 All right, before we get started with Meet the Fed, we're going to play Spot the Lamer. Every year here at DEF CON, you guys play Spot the Fed, try to embarrass the Fed. Well, we thought this is going to be the fourth year that we're going to pick some poor sum bitch that is a Lamer. So obviously, priests picked them. So if you guys could kind of line up in front here so that everybody can see him. Could you do that for the video so we get a good picture of your ass? Okay, that's good, that's good. Okay, where's the IRS? Okay, what we're going to do is we're going to start asking questions to each of the panel members. We're going to start with Ken Privet from Postal, and we're going to work our way down here and end this way. So pick a number, hey priest, we need this asshole removed over here. Come on quick. No, hubba hubba. Where's the best place to store porn? I'll give you two answers. Your neighbor's box over the Wi-Fi, or your box? Pick a number, Ken. Who do you want to answer? Oh, this gentleman here. Okay, you've been eliminated, you can sit down now. Not here. Thank you. Mike. Alright, let's see. Name at least five Intel x86 machine instructions and two Mock instructions. Who do you want to answer? I added the last part, they gave me the first part, but I added the last part because I want to see if you really know. Alright, see you later, man. Time's up, stay right where you are because you look like a Lamer, next one. Question goes to you. Can you name the entire Skywalker family? Okay, Mike. John, Gareth. For this gentleman here in the rather aggressive arms cross posture, have you coded more than 200 versions of Hello World programs in your life? Barry. Okay, for the contestant on the end, which of the following regarding the iPhone applies to you? A, you did the jail breaking thing right away. B, you mostly use it to watch Battlestar Galactica. Or C, are you effing kidding me? Alright, second from the end. Louder. How many external media devices do you own and how many are on you now? Michelle. What time do you have to be at work? What time do you get there? Vegas. So for the gentleman in black here, when does December 25th equal October 31st? When does DEC 3025 equal OCT 31? Come on, this is only an hour and a half, let's go. That's a great decimal, 25 is octal 31. Number two, do you still live in your parents' basement? What floor of your parents' house do you live on? Okay, could all the contestants please raise your hand? I'm going to get to that. Okay, now, if you, come on higher, we want them to see, if you have never hacked a government system, put your hand down. All you guys hesitate, three of you, okay, Rich. What is better for stiffing traffic, network traffic, a hub or a switch? And why? Okay, Marcus. I'm going to talk to this labor here in green. Is this about the bed? If I put my card in promiscuous mode, what does it mean? Okay, having experienced what you've experienced, given a choice next year of coming to DEF CON and getting embarrassed as hell, we're staying home and getting laid. Which would you prefer? Actually, this one I applied to the three women, those two guys wouldn't get laid at home either. Show of hands, do you have two hands? Anything? They said yes. Okay, for Beerman, how do you feel about employers requiring you to look professional? No shit. Who coined the term cyber cop? Moving right along. This is for either of the two gentlemen. In your opinion, what's the best way to pack code? Number two, do you still tell your mom and dad goodnight? Okay, if you would all face the judges. Okay, raise your hand number one with a hat and a beer. If you think he's the lame, please clap. Number two, please raise your hand. Let's hear it for number two. Okay, number one, you could sit down. Number three, would you raise your hand? Number three, okay, number four, raise your hand. Higher. Higher? Okay, number four, we're going to keep you up here because you're cute. Number five, raise your hand. Okay, number five. Okay, number one or number four? One, raise your hand. Number four, raise your hand. Okay, we're still going to keep you up. If you raise your shirt, you get more votes. Fuck it, I'm retired. Number, you're number one now, you're number two. Number one, let's hear it for one. Number two, okay, two, you can have a seat. I'm sorry. Okay, number one, the new number two. I'm sorry, honey, we're going to have to send you home. Number one, and our lady. Okay, well, we would like to award you with, and what's your first name? Amy. Amy, we have this coveted spot, a fed t-shirt for you, and now everybody, if you just walk down here, everybody has a gift for you. Everybody has a small gift for you. Okay, but you have to walk faster. Amy, Amy, that guy's still here. That's where you have the bag. Cuffs in the bedroom. Thanks, thanks, priest, for all the help. They're doing that in a hallway. Okay, what we're going to do is we're going to start with Ken Privet and let everybody introduce themselves, talk about two minutes on their agency, what they do, and then we're going to open it up to questions. So formulate your questions, and we have a microphone down here so everybody else can hear. So if you want to start forming a line. Hi, Ken Privet, I'm an agent in charge of the Postal Service Digital Evidence Services. We do computer crime