Infragard Magazine

INFRAGARD MAGAZINE

can we trust bitcoins? 20 12

guarding against embezzlement

28

protecting the online marketplace

Rita Crundwell was convicted of embezzling more than $50 million over 20 years. With the right controls in place, this likely never could have happened. Technology has done an excellent job of outstripping our ability to secure it. We spoke with experts to learn how businesses can protect themselves against online threats. august 2015 vol 1. issue 1. VOLUME 1 | ISSUE 1

1

2

INFRAGARD MAGAZINE

TABLE OF CONTENTS

INFRAGARD MAGAZINE

volume 1 • Issue 1

Cover Story:

20 Bitcoins: A Primer on a New Currency

Most of us have at least a passing familiarity with Bitcoins, but how do they work? And how trustworthy are they as we push further into the increasingly complicated marketplace of the new millennium?

0 1 0

1

0 1 0 1 0 1 0 1 01 01 0 1 0

1 0

0 1 0 1 0 1 0 1 01 01 0 1 0 0 0

0 1 0 1 01 0 1 01

0 1 0 1 01 0 1 01 01 0 1 00 1 0 0 1 0 1 0 1 0 0 1 0 1 0

0 1 0 1 0 1 0 1 01 01 0 1 0 0 1 0 1 0 1 0 1 01 01 0 1 0 0 1 0 1 0 1 0 1 01 01 0 1 0 0 1 0 1 0 1 0 1 01 01 0 1 0 0 1 0 1 0 1 0 1 01 01 0 1 0 0 1 0 1 0 1 0 1 01 01 0 1 0

0 1 0 1 01 0 1 01

0 1 0 1 0 1 0 1 01 01 0 1 0

0 1 0 1 0

1 0

01 0 1 00 1 0 0 1 0 1 0 1 0 0 1 0 1 0 1 0

0 1 0 1 0 1 0 1 01 01 0 1 0 1 0

0 1 0 1 0 1 0

01 0 1 00 1 0

0 1 0 1 0 0 1 0 1 0 0 1 0 1 0 1 0 1 01 01 0 1 0 0 1 0 1 0 1 0 1 01 01 0 1 0 1 0

01 0 1 00 1 0

01 0 1 00 1 0

0 1 0 1 0 0 1 0 1 0 1 0

20

12

12 Lessons Learned from Dixon, IL, Embezzlement Case

Rita Crundwell was convicted of embezzling more than $50 million over 20 years. With the right controls in place, this likely never could have happened.

18 DOJ, DOL and DHS Coordinate Phase II of Anti-Tracking Initiative

18

Phase II of the Anti-Trafficking Coordination Team (ACTeam) will focus on joint strategies for “high-impact” investigations and prosecutions aimed at dismantling trafficking networks.

26 Joint Chief Chairman Speaks Out on Russia

26

Is Russia our biggest national security threat? Joint Chief Chairman Gen. Joseph Dunford Jr. put it bluntly in the run-up to his confirmation as Chairman of the Joint Chiefs of Staff.

28 Protecting E-Commerce

Technology has done an excellent job of outstripping our ability to secure it. We spoke with experts to learn how businesses can protect themselves against online threats. What they had to say was both enlightening and surprising.

28

VOLUME 1 | ISSUE 1

3

THE BEST CANDIDATE FOR THE JOB ISN’T ALWAYS THE TYPICAL CANDIDATE.

LEARN HOW TO FIND, TRAIN AND CULTIVATE A GREAT POOL OF UNTAPPED TALENT. 4

INFRAGARD MAGAZINE ACLYUPP4006_Mag_FullPage_v1c.indd 3

9/3/14 10:18 AM

INFRAGARD MAGAZINE

volume 1 • Issue 1 Official Magazine of

INMA Director's Message Welcome to your new Infragard Magazine.

INMA Board Members Meet your InfraGard National Members Association board members.

Intelligence Briefing Partnership for Protection Editorial Office: 4701 Midlothian Turnpike, Ste. 4 Crestwood, IL 60445 Phone: 708-293-1430 | Fax: 708-293-1432 E-mail: info@infragardmagazine.com www.infragardmagazine.com Infragard Magazine (ISSN 1553-5797) is published four times per year for The InfraGard National Members Alliance

by Fanning Communications 4701 Midlothian Turnpike, Ste. 4 Crestwood, IL 60445 www.fanningcommunications.com

Publisher

John J. Fanning

publisher @infragardmagazine.com

Editor-in-Chief

Karl J. Paloucek

editor @infragardmagazine.com

Editor/ Graphic Designer

Mariah M. Beavers ads @infragardmagazine.com

Editor/ Graphic Designer

De’Anna Clark

info @infragardmagazine.com

Applications Programmer

Joseph Neathawk support @infragardmagazine.com

Accounting/Billing

Jan Klos

billing @infragardmagazine.com

Subscription rate is $49.99 per year in the United States and Canada; $110.00 per year in all other foreign countries. POSTMASTER: Send address changes to 4701 Midlothian Tpk., Ste. 4, Crestwood, IL 60445. All statements, including product claims, are those of the person or organization making the statement or claim. The publisher does not adopt any such statements as its own, and any such statement or claim does not necessarily reflect the opinion of the publisher. © 2015 Fanning Communications, Inc.

A review of incidents nationwide that raised the alert of the Department of Homeland Security.

7 9 10

ICE, US Marshals Arrest 27 International Fugitives with Interpool

15

South Korean Spy Agency Explored Technology to Hack Chat App

17

Most Wanted

25

New Technology

32

Infragard Member Focus: Dr. Nancy Zarse

36

Industry Calendar

39

In an operation coordinated by ICE and U.S. Marshals, 27 Interpol-listed fugitives were apprehended.

South Korea declared that its intent was strictly to monitor North Korean Agents.

We take a a look at a prime transgressor and FBI threat.

A look at new innovations in security tech.

Chicago Academia Sector Chief Dr. Nancy Zarse was recently honored once again with the Chicago School of Professional Psychology’s Distinguished Faculty Award for Public Service.

A brief roundup of security events taking place across the country and throught the world.

VOLUME 1 | ISSUE 1

5

TARGET AND REACH THE

SECURITY COMMUNITY —

ADVERTISE IN

INFRAGARD MAGAZINE

FOR MORE INFORMATION AND RATES,

PLEASE VISIT INFRAGARDMAGAZINE.COM OR EMAIL ADS@INFRAGARDMAGAZINE.COM 6

INFRAGARD MAGAZINE

DIRECTOR'S MESSAGE

Dear InfraGard Members and Readers, I want to welcome you to the inaugural edition of InfraGard Magazine. The mission of the InfraGard program is to foster dialogue between the FBI and private sector experts who own, operate and provide security for critical infrastructure throughout the United States. InfraGard Magazine is the latest initiative the program has undertaken to assist in that mission. It is the intent of InfraGard that each issue of this important magazine will contain insightful and valuable information that will assist Americans in understanding those threats we may face, and what measures we have available to mitigate such threats.

Kelly Woods Vaughn Executive Director, INMA

While both domestic and international terrorist actions targeting Americans and America’s critical infrastructure may arise suddenly, they rarely arise without a prior warning sign. Knowledge of what signs to look for and sustained vigilance are keys to averting such acts and achieving victory over those who wish to deprive the American people of their liberty. In each issue of this publication, subject matter experts will provide readers with the knowledge of emerging trends emanating from geographical and virtual frontiers, accompanied with discussion of the best methodologies and technology available to recognize signs of potential misuse. In addition, the publication will also describe and discuss available countermeasures that may minimize or thwart threats from misuse and direct attack. No people on Earth possess greater talent, drive and initiative than do the American people. No enemy, foreign or domestic, can best America so long as her people are focused and determined to counter such an enemy. The InfraGard National Members Alliance and its latest tool, the Infragard Magazine, is a clear example of bringing such initiative and talent to bear upon those who would wish us harm. On behalf of the dedicated men and women of the FBI, I want to extend our best wishes for the success of InfraGard Magazine, and our gratitude to the dedicated men and women who volunteer their expertise and service to the InfraGard National Members Alliance. Their dedication in no small measure helps to safeguard our nation and keep safe and vibrant our critical infrastructure.

Kelly Woods-Vaughn Sincerely,

Kelly Woods Vaughn Executive Director, INMA

VOLUME 1 | ISSUE 1

7

8

INFRAGARD MAGAZINE

INMA BOARD MEMBERS

Dave Pekoske

Don Anderson

Jerry Bowman

Gary Gardner

Bob Janusaitis

Brendan Healy

Dr. Earl Motzer

OFFICERS

Sheri Donahue president

He has over 35 years of experience in risk managem information systems audit, governance, disaster recovery/ of operations, His Bob Janusaitis Sandy Mangoldand emergency Mattmanagement. Miller industries/sectors including: energy, manufacturing, di healthcare, and critical infrastructure. He has managed h over fifteen years. Bob has delivered hundreds of presentations domestically and as: security, IT audit, organizational resiliency, business processes, regulatory c planning, and social media strategy for communications before/during and after dis his advanced ICS/NIMS training in local full scale exercises.

Bob hasZal held Azmileadership positions in numerous organizations including serving as t president of the Houston InfraGard Members Alliance, the former Certificatio Information Systems Audit and Control Association (ISACA), as former president Association of Contingency Planners (ACP), and the former chairman of the Copperf

Bob is currently serving on the board for the InfraGard National Members Alliance Houston - Urban Area Security Initiative (UASI) Risk Management Critical Infrastru Cyber Security Working Group, a member of the Disaster Recovery Institute (DRII) Association of Fire Chiefs (IAFC), the Harris County Joint Information Center (JIC), S Terrorism Advisory Council (ATAC), Harris County CERT (Cy-Fair), Harris County Jackson Sam Kashman Dr. Faith Heikkila PublicJohn Information Officers Network, a member Local Emergency Communications ofvice thepresident State of Texas Task Force Emergency Alert System, and on the confer treasure Secretary SecureWorld Houston.

He provided graduate research for the Integrative Center for Homeland Security a number of articles and whitepapers throughout his career.

Not pictured: Bill Davis Paul Joyal

He volunteered as a member of the Galveston Community Recovery Commi Scoutmaster for Troop 202 Houston, TX, an instructor for the Boston and Houston Kelly Wood Vaughn Aid/CPR/AED. He has also served in a number of technical roles on his church tec lighting, construction, and logistics. He is also a former firefighter and emergency m Executive Director

Bob was elected Harris County Emergency Services District #9 Commissioner in May position of Secretary and is serving a four year VOLUME term 1providing oversight o 9 | ISSUE 1 department/emergency medical service agencies in North America. He chair

INTELLIGENCE BRIEF

Cree recalls LED T8 lamps due to burn hazard. Cree issued a recall June 4 for about 700,000 LED T8 lamps due to burn hazards posed by electrical arcing and overheating. The product was sold nationwide at The Home Depot and to lighting customers through electrical distributors from 20142015. SEC charges CSC and former executives with accounting fraud. The U.S. Securities and Exchange Commission charged the Computer Sciences Corporation (CSC) and eight former executives June 5 with manipulating financial results and concealing problems regarding its multi-billion dollar contract with the United Kingdom’s National Health Service. CSC agreed to pay $190 million to settle the charges, and five of eight executives charged agreed to settlements. Virginia Credit Union finds evidence of skimming at third ATM. Virginia Credit Union officials reported June 4 the discovery of a third debit-card skimming device on an ATM at its Chester, Va., branch, bringing the total number of replacement cards being issued to 2,800. ATM skimmers were previously discovered at its Southpark and Glenside branches, and the bank said it disrupted another skimming attempt at its Hanover branch. Small jet makes emergency landing in Philadelphia after its nose gear malfunctions. A small Hawker 4000 jet made an emergency landing June 4 with its nose gear still up in Philadelphia after the pilot realized the plane’s landing gear was malfunctioning. Crews doused the plane in fire resistant foam as a precaution, and departing flights were delayed for up to an hour following the emergency landing.

