 Thanks for the introduction Agent X. This is, that's really his name, it is. This is my first DEFCON, so I'm a DEFCON virgin. I'm really excited to be here because I've been hearing about DEFCON for years and I've been hearing about all the funky stuff that goes on later on. I'm looking forward to some of that, but we're going to start off with something not so funky. I'm talking about organized cybercrime. I'm going to get used to this mic eventually, so just bear with me. Actually, I'm just going to take it off the thing here. The reason I want to talk about organized cybercrime is because I think this is the big problem on the internet right now. I think this is what is driving most of the things that are causing all of us misery and pain on the internet. It's these organized crime groups that have infiltrated the cyber community and are basically using the internet to carry out their operations. The lot of this stuff I'm going to talk about, you might not be really thinking about it as organized cybercrime, but I'm going to try to make a case and hopefully by the time I'm all done with this presentation, you'll get an idea of what it's all about. First, I'm going to start off a little bit about myself, just what my background is. In case some of you are thinking about being an FBI agent someday, I'll also give you an idea of the career path. I started off college as a musician. I was a band geek in high school and I thought that when I grew up I wanted to be a band director. So I went to college as a musician, did that for three years, and started my senior year changing to a geology major. My parents were really happy about that by the way. So I ended up getting my degree in geology, but I was really at heart I was a computer geek. What type of computer geek was I? I used to run a BBS. It gets worse than that. I was actually a Phytonet node. Does anyone here remember Phytonet? All right. My brother. All right. You guys all remember about Phytonet? Who can deconstruct the Phytonet node number there? Does anybody remember how that works? I was looking to have a t-shirt that I was going to throw to somebody if somebody could deconstruct that. I don't have a t-shirt, but does anyone want to take a whack at it? What's that? Will I give you my gun? No. Okay, so anyways. You're showing your gun? No, I will not show my gun. So anyways, this is making me feel real old because nobody knows. So Phytonet was a system. It was like a network, but it ran over the phone lines. And every system had a node number. That was my node number. And the first part was the country that it was in. And the second part was a network, which was like a region of the country. And the last part was your node number. Okay, that was a big bomb. Move on, Tom. Okay. So, but it's true. After that I went on to be a network administrator. And I did that for about six or seven years. I worked for Westinghouse and I managed a network of about 800 users. And that's really where I cut my teeth in the information technology field. And that's why the FBI hired me. They did not hire me because of my geology background or my music background, believe it or not. Or the fact that I ran a Phytonet node. They hired me because of my network administration background. Came in as an FBI agent. Went to work at Chicago field office. That's why I have this accent, by the way. It's from Chicago, even though I was only there for three years. And went from Chicago to Pittsburgh where I was on the high technology crimes task force. Did some work at the CERC coordination center. I was a CERC affiliate. So I had an office over at the CERC coordination center where I spent about two or three days a week there. And it was really a fantastic place to work. I think of the CERC coordination center as ground zero for a lot of cyber security stuff that's going on. And I think we're really lucky to have it in Pittsburgh. And most recently I've been working on developing a project that we call the National Cyber Forensics and Training Alliance. And this is also located in Pittsburgh. It's really a joint effort between industry law enforcement, academia, people like yourself that are in the audience. Just trying to get everybody to work together under the same roof on cyber crime problems. And I'm going to talk about that a little later in the presentation. So what is the cyber crime problem? Any FBI agent in the country that gives a presentation on cyber crime is going to show you the slides. You've probably all seen this 50 times before, but I'm going to go over it anyways. Some data from a survey that the FBI does every year with a group called the Computer Security Institute. And it shows some of the losses that have been reported to them as a result of cyber crime. Now what's interesting about this is if you look down at the bottom here it says there's like 639 respondents. This is a survey that they send out to thousands of people. Only 639 responded. But of those 639, look at what the losses are that are being reported. We have over $130 million in one year in losses as a result of cyber crime. And if we extrapolate that forward and what we did here is we took that $130 million and multiplied it by some figure that we think represents the actual number of high tech businesses in the country. We get total loss of over $67 billion a year, which is just astronomical. It comes out to $7.6 million an hour that's being lost because of cyber security related issues. The Internet Crime Complaint Center, which is in West Virginia, which is a clearing house for Internet crime, gets about 21,000 complaints. This is from consumers, not businesses, sometimes businesses, but mostly consumers. They get about 21,000 complaints a month. And