investigations and do computer forensics for the Postal Service to support investigations. Some of the problems you guys create, we kind of end up with a sweep them up and taking care of them. So let's see. Yeah, yeah, yeah, these guys. The bureaucracy mostly, yeah, yeah, that's my problem. No, and the Postal Service is a massive amount of computer infrastructure. One of the third, like I think the third largest infrastructure in the United States. It, a lot of computers that push the mail around and help it get delivered to you. So we secure that infrastructure and do the investigations to support it. Here we go. I'm Colonel Mike Convertino from the US Air Force, Don San Antonio, the 318th Information Operations Group. We specialize in network access engineering down there. And basically, I'm here to recruit you, not arrest you like some of the people on this stage. So I'm the good guy. In fact, how I came to, yeah, as evidence of that, last year we hired over 60 people into the Air Force as a result of my visit to this conference. So actually, it is true. So, yeah, I guess also I'm somewhat, the most similar to any of you up here on this stage too, as I started off with an interest in electronics as a very young boy. I got sent to a summer camp one time. My mom sent me there. I met a girl. So you can say that I started this out of, started this as interest in this as part of, you know, for love, you know. Yeah, and so anyway, I wanted to call her afterward and I combined my interest in her with my interest in electronics to make the phone system do what I needed to do. So my other, yeah, today it probably would be considered stocking, but so my, my other, my handle is loopback. I don't know if you know me from online, so anyway. Do you say humpback? Hi everyone. I'm Stéphane Turgent. I'm a sergeant with the Royal Canadian Mounted Police. I'm, there you go. Are you a Montreal Canadiens fan or Ottawa? Toronto now. Okay, anyway. I want you. So I'm, yeah, go ahead. You want a hat? All right, we're moving on. Okay, move on. All right, maybe you're right along. Hat for you. Okay. Now, good for you. I'm not Taser trained, so if I have to arrest you someday, you'll be lucky. And now, seriously, I'm in charge of the computer crime section in Ottawa, and we deal with the computer crime investigations involving terrorism, drugs, organized crime, national security, and of course, computer intrusion. I'm here, first time, it's my first time here. I'm really happy to see all of you guys and actually I'm also here to recruit. So if you have any suggestions, any ideas to help us, help us the RCMP, then we'll be here to receive you. You are. It all depends on the cases, and I assume so we could, it depends. Need a visa. Rule number one, never follow a guy with the sexy accent. John Garris, I run the Computer Crimes Division for NASA IG. I think you know what NASA does, so I won't go into that. I was gonna talk about my Air Force experience, but I don't know if I wanna be associated. You know, what I do have to offer though is coveted NASA IG Ninja throwing discs that also happen to double as coasters, but you know, you can decide. And it depends on somebody who can come up with something, you know, meaningfully flattering for me, you know, through the, and anything that this guy, you know, if you can do anything about this guy, you get two. And my name is Barry Grundy. I'm a special agent with the Treasuries Inspector General for Tax Administration. I've only been there for about five months. I'm in the Network Intrusions Unit. We do Network Intrusions, Fishing Investigations. I've only been there for about five months. I used to work for John Garris here at NASA beforehand. And I- John fired him. And I- I'm actually, I actually replaced this guy down here, Andy Freed, and I don't know if those of you who know Andy know- He got fired too. Those of you who know Andy know that when he left, he left a huge knowledge vacuum. And I'm in there trying to fill it, trying to fill his big shoes by pissing off as many people as I can, as quick as I can. And trying to unlearn all my interpersonal skills as quick as I can too. But seriously, what we do is, TIGTA, the group TIGTA does oversight for the IRS. So we protect the tax infrastructure for the IRS. And that includes a network intrusions and other computer crimes. That's it. I'm Paul Sternel. I'm the program manager for the Computer Crimes Unit for the Defense Criminal Investigative Service. We're the criminal investigative arm of the DODIG. You may have heard of the Department of Defense or Small U.S. Government Department. That's about it. Just ignore the asshole. I'm Michelle Kwan. I'm the director of U.S. CERT. And we work with the departments and agencies in the dot gov portion of the government in incident response and general security. We also work in conjunction with state, locals, international, and industry and collaborating and coordinating during incidents. And we also hear recruiting. So if you are interested in a job, we have jobs posted in USA Jobs, and you can always come up and see me too. My name is Lynn Wells. I'm with the National Defense University, which is in Washington, D.C. We have a couple of things that really might be of interest to you all. One is the Information Resource Management College, which has some terrific