 And I'm detailed to as the director of the Defense Cybercrime Institute. So I'm here recruiting talented people to do research and development for forensics tools. Okay, what I'm going to do here, this is the fourth Meet the Fed panel. It's not kind of annual. We've been busy the last three years and we haven't had a panel for the last three years. The last one we had, I don't know how many of you were here for the last Meet the Fed panel that was in the tent on the roof. That was an interesting experience. It was about 114 degrees outside. It was three o'clock in the afternoon on a Saturday afternoon. It was 98 degrees in the tent and I'm going, who in their right mind would ever come to a panel in Las Vegas on a Saturday afternoon in that kind of weather. And I think we had about 1200 people in that tent. So that just shows you have, shows a lack of good judgment on your part. So let me rescind that. You could not work for the government. Well, maybe you could. What we're here for, the reason the Feds are here and our objective for having this Meet the Fed panel is kind of three-fold. If you've crossed the line, how many of you have crossed the line and hacked somebody's system? I think I can raise my hand. Thank you. I'm going to arrest that guy in the second row. I'm any illegally, Robert. Shit, the last time everybody, I had everybody stand up and I said, if you've never hacked a system, sit down. Half the system, half the guy sat down and we took pictures of all the rest. You guys didn't fall for it this time. So anyway, if you have crossed that line, I want to let you know that we're working together and we are sharing information and we will catch you and we will ruin your life. That's not a good thing. So if you haven't stepped over that line, please don't. First off, we've got enough noise. If you haven't noticed, there is a global war on terrorism and all the intrusions that we see, most of them are just noise that take valuable resources away from the global war on terrorism and other really significant things that we're trying to do, takes those resources away from that. And if you haven't crossed that line, we in the government are looking for good, talented people. We need a lot of help. Be careful there. We always need a steady flow of talented people. I'll get to questions in a second because I don't know if I want to listen to you or not. So that's kind of our agenda here and why we're here. So what I wanted to do is kind of start at the far end and introduce who's on the panel. Each person will later on get a one, two minute opening statement and then we're just going to open it up to questions from you guys. Also, just some random thoughts. After this is over, at two o'clock, I'm in the dunk tank. Well... So when Jeff called and said, you know, I don't know how to ask you this, but it would really be cool if we could dunk a fed. And it's not like I ain't been dunked before, you know? So I said, well, where's the money go? He said EFF. I said, hell no. So what I did, we negotiated and the money for the dunk tank will go to the National Center for Missing and Exploited Children. So if you want to support a good charity, okay? Also, I do have a limited number. These are embroidered, okay? Okay? Okay? All right, so limited number of these and it's $49. Okay, at the far end is Andy Freed. He's a senior special agent with the Treasury Inspector General. Everybody loves those guys for tax administration and he does system intrusions there. He's been with Treasury for 16 years now. And before that, I met Andy back in probably 1986, 87. He was still working for Kennedy Space Flight Center. And just a side note, he wrote all the forensics tools that everybody in the law enforcement community used internationally until about 1993. Then we tested the tools and found out that it weren't worth a shit. Next is Mike Jacobs. Mike Jacobs is a retired Fed. Mike joined SRA in October of 2002 as a senior advisor. But his real job as a Fed was that he was the director of information assurance for NSA. So lots of... I'm not going to go through all the awards that he's won, but what was really neat was he was also the mayor of College Park for four years. And he was on the city council there for 14 years. So not only is he a Fed, but he was a politician. So you really ought to hate him and the IRS guy. Thanks, Jim. Next in line is O.V. Carroll. O.V. Carroll is a special agent in charge of the Computer Crime Unit for the U.S. Postal Service. So anybody who's used an email, he's going to run a case on you because they just don't like email. He's got an extensive background. He was an O.S.I., Air Force O.S.I. agent for about 18 years before retiring and going to U.S. Postal Service. Don't make him angry. Most agents, when you travel today, you travel armed. They don't let Postal Service guys travel around. And then yesterday, I met Robert Marr Sr. I had met him a couple of times, just in passing, going up and introducing myself, and he sure didn't remember me. So yesterday, I happened to meet him up when I was picking up the speaker badges. And he said, well, do I know you? And I said, no, you really... I've met you a couple of times, but I'm sure you don't remember me, but the fact is I was the case agent on your son's case. So I know your son a little bit better than I know you. So he's agreed to sit in on the panel, but he's not allowed to talk. Just immediately to my left is Alvin Wallace. Alvin Wallace is a supervisory special