10

INFRAGARD MAGAZINE

Quincy Street recalling about 49,000 pounds of pork sausage products; no reports of illness. The U.S. Department of Agriculture’s Food Safety and Inspection Service announced June 4 that Quincy Street Inc., of Holland, Mich. is recalling approximately 49,000 pounds of its pork sausage products after routine testing showed possible foreign material contamination. The products were produced April 22-23 and shipped to institutions nationwide. US NIH drug facility suspended after contamination found. The National Institutes of Health Clinical Center suspended operations of its Pharmaceutical Development Section in Bethesda, Md., June 4 after an investigation by the U.S. Food and Drug Administration revealed operational failures, including inadequate employee training and quality control which resulted in fungal contaminations of two vials of albumin, a drug used in clinical trials. Vials made from the same batch were administered to six patients, who are being monitored for signs of illness. Hacking linked to China exposes millions of U.S. workers. U.S. officials announced June 4 that at least four million current and former government employees had been affected after data from the U.S. Office of Personnel Management, which handles government security clearances and Federal employee records, had been compromised. The breach was first detected in April and appeared to target Social Security numbers and other personal identifying information. Zeus banking trojan variant goes completely undetected. A security researcher from PricewaterhouseCoopers discovered that a new variant of the Zeus banking trojan delivered via the Neutrino exploit kit (EK) is

completely undetectable by most antivirus products, and that encoded data in the EK indicates that the trojan is part of a new malicious campaign. SEC charges microcap oil company, CEO, and stock promoter with defrauding investors. The U.S. Securities and Exchange Commission (SEC) charged Texas-based Norstra Energy, Inc., its CEO, and the author of a stock-picking newsletter June 18 with allegedly defrauding investors with misleading information about drilling operations to sell the company’s penny stock shares, leading to stock price increases of up to 600 percent in three months. The SEC had suspended trading of the company’s stock in June 2013. Adware-laden Skype botnet disrupted. Security researchers from PhishMe and Amazon Web Services dismantled a Microsoft Skypedriven botnet that circulated adware via calls from attackers that prompted users to install infected executable files. Police: ATMs stolen from businesses in West Side burglaries. Chicago Police issued an alert and are seeking information after five ATMs were stolen from West Side businesses in Chicago between April and June. In two instances, the thieves pulled the electric meter from the back of the ATMs to disable surveillance and alarm systems. IRS building evacuated; white powder on envelope. An Internal Revenue Service building in Andover was evacuated for approximately three hours June 3 after employees discovered a manila envelope containing a white powder mailed to the facility. A regional HAZMAT team and town officials responded to the scene and determined the substance was not a safety concern.

Cloud providers hit hard by DDoS attacks in Q1: VeriSign. VeriSign reported research finding that information technology (IT) services and cloud providers received over one third of all distributed denial-ofservice (DDoS) attacks in the first quarter of 2015, followed by the government and financial services sectors, where the frequency of attacks increased by 3 percent. The total number of attacks increased 7t percent since the last quarter of 2014.

SEC charges investment adviser with fraudulently funneling client assets to companies in owner’s interest. The U.S. Securities and Exchange Commission charged Boston-based Interinvest Corporation and its owner June 17 with allegedly defrauding investors out of up to $12 million after funneling $17 million worth of investments into Canadian penny stock companies in which the owner had undisclosed business interests. FTA report: there are significant flaws in Metro’s safety management system. The Federal Transit Administration (FTA) reported June 16 that the Washington Metropolitan Area Transit Authority (WMATA) had failed to improve efforts on safety measures for employees, lacked adequate training for workers, and found the department severely understaffed with authorized drivers, following a January 12 smoke incident in which one woman died and 80 riders were sickened. The Government Accountability Office is reviewing Metro operations and the National Transportation Safety Board is scheduled to hold hearings for two days on the January 12 incident.

VOLUME 1 | ISSUE 1

11

NEWS

Dixon, Illinois Embezzlement Case Yields Lessons for Municipal Administrators By Susan DeGrane

community with just three paid municipal administrators and 15,000 inhabitants found itself embroiled in the largest municipal embezzlement scheme in recent history — $53 million siphoned from city coffers over a period of 20 years by comptroller Rita Crundwell. A U.S. Department of Justice press release announcing Crundwell’s arrest on April 12, 2012, said that seizure warrants had been issued at multiple locations, including Crundwell’s home, office and thoroughbred horse farms in Dixon and Beloit, Wis. Seized items included seven trucks and trailers, three pickup trucks, a $2.1 million motor home and a Ford Thunderbird convertible. Federal agents would eventually discover that Crundwell owned 400 thoroughbred horses — one valued at $750,000 — considerable land and farms, expensive jewelry, designer clothes, furs and countless other trappings of wealth far exceeding her $80,000 salary.

Rita Crundwell, the former comptroller of Dixon, pleaded guilty to allegations she embezzled more than $50 million from the small city in Illinois to fund a lavish lifestyle that included a nationally known horse-breeding operation. She pleaded guilty to a charge of wire fraud and was sentenced to nearly 20 years imprisonment. (AP Photo/The Telegraph, Alex T. Paschal )

“Trust, but verify” became President Ronald Reagan’s signature phrase in the mid-1980s when referring to U.S.-Russia relations. A spinoff from a Russian proverb, the phrase suggests that even when working with seemingly trustworthy and reliable parties, one should always check things out. Decades later, following the advice of our nation’s 40th president would have helped his hometown of Dixon, Ill. In the spring of 2012, the tiny rural

12

INFRAGARD MAGAZINE

The Dixon embezzlement case provides many lessons for municipal administrators, accounting firms and fraud investigators. It’s impressive due to its duration and size, but it’s also fascinating because of how it occurred — ­ right under people’s noses. Rita Crundwell grew up in the Dixon community and was well-liked, according to numerous news accounts. To anyone who asked, she explained evidence of her outsized wealth as the fruits of her success raising thoroughbred houses and winning numerous competitions. She also managed to make herself appear honest by docking her own pay for non-paid vacation time spent at horse

competitions. “In this case, the element of trust was taken way too far,” says John D. Gill, vice president of education for the Association of Certified Fraud Examiners, a 75,000-member national organization started in 1988 by an accountant turned FBI agent Joseph T. Wells. “Reagan’s advice, ‘Trust, but verify,’ absolutely would apply in this case. You can’t worry about offending anyone. You can be a nice person, but you still have to do your job. I grew up in a small town and I understand the mindset that goes against this when people know each other.” Despite the controls that now exist to prevent fraud, trusting too much is the biggest factor to set the stage for future fraud scenarios, Dill says. “This is because people have an irrational tendency to trust one another — especially after they’ve known someone a long time.” Dennis Czurylo, a special agent for the criminal investigation division of the Internal Revenue Service for 25 years and the owner of a forensic accounting firm in Palos Heights, agrees. He also points out that some of Dixon’s problems stemmed from Crundwell having served as comptroller since the 1980s. She opened bogus bank accounts, one bearing the generic name of “treasurer,” prior to the Patriot Act, which implemented anti-terrorism security measures after 9/11 and changed the landscape of banking for good. “Rita Crundwell was able to open accounts when banks were not required to know their depositors,” Czurylo says. “After 9/11 she would have needed to provide an originating document (from the City of Dixon) empowering her to set up any account related to city business.” Czurylo and Gill both point out that the City of Dixon exerted lax internal controls. “The bank statements were going to the same person who wrote the checks,” Czurylo says. “The statements weren’t even being mailed. They were being picked up by Rita Crundwell’s brother!”

This odd arrangement constituted a lack of “segregation of duty,” which would otherwise protect a municipality or company from fraud. In this case, another individual besides Crundwell would have reviewed the bank records and seen just where the money was flowing. The coverup of the money flow went on for years and only came to the fore when Crundwell took time off for a horse competition. Kathe Swanson, the city clerk, opened a bank statement and discovered a bogus account. Another factor setting the stage for fraud was that the same accounting firm — Clifton Gunderson — had handled audits of Dixon’s financial records for decades. “This is a battle we’ve been fighting for years,” says Gill of the ACFE. “Auditors get into a check-list mentality. They just

Looking Out for Fraud To prevent municipal fraud, Gill

suggests accessing resources on the ACFE website — www.acfe.com — and provides the following tips:

1. Look for red flags — missing sequences in checks and multiple

transactions just below amounts requiring approval.

2. Make sure there’s a separation of duty among those writing checks and reviewing bank statements.

3. Examine backup documenta-

tion for authenticity. (Crundwell created 177 bogus letters and

reports when Clifton Gunderson asked for further detail about

The sanctions, which would name the targets, seize their U.S. funds and ban them from the American finanical system, would also apply to “a corporation that knowingly profits from stolen trade secrets,” the White House said.

financial figures.)

4. Pay attention if a city employee

delays providing documentation or acts strangely in response to requests.

5. Realize that management oversight on the part of a mayor,

city manager, CEO or president helps prevents fraud.

6. Rotate accounting firms to

maintain professional detachment and impartiality.

7. Educate employees about fraud prevention.

8. Provide employees with a ho-

tline or other objective means of reporting signs of fraud.

9. Enlist the services of a fraud

weren’t checking thoroughly enough and kept doing things the same way.”

examiner when signs of fraud are confirmed.

By rotating accounting firms — a practice now required for publicly held companies by the Sarbanes-Oxley Act of 2002 — Dixon would have come under more stringent scrutiny. “Accounting firms handling a first-time audit typically call this mindset “first-time through,” Czurylo VOLUME 1 | ISSUE 1

13

NEWS

IF YOUR BUSINESS HELPS TO PROTECT AMERICA’S CRITICAL

INFRASTRUCTURE YOU WANT YOUR AD HERE. REACH FIRST RESPONDERS

AND THOSE IN THE SECURITY INDUSTRY.

ADVERTISE IN INFRAGARD MAGAZINE

CALL 708.293.1430 FOR MEDIA KITS AND RATES, OR EMAIL ADS@INFRAGARDMAGAZINE.COM

INFRAGARD MAGAZINE

14

INFRAGARD MAGAZINE

says. “They often go to great lengths to understand what’s going on and to understand how the business or organization works.” Sarbanes-Oxley provisions were not originally intended to apply to municipalities, but municipal administrators would benefit from looking to them to inform best practices, particularly with regard to rotation of auditors and impartiality of firms conducting audits, says Gill. Clifton Gunderson shared an unusually close relationship with Crundwell. She played on their company softball team and met employees after work for meals and drinks, according to media accounts. Clifton Gunderson also handled the preparation of her personal tax returns, says Bruce. The closeness might begin to suggest culpability on the part of the accounting firm in Dixon’s embezzlement scheme, but the FBI never charged anyone but Crundwell with wire fraud, says Devon Bruce of Powers Rogers & Smith, P.C., a Chicago law firm. The City of Dixon hired Bruce, a civil attorney, to recoup losses. “With rare exceptions, embezzlers never have any money left,” says Bruce. “They (embezzlers) normally spend what they steal.” Crundwell was no exception, which explains why Bruce managed to restore the lion’s share of money she stole from the City of Dixon not by going after her but by charging the accounting firm of Clifton Gunderson with negligence. The company settled out of court, coughing up nearly $40 million, according to Bruce. Since then, the Denver-based company has merged with LarsonAllen of Minneapolis and now bears the name CliftonLarsonAllen LLP. Bruce’s success at going after the accounting firm causes many people to assume that the role of auditors is to catch fraud, but that’s not the case, according to Gill and Czurylo. Auditors expect financial records and information they receive to make sense.