opportunities for people with advanced degrees. Also grants certificates and things like that and things like CIO and CISO. But it's also got a batch of closed networks. So you can go out and just hack SCADA systems and hack avatars and hack things to your heart's content. And it's a really good training place. We're also doing a lot of work on social software and national security. How you have to balance the risks and the gains and we're very much welcome some of your insights into that. And we also are looking for leveraging the great talent that's out here and find ways to work together. Thanks. Hi, my name is Gordon Snow. I'm the Section Chief of the Cyber National Security Section of the FBI, and I'm also the Director of the National Cyber Investigative Joint Task Force. In my job as Cyber National Security Section Chief, I coordinate the cyber investigations that cross terrorism, intelligence, counterintelligence, and law enforcement equities of the 56 field offices that we have and the 60 legal attachés we have around the world. As a Director of the NCI JTF, I do the same thing for the 18 member organizations that are there. We have jobs, obviously, in the agent field, in the intelligence field, in the forensics field. And since we are an equal opportunity employer, I'm here to arrest or recruit. Hi, I'm Rich Marshall. I'm first generation grateful dead. Really missed, Jerry. I'm recovering, though. I work for the National Security Agency. I've had 27 drug tests in the last three years. I pass all of them because they ask you to provide a urine sample, so think about it. But you have a study for it, right? The National Security Agency section that I work for provides information system security solutions for national security telecommunications and information systems. So that's probably one of the more important things that we do. Mark. This is like Alcoholics Anonymous. I am an ex-fed. Hi, Mark. I'm Mark Sox. I run the Internet Storm Center. Used to be at DHS. I was at White House before that and our military before that JTFC and D. I am a US citizen. I normally carry. We can't really do that in the casinos. I do believe in the Second Amendment. My name's Andrew Freed. I'm a former IRS person. I'm sure some of you have heard of this before. Thank you very much. A couple of years ago, my boss is don't do anything stupid, so I was the one that got married on stage here in DEF CON two years ago. This is my 10th or 11th DEF CON, and I think I've been pretty active in a lot of the groups you probably are all part of yourself. Hi, I'm Greg Garcia, Jerry's reincarnation, president of the cleverly named Garcia Strategies, a consulting firm. At the Department of Homeland Security, I was the first assistant secretary for cybersecurity and communications. As assistant secretary, I guess to my staff, my handle was ass. As assistant secretary for cybersecurity and communications, I was responsible for three things. The national cybersecurity division, which Michelle Kwan is a part. The national communication system, which keeps our communications infrastructure up and running in times of national emergency, and the office of emergency communications. So I have to say, for the two years that I was a DHS, left in December, I probably did 100 or more keynote addresses across the country and internationally, and this is the first time that I ever looked this cool. My name is Kevin Manson, and I'm a Webaholic. You're supposed to say hi, Kevin. Thank you. I am the one that coined the term cyber cop back in the late 80s. And I was with DHS at the Federal Law Enforcement Training Center. I had the privilege of training over 100,000 agents over my 20-year career. And one of the things I'm most proud of is training federal agents how to obey the law while they enforce it. Eight years ago, I was privileged. I was actually given a call when Richard Clark was not able to keynote the Black Hat Conference. I got a call from a dear friend of mine, Bill DeFoia. Bill was with the FBI Behavioral Science Unit. And he did the definitive profile of Ted Kaczynski. And a member of the History Channel had interviewed Bill, and they asked him, who do you think this individual's going to be when they catch him? And he said, I think it's going to be a monk on a mountain in Montana. So when Bill called me, he said he'd been asked to keynote, filling for National Security Advisor Richard Clark. And he said that he gladly accepted that. He said he wanted to add one requirement. He said he wanted his friend to co-kinot with him. He called me and asked me if I wanted to do that. And I said, Bill, what small body parts do you want? So I was very privileged to do that. This is only my third Black Hat death gun. But one thing I did note when I keynoted back in 2001, and I noted that the true elite are not those who are out there wreaking havoc on the internet. The true elite of the roles are out there defending it. And I'm proud to say I'm associated with these kinds of people who've been doing that for a long time. If you want to take a look at something, a project that I'm also very involved with, and if you go and take a look at my website, which is it's a long one, I apologize, but it's redtapewillnotdefeaterrism.org. I am having second thoughts about that. If they had to deal with some of the red tape that