agent with the Air Force Office Special Investigations, and he's a special agent in charge at debt 253 in San Antonio, which is co-located with the Air Force Information Operations Center. He's had an extensive background. We worked together as a computer crime investigator way back in 1988. He worked with me at the Defense Computer Forensics Lab, so he's got a very... So if you got technical questions, we're going to give them to Alvin. One guy is on his way. It's the FBI, they're always late. Special agent Tim Huff. He's in a cab, he's at the airport, and he's on his way over, and they're going to bring him in as soon as he gets here. He has a BS in computer science from Jacksonville University and was a U.S. Naval officer from 85 to 96 before joining the FBI, and now he's part of the FBI Computer Analysis Response Team. So hopefully Tim will be here pretty soon. So at this point, what we'll do is we'll start at the far end with Andy, let everybody take a two or three-minute opening statement, and then we're just going to open it up to you guys for questions. As he said, my name is Andrew Freed. I'm a senior special agent with the Treasury Inspector General for... I already said that, Andy. Basically, one of the things that's unique about our organization, for those of you who don't know who we are, we're actually like the IRS, internal security. Everybody here pay their taxes that aren't foreign? Okay, if you haven't paid your taxes, please raise your hand. Well, I can assure you... You're a liar, but that was pretty good. I can assure you they don't give us any professional discounts either, unfortunately. One of the unique things about our organization is we're physically co-located with the IRS, Computer Security Instant Response Center. So we have a really good working relationship where we basically both work together at doing proactive testing as well as reactive cases to situations. We're located out of Lannum, Maryland, and basically there's about seven of us that are in this squad, and we refer to the squad as the System Intrusion and Network Attack Response Team, or CINART. It's kind of like space-trekkie, so we kind of liked it. Basically, we have done a lot of work with some of the people out here. I'd like to see a face with a port number that I've seen on our IDS. Thank you very much. But we actually have worked with a number of y'all. We've had some of the people come up and say, I always wanted to attack a Fed system, and we've given permission to do it with a couple of ground rules. So we're not actually anti-hackers, and we're not anti-computer people. In fact, this is my sixth year here. I enjoy the people here. I enjoy being here, and I'll certainly be willing to talk to anybody that wants to talk to us after the presentation. Thanks, Andy. I'm Mike Jacobs. It's a pleasure to be here. For about 10 years, I avoided judiciously coming here for obvious reasons. However, now that I'm retired, it's really been an enjoyable couple of days meeting with you, and during my time as the Director of Information Assurance at NSA, I often told my folks that the hacker community is probably our ally, and we need to pay attention to what they're doing out there. We can learn from what they're doing out there. That said, stay within the law. Now, I'd like to ask you all to stand for a moment. Come on. Come on! It's not that early in the day. A little test. Oh, yeah. Everybody who... You know, for years, DEF CON has run the Spot the Fed contest, if you will. I'd like to suggest that there's another contest that they might start next year. It's called Spot the Field. So all of you who are not foreign intelligence officers, sit down. Caught a couple. Playing defense is often more difficult than playing offense. And indeed, in my 38 years of playing defense, we were often outsmarted by those using the same techniques, technology, and analytical processes because they were just slightly better at playing offense. I would urge you to take your talents, your intellect, your curiosity, and your aggressiveness, and play defense. Thanks. This is $59.95. Ovi. Wow. I came empty-handed. As he said, I work for the Postal Inspector General's office. We do all the computer intrusion and computer forensics for the Postal IG. It's pretty simple. I didn't bring any trinkets, but I'll tell you what I'll do is whoever is the goon that's running the dunk tank, whoever donates the most money to dunk... Wait, I owe you a nickel. Whoever donates the most money to dunk Jim... Yeah, that's right, to Jim Christie, the shirt off my back, the one right here. How's that? We really don't work well together, Jim. I'm primarily here to say no comment. But I'd like to suppress a few rumors that I have heard about me and the others by saying that I have never been indicted for a felony, well, in the United States. Recently. Yeah, right, recently. You're so convicted. Is John Ashcroft here today? Okay, I'm sudden enough. Alvin. As Jim said, I am an Air Force OSI agent. The Air Force realized early on, as many of the people in this room did, that the computers were very important to the way society and information was going to flow in the future. The OSI established a computer crime investigative program back in 1978. Some of the best computer crime investigators in other federal agencies all came and had their start in the Air Force Office special investigations. And we're still actively recruiting because while we are one of the best and one of the best training