“If something seems off, they ask for additional information,” says Czurylo. “They may ask for samples of records, but often these don’t reveal the problem. It would be impossible to check every figure.” A mom-and-pop accounting firm that contracted for years with Clifton Gunderson also paid the City of Dixon $1 million. Fifth Third Bank restored $3.5 million to Dixon’s coffers, and auctioneers managed to yield around $10 million for the city by liquidating Crundwell’s assets. Bruce says the Crundwell case has yielded more speaking engagements than any other case he’s handled in his 22 years of practicing civil law. That may be because it’s rich in information about circumstances to avoid. The City of Dixon definitely learned several lessons. The 2014 Independent Auditor’s Report prepared by a new accounting firm, WIPFLi CPAs and consultants indicates compliance with auditing standards issued by the comptroller general of the United States. The report also suggests the City of Dixon has implemented a 10-point transparency checklist suggested by the Illinois Policy Institute. That checklist suggests that municipalities must maintain online searchable information that includes: contact information for public officials as well as compensation for employees; calendars posting advance notices of public meeting dates; five years of financial reports; third-party expenditures; current budgets; instructions for open-bid processes; contracts over $25,000; responsibilities and pay for lobbyists; and tax rates. Dixon also opted to adopt a managerial form of government over the old commission model that’s become a rarity in Illinois and across the nation. The new government enabled Dixon to hire professionals trained at managing municipal operations and finances at competitive salaries. Today, David Nord serves as city manager and Paula Meyer serves as finance director.

ICE, US Marshals Arrest 27 International Fugitives With Interpol By Felicia Fonseca and David A. Lieb Associated Press WASHINGTON — Twenty-seven criminal foreign fugitives with active Interpol alerts were arrested across the United States in early June by U.S. Immigration and Customs Enforcement’s (ICE) Enforcement and Removal Operations (ERO), and the U.S. Marshals Service (USMS). Those arrested are from 13 different countries and wanted for crimes abroad. Of the 27, five are wanted for homicide, two for kidnapping, one for raping a child and one for human sex trafficking. “Criminals who create mayhem here in the United States or abroad should understand that law enforcement is a global partnership,” said ICE Director Sarah R. Saldaña. “We will find them, and we will bring them to justice.” Arrests occurred nationwide in nine states during the three-day sweep, which took place June 2-4. Those arrested fell squarely into the agency’s enforcement priorities, which ICE officers prioritize and enforce every day. “The arrest of these foreign fugitives should send a strong message to anyone attempting to avoid prosecution for their crimes here in the U.S. or abroad,” said USMS Director Stacia Hylton. “Our men and women were relentless in their effort to locate and apprehend these criminals. We hope our effort gives victims a sense of comfort in knowing these individuals are no longer on the streets.” “Information-sharing 24 hours, seven days a week, 365 days a year among U.S. law enforcement agencies like ERO and the USMS, along with the 189 other Interpol member countries and Interpol Washington, ensures transnational VOLUME 1 | ISSUE 1

15

NEWS criminals have no place to hide,” stated Interpol Washington Director Shawn A. Bray. “By facilitating the sharing of this information with our law enforcement partners, together, we will continue to enhance safety and security for U.S. citizens and the global community.” Arrests included: On June 2, ERO arrested Nelson Garcia Orellana, 30, and his brother Jorge Garcia Rivera, 23, both natives of El Salvador, in Trenton, N.J., and Alexandria, Va., respectively. They are wanted by authorities in their home country for kidnapping, and are the subjects of Interpol Red Notice. On June 2, ERO arrested Gabriel Collado Gonzalez, 40, a native of Nicaragua, in Miami. Gonzalez is wanted by authorities in his home country for embezzlement and criminal conspiracy, and is the subject of an Interpol Red Notice. On June 2, ERO arrested Raul Ortiz Henriquez, 40, a native of El Salvador, in Santa Fe Springs, Calif. Henriquez is wanted by authorities in his home country for rape of a minor. In November 2013, Henriquez grabbed his victim by her arms and forced her into a van he was driving while she was leaving school. He drove away, parked, beat her in the chest and raped her. He is the subject of an Interpol Red Notice. The following individuals are all the subject of Interpol Red Notices and remain at large:

“Criminals who create mayhem here in the United States or abroad should understand that law enforcement is a global partnership. ... We will find them, and we will bring them to justice.” — ICE Director Sarah R. Saladaña analysis from a variety of sources. The NCATC provides comprehensive analytical support to aid the at-large enforcement efforts of all ICE components. ICE credits the combined efforts of the U.S. National Central Bureau — Interpol Washington, the U.S. Marshals Service, the U.S. Department of State Diplomatic Security Service, U.S. Citizenship and Immigration Services, and U.S. Customs and Border Protection. Members of the public who have information about these fugitives are urged to contact ICE by calling the toll-free ICE tip line at 1-866-347-2423 or internationally at 001-1802-872-6199. They can also file a tip online by completing ICE’s online tip form.

Lisandro Medina Gamez, 33, a native of El Salvador, is wanted by authorities in his home country on an Interpol Red Notice for fraud.

Since Oct. 1, 2009, ERO has removed more than 720 foreign fugitives from the United States who were sought in their native countries for serious crimes, including kidnapping, rape and murder. ERO works with HSI’s Office of International Affairs, foreign consular offices in the United States, and Interpol to identify foreign fugitives illegally present in the United States.

The ICE National Criminal Analysis and Targeting Center (NCATC) provided critical investigative support for this operation, including criminal and intelligence

U.S. Immigration and Customs Enforcement (ICE) is the largest investigative arm of the Department of Homeland Security.

Juan Chicas Ramos, 56, a native of El Salvador, is wanted by authorities in his home country on an Interpol Red Notice for homicide.

16

INFRAGARD MAGAZINE

ICE is a 21st-century law enforcement agency with broad responsibilities for a number of key homeland security priorities. For more information, visit www. ICE.gov. To report suspicious activity, call 1-866-347-2423 or complete our tip form.

Infragard Magazine Seeks Your Voice Infragard Magazine eagerly seeks contributions from professionals in any of the 16 security sectors specified by InfraGard. Stories may be submitted as ideas, drafts or in finished form. (We reserve the right to edit or reject submitted copy). Industry white-papers, press releases and suggestions for Member Notes content — including promotions, honors or activities within the profession — are all welcome and may be sent to: editor@infragardmagazine.com

South Korean Spy Agency Explored Technology to Hack Chat App By Kim Tong-Hyung

Lee didn’t indicate whether the agency obtained the technology for hacking Kakao, but he acknowledged that it asked Hacking Team about getting such technology, according to Shin’s office. The spy agency didn’t immediately return calls seeking comment. Lee said the hacking programs bought from Hacking Team would be ineffective for spying on civilians because the NIS only received enough to monitor 20 different devices at once. He said the programs have been used mainly for research as the country looks to strengthen its cyberwarfare capabilities against North Korea, which Seoul blames for repeatedly attacking Internet networks and stealing information from computers, Shin’s office said. Lee also told lawmakers that the programs the NIS purchased from Hacking Team were used by 97 intelligence and investigation agencies in 35 countries around the world.

South Korean National Intelligence Service chief Lee Byoung Ho attends a closed-door briefing at the National Assembly in Seoul, South Korea Tuesday, July 14, 2015. South Korea’s beleaguered spy agency has acknowledged exploring the purchase of technologies to intercept communication on the popular Kakao Talk smartphone chatting service, lawmakers said, but maintains that it only intended to strengthen its monitoring of rival North Korean agents — not South Koreans. (Do Gwang-hwan/Yonhap via AP)

SEOUL, South Korea (AP) — South Korea’s beleaguered spy agency has acknowledged exploring the purchase of technologies to intercept communications on the popular Kakao Talk smartphone chatting service, but maintains it only intended to strengthen its monitoring of rival North Korean agents, not South Koreans, lawmakers said Tuesday. The revelation is sensitive because the country’s spy agency has a history of illegally tapping South Koreans’ phone conversations. National Intelligence Service chief Lee Byoung Ho told legislators in a closed-door briefing that the agency bought hacking programs from an Italian company, Hacking Team, in 2012 that were designed to intercept information from cellphones and computers, according to details released to reporters by the office of lawmaker Shin Kyung-min, who attended the meeting.

Kakao Talk is a free mobile chatting app that is used by 38 million people at least once a month in South Korea. Kane Lee, a spokesman for Daum Kakao Corp. which operates Kakao Talk, said the company’s servers have never been breached. However, Lee said there are hacking tools that could infiltrate mobile devices without going through the servers. The story emerged earlier this month when a searchable library of a massive email trove stolen from Hacking Team, released by WikiLeaks, showed South Korean entities were among those dealing with the Italian surveillance firm. Two previous NIS directors, who successively headed the spy service from 1999 and 2003, were convicted and received suspended prison terms for overseeing the monitoring of mobile phone conversations of about 1,800 of South Korea’s political, corporate and media elite. Earlier this year, another former NIS chief was sentenced to three years in prison after being found guilty of ordering an illicit online campaign to support then-ruling party candidate and current President Park Geun-hye ahead of the 2012 presidential election.

VOLUME 1 | ISSUE 1

17

NEWS

“This is not a problem that we can afford to ignore, which is why, under a banner of shared responsibility and collaboration, the Departments of Justice, Labor and Homeland Security are recommitting ourselves to the fight against human trafficking by expanding the ACTeam Initiative.” — Secretary Jeh Johnson, Department of Homeland Security

Departments of Justice, Labor and Homeland Security Announce Phase II of Anti-Trafficking Coordination Team Initiative Phase II Will Build on Momentum of Highly Effective Phase I to Further Enhance Interagency Anti-Trafficking Efforts

WASHINGTON (AP)— The Departments of Justice, Labor (DOL) and Homeland Security (DHS) recently announced the launch of Phase II of the Anti-Trafficking Coordination Team (ACTeam) Initiative aimed at streamlining federal criminal investigations and prosecutions of human trafficking offenses. Phase II ACTeams will be convened in up to six selected districts around the country, fol-

18

INFRAGARD MAGAZINE

lowing a competitive, nationwide, interagency selection process. The ACTeams, comprised of federal prosecutors and investigators representing multiple federal enforcement agencies, will implement a joint strategic action plan to develop high-impact federal investigations and prosecutions, vindicate the rights of human trafficking victims, bring traffickers to justice and dismantle human trafficking networks.