I saw in my 20 years in government service, we could probably defeat them handily. But if you take a look at it, it's a project that we are urging those who really do believe that the true elite are those who are defending. We'd urge you to join us. It's a non-government entity, basically, so we... Your 12 minutes is up now. Thank you. No problem. Thank you. My name's Ray Kessnick. I'm a retired special agent with the Naval Criminal Investigative Service. My last few years I spent as the Director of the Defense Cyber Investigative Training Academy in Maryland. I'm currently the Director of Training for the International Multilateral Partnership Against Cyber Threats. Kind of a tortured long name, but it's impact based out of Kuala Lumpur, Malaysia. We have a stated goal of assisting developing countries as they come online, giving them the security tools and training necessary so they can do it on a level playing field. And I appreciate you're having me here today. Thank you. I'm Bob Hopper with the National White Collet Crime Center. How many of you guys have ever heard of that? Everybody that raised their hand is a cop, right? I mean, if you wanna know who we are and what we do, please go to our website, nw3c.org. I'm here recruiting. How many of you have a resume with you right now? Come see me. If you can decipher the information on this coin, the hex and binary, we'll talk. Thanks. My name is Jamie Turner. I work with NCIS and I never really like be here. I like to be surfing back home Hawaii, but I had to come. So I work with NCIS and part of their mission is to investigate and solve those crimes that affect the world-friending capabilities of the Department of the Navy and the United States Marine Corps. And we have a cyber division. I work with that division, looking at the infrastructure, conducting computer operations and investigations. And this also gives me a chance to thank a lot of you guys that are here because of the panel too, because I go by different handles. Some know of me as a Jesus Christ warrior, full thought of a Christian or just whatever. And I am a Christian, but you guys, if I wouldn't be where I'm at today, if you guys haven't helped me and some of these guys on this panel. So I want to say to you from my heart to you, brother to sister, brother to brother, just like when Ohana, like when big family, and nothing bad, it's all good. And I want to thank you for this opportunity to be here and talk story. Okay, the microphone's down here. Now the rest of the night is up to you guys. Questions? Sir, Dr. Wells. Lynn, how you doing, man? Good. I just want to let you know that the US Air Force still loves you. Thank you. You're welcome, sir. And you can explain to people later why we say that. I have a question, sir. It could go to any panel member. There are many people representing a broad part of the government here, but not that many war fighters. People whose DNA might be the principles of war, mass observation, surprise security. But we're headed into a lane where there are going to be war fighters. I think when Colonel Convertino said he was recruiting, part of that includes a need for youngsters to come into war fighting as well as intel. My question is, how are we doing at setting up US Cybercom from your point of view? How will DHS get along with the war fighting part that's emerging very strongly? And how do you see our ability to conduct war operations in cyberspace developing? Thanks, sir. Mike, you want to start with that one? Sure. I think we've gotten off to a pretty fast start with the US Cyber Command stand-up. My unit is part of the Air Force component to US Cyber Command. 24th Air Force, which will basically operationally directly support US Cyber Command is in the process being stood up down in San Antonio where I am. And we're looking forward to all that. And you're right, there's a certain war time or war focus to that and supporting the networks that we operate on, but also holding our enemies' networks at risk are pretty key to that. And we're busily trying to buttress our forces in that area right now, which is part of why I'm here to recruit. And as far as the risk goes, I think I'll let Lynn answer the rest. So I think one of the things you need to do to stand up an effective change like Cyber Command, like the ability to get effective war fighting is you have to have to address sort of four areas. You have to address people and you have to address processes and you have to address technology and you have to address organizations. So Cyber Command begins to take care of the organizational piece. It sort of begins to take care of the people piece, but not really. So we have to co-evolve all of those. And part of the organization is how we interact with the rest of government. I think that a lot of work has been given to understanding how this will interface with DHS. I can't speak for DHS and how they view it or how they'll respond. But I think from the President on down, based on the sort of review he did of the cyber threat a few months ago, everyone understands that this is a national problem and is gonna require a national solution not just the Department of Defense. So I think all of us involved in this realize it's gotta be not only a whole of government, but a whole of nation. There has to be a private sector. There