grounds, we seem to have a retention problem thanks to industry out there and postal and other people like that. So we would like to encourage everyone out there. The Department of Defense realizes how important computers are to the flow of information and for defending the United States. And we're always on the lookout for good people. And what are we going to do to them when you find them? Well, we're going to pay them and we're going to pay them well. And there are also some programs that will allow for the relief of certain student loan debts if you stay as a civilian employee for a certain period of time. I don't have room for t-shirts as the rest of them do but I do have a few coins. Well, let's see. I lost one already, sorry. Okay, at this point we'll open it up to questions from the floor but please speak loud because when we repeat your question we're going to twist it up. Yes, sir. Very much so. It's active. It's not necessarily very easy to find but I assure you it does exist reasonably in large, I mean it's not hundreds and hundreds or something like that but it doesn't. And it's effective in the sense both in the sense it gives the people a very interesting thing to do for the few years that they needed going through college. But also it provides an important method of recruitment. Just as my buddy over here recruitment is very important and rather difficult for a number of reasons including of course the commercial and the business. There are two federally sponsored programs. There are two federally sponsored programs loosely referred to as the Cyber Corps. One is a Department of Defense program which is the one that NSA manages and the other one is managed by the National Science Foundation is considerably larger. There are today four or five hundred student scholarships at work at about 50 different universities across the country. You go to the National Science Foundation's homepage and you'll find it. Just last week Tulsa University hosted the Cyber Corps 2004 symposium and there was a job fair most of the federal law enforcement agencies were recruiting. I got 52 resumes. These are talented people both postgraduate and graduate level. You know and I got to tell you that we went back to our bosses and we said hi Don Tim, this is Tim Huff FBI we've already introduced you're clapping for you now but I went back and we have seven vacancies right now civil service vacancies. They were advertised at the GS 13 level. These guys coming out of Cyber Corps don't qualify for a GS 13. We went back and we're rewriting the position descriptions and we're going to re-advertise them so we can get these guys that have gone through forensics training, IA training to bring them on with law enforcement. Also those of you who have already gotten your degree and you're saddled with a large amount of student loans about two years ago to try and recruit people into the federal service and if you go out to opm.gov each agency is implementing differently but you can have up to 70-75% of your student loans forgiven based on government service within the GS. Do we have any Cyber Corps students here? Tim would you like to make an opening statement? Everybody's were in the question and answer and everybody's had a couple minutes to make an opening statement so now it's your turn in the barrel. You already went over the bios and stuff, right? Yes. There's not much more to say. I've been doing computer forensics now for seven years. I've been an agent for eight years. I've been based out of the Pittsburgh office for the first six years in the Bureau and now I'm at Quantico and I'm coordinating all the forensic activities for the eastern half of the U.S. Other than that, I'll sit and listen for a little bit. Come now speak up. Actually the airline maybe late by about three hours they also lost my luggage. I intended on showing up in a shirt that actually said FBI on it and I had this t-shirt that I wear when I travel. My apologies. Yes, sir. Yes. Pueblo. The city in Colorado. Are you asking whether it's difficult to be employed across the line? Most of the federal law enforcement agencies require you to have a clearance. So depending on what in that clearance and that background investigation, they're going to look at when you broke the law and everybody's broken the law probably during their lifetime except me. It depends on when you did it. If you were breaking the law yesterday and now you want to come to work for the government tomorrow, the chances are we're not going to select you because there's a whole lot of talented people that haven't crossed over that line in, let's say, the last five, seven, eight years. So if you had a choice, would you want someone who... I'm not messing the wrong audience. Would you guys want somebody? So it depends when you did it, what the severity of the crime was, things like that. So everything is taken on a case by case. Something you gotta look at. If we have an investigation on you because of your activities, I have occasion to... I've had some investigative experience with a couple people that have gone on and done certain activities and they didn't decide to charge them because basically they wanted to look at them a little bit more. And they went a couple years and now they tried to get a legitimate job and now applied for security clearance and they're not going to get it because we've got this history of them from two, three, four, five years back that we've shown that they have actually intruded