“Human traffickers prey on some of the most vulnerable members of our society to exploit them for labor, for sex and for servitude of all kinds,” said Attorney General Loretta E. Lynch. “Their crimes, appropriately described as modern-day slavery, have no place in a nation that has overcome the scourge of slavery. That’s why the Department of Justice is committed — and I am personally determined — to hold human traffickers account-

“The ACTeam Initiative has been an important tool in our collective ability to combat sex trafficking, forced labor and domestic servitude here in the United States.” ­— Secretary, Jeh Johnson, Department of Homeland Security able, provide support to trafficking survivors, and stand up for the rights and the dignity that they deserve.” “Labor trafficking affects workers who are vulnerable to exploitation for a number of reasons, who may not know their workplace rights, and may be afraid to raise their voices,” said Secretary Thomas E. Perez of DOL. “The challenges we face as a nation and a government demand unprecedented levels of interagency collaboration. Through these ACTeams, we’re bringing our respective departments’ collective resources and expertise to bear, building a whole even greater than the sum of our individual parts. DOL will remain a vigorous and unfaltering partner during Phase II. Together we can ensure workers receive the wages they’ve earned, restore victims’ basic human rights and bring traffickers to justice.” “The ACTeam Initiative has been an important tool in our collective ability to combat sex trafficking, forced labor and domestic servitude here in the United States,” said Secretary Jeh Johnson of DHS. “This is not a problem that we can afford to ignore, which is why, under a banner of shared responsibility and collaboration, the Departments of Justice, Labor and Homeland Security are recommit-

ting ourselves to the fight against human trafficking by expanding the ACTeam Initiative. Through the unified voice of the Blue Campaign, the Department of Homeland Security will continue to combat human trafficking through the guiding philosophy that we are at our best when we work together.” These departments collaborated to develop the ACTeam Initiative to streamline rapidly expanding human trafficking enforcement efforts, focusing on forced labor, international sex trafficking and sex trafficking of adults by force, fraud and coercion. Project Safe Childhood and the Innocence Lost National Initiative continue to focus on sex trafficking of minors and sexual exploitation of minors. Drawing together federal prosecutors and federal agents from multiple investigative agencies, ACTeams streamline coordination on the front lines of federal human trafficking investigations and prosecutions, while also enhancing collaboration between front-line enforcement efforts and national human trafficking subject matter experts in the Justice Department’s Human Trafficking Prosecution Unit, Executive Office of U.S. Attorneys and FBI Civil Rights Unit, DHS’s Immigration and Customs Enforcement-Homeland Security Investigations, DOL’s Wage and Hour Division and the Office of the Inspector General. In 2011, the Attorney General and the Secretaries of DHS and DOL announced Phase I of the ACTeam Initiative and the designation of six Phase I Pilot ACTeam sites in Atlanta; El Paso, Texas; Kansas City, Missouri; Los Angeles; Memphis, Tennessee; and Miami, following a rigorous interagency selection process. During the ACTeam Phase I period, Fiscal Years 2012-2013, federal human trafficking prosecutions involving forced labor, international sex trafficking and sex trafficking of adults rose by 35 percent nationwide, reflecting strong partnerships among U.S. Attorneys’ Offices, the Civil Rights Division’s Human Trafficking Prosecution Unit, federal, state and local law enforcement agencies, and non-governmental victim assistance organizations and task forces led by U.S. Attorneys’ Offices. The ACTeams played a significant role in leading these nationwide advances. In ACTeam Districts, prosecutions of forced labor, international sex trafficking and adult sex trafficking rose even more markedly than they did nationally, due to the force-multiplier effect of interagency commitment to implementing coordinated, joint anti-traffick-

ing strategies and due to advanced training, expertise and operational support provided to the Phase I ACTeams. Comparing federal forced labor, international sex trafficking and adult sex trafficking prosecutions during the ACTeam Phase I period of Fiscal Years 2012-2013, to the pre-Phase I period of Fiscal Years 2010-2011: Cases filed increased by: • 119 percent in ACTeam Districts, • 18 percent in non-ACTeam Districts; and • 35 percent nationwide. Defendants charged increased by: • 114 percent in ACTeam Districts, • 12 percent in non-ACTeam Districts; and • 28 percent nationwide. Defendants convicted increased by: • 86 percent in ACTeam Districts, • 14 percent in non-ACTeam Districts; and • 26 percent nationwide.

INFRAGARD MAGAZINE

TARGET AND

REACH THE

SECURITY

COMMUNITY

ADVERTISE IN

INFRAGARD

MAGAZINE

CALL 708.293.1430 FOR MEDIA KITS AND RATES, OR EMAIL ADS@INFRAGARDMAGAZINE.COM

VOLUME 1 | ISSUE 1

19

FEATURE STORY

0 1 0

1

0 1 0 1 0 1 0 1 01 01 0 1 0

1 0

0 1 0 1 0 1 0 1 01 01 0 1 0 0 0

0 1 0 1 01 0 1 01

0 1 0 1 01 0 1 01 01 0 1 00 1 0 0 1 0 1 0 1 0 0 1 0 1 0

0 1 0 1 0 1 0 1 01 01 0 1 0 0 1 0 1 0 1 0 1 01 01 0 1 0 0 1 0 1 0 1 0 1 01 01 0 1 0 0 1 0 1 0 1 0 1 01 01 0 1 0 0 1 0 1 0 1 0 1 01 01 0 1 0 0 1 0 1 0 1 0 1 01 01 0 1 0

0 1 0 1 01 0 1 01

0 1 0 1 0 1 0 1 01 01 0 1 0

0 1 0 1 0

1 0

01 0 1 00 1 0 0 1 0 1 0 1 0 0 1 0 1 0 1 0

0 1 0 1 0 1 0 1 01 01 0 1 0 1 0

0 1 0 1 0 1 0

01 0 1 00 1 0

0 1 0 1 0 0 1 0 1 0 0 1 0 1 0 1 0 1 01 01 0 1 0 0 1 0 1 0 1 0 1 01 01 0 1 0 1 0

01 0 1 00 1 0

01 0 1 00 1 0

0 1 0 1 0 0 1 0 1 0 1 0

i t c o i n s : Pr i m er o n a N e w e r C u r r e n cy By John Fanning

20

INFRAGARD MAGAZINE

Illustrations By Mariah Beavers

In February of 2015, the south suburban Chicago police department of Midlothian, Illinois was faced with a difficult and embarrassing problem. One of the departments computers had become infected with a form of ransomware that encrypted the files on the computer’s hard drive. The hacker responsible demanded that the department pay $500 to obtain an encryption key to unlock and restore the computer’s files. As reported by local media outlets, the department ultimately decided to pay the ransom amount and, according to instruction from the hacker, the virtual currency “Bitcoin” was used to facilitate the transfer of funds.

The origins of virtual currency, or “cryptocurrency,” can be traced back at least two decades. Originally developed for gameplay, the sheer number of users involved in some online games led to out-of-game trading in the currency. Some gamers, not interested in having to work long to acquire virtual points in the form of play currency, offered to buy currency reserves from top players using real money. The idea that players could make money from the gameplay they enjoyed increased offsite trading of currency and played a significant role in development of independent virtual currencies that would facilitate trades with people from all over the world.

This particular police department is by no means alone in becoming a victim of hackers using cryptoware and/or ransomware, attacks of this nature have been ongoing and increasing since at least 1989, when the first such attack was reported. The fact that this most recent incident involved a law enforcement computer merely hints at the degree of boldness hackers have developed in this growing and profitable black hat activity. It also highlights two very big concerns that law enforcement and I.T. security professionals confront today in the rapidly developing world of cybercrime.

Gold & Silver Reserve, Inc. a company operating out of Melbourne, Florida launched one of the first independent virtual currencies in 1996. Funded by an oncologist and attorney who placed gold coins in a safe deposit box and backed the virtual currency with their value, the founders dubbed the new currency “E-gold” and allowed users to open accounts through their website and exchange currency for grams of gold and other precious metals, the value of which they could then instantly transfer to other accounts. By 2009, five million accounts were operating through E-gold and processing over US$2 billion a year in transfers.

In this latest development, actors armed themselves with two formidable weapons. First was the use of an encryption code possessing embedded self-destruct capabilities. If a victim attempted to bypass or break the encryption, the virus would wipe the hard drive of the infected computer, destroying the files it contained. The second weapon used was virtual currency specifically designed to provide anonymity to users and, inadvertently, to thwart investigators attempting to identify the virtual extortionists and recover any ransom money paid.

It didn’t take long before nefarious characters recognized an opportunity to launder money through cryptocurrency trading, and in 2009, the U.S. government shut down E-gold, along with competitors who had opened other currency-trading sites. By that time however, users of the Internet who had participated in e-currency transfers were convinced of the need for some form of universally recognized virtual currency that would accelerate the growth of commerce on the Internet. During this period, U.S. Internet-targeted legislation

and law enforcement activity such as banning online gambling and crackdowns on certain P2P (Peer-To-Peer) file-sharing sites dampened development by Web entrepreneurs as venture capitalists became reluctant to invest in technology that could, for one reason or another, run afoul of government. Despite such reluctance, virtual currency used within the Internet gaming industry continued to rapidly grow, with values being assigned to some that could not escape notice. The fact that such currency was not backed by anything other than the perception and acceptance of value placed upon it by users was seemingly inconsequential. The value of the currency rose and fell in relation to the popularity of a particular game. Trading in such currencies was principally conducted on P2P sites which carried a significant degree of risk into each deal. In 2008 Satoshi Nakamoto published his invention for a new type of payment system he called “Bitcoin.” One year later he released his invention as opensource software, effectively giving title of what some believe is the first “true” cryptocurrency to the entire world. While in the ensuing years, Nakamoto’s invention has brought both good and bad to the cyberworld, giving the individual applause or condemnation has proven as elusive as is tracing Bitcoin transactions themselves — Satoshi Nakamoto actually remains unidentified. Many online sleuths and journalists have spent considerable time trying to identify the individual or group who created Bitcoin and chose to hide behind the Japanese-sounding pseudonym. The best that we truly know about Nakamoto is that he, she or the group is highly intelligent and is either very wealthy or extremely determined to maintain anonymity: As of June, 2015, the value in Bitcoin contained in just the known wallets registered to and yet unclaimed by Satoshi Nakamoto (Continued on page 22) VOLUME 1 | ISSUE 1

21

FEATURE STORY 3

1

6.15 payee

payor CONFIRMED

CONFIRMED

CONFIRMED

2

CONFIRMED

mining computers

CONFIRMED

mining computers

1. Payor sends key to payee and to bitcoin network

22

INFRAGARD MAGAZINE

2. key is confirmed by the network of mining computers and confirmation sent to payee.

3. payee receives confirmation from network and bitcoin transfer is completed.

was in excess of US$250 million. At its core, an exchange of Bitcoin is a simple P2P transaction. For personal use, a user installs a Bitcoin “wallet” on a computer, tablet or smartphone. The wallet stores a collection of cryptographic keys. When the user enters into a transaction, a key is used. No key is ever used twice, and new keys can be generated as often as needed. The wallet keeps secret data that is the “signature” of the user — proving ownership and preventing the transaction from being altered after it is issued. Once a deal is finalized, the user issues the payment in the form of a transaction key. While most users believe their Bitcoins are also kept within their wallet, the truth is that their bitcoins are maintained as part of a blockchain, residing in cyberspace. The blockchain is a form of shared public ledger, which is the Bitcoin network. Every “confirmed” transaction made throughout the world is recorded in the blockchain. This does not mean that the personal identity of the parties is recorded; it means that the unique keys used in the transaction and the identifiers that belong to the unique wallets of the transacting parties are stored in chronological order within the ledger that is the blockchain. Before a transaction can be entered into the blockchain, it must be confirmed. This is done through a network of users in a process referred to as “mining.” Each transaction made is packed into a block that is sent through the network to multiple “miners” who have agreed to use all or part of their computers’ processing capacity to verify transactions. Transactions are broadcast between the payer and payee and typically, the transaction confirmation process begins within moments. The idea behind mining Bitcoins

is that by passing through multiple “hands,” the transaction is verified and enforces the chronological order within the Bitcoin blockchain. It also prevents anyone from altering the transaction in any way, either during the confirmation process or afterward when the transactions are confirmed and become part of the blockchain.

kidnapping a bit easier. It is no secret that a key hurdle perpetrators face in kidnapping and extortion plots is obtaining payment from the victims. If notified, law enforcement will typically attempt to follow the ransom money back to the bad guys. But cryptocurrency like Bitcoin makes it more difficult to track transactions.