has to be a business community. There has to be a whole of government approach to this. So we didn't really have a choice if we're gonna be effective in this space. So I think it's important. I think we've taken some first steps. We still have a long way to go. And speaking for DHS, we do see this as a team sport. We do see this as more than just war. There's as we know from our law enforcement partners here up on the panel as well. There's a criminal element to this as well. And this is definitely a team sport. We definitely need the assistance of private industry and our international partners as well. And we have been doing this well so far and I think we can do it better and we'll continue to do it better and continue to work together. Next question, sir. This question is for the Postal Service and maybe others. You probably can't tell by the way I'm dressed, but I win the lottery by email almost every week. And the amount of fraud on the Nigerian fishing expeditions and others on the internet is just massive. Is there a website that we can just forward these messages to? So some of the people in the feds can slow the fraud down a little bit. Have you paid taxes on those weddings yet? NW3C in partnership with the FBI has a site that you can actually do that. It's IC3. IC3.org. Got it? Actually, the FBI does a really excellent job of cobbling, doing some analysis and cobbling those cases together and either investigating those on their own or shipping them out to jurisdictions that are appropriate. And NW3C's side of that is to kind of do the same thing. We don't do the level of analysis that the FBI is able to do. But we do essentially the same thing they do and that is identify the law enforcement agencies that might be able to impact it and get those cases to the right people. And hopefully that answers your question. Andy, did you wanna take that? Go with it, Andy. Well, I've not been pretty heavily involved in fishing and fraud and I would say that maybe out of 10 million offenses that you've probably gotten in your email box, I think the federal government maybe has made three to five arrests. So it's a big problem and I'm not sure it's an easily solved problem. I think the good spam filters are probably better solution than assuming law enforcement's gonna protect you because there's just so much of it out of there. I think, I know how to solve the problem. Use the mail, you know, don't use this email stuff, guys. Get off that. It's dangerous out there, guys, dangerous. Use the mail. Next question, sir. It's no secret that the various worms and trojans have significantly impacted coalition operations in Afghanistan and Iraq over the past 12 months. What lessons have been learned and what are you guys planning to do to make sure that that sort of thing doesn't put our guys in greater danger than they already are? Yeah, that's, I'll take that one. The DOD has undertaken a great number of efforts to try and both correct the, I guess, the needy end of the network's patching capabilities to try and get patches out to the appropriate people out in the field, but also to put in place better mitigation efforts for when compromises do happen. Make sure that the, make sure that exfiltrations really can't happen or are much more difficult to make occur. And also a certain amount of discipline and education and the people in the field in Afghanistan and in Iraq both, to make sure they understand what these threats are. Everybody in this room has a pretty good intuitive idea of what those things are, if not an intimate one, but the soldiers in the field don't necessarily. You know, if you're an artillery guy or a fighter mechanic, you might not have an intimate idea of what those things are. So we're improving our education efforts too. I would like to ask a yes or no question to each member of the panel. Do you, do you feel you are more empowered to do your job under the current Obama administration versus the Bush administration? This is a yes or no question. There are no gray areas. Please answer yes or no. I see bullshit. Yes, I do. Oh, yes, I do. I also see chicken shit too. I'm gonna feel quite empowered when this guy passes out on the floor. I don't think he's drunk. I think he's just an asshole. If you would like a drinking contest, please bring it this way. Apparently you are chicken shit and not able to answer the question. Sir! I remember when I had my first beer too. I'm glad Sam Adams has been making beer that long, sir. Next question, please. A lot of people around here don't have a traditional education, let's say. The GS schedule doesn't really work with that. Is there any plans to change that at all? Could you ask, we were watching him. We, like watching a car wreck, go again. Did you guys hear me at all? Is this thing on? The question was, if you have a sort of a non-standard education, the GS schedule doesn't really work. Is there any plans to do anything differently as far as that goes? You know what my response would be, you know? You can always enlist in the Air Force. And we would educate you. And the other thing is we do have ROTC scholarships so you can get a standard education and ultimately fit into that structure as it exists. But as far as modifications to the GS structure, I haven't heard of any. There are lots of ways to qualify for those