upon certain areas. Just because they don't have anything charges abroad against you doesn't mean there isn't some kind of file on you of your activities. Well, that's good for the military. Law enforcement, I don't think it's got to go that far. And working with someone and hiring them are two different things. We'll work with anybody. We may not pay you. The term might be used. Could you stand up to project this for everybody? Yeah, Freedom of Information acts are taken very seriously by any government organizations. We all have huge bureaucracies set up to answer them. If you request information from an organization that does hold that information you will get a response. Of course. You already had your turn, sir. Right here. Stand up, would you please? That's an agency by agency decision. I can tell you that Jim and I were both at the Defense Computer Forensic Lab at the same time and we brought on an enormous number of people who had no clearances prior to applying for the job, both as government workers and as contractors working on the contract. Kids right out of college. No clearance. We get them an interim clearance and that limits what they're working on until their clearance is adjudicated. But we took it. And that's typically a thing. If it's a contractor's position, if it's a government position, you should be considered as long as you're able to get a clearance. The contractors often are worried about the bottom line. So if they bring you on with no clearance, right now it takes about 18 months for a full-up top-secret clearance. More than $50,000. And it's a $50,000 cost. So looking at you and an equally qualified person who has the clearance already in hand to put you at a disadvantage. Yeah. Yeah. Well, it is true that even the contractor community would prefer to hire people with clearances, but you can come and get my business card afterwards. We hire people without clearances. I'm not in that business anymore. I'm a contractor. Which agency did you attack? I filed all of them. Which one did you attack? I don't know what to start with. Yeah. There are some individuals who basically have blanketed the federal law enforcement organizations requesting information about whether or not they have a file related to them. And they will come back with an answer of no. Maybe two. That's it. Yes, sir. I couldn't hear it either. I think the original question was that the private sector will pay me $100,000 to eat donuts and sit at home. What's the government going to offer? The federal government, the salaries are beginning to get more competitive with the private sector. You can go out. They have made special considerations for the private sector. At the CIO level, at the CIO level of different organizations, they're starting to come out with some new programs. There is stability in working for the federal government. The leave is typically better than the leave that you'd get in the private sector. And you're serving your country. There are advantages to it, but then again, there are disadvantages to the bottom line. And if you're that interested in donuts, the federal law enforcement gets free donuts. Thank you. I would like to shift the grounds of the discussion by just a bit because we're hearing about people who have difficulty finding jobs because they don't have clearances or it takes them too long to get them. As an employee of whatever organization it is that I work for, I go through a polygraph every few years. Normally, but let me tell you the questions from the last polygraph exam that I went through. First was, sir, have you ever committed espionage? Yes. Have you ever committed sabotage? Yes. Have you ever deliberately destroyed a piece of computing equipment? Yes. Now, there was some further discussion with the polygraph examiner, but basically that was the entire content of the polygraph examination. And I think you're going to understand that some jobs and some activities that people engage in are occasionally pretty damn strange. And I don't necessarily have much in common with the people on my right in that kind of thing. And that story just sits as it was. Mark. Are we in the back? Yep. Roll out. What? Our opinion of the Patriot Act. Oh my God. Andy, we'll start down your end. Yeah. No comment. I think that Mr. Ashcroft is taking attendance at this particular forum. Keep in mind that the Patriot Act was enacted after a catastrophic event. Similar reactions can occur in this government, despite the fact that we are a nation of freedoms after any catastrophic event. So if in cyberspace, catastrophic events begin to occur, similar acts can be enacted. There are things about the Patriot Act that personally disturb me in terms of individual freedoms. However, they are understandable in the context of the times we live in. And so further activity in other areas that can precipitate the same sort of response from the Congress further risks our freedoms. Can I add something to that a little bit? Just because the Patriot Act is out there doesn't mean every judge out there is going to give you carte blanche to go out and do all these things It takes a stack of justification and a great deal of investigation beforehand in many cases to get permission to do the things that the Patriot Act does ask or make available. So just because the law is there doesn't mean that all of a sudden we're tapping everybody's phones and we're doing all these things. We just don't have the manpower or the ability. We don't have the