In exchange for the use of their computer processing power, miners are paid a commission on each transaction they handle during the verification process. These fees are significantly lower than fees charged by traditional banks and financial institutions, which saves users money. The fees also serve as a way to generate new Bitcoins.

Bitcoin has already been adopted as a currency of the Dark Web, being used for transactions of illegal goods on a daily basis on such sites as the Agora Marketplace, which replaced the FBI-confiscated Silk Road as the largest drug marketplace on the Internet.

Additional advantages that Bitcoin transactions have over traditional credit card or electronic transfers is the ability to require multiple and specific “signatures” on each transaction. This makes the system ideal for non-profits or other organizations requiring two or more managers’ approval for expense payment. Because of the ease of cross-border transactions and low cost of using Bitcoin, it is rapidly becoming a mainstream currency throughout the business world. Quickbooks, which is reported to maintain 85 percent of the small-business accounting market in the U.S., recently began to offer their users the ability to accept Bitcoins as payment from customers along with traditional credit cards and bank wire transfers. Virtual stores like Amazon. com, Overstock.com and TigerDirect. com all welcome the use of Bitcoin, as do brick-and-mortar stores such as Home Depot, Kmart, Sears, and CVS Pharmacies.

While calls continue to legislate controls upon or place an outright ban on cryptocurrency, the fact seems that the positive sides of cryptocurrency far outweigh the problems that are associated with its use for nefarious deals. Bitcoins and other cryptocurrencies are here to stay. As a consequence, law enforcement and Internet security firms will be tasked to develop methods to protect themselves from the potential increase in extortion and other crimes that are now made easier on a global scale. Compounding security problems now seen by the use of Bitcoin is a growing number of new cryptocurrencies entering the cyber realm. At least eight new cybercurrencies were introduced in 2014, and more are on the way. Ultimately, like the fight between Beta and VHS, a winner will prevail as the dominant international cryptocurrency. Unfortunately, one or more may also become favored by dark forces, keeping security and law enforcement busy well into an unknown future.

While the use of virtual currency now makes global commerce between users easy and quick, it may also make cross-border crimes like extortion and VOLUME 1 | ISSUE 1

23

24

INFRAGARD MAGAZINE

MOST WANTED

Most Wanted:

Dmitry Vladimirovich Shegurov ALISASES: None known WANTED FOR: International Emergency Economic Powers Act (IIPA); Conspiracy to Commit IEEPA; Conspiracy to Commit Arms Export Control Act (AECA); and Commit Wire Fraud DESCRIPTION: Date(s) of Birth Used: May 31, 1983 Height: Approximately 5' 9" Weight: Approximately 180 pounds NCIC: W806228251 Occupation: Shegurov is an executive of Arsenal, a subsidiary of APEX. Hair: Brown Eyes: Brown Sex: Male Race: White REWARD: The FBI is offering a reward of up to $250,000 for information leading directly to the arrest of Daniel Andreas San Diego. Dmitry Shegurov and his co-conspirators, Sergey Klinov, and Yury Savin, are wanted for their involvement in several white collar crimes. All were involved in business with ARC Electronics, a Russian procurement company. Dmitry Shegurov, Sergey Klinov, and Yury Savin were indicted for violating the International Emergency Economic Powers Act (IEEPA), conspiring to violate IEEPA, conspiring to violate the Arms Export Control Act (AECA), and committing wire fraud from October 1, 2008 to September 28, 2012. Subjects in the U.S. were allegedly exporting controlled dual use technology from U.S. companies to Dmitry Shegurov, Sergey Klinov, and Yury Savin, in Russia. The Russian subjects reportedly wired funds back to the U.S. through third countries in order to disguise its origin and association to the Russian military and intelligence agencies as the final end users. On September 28, 2012, the United States District Court, Eastern District of New York, indicted Dmitry Shegurov, Sergey Klinov, and Yury Savin for violating the above-listed offenses. Additionally, Shegurov and Klinov were also charged with obstruction of justice. If you have any information concerning this person, please contact your local FBI office or the nearest American Embassy or Consulate. Source: FBI.gov

VOLUME 1 | ISSUE 1

25

NEWS

Marine Corps Commandant Gen. Joseph Dunford Jr., testifies during his Senate Armed Services Committee confirmation hearing to become the Chairman of the Joint Chiefs of Staff, on Capitol Hill in Washington, Thursday, July 9, 2015. Dunford said Russia poses the greatest national security threat to the United States and that it would be “reasonable” to supply lethal arms to Ukrainians fighting against rebels backed by Moscow. (AP Photo/Cliff Owen)

Joint Chiefs Chairman: Russia Biggest Threat to US Security By Deb Riechmann WASHINGTON (AP) — Russia poses the world’s greatest threat to U.S. national security, President Barack Obama’s nominee to lead the military’s Joint Chiefs of Staff declared on July 9. The White House quickly distanced the president from that blunt assessment. Marine Gen. Joseph Dunford told 26

INFRAGARD MAGAZINE

senators at his confirmation hearing, “If you want to talk about a nation that could pose an existential threat to the United States, I’d have to point to Russia. And if you look at their behavior, it’s nothing short of alarming.” The four-star general said there are other threats to the nation, which must be ad-

dressed in concert. He pointed to China with its expanding military capability and presence in the Pacific, North Korea with its ballistic missile capability and Islamic State militants. But he said, “My assessment today ... is that Russia presents the greatest threat to our national security.”

At the White House, press secretary Josh Earnest distanced Obama from the assessment, saying Dunford’s comments reflected his own view and not necessarily “the consensus analysis of the president’s national security team.” Yet Earnest said that much has changed since 2012, when Obama mocked his GOP opponent, Mitt Romney, for calling Russia the top U.S. geopolitical threat. Earnest said Russia’s destabilizing actions in Ukraine and “saber-rattling” over its nuclear program and military activities near borders with NATO allies have increased U.S. concerns. Relations between Russia and the West have sunk to post-Cold War lows after Moscow’s annexation of Ukraine’s Crimean Peninsula and its support for a pro-Russian insurgency in eastern Ukraine. The United States has responded with sanctions, but so far has refrained from providing lethal arms to the Ukrainian forces. Dunford’s comment was exactly what Sen. John McCain, chairman of the Armed Services Committee and a frequent critic of Obama’s foreign policy, wanted to hear. “In Europe, Vladimir Putin’s Russia continues its onslaught in Ukraine,” said McCain, R-Ariz. “But even as Russian troops and equipment execute this neo-imperial campaign to undermine Ukraine’s government and independence, the United States has refused Ukraine the weapons it needs and deserves for its defense.” Dunford agreed with McCain. “From a military perspective, I think it’s reasonable that we provide that support to the Ukrainians,” he said. “And frankly, without that kind of support, they’re not going to be able to protect themselves against Russian aggression.” The general told the committee that Russia is a nuclear power that not only

has the capability to violate the sovereignty of U.S. allies and do things that are inconsistent with U.S. national securityinterests, but is actually doing so. However, he also said he thinks it’s important to maintain a military-to-military relationship with Russia to improve trust and mitigate the risk of either nation miscalculating the moves of the other. Dunford, who appeared in the hearing room with his wife and other members of his family, is expected to be confirmed this month. On another major international issue, Secretary of State John Kerry announced in Vienna — shortly after Dunford testified — that diplomats would miss a midnight Thursday deadline for reaching a nuclear agreement with Iran. The U.S. and its partners are trying to clinch a deal that would restrain Tehran’s nuclear program in exchange for relief from economic sanctions. Dunford said a nuclear-armed Iran would pose a significant national security risk to the U.S., especially if Tehran also had the technology to launch intercontinental ballistic missiles. He said it would be reasonable to assume that Tehran would use revenue from any sanctions relief to further aid Shiite militias in Iraq, the Syrian government of President Bashar Assad and the Houthi rebels in Yemen. Even if there if is no nuclear deal, Dunford said, Iran will continue to be a “malign influence and the most destabilizing element in the Middle East today.” Under questioning, Dunford said the U.S. has the military capability to destroy Iran’s nuclear program. He said that by some estimates, about 500 U.S. troops have been killed because of Iranian activities in Afghanistan. Also on the subject of Afghanistan, he promised to recommend changes in the size and pace of the troop withdrawal there if security worsens. Dunford, who

until last year had been serving as the top U.S. commander in the country, said that if the U.S. force in Afghanistan falls to 1,000 in 2017, the counterterrorism mission there would be significantly degraded and the U.S. would risk losing its eyes and ears along the border with Pakistan. On Syria, Dunford said the 60 trainees the U.S. has in a program to prepare and arm thousands of moderate rebels in the fight against IS militants is a much lower number than expected at this juncture. He attributed the low number to a rigorous vetting process.

IF YOUR BUSINESS HELPS TO

PROTECT AMERICA’S CRITICAL INFRASTRUCTURE,

YOU WANT YOUR AD HERE. REACH FIRST RESPONDERS AND

THOSE IN THE

SECURITY INDUSTRY

ADVERTISE IN

INFRAGARD MAGAZINE

CALL 708.293.1430 FOR MEDIA KITS AND RATES, OR EMAIL ADS@INFRAGARDMAGAZINE.COM

INFRAGARD MAGAZINE

VOLUME 1 | ISSUE 1

27

PROTECTING E-COMMERCE By Karl J. Paloucek

What could we be doing to better secure our online markets? 28

INFRAGARD MAGAZINE

In a cyberworld where breaches have become commonplace, we’re obviously doing something wrong. What needs to happen to ensure that the online marketplace is more abundantly secure? We spoke with cybersecurity experts Jason Witty, Chief Information Security Officer for U.S. Bancorp., and Michael Phillips, Executive Vice President and Chief Information Security Officer of Rosenthal Collins Group LLC, for their dynamic insight into the sorts of solutions that retailers, financial services and other businesses should be not just considering, but integrating and implementing now. What’s abundantly clear, first and foremost, is that “steadfastly guarding the citadel,” the dominant mindset of asset protection for millennia, is entirely outmoded. In this new and highly volatile threat environment, one of the biggest mistakes is still our own hubris. “The biggest mistake I see companies making is assuming that it’s not going to happen to you,” Witty asserts. “That’s really number one. It needs to be, ‘assume it will’ and how are you going to deal with that type of thought process?” “It’s clear that the perimeter tools aren’t preventing people from getting data,” Phillips confirms. “So this whole emphasis that the appliance makers and the technology makers are [about] — ‘Buy this tool to stop people from getting in’? People are getting in. But once they get in, and they get the credentials that they need, they’re going to try to get in, from that point. So the thing is, from my perspective, what can you do to prevent them from being effective once they’re inside?” This is the new reality where security is concerned: The breach should be assumed to be inevitable. It’s what protocols are in place once the breach has occurred that will make the difference. So where do you begin to build and implement those protocols? “The first step is pick a standard or framework, then start working through implementation of that, so you can have a relatively comprehensive program,” Witty says. “It’s not just one thing, it’s a series of layers. Assuming that any one