the IPR Center has reported about $50 billion in lost revenues. And from our friends at the anti-fishing working group, fishing is a big problem. It continues to be on the rise today. I'm going to talk about fishing in a little bit. Okay. My apologies to anyone from Kansas. So those of you who've been following the evolution debate. So how did we get here? How did we get from things that were going on maybe 5, 10 years ago that weren't so organized to organized cyber crime? So let's talk about the good old days back in the 90s, mid to late 90s, when I first started investigating cyber crime. What were our big problems there? Well, we had web page defacements. We all thought this was a big deal back then. And you guys all remember this, right? You'd go to your favorite website, some.com or .gov website. And instead of seeing, you know, the Prudential's website or some government agency's website, you saw a free GH, right? So we had a little bit of that. And we had a little bit of this stuff going on. I think this was Prudential's website at one time. And then, of course, we had some of this. Now, you know it's getting bad. These guys are the masters of downloading a Wears group. You know it's getting bad when you have Wears groups cracking websites, okay? So, and of course, my personal favorite, National Oceanic Graphic and Atmospheric Administration website. Okay. So this stuff was a problem, but it was entertaining, to say the least. Okay, so what about the Wears dudes? We're a problem for us back in that time. A little bit of organization, we started to see with the Wears groups, right? Okay, I wouldn't really call it organized crime, okay? Because it wasn't really deep in the organization, with the depth of the organizations, but there definitely was some organizations there. So these guys had their own weekly newsletters that they would send out. Okay, and this one's called the United States Courier Report. And this would list all the top Wears sites in the country, the top uploaders and downloaders. Here's another one called the Courier Week Top Scorecard that was out there. They also had a loose, a rough organizational structure to them with these Wears groups, right? At the top, we had people that we called senior or council members, and below them were the suppliers. These were the guys that would get their hands on the Wears before it was released. They would get pre-releases of the stuff. And then we had the crackers. These were the guys that really only had the... These were the brains of the operation because these crackers were the guys that would go in and strip out the copyright protections from the software, okay? And then they would turn it over to a packager who would, you know, put it like in a zip or a RR file, and they'd put their little .nfo information file saying how cool they are, and they cracked this and released it. And then they'd get turned over to the couriers who distributed it to the Wears site. So kind of a loose organization there, but not really something I'd call organized crime. What about carding? Well, it wasn't organized in the beginning. What we were mostly looking at was some e-commerce servers being popped. People get a hold of credit card numbers, trade them on the IRC. And then this was a big development, I think, and as far as the organized crime starting to get into this. We started seeing people trading these credit card numbers for other stuff, okay? So if you think of like cybercrime back like at the end of the 90s, it's kind of like being this, you know, like the organic soup that was the protoplasm that we all evolved out of here on Earth, okay? This was kind of like, it's when people started trading cards for other stuff, that's kind of like the spark of lightning that started, you know, causing the DNA molecules to link together and the carbon compounds to form and start, you know, turning into something living and something complex. This is really, I think, when organized cybercrime was born. And this is really when the underground economy was born, okay? So we go from having something that really wasn't organized, people just doing it, you know, for whatever reasons, maybe to prove how cool they were, prove how smart they were, they're cracking things, breaking into sites. Now they're doing it to trade stuff. They're getting credit card numbers. They're trading them for other things online. And that's really when this underground economy was born. And what caused that to happen? How did this happen? Money. It's money that was bling. It's bling that's driving this thing. It's before we had money in the equation, cybercrime was about stuff other than this organized crime things that I'm going to talk about. So it's really all about the money. I think this is one of the most significant ways we can summarize what's changed in cybercrime over the last five or ten years. It's all about the money now. At least the stuff that I think we should really be worried about from an internet perspective is the different stuff that's being done for money. So in the old days, you maybe had somebody write a virus because they wanted to demonstrate the skill that they had, or they had a political message that they wanted to get out, or they were frustrated about something in their life so they would write a virus and prove to the world how cool they are. Well, now we see this malware viruses are being done for other things. It's being done for proxy bots that are being used for spam and phishing. Again, that's all about money. It's being used for keyloggers. So we have a lot of malware. It gets on the machine. It captures your login credentials, steals your account information so that people can go out and rip you