need to do that. We're looking at the people that are the serious bad guys. People on the fringes they're on the fringes. Right now for the FBI the importance is international domestic terrorism and that's right up there. Patriot Act does apply to a lot of those things but we've got to do our homework first to get justification to say this really needs to be done. And the judges out there, they're real hard asses about that sort of stuff. They just don't say okay you're an agent you get it. No. They look at it, they read it, they question and sometimes they deny it. They say you don't have enough information. So it's just not a big open book for us. I guess the last thing I'd like to add is how many people out here, please raise your hand, have actually read the Patriot Act and seen what's written into it. And how many of those people actually think that it's impinging upon your personal privacy and it's not quite as it wasn't quite as many but I mean the Patriot Act does not do many of the things that the popular press has put forward and does not impinge on the freedoms that the popular press has always indicated that it does. I mean it gives us some more flexibility but it doesn't remove the probable cause from a law enforcement investigation. Probably fewer. But their staff has read it. Privacy is always a balance between public safety and privacy. And you know that balance depending on the world situation is going to be an ebb and flow. So after a catastrophic event like 9-11 the pendulum swung the other way you're going to see it go back I'm sure. And then we'll have another event and it'll go back again. It's just the fact of life and you vote for your senator and your congressman who enacted the law. So you guys have control. Try the side. Red Hat. Seymour's old boxes. I don't know what that is. I couldn't hear it so I couldn't repeat it. Seymour who? What are we doing with them? I know what you're talking about. I just didn't quite understand what you said. What are we doing with them? The job we're being paid to do. A GS18 or a Bev? Not anymore. But at one time yes. Kate. Next to the last row. 3 back 8. Loud please because we can't hear you up here. Well... All I can tell you... I just know when I came up to a judge to do any kind of warrant it was a stack of about an inch and a half worth of paper that we said this is what we know so far this is why we need this part of the Patriot Act enacted to go after this bad guy. And I can just basically say that many of the law enforcement and organizations have been very cautious in their uses of these and probably one of the reasons that very few have been denied is because they've done their homework and they've established the probable cause prior to requesting the judge to issue the warrants. Because the last thing you want as a special agent is to have to go back to your boss and explain to him that you went to a judge used his time used the good will of your organization for something that he didn't approve. There's also a pretty good vetting process so as it's going up the chain if it's not going to stand the smell test so to speak it's not going to make it up to a judge so that'll help. Yes sir. Selective enforcement in which way? We invest... we invest 8 crimes okay for the United States Attorney's Office they decide to prosecute. We don't make that decision. I don't have the choice. It's the U.S. Attorney's Office that says arrest them or don't arrest them or indict them or not indict them. We just investigate the crime, bring the stuff up to the AUSA's office and they make the decision whether they want to even take the case or not. So it's not in our hands whatsoever. Yes sir. I don't think anybody up here prosecutes. Right. They're the ones that make the decisions as far as any kind of court action. We do the investigation. Let me state that there's two basic mechanisms that we have to obtain information from an ISP. One is what we refer to as a 27 or 3D order and that has to go through the U.S. Attorney's Office and signed by a magistrate. And the second is a traditional search warrant which also has to go through the U.S. Attorney's Office and be signed by a magistrate. We don't issue under most circumstances any other mechanism for obtaining that information. Now being an Inspector General's Shop we do have the ability to issue an IG subpoena but for the most part since they're almost unenforceable we usually opt to go through the U.S. Attorney's Office. In most cases the ISP will not cooperate with law enforcement even if they want to until they receive a court order because it takes them off the hook for civil liability. So once again if I want to go after you there's other checks and balances between me and that process that have to be okay by the U.S. Attorney's Office. And I think most of you don't understand something else about the federal system. When I got out of college I was a street cop for five and a half years and when you go out and you make an arrest whatever that prosecutor is in the morning and starts dealing with it in the federal environment it's very different you work a case you go to a U.S. Attorney's Office and they decide whether they're going to prosecute or not just because you broke the law just because we can prove you broke the law doesn't mean we'll get a prosecution each office within the country will have separate guidelines so for instance when I was a special agent down in central Florida and south Florida you had two kinds of