positions and they're not always dependent upon formal degrees, but it depends upon the position and how the position description is written. And I'll also include that you could apply for a cyber core scholarship as well. Are you basically speaking about the GS-PACE scale? Second, is that correct? Are you basically speaking about the GS-PACE scale? Yeah, basically if you don't have a college degree, you hit a limit. I know that some of the agencies are going to what they call NSPS, basically where they're trying to compete with the outside of the corporate. So they're trying to get in line with what's going on with corporate America if that helps you. A lot of times that's also based on position. I mean, it's not really, I don't think all of it's wrapped around the GS schedule. I know I've hired people and a person's like a GS-14 now on my team that doesn't have a college education. I saw great value in lots of other things that this person brought to the table. Our former director did not have a college education, GS-15, very impressive people, non-traditional education, great value brought to the table with a huge amount of system administration experience and understanding of networks. That does not stop you. A lot of times you'll see a little caveat at the end of a position description, it'll say or equivalent experience, blah, blah, blah. So keep looking for things like that, not just seeing that four year thing and feeling like that it's gonna kill you. So keep your head up. Let me just quickly add that just a story. We've got a little Linux guy that works for us. I hired him off the street and I'm putting him through school. So I mean if you've got the talent, there are folks out there that need you. There are people that will help you get through that education cycle. It's not a closed loop. He's not the only one. I've got actually in my small little tiny shop, I've got three different people that are going through that kind of program. I hired them because they were really, really good at what they did and I really didn't care about their formal education at the time. They're getting it now, but I really didn't care about where they'd gone to school because they were just really, really talented people. Next question please. Looking in from the outside, it seems like several different agencies are almost swabbling over who's going to kind of take the lead in the US's cyber defense and it kind of seems now that the Air Force is kind of moving to the head of that. My question is basically, when are we going to see more of a unified front of a single entity saying we are cyber defense as the Air Force is to the air or et cetera? But yeah, this is a source of confusion, I think caused by some of the commercials that came out last year and whatnot, but the Air Force is not out to rule the cyber world. We have our own little section of it and we want them to take care as good stewards of our own networks to make sure those are secure. And as I mentioned earlier, we want to hold adversaries networks, especially ones related to Air Force at risk. But from a functional standpoint, working with the folks at NSA and other services, they're really at the working level that there's no swabbling over it. I think at the executive level, there's some discussion between DHS and DOD and some advocates in Congress back and forth between those two, so supporting one organization or another. But as far as us working on this table, for example, working together, we don't, I've never had an issue. Next question. There's a lot of news about North Korea being a threat to the US or to any country as a nuclear nation or possible nuclear nation, but wondering what kind of a cyber threat do they pose to the United States allies, if any. You hear any news about DDoS tax or anything coming from North Korea? What kind of threat do they pose, if any? I'll take a stab since y'all are waiting down there. North Korea is hooked up with 56K dial-up modems. And if they can pull all five or six of them together for a DDoS, I'd like to see that happen. This is kind of a multi-part question and it's open to anyone who wants to answer it. I'm sure with your professional experiences, you've been involved in projects that have uncovered zero-day exploits, viruses, worms, and trojans. What do you have that ensures us that you, when you find these exploits that you contact us and let us know about them publicly, if any at all. And also, if you choose not to let us publicly know about this uncovering of a zero-day exploit, do you keep them for your own personal use in your agencies? Are you able to track these offers and then hire them or recruit them as opposed to charging them with criminal intent? So I wish it was that sexy, but it's not. You can go to the U.S. cert webpage and we post all the information that we know there. You can sign up for the U.S. cert advisory and we will email you and let you know when we find out about something. So it's not quite that sexy. My question's another question regarding North Korea. There's a big media frenzy regarding like the big North Korean DDoS attack that involved the Treasury website among other government and corporate entities. It came out that that was an eight megabit per second attack which is like what, two cable modems? And then with regard to the Russia-Georgia