second, the investigation and charges can assist other parts of the government in bringing their authorities to bear. for instance, treasury's office of foreign asset controls can designate the charged individuals or entities under an executive order that authorizes blocking the property of persons engaging in significant malicious, cyber enabled activities ensuring that the perpetrators will be financially isolated from the world. when we brought charges two months ago against the founders and xwleesz of the iranian
10:50 am
institute that hacked more than 300 american and foreign institutions and government institutions around the world, treasury also designated the institute and ten iranian nationals. third, charges raise awareness, both generally and specifically to this threat. in some cases there may be additional victims that don't yet know they've been hacked. to help the private sector identify mall lisht activity, the fbi and dhs will often release technical details to the public. fbi did that just last week when it released the public service announcement about the vpn filter, advising you to reboot your router and including signatures of the malware so network defenders can identify its presence in their network. finally, we pursue these cases to strip these hackers of the anonymity they so desire and call them out. this prevents nation state actors from hiding behind
10:51 am
ritualized denienls and feigned ignorance. the indictment of the chinese pla is a case in point. so that's what's in it for the country. what's in it for you? what are the benefits of working with law enforcement before, during and after a computer intruks. one, we can help you understand what happens when your organization has a cyber institute we can bring together information to get a clearer picture of what happened. we can share context and information about related incidents or malware. we can ensure proper investigative and preservation of evidence for later prosecution, and we can assist you in dealing with regulators. at the end of the day, the government simply has many more tools at its disposal to deal with the problems of national security cyber intrusions.
10:52 am
tools that, working together, we can use to respond to intrusions and deter future ones. although we will always consider criminal charges, pursuing prosecution may not be the best response in all cases. accordingly nsd attorneys work with their inner agency partners to determine whether our investigative information may be used to support sanctions, trade perez your, technical alerts, diplomatic options or other responses instead of or in addition to prosecutions. all of these can impose real costs on malicious activity depriving hackers and their sponsors of the benefit of their crimes and deterring future misbehavior. let me close on this note. everyone in this audience understands that we are in this together and we have an obligation to help one another. the organization that reports a cyber intruks doesn't just help
10:53 am
itself. it also helps other targeted companies that may not know they've been victims or are hacked. it raises awareness and sparks a check on their part for similar consequences. it also helps disrupt or deter intrusions of these other organizations and helps the country by allowing the government to piece together and respond to the intentions and actions of antagonistic actions to better defend our nation's economic and military security. it is the national security division's job to disrupt and deter national security cyber threats. we will continue to work with other agencies to use all elements of national power to meet this ever changing and growing challenge and to adequately protect our shared national cyber security against persistent attack, we'll need your help as well. i look forward to working with
10:54 am
you. thank you. [ applause ] president trump is headed to south carolina this afternoon to campaign for governor henry mcmaster, the head of tomorrow's primary in that state 507s. we'll take you live to west columbia, south carolina at 7:00 p.m. eastern to watch the president's event. several members of president trump's cap net will be on capitol hill testifying before congress. tomorrow health and human secretaries alex azar is expected to be questioned on the separation of moye grant children from their families along the u.s.-mexico border. live coverage of that hearing begins at 9:30 a.m. eastern here on c-span three. wednesday, housing and urban development secretary ben carson testifies before the house financial services committee. live coverage starts at 10:00 eastern on c-span3.
10:55 am
wednesday afternoon, president trump's pick to head the veterans affairs department robert will i can will testify. all of those hearings will be available online at or you can listen with the free c-span radio app. the c-span bus is traveling across the country on our 50 capitals tour. it's on its 38th stop in juneau, alaska asking what's the most important issue in alaska. >> what i think is the most important issue facing alaska right now is we're in the midst of a budget crisis. as a result of lower oil prices we're not getting the revenue we're used to. there are other revenue streams that need to happen. it doesn't seem to be happening very fast. i think there's political reasons why people are afraid or
10:56 am
worried about implementing taxes. but without additional revenue coming in, the alaskans are facing a lot of crises in a lot of areas. one is the opioid and substance abuse crisis. the more our economy goes down, the more and more people get upset and aren't living their lives in a way they're happy wi with, they get desperate and turn to self medication. >> i think the most important issue is child hunger and taking care of children. it's all linked to poverty. we were at 40% of child hunger in the state a few years ago. we went down and now we're going way back up. we have to stop giving all our money to the oil companies and start spending it on children. >> one of our big issues in the state is the tourism industry.
10:57 am
it's a huge chunk of the econ y econoeconomy and it's growing by leaps and bounds. we meade to promote the state at a nationwide level especially since tourism is such a bri spot in our economy. >> as far as i can see -- i've been here a week in alaska, and one of the big social service issues i see in alaska is homelessne homelessness. trying to combat it seems to be a real issue since a lot of them aren't seeking help. the ones that are seem to be moving from place to place looking for the different type aid they get. it seems like one of the big issues is that homelessness and how we can combat it and fight it here in the state. >> i'm the executive director of the alaska council of school administrators. from our perspective, the most important thing in alaska is to get a long-term sustainable fiscal plan in place for our
10:58 am
state which has on going revenue outside of our non-renewable resources. and really primarily because we need to stabilize education across the state. our educators need to feel that their funding which is a constitutional duty in alaska, is stable so they can stabilize their schools and most important, i think for all of us is to educate our students, and the best which to do that is a stable school. >> be sure to join us july 21st and 22nd when we'll feature our visit to alaska. watch "alaska weekend" on c-span, and listen on the free c-span radio app. congress is considering legislation to expand the power of the committee on foreign investment in the united states. it's a government agency that reviews potential foreign investment to safeguard against compromises in national
10:59 am
security. the legislation could prevent china and other foreign countries from acquiring u.s. technologies and intellectual property. a panel discussed the bill and some of its potential economic consequences. it's about an hour and 15 minutes. good morning. thanks for coming out on a gray day. we have a great panel here. i will introduce them very briefly since their bios are immense. sitting to my left is doub zach hiem, senior adviser here at csis, senior fellow at cna and was at booz allen. everyone knows, of course, his time at dod as the comptroller and cfo, a truex pert in the field going back almost as long asme. it's kind of frightening. to his left is nova daily, a senior public policy adviser at wily rhine. we know nova because of his work at treasury and at commerce, the white house on the na


info Stream Only

Uploaded by TV Archive on