given layer may have an issue, another layer is there to catch that, so that you’re able to keep the small things small when inevitable attacks happen.” According to Witty, some homework is required, as there are a number of solid standards and frameworks to consider, from ISO 27002 and NIST 800-53 to the NIST Cybersecurity Framework, which was the result of a 2013 executive order to facilitate raising the bar on cybersecurity. “The NIST Cybersecurity Framework — which is a framework, not a standard — basically allows you to be fairly comprehensive at implementing an information security program, and really, doing five key things: identify, protect, detect, respond and recover,” Witty explains. “And then 98 control areas that are subordinate to those five key actions. [They] formulate a pretty comprehensive program if you’re able to do all of those 98 things. … The framework basically goes into 22 control categories within each of those five areas, and then 98 individual controls that roll up into those 22 control families. That’s a good way of ensuring that we are being comprehensive.” As a chief information security officer, Phillips examines the problem from a slightly different perspective, but with no less insight. “It was the head of the NSA that said, ‘There are two types of companies — those that are hacked, and those who just don’t know they’re hacked already,’” he says. “If you take that as a premise, you have to then assume, OK, let me just operate as though they’re already in. … I monitor all privileged access, because the first thing someone wants to do when they’re in, they want to escalate their privileges so they can get a broader range of controls so they can actually get around, find stuff, then get it out. … We focus directly on all our privilegedaccess users. First, we minimize who has privileged access, and then we look at everything that they do, and then at alerts.” It’s a highly technical job, but Phillips urges that it’s far from strictly an information technologist’s responsibility. “I think the first mistake a lot of folks make is thinking that,

purely from an organizational perspective, that it’s strictly an I.T. problem,” he argues. “It’s technology’s issue — let them figure it out, right? I always told my boss that if I had a dollar, I’d spend 65 cents of it on the training, alone. Training, and actually testing that people took the training.” The good news is that awareness and behavior are evolving. Many of the traps set by threat actors hoping to prey upon carelessness and ignorance are going untripped. “They say culture beats strategy all the time,” Phillips says. “It’s shifting the beliefs and the behaviors — that’s the culture you have to focus on. When I first started [at Rosenthal Collins Group], no one was really into security a lot. But now, everybody calls. ‘Hey, I just saw this thing — I didn’t want to click on it. I wanted to make sure there was not a problem.’ They’re all equally as paranoid as I was when I walked in the door, now, some years later. … People are very nervous about clicking on anything, and that’s what we want them to be. And then, even if they do, we do have some technology controls in place that they’re unaware of. I have an Internet proxy, so if it sees something trying to go to a known bad site, it just won’t let it out.” On a macro level, one of the biggest problems faced by all participants in e-commerce is a chronic lack of communication about attacks as they happen. It’s understandable in a sense — most companies are naturally apprehensive about disclosing that they’ve been hit by a cybercriminal attack. But the cybercriminal community in part counts on this reticence. Because of it, “the attacking community is able to replicate the exact same thing with the exact same infrastructure, with the exact same subject line of the email, and the exact same line of the attachment from company A to company B, to company C, to company D, to company E,” Witty says. “Which is why you’re seeing so much focus now on information security legislation in congress, because there really needs to be a better sharing framework and structure so that when company A has an issue, they can (Continued on page 30) VOLUME 1 | ISSUE 1

29

share that with companies B, C, D, E and F without assuming liability associated with the completeness of that information, or the accuracy of that information, or what company B decides to do with it. It’s kind of the good-Samaritan concept.” It’s difficult to overstate the importance of the role that information sharing plays in thwarting breaches and other online malfeasance. The ability to share details about an attack — even anonymously — with others in the e-commerce community is one of the greatest weapons that businesses and financial institutions can wield in the war against cybercriminal mayhem. Some sectors of our economy have been sharing details about cyberattacks for years. “In the Clinton administration, the Financial Services Information Sharing and Analysis Center was stood up in 1999,” Witty offers. “There have been banks sharing anonymous attack data with other banks for 15 years. By the way, it doesn’t have to be a successful attack, either.” The situation is improving, but it’s still far from ideal, as many sectors have been slow to recognize and establish the controls they need to defend themselves against the ongoing siege. “Financial services has a robust information sharing and analysis center,” Witty says. “The energy sector has a fairly robust one. Retail just stood one up after the Target breach. [But] a lot of sectors don’t have one. So it’s not a question of ‘if ’; it’s ‘how.’ There just isn’t the underlying plumbing in a lot of cases.” Back in February, President Obama issued an executive order calling for the creation of Information Sharing and Analysis Organizations (ISAOs), in an effort to encourage businesses to form their own groups for sharing attack data. “I think you’re going to see that increase in companies’ willingness to share is going to increase as it becomes the norm that everybody’s being attacked,” Witty suggests. “It’s just helpful to receive information about how everyone is being attacked.” 30

INFRAGARD MAGAZINE

Information sharing is currently at the center of legislative efforts, balanced by weighty concerns about personal privacy with regard to companies’ sharing of personal information with the government. “There’s a lot of back-and-forth on that,” Witty says. “That is absolutely not what the intent of the information-sharing legislation is all about. It’s about sharing highly technical [information] — ‘How does this particular malware backdoor work?’ or ‘What is the subject line of the email that this fraudulent phishing campaign came in through?’ … They’re highly technical indicators, none of which has anything to do with personal privacy.” Even as information sharing occupies center stage of the legislative discussion, both Witty and Phillips are among those looking ahead to where the future battlegrounds of e-commerce security — as well as both national and personal information security — will be. For Phillips, the cultural shift that has enabled people to begin evolving their e-commerce security dynamics needs to progress to a point at which people will be inspired to act on their own behalf, holding the manufacturers of the technology, the gadgets on which people everywhere increasingly rely, accountable for at least a portion of the security that is now largely incumbent on the end consumer to maintain. “I really just think that as a culture, we have to push people to make the manufacturers of these things accountable for delivering these things and minimally doing some degree of security themselves, because as consumers, we won’t know what’s going on with these products when we get them, and we shouldn’t be expected to know — and it shouldn’t be in some 500-page, really small print [document] that if I don’t click something, then I’m willing to send [data] out of my house. “Remember when we first got our home wireless ports?” he continues. “They were all unencrypted. And it just took a lot of pressure from the consumer to say, ‘Look, I should not be expected to try to figure out how to put encryption

“Perimeter tools aren’t preventing people from getting data. … So what can you do to prevent them from being effective once they’re inside?” — Michael Phillips, Executive Vice President and Chief Information Security Officer of Rosenthal Collins Group LLC on this thing.’ Then the legislation came out that said they had to all ship with it enabled. It’s just that simple, but the point is that if people don’t come together and make this point as a collective, that’s when we’re just going to continue facing these things. And there are ways to secure these things — it’s not that they’re not securable. [The threat actors], they’re very much aware of the vulnerabilities in a lot of the stuff that comes out. And that’s what makes it easy for them. From a legislative perspective, we’re not doing anything to prevent it.” According to Witty, we should expect the discussion of e-commerce security to extend far past our own borders when the information-sharing issues eventually are more or less settled. “We need to define norms of behavior when countries are starting to use cyberweapons against companies, and what types of activities are OK, or what type of activities could trip a line that everybody agrees is going to start moving toward active war-type stuff,” he cautions. “That’s not defined right now. There’s no agreement on that between countries internationally. … The next step is going through this discussion around norms, and really starting to define that every country’s going to do

clandestine operations, and have intelligence collection processes and that sort of thing. Espionage-type stuff is going to happen, and computers are going to be used as part of that process. But there are certain things that would be considered non-normal, like stealing intellectual property from a company specifically to win a big trade deal. Those types of actions. That’s where I think the conversation’s going to end up going once information sharing is kind of behind us.” What’s perhaps most dangerous and most concerning in all of this is the urgency with which these matters need to be dealt with, contrasted with their complexity — because we are already far behind the ever-advancing technology that continues to nuance and enhance our lives in ways that we never imagined, all while bringing fresh security concerns to the fore with each new development. “The pace of technology has outpaced our ability to secure it,” Witty says. “Generally speaking, there are 7 billion people on our planet. There are 6 billion mobile phones. That’s kind of interesting. There are roughly 20 times as many devices connected to the Internet right now as we have people on our planet — that’s according to figures from Cisco. Just how hyper-connected we’ve gotten, how hyper-social and hyper-mobile — that creates a dynamic that the human race has never seen before. Completely unprecedented.

market,” he continues. “That is at an all-time high. If you look at the cost of breaches and fraud, and cybercriminal activity in 2014, McAfee estimates that that was a $575 billion conservative estimate. ... That amount of funding has basically caused a very large shift in the way that we need to think about this problem, because you’re not talking about a part-time adversary. You’re talking about somebody who’s highly motivated, highly funded and highly technical.” The motivation clearly is there for the black hat elements to continue bullying their way around the Internet and exploiting vulnerabilities to their advantage. Because their methods and technology are constantly in flux, defending against these threat actors can never be a static responsibility, particularly in the fields of e-commerce, finance and healthcare, where so much is at stake. Information security professionals will need to exhibit an evergreater elasticity of insight and reasoning, and, crucially, learn to communicate and collaborate as a community for the best chance of stanching the hemorrhage of data and resources that chips away at our legitimate commercial, financial, personal and national interests.

Five Rules for E-Commerce and Other Online Security In the war for e-commerce and other information security, cyberthreat actors have numerous distinct advantages — not least is the fact that to exploit a vulnerability, they only need to get lucky once, whereas companies need to be vigilant at all times. To maintain your organization’s highest possible security standards, it’s a good idea to keep in mind the following commandments of e-commerce and online security: 1. Never assume that a cyberattack is not going to happen to your company. Adopt a framework that assumes that a breach has already occurred and plan — and act — accordingly. 2. If your organization has sustained an attack — successful or not — do the right thing: Share what you know about the attack with others in your business community. 3. Train your personnel on practicing secure use of information technologies and test them on their knowledge. A little investment up front in this regard can pay off millions of times over down the line. 4. Know your organization’s information assets and secure them as the valuable property they are. 5. Ensure that your information infrastructure’s hygiene is well and consistently maintained. Keep devices, operating systems, apps and other hardware and software up to date with current patches and software.

“If you look at the global market for cybersecurity in 2015, products and services, it’s basically a $77 billion VOLUME 1 | ISSUE 1

31

NEW TECHNOLOGY

Victor Video Management System Optimizes Case Management Control

The victor Video Management System enables investigators to manage events and create incident reports with ease WESTFORD, MA. — Tyco Security Products recently introduced the new version of the victor Video Management System (VMS), which significantly reduces the time needed by busy investigators to organize and manage events and create incident reports. The case management tool enables the holistic management of alarms, reporting and video-associated alarms and investigations from such systems as access control, intrusion, fire, intercom, elevator and HVAC systems. Using an intuitive interface, command center operators now can view, manage and replay alarms as needed and from any location. The tool’s incident builder feature can gather all relevant information — videos and still images, report data and charts and user notes — into a template and export it as an incident report for internal use by management, or external use by local law enforcement. Instead of the time32

INFRAGARD MAGAZINE

consuming process of creating a folder, manually writing a report, transcribing notes, exporting images and charts, burning a CD, etc., a report can be created with a few clicks. St. Joseph’s Health Care, London, Ontario, recently switched from an analog to an IP video management system powered by victor to be able to respond to incidents more quickly. “The new investigation tools in victor have significantly streamlined our investigation workflow and simplified the steps our operators need to take in order to locate, review and package the relevant information from a particular incident,” said Mike Bessagato, director of Fire & Security Services/Emergency Planning. “Not only are the case management tools helping operators in our security control center save time, they are also helping to ensure the accuracy of our evidence by eliminating video that is not directly related to an investigation.”

“Having the most critical information about their organization available in one interface is no longer a luxury for operators and investigators, who need access to this information quickly,” said Steve Carney, Senior Director of Video and Integrations, Tyco Security Products. “Our enhancements to victor offer a complete case management solution that brings all the relevant details from an event or threat into a single, easy-to-access format.” For more information about the victor Video Management System and our comprehensive line of Video Surveillance Solutions, visit americandynamics.net.