incident, how big is cyber warfare a threat in this new kind of era? Is it really a threat or is it, with the media, is their focus misplaced? Well, I think you have to be careful about what you read in the media and what you believe. Yeah, that's very true, especially in regards to Russia and Georgia. Certainly we interpret what happened there as either sympathetic or actual virtual preparatory fire prior to actual physical engagement. So we in the military regard that as pretty serious stuff. So we examine that pretty carefully and we watch how those things were done, who actually did them and try to figure out exactly how we'll handle those things as they come up again. But clearly we've seen in the press certain nations have come boldly out and said, hey, this is pretty neat stuff. And oh, by the way, it's not illegal as far as we can tell, which I thought was pretty interesting. Some responsible members of other governments saying these things in the press. So yeah, we take that pretty deadly serious, especially in the military. Oh, I think, so I think one of the things that was concerned, particularly as you watch the progression from Estonia to Russia, Georgia, and this is, as Colonel said, the integration of cyber with conventional military operations. And so this is not just gonna be a standalone thing that happens in cyberspace, but likely to be a part of a more integrated campaign. So one has to give thought to how one addresses that. The other thing that's very interesting is these are rarely solely state on state identified activities and the waters are muddied considerably by hacktivists or patriotic hackers, we're doing a column, who are working in similar spaces. And so that makes the attribution problem particularly hard and all this needs to be factored into the consideration. Next question. So the big internet service providers receive thousands of requests a year for customer's records, their emails, their searches, and in many cases, you guys are the originating parties for some of those requests. Now these internet providers are not equal when it comes to their tactics for responding to these requests. Some of them charge the requesters for the information, some of them provide it for free. In the case that you claim exigent circumstances, so an emergency, some of them provide it without a subpoena and some of them say come back with a subpoena. I'm wondering if any of you can share some of your experiences with these companies and let us know which internet providers are standing at their ground and saying come back with a warrant and which are handing it over for free with no subpoena required. I'll give it a shot. I'd like to get a list of those that are doing it for free. I've not run into it. We issue quite a few subpoenas and search warrants and basically there are ways to expite as you noted exigent circumstances, but it's all within a very strict legal framework. On the law enforcement side, if we try to short circuit it, we short circuit our own investigation so we shoot ourselves in the foot. So I can speak definitively for us and I'm sure that everyone else is the same is that you gotta do the paperwork. Unfortunately, we have to cut this short by seven o'clock. However, if there's anyone interested in doing the QA, we have a QA session over here in room 103. All of you folks are welcome and encouraged to come over here. Then all the folks who were asking questions are welcome and encouraged to come over here. But we have shut it down by seven. Thanks guys. We've still got five more minutes folks. I'll try to be quick then. Earlier on the response to one of the first questions, the panel was talking about wanting to have greater cooperation with private industry in I guess in coordinating defensive tactics, investigations, whatever. What sort of carrots or sticks as appropriate are you using to get high level cooperation with private industry? And I don't mean like infraguard because a lot of the low level stuff goes on. But how are you doing that? Or how can I get my organization to cooperate with law enforcement? Well it's more than just law enforcements with the community in general and you can do this through the ISACs, through your sector ISAC, you can join your sector ISAC and participate in that way. You can work directly with USCIRT. We're more than happy to do that. DOD has a pilot program with the Defense Industrial Base. It's a voluntary program where the private sector folks can sign up with DOD when there's an attack on their system. They notify the Department of Defense. We sanitize that information, share it with the rest of government and the rest of the companies that have signed up. And we share that not only in an unclassified format but in a classified context what the threat really is. So it's a brand new pilot program. We have about 29 major defense contractors that are participating in that program right now. I'm also going to get a URL from you. See me afterwards. Yes sir. Mine's going to be quick as well. I work for a Canadian e-commerce site. We see about $1.5 million with a fraud every year. A lot of that is being used for money laundering internationally and my question is, do any of you give a shit and can you help me in stopping this? No. Okay, I'm sorry that we've been cut off so that was the last one.