Paladin Data Systems Corporation Announces ASMi Technology Now a DADMS Authorized Software Application

MTS Multi-Threat Shield Offers Convenient Protection

ASMi technology is now an authorized software application within The Department of the Navy (DON) Application and Database Management System POULSBO, Wash., (GLOBE NEWSWIRE) — Paladin Data Systems announced ASMi technology is now an authorized software application within The Department of the Navy (DON) Application and Database Management System (DADMS), the Authoritative Data Source for congressionally mandated improvements in management of IT resources. ASMi is a commercially available, personnel readiness tool designed to manage, maintain and forecast the knowledge, skills and abilities of the workforce. Over 20 DON Functional Area Managers (FAMs), Functional Data Managers (FDM) and others use DADMS to execute responsibilities in architecture, migration, consolidation, or retirement of IT portfolio resources. “Paladin is proud of ASMi and its team for accomplishing this unique achievement in becoming part of the approved software list. ASMi’s inclusion into DADMS makes it much easier for our Navy customers to access this outstanding workforce readiness tool,” said Jim Nall, Paladin CEO. The Advanced Skills Management Industrial (ASMi) system is a Web-centric training, testing, and workforce readiness management tool. With hundreds of thousands of military personnel worldwide requiring up-to-date training, ASMi enables supervisors to assess at a glance the overall deployment readiness of military forces, view complete unit and individual training capabilities, and provide competency information for day-to-day operations, emergency readiness, and incident investigations.

At just 8 pounds, the MTS Multi-Threat Shield offers discreet and convenient protection against most threats involving handguns, shotguns or pistol-caliber machine-guns. With the flick of a wrist, the MTS, designed to look like a conventional laptop bag, deploys into a 3-foot-long shield capable of protecting one or more people from ballistic threats, attacks from blunt objects or sharp weapons, as well as from fists or feet. (Protection against high-powered rifles is also available via a special insert, sold separately.) Because it’s designed for everyday carrying, the MTS MultiThreat Shield is functional in other ways, as well, including an expandable utility pouch with covert access, enabling the user to carry anything from a handgun or Taser, to an actual laptop or tablet. For more information, visit forcetraining.com.

VOLUME 1 | ISSUE 1

33

NEW TECHNOLOGY

U.S. Air Force Renews Honeywell’s Certification to Protect Critical Assets Honeywell has announced that its latest versions of its Vindicator Command, Control and Display Equipment have now been certified for use by the U.S. Air Force in protecting critical assets around the globe. Grants Vindicator Critical Asset Security Solutions Authority to Operate on USAF Networks Worldwide LOUISVILLE, Ky. — Honeywell (NYSE:HON) recently announced that its newest generation of Vindicator® Command, Control and Display Equipment (CCDE) has been certified to protect critical assets at U.S. Air Force bases worldwide. The Air Force awarded the certification after exhaustive qualification, testing and evaluation. Vindicator solutions have been on the USAF-approved equipment list without interruption since the mid-1990s. Vindicator products are also approved for operation across the Air Force’s data networks. “You protect more than just an entryway when securing these types of facilities,” said Angela Oberman, senior channel 34

INFRAGARD MAGAZINE

manager, critical infrastructure. “These facilities require the highest levels of security because they themselves have been deemed critical to helping secure countries and their people. Vindicator is designed to allow the people who work within these facilities to do their jobs without having to worry about their own physical or network security measures.” Honeywell’s portfolio of Vindicator security technologies allow operators to use a single workstation to manage security event information gathered from interior and perimeter intrusion, video detection, access control and fire systems. Vindicator solutions can use an existing or discrete facility network over any media transport, such as wire, RF, modem or fiber optic, both encrypted and redundantly. This critical level of security is often required by government and military installations, industrial facilities, utilities and many correctional institutions.

Vindicator products were tested and approved to protect USAF PL1 through PL4 sites include the Vindicator Command & Control 2 (VCC 2) platform, V5 Intrusion Detection System (IDS), V5 Access Control System (ACS), Security Archive Workstation 2 (SAW 2), Vindicator Badge Manager 3 (VBM 3), Vindicator Site Commander (VSC), Vindicator Area Commander (VAC), Vindicator Premise Controller (VPC), and the UHS-1500 field panel. For more information on Honeywell Vindicator Technologies, visit www.honeywellvindicator.com.

Universal Wallet Coinomi Integrates With ShapeShift.io API

Coinomi recently announced its ShapeShift.io, an instant Bitcoin and altcoin exchange service that allows users to easily convert between supported cryptocurrencies without having to leave the wallet. Switzerland (PRWEB) — ShapeShift.io, an instant Bitcoin and altcoin exchange service, has announced their API integration with Coinomi, a free, open-source wallet for Bitcoin and multiple cryptocurrencies, available as an Android application. The ShapeShift API integration allows Coinomi wallet users to quickly convert between each supported altcoin within the wallet without the user having to leave the Android application. The Coinomi wallet currently supports Dogecoin, Litecoin and Bitcoin, as well as many other major cryptocurrencies. Only available as an Android app, Coinomi plans to release their IOS app version within the next few months. “We are very excited about this API integration as for the first time users holding more than one coin in their wallet will be able to seamlessly convert from one coin to another without having to leave their wallet

app but also to spend their altcoins where only bitcoin payments are accepted without having to manually convert their coins,” said Coinomi Founder & CEO George Kimionis.

The Coinomi integration will allow for immediate altcoin conversion.

Developed to be primarily used as an API, ShapeShift’s integration with Coinomi’s wallet is just one of many the instant altcoin exchange hopes to support. “From the start Coinomi has always been the most used mobile wallet in our office because of its multi-coin capability and so we are very excited for this partnership,” said ShapeShift COO, Jon. “Converting cryptocurrencies within the app itself has been a magical experience.” Outside of their API offering, ShapeShift offers a intuitive, user-friendly website exchange for direct consumer usage. For businesses interested in learning more about ShapeShift API integration, please contact Emily@shapeshift.io. VOLUME 1 | ISSUE 1

35

MEMBER NEWS

InfraGard Member Focus: Dr. Nancy Zarse By Karl J. Paloucek

To those on the outside, the Academic Sector might sound like a relatively benign area over which to preside. But those familiar with all that it encompasses know that it’s a considerable responsibility. As Academic Sector Chief, Dr. Nancy Zarse knows the full dynamics and dimensions of her role, even as she seeks to learn more and expand her involvement in it. In part because of this demonstrated positive attitude that resonates in the work she does both with InfraGard and as full professor in the Forensic Department of The Chicago School of Professional Psychology, Zarse was recently awarded the 2015 Distinguished Faculty Award for Excellence in Public Service, an award she also claimed in 2011. We took the opportunity to speak with Zarse about the honor, about the importance of securing the Academic Sector, and her vision for the future.

was actually prosecuted. And he was here on a visa, and then engaged in terrorist activities. So one of the things we want to be careful about are the people who are visiting our country, and the academic environment has a lot of freedom — and understandably and justifiably so. We just need to make sure that people are here doing what they are intending them to do, and what we are intending them to do. That’s one of the threats that can be to the Academic Sector. It can also be property — intellectual property. One of the things that happens with academia, sometimes we’re rather free with our information — is any of that being misused? IMA: What are you working toward now?

IMA: How did you come to the career path you did? Nancy Zarse: Well, it’s a pretty long career at this point, unfortunately, which makes me sound old. I guess the best way to explain how I ended up here is, this is my alma mater. I’m a graduate of the Chicago School of Professional Psychology. I had been home full time with my boys for about eight years and was looking to get back into the workforce with a position that utilized my clinical experience, but also gave me a little bit of flexibility with regards to my children. So I reached out to the Chicago School and started in January of ’07. Started first as an adjunct — did that for two semesters — and then I worked part-time for a year; then I went full-time in the fall of ’08. IMA: What’s your specialty within the field of professional psychology? NZ: I’m a forensic psychologist, so my specialty areas are in the field of forensics 36

INFRAGARD MAGAZINE

— hostage negotiation, violence and risk assessment, psychology of law enforcement, psychology of terrorism, evaluation and treatment of the adult offender. IMA: What does the threat to Academia include? What all does that encompass? NZ: Some of the threats that Academia could face are violations of visa. Like there was that very famous terrorist who came over to Bradley University, and then went back to the Middle East, and re-enrolled again. He

NZ: Part of what I want to do is to build a better — and I haven’t done near enough — I want to build a better sense of who the Sector is, who actually is in Academia. What are the strengths that any of us bring, and what are the individual concerns that we have? So I need to do a better job at reaching out to the Sector to say, “This is who I am, and this is where I’d like to go, and what ideas do you have?” IMA: Are there are large number of people in the Academia Sector? NZ: It’s not one of the larger ones, no. But it can be vital because — the thing of it is, the information needs to go both ways. It’s not just about what does the FBI have that they can share with us and we can then disseminate, but it’s also about what concerns do we have, or what knowledge

or information? There might be a faculty member somewhere in Academia who’s doing research that has great relevance to the field of counterterrorism. We take that information and pass that along to the FBI. Or let’s say someone like myself: If I’m doing a study-abroad program and I get information that would be relevant for the FBI, again, that is something to pass along. There are a lot of schools doing a lot of international work. The whole international focus is expanding exponentially in academia. So it’s just something that we need to be really careful about. Where are our students traveling to, and are they doing so safely and legally? And vice-versa: Who’s coming to our academic institutions, and are those valid academic sources? IMA: Let’s back up just a bit. How did you come to be involved in InfraGard in the first place? NZ: I am a colleague of the former coordinator of InfraGard, and the current coordinator. The former coordinator, Jason Leifer, had asked me to do maybe one or two presentations for InfraGard. Then the current coordinator — because I do a lot of training with law enforcement, so I’m resource staff with the FBI’s hostage negotiation, so my relationship with both of them goes back many, many years. Then I joined InfraGard, and then Kathy [Hug] asked me if I would be interested in being the Sector Chief. I think part of that is not only my work in forensic psychology, but also in things like hostage negotiation, but also because of my work with Israel. IMA: That sounds fascinating — could you please elaborate a bit about that for us? NZ: Well, I created a course that focuses on terrorism, trauma and resilience within the context of Israel. So it’s a semester-long course — we meet every week for three hours — and then it culminates in a 10-day studyabroad trip. It’s based highly on experiences and experts in the field. For instance, in Chicago, the Honorable Council General of the Israeli Consulate speaks to my class; I have an FBI agent who speaks on the history of Israel. The president of TLOC [Terrorism Liaison Officer Committee] speaks to my class. I have a victim of secondary trauma — her sister was shot in a terrorist attack in Jerusalem, pronounced dead on the scene and then survived. We tour the Holocaust Museum; I have a Holocaust survivor who

speaks to my group. Basically, however I can get at terrorism, trauma and resilience. Then, in Israel, we stay several days in Tel Aviv, several days in Jerusalem, we stay on a kibbutz, and we again hear from experts and government officials in the area. We tour the ministry of foreign affairs. Obviously, we tour Yad Vashem, the Holocaust museum in Israel, but we also visit the mass-casualty trauma unit at Shaare Zedek, which is a world-renowned mass-casualty unit. They came over to consult with us after 9/11. I’m on their American board of directors, so I’ve done speaking engagements for them as well. But anyway, we hear from the chief psychiatrist for the southern half of Israel. We spend an entire day in Sderot. Sderot is the town that is closest to Gaza, and so experiences the highest number of direct missile attacks from Hamas, and has the highest rate of PTSD in the world. We spend about 10 hours in the town of Sderot. So it’s very focused on the people, on the experiences, on the experts there, and I’ve now taught that class five years, and led five study-abroad trips.

at the end of the day?” And they said, “We gather the prayers every day, and then we bury them.” And I just thought, they have such respect for anybody who has traveled to that country to put their prayers into that wall, and I don’t know that we would do that in America. I’m not sure that we would bury, out of respect, the prayers from these people from all over the world. IMA: They would probably just get left there, is my guess. NZ: Or thrown away. There was another instance that we heard of just this past year, that there was a prison, and somehow, they were digging under the prison, and they discovered these extraordinary ruins. And so the prison moved — they moved the prison so that they could honor the history and the culture of whatever they were discovering underneath there. And again, I’m struck by — not that we would have those kinds of ruins in America, but if we did, would we pay to move an entire prison?

IMA: What have you seen on those multiple trips to such high-stress places?

IMA: I think there are some precedents in which things have been discovered where they say, “OK, we can’t build here,” but I think more often than not, the business interests win out.

NZ: I’ve seen a very different Israel than what is portrayed in the American media. I am — I think I can safely say the word is outraged, by the BDS movement, the attempts to de-invest from Israel. I see a phenomenal resilience. The response of the Israeli people, both the government and the military, the law enforcement, the civilians, the psychologists, the social workers, is just impressive. It doesn’t mean that I glorify the state. It’s not like I don’t see the same kind of faults that I see in America. But their resilience in the face of sustained terrorism and trauma is simply impressive to me. I also think, on that note, separate from that, their respect for religion and for cultures is also, in my opinion, impressive. And not just their own. It’s not just a respect for the Jewish faith. I think their respect for religion far exceeds that of what I see in America. As long as it is religion that is peaceful in its pursuit. I go to the Western Wall — this is a goofy story, but we go to the Western Wall every year, and you can put prayers on a piece of paper and actually slide them into the wall. And as you walk up to the wall, there’s an inordinate amount of prayers there. Some have fallen on the ground. We did a tour of the tunnels that are under the Western Wall, and one of the questions I asked was, “What do you do with all of these prayers

NZ: Right! And you think about that — I mean, I worked in corrections. The expense of moving an entire prison — building another one and moving it — would be extraordinary. So that’s part [of it]. The other thing is that the people — I’m very big on sustained relationships. I believe in reciprocal relationships. If there’s something I can do for you, that’s terrific. I’ve gone back to many of the people as I’ve developed these relationships. Some of the people that I’m having my group tour with in Israel, I’ve been working with now for four and five years. What they are willing to share in terms of their actual experience — one of the psychiatrists we talk to there, he lived in Sderot, and his house was bombed. And so he talks about the effect on his children, of that attack. Last year we toured and I met a woman, and this year when I came back to Sderot, she invited me and my group into her home. So we went into an actual home of an average citizen in Sderot, and she talked with us about the war this past summer, and 60 days of being out of her home, showed me the bomb shelter where her and her daughter lived. They moved into that shelter, this room that’s smaller than a prison cell. That’s where they lived before they were actually evacuated (Continued on page 38) VOLUME 1 | ISSUE 1

37

MEMBER NEWS

from the town, because the missile attacks from Gaza were so severe. So people are just willing to really open themselves up to other people who really want to learn. It’s amazing. IMA: You received another award for your service recently. NZ: I’ve actually been quite fortunate and I’ve received a number of awards now, at my school. In 2010, I received the Distinguished Faculty and Excellence in Teaching Award. And then I received the Excellence in Public Service Award. You can’t get that award for three years after you’ve been awarded it. And then in 2014 — so it must have been 2011 I got the Teaching Award — then in 2014 I received the Teaching Award again. And this year, the Excellence in Public Service Award. IMA: You’re on a roll. NZ: I am — I’m pretty active! It’s a goofy thing, but I have this philosophy that to those to whom much has been given, from whom much is expected. So I feel like I’ve been blessed. I’ve been very fortunate, and I want to give back. IMA: What about your own personal plans beyond your work or InfraGard? NZ: I think for me — I’m going to answer that professionally — professionally, I would like to get into even more training and consultation in the areas of terrorism and threat assessment, and violence- and suicide-risk assessment. That sort of thing. I thoroughly enjoy doing presentations. I do a fair amount traveling around the country — a little bit internationally, but mostly around the country. And I really enjoy taking information that, for a lot of people, seems confusing, and try to make it manageable and relevant to their actual everyday lives, in their jobs. And I try to infuse some humor in that, so that we can have a little bit of fun. Some of what I talk about — even when I do media interviews, rarely do people call me to talk about love and peace and friendship. I’m called on serial murderers and suicide, and terrorist attacks, and mass school shootings. So sometimes I just think we need to remember to infuse a little bit of lightheartedness in the topics. But I love that. I love taking difficult material and making it manageable. And if I can help people to do that — I think a lot of this stuff is far more preventable than we think. Not so much on a global issue, but on each individual issue. You know, 81 percent of all mass-casualty incidents — in 81 percent 38

INFRAGARD MAGAZINE

of mass-casualty incidents, somebody knew something. So how can we get those 81 percent to come forward? Part of what I do, when I do a presentation on violence risk assessment is, I have a piece where I talk about, let’s do some brainstorming on why we think those 81 percent aren’t coming forward, and what can we try and do to get those 81 percent to come forward. But we all have a piece of that. Me as a mom, if I’m concerned about my son, I’m not going to call my son’s school to say, “Hey, I’m worried about my boy,” unless I think that both me and my son are going to be treated professionally and compassionately. We all have a piece of that. That’s not just pointing the finger at moms or at schools, or at law enforcement. We all have a piece of that. And I think that’s part of what I really like to try to get across is, let’s not just stay focused on that 81 percent. What do we do with that? And how can we try to overcome that barrier to keep our society safer? And what do we want people to report? Again, if I’m a mom and my boys are sitting at the kitchen table and they’ve got friends over, and they’re talking about something that’s going on at school, what is it that we actually want the parents to call the school and say, “Hey, this is what I heard.” So we need to educate people. I love that. I love that part of my job, and I would be thrilled to be doing more of that. IMA: What do you like to do in your downtime? Is there anything that your InfraGard compadres would be surprised to learn about you? NZ: It depends on how well they know me! [Laughs.] Obviously, I love spending time with my boys. I love movies, so I got to movies a lot — the Academy Awards is the biggest single day of my year outside of my boys. IMA: What sort of movies do you prefer? NZ: I love dramedies. My favorite is when they take a really complicated subject and the human dynamics and the relationships … let’s laugh a little bit and let’s cry a little bit. Those are my favorites. I have to go to a lot of violence movies because of what I do, but I love dramedies. And I love the beach. Caribbean is my favorite, but I don’t discriminate. I love going to the dunes, I love Cape Cod, I love Florida — I love Destin. I love the Caribbean. I love beaches. And I love to read.

IMA: What do you like to read? NZ: Mysteries … probably mysteries and fiction are my favorite. In fact, pretty much anytime you see me, I’m going to have a book. If there’s a wait in the doctor’s office, I’m reading a book. My children make fun of me. If I get stuck in a train, well, I might read a book. I love to read. If I’m on a plane, I’m reading.

REACH

FIRST RESPONDERS AND THOSE IN THE SECURITY INDUSTRY

ADVERTISE IN

INFRAGARD MAGAZINE

CALL 708.293.1430 FOR MEDIA KITS AND RATES, OR EMAIL ADS@INFRAGARDMAGAZINE.COM

INDUSTRY CALENDAR

Start making plans today to attend the knowledge-sharing events impacting the security industry in the coming months: Gartner Symposium ITxpo 2015 Oct. 4-8, 2015 Walt Disney World – 1500 Epcot Resort Blvd., Lake Buena Vista, FL www.gartner.com/events/na/orlando-symposium

Denver Secureworld Oct. 15, 2015 The Cable Center – 2000 Buchtel Blvd., Denver, CO www.secureworldexpo.com/denver/home

IT Security One2One Summit Oct. 4-6, 2015 Omni Barton Creek Resort & Spa – 8212 Barton Club Dr., Austin, TX www.one2onesummits.com

2nd International Conference on Global Food Security October 11-14, 2015 Cornell University – 144 East Ave., Ithaca, NY www.globalfoodsecurityconference.com

Gartner Symposium ITxpo 2015 Oct. 4-8, 2015 Walt Disney World – 1500 Epcot Resort Blvd., Lake Buena Vista, FL www.gartner.com/events/na/orlando-symposium ACFCS Cyber Financial Crime Summit Oct. 5-6, 2015 Gaylord National Resort – 201 Waterfront St., National Harbor, MD acfcssummit.com Smart Industry 2015 Oct. 5-7, 2015 Radisson Blu Aqua Hotel – 221 N. Columbus Dr., Chicago, IL www.smartindustry.com/ Cincinnati Secureworld Oct. 6, 2015 Sharonville Convention Center – 11355 Chester Rd., Cincinnati, OH www.secureworldexpo.com/cincinnati/home Buy Side Technology North American Summit Oct. 7, 2015 New York Marriott Marquis – 1535 Broadway, 9th Floor, New York City, NY www.bit.ly/1FyfbD4 10 Annual Homeland Security Week Oct. 7-9, 2015 Sheraton Pentagon City – 900 S. Orme St., Arlington, VA www.homelandsecurityweek.com/

Dallas Secureworld Oct. 28-29, 2015 Plano Centre – 2000 E. Spring Creek Pkwy, Plano, TX www.secureworldexpo.com/dallas/home Bay Area Secureworld Nov. 4, 2015 San Jose Marriott – 301 S. Market St., San Jose, CA www.secureworldexpo.com/bay-area/home Seattle Secureworld Nov. 11-12, 2015 Meydenbauer Center – 11100 NE 6th St., Bellevue, WA www.secureworldexpo.com/seattle/home Cargo Logistics America Dec. 2-3, 2015 San Diego Convention Center – 111 W. Harbor Dr., San Diego, CA www.cargologisticsamerica.com/

NG Security Summit Dec. 2-4, 2015 Omni Barton Creek Resort & Spa - 8212 Barton Club Dr., Austin, TX www.gdsinternational.com/events/ngsecurity/us/ PrivacyCon Jan. 14, 2016 Constitution Center – 400 7th St. SW, Washington, D.C. www.ftc.gov/news-events/events-calendar/2016/01/privacycon

ISSA CISO Forum: Cloud Security Management Oct. 10-11, 2015 Chicago Marriott Downtown – 541 N. Rush St., Chicago, IL www.issa.org/?CISO2015October ISSA CISO Forum: Cloud Security Management Oct. 10-11, 2015 Chicago Marriott Downtown – 541 N. Rush St., Chicago, IL www.issa.org/?CISO2015October 2nd International Conference on Global Food Security October 11-14, 2015 Cornell University - 144 East Ave., Ithaca, NY www.globalfoodsecurityconference.com Care to have your event included in a future Industry Event Calendar? Email your event details to editor@Infragardmagazine.com VOLUME 1 | ISSUE 1

39

Presorted Standard U.S. Postage PAID Bedford Park, IL Permit No. 913

When Your Online Data Has To Be Secure.

Services We Offer: • • • • • •

Secure your site and its critical data against infiltration or corruption. Fanning Communications provides state-of-the-art website architecture, design and development for your site. Employing the most trusted, reliable technologies and industry best practices, Fanning Communications is your best defense against the Internet’s worst actors.

© 2015 Fanning Communications

40

INFRAGARD MAGAZINE

HIPAA-Compliant Websites SSL Certificates (HTTPS) 24/7 Security Monitoring and Service Brute Force and DOS Protections Login and Blacklist Protections Seamless Behind-the-Scenes Patches and Updates • Automatic Backups (On and Offsite) • Full-Service Front-End, Back-End and Content Development • And more!

Contact Fanning Communications for a Consultation Today: 1.866.963.173 www.FanningCommunications.com