off. And the stuff is, it's actually being marketed. The people that are writing this malware are marketing it as being AV safe. So you can go into these forums where the stuff's being sold and some will say, hey, I've got a new keylogger here and I just tested it against all the antivirus software and nothing hits on it. And this is actually something that's kind of a rude awakening for those of us that think you're all set as long as you have AV software installed. We're seeing about maybe 40% of the new malware that's being released isn't detected by your different antivirus products. We have spam. Spam is all about money. We've got these things called affiliate programs where a spammer can hook himself up with a marketer and basically market a product and get paid for the number of clicks that come in on a spam. So you get that advertisement that comes in your inbox for Viagra or enlargement pills or whatever it happens to be. You click on that, it takes you to a website. Well, a spammer gets some money in his bank account for that. And the spammers need malware, right? So they're paying the guys that are developing the malware. So money's going back into the system that way. And then we also have, this is another thing that spammers are engaging in is DDoS for hire. So the spammers are getting upset that their spam is being blocked by these different anti-spam sites. So they're paying people to DDoS the spam sites and knock them offline. So this is what I mean by there being all about the money, but there being an underground economy out there and it all revolving around people making money. Fishing also is obviously money aspects of fishing are obvious. And carting, which I'm going to talk a little bit more about. Okay, so where does organized crime come in? Okay, where did my goombas up here? How did they get involved with this stuff? And why is it so appealing to them? Well, for one thing, there is less risk in cyber crime than there is in traditional types of organized crime. There's less violence and there's less jail time. A lot of people would be surprised to hear this, but a bank robber, typical bank robbery, if you go in with a gun and hold up a bank, the average take on a bank robbery is like $3,000. It's not like you see in the movies where you go in and you come out with $300,000, $400,000. The average take on a bank robbery is $3,000. And the person that's committing that crime runs an extremely high risk of something bad happening to them. They may get shot by the security guard at the bank while they're doing it. They may get shot by the police on their way out of the bank. And if they get caught, which they probably are going to get caught at some time, they're going to go to jail for a long time. At least 10 years, probably more like 15, 20 years. If they do it three times, if they're caught three times robbing a bank, then they're going to go to jail for the rest of their life, because they have this three-strikes-your-out law. So there's an extreme amount of risk and violence with committing these crimes in real life. There's more profit from doing it in the cyber arena. You can run a phishing scam and make hundreds of thousands of dollars. You can be a spammer and be rich off your rocker, okay? So there's a lot more profit and a lot less violence. The other thing is that the traditional organized crime world has become crowded. And what do I mean by it? Well, it's these guys that are up on the screen there that we think of as organized crime. They are no longer the only face to organized crime. There is all sorts of different groups from all around the world that have organized themselves here in the U.S. and that are participating organized crime. So we have Africans, we have Asian organized crime groups, Russian organized crime groups, Caribbean organized crime groups. We've got a lot of different organized crime groups that are out there. They're all competing for the same stuff. So really the area is crowded. And cyber crime is a great outlet for these more developed groups to move into to make some money. So spam. You might be thinking spam is not a way to make a lot of money. Well, in fact, it's just the opposite. I think that spam is really the bread and butter of the underground economy. This is like these guys' steady job. This is like their 9 to 5 job for a lot of these cyber criminals. When all else fails, go back to spamming. Spamming is a good way to make yourself a steady living. And most of the different guys that we're looking at are involved with spam in some type of way. There's lots of money in spam. If you don't believe me, take a look at some of these pictures. This is all, except for the pile of money there, this is all stuff that's been seized from spammers. Big houses, you know, million dollar homes, rare collectible cars, humvees, all sorts of neat stuff. This is all stuff that we find in the possession of spammers when we execute search warrants on them and work cases against them. And spam is cost in our economy money. Some different groups, it ranges from estimates. We have one estimate from this Ferris research at $10 billion. Another group has estimated it as high as $87 billion annually for the cost of spam. So spam is something that's having a negative impact on the economy. It's also making these guys a lot of money. What are some other things about spam that make me say that it's something we should be concerned about, that I think law enforcement should be focusing on. A couple events happened back in 2003 that really piqued my interest in spam because I have to tell you, up until this time, up until 2003, I really didn't think spam was something any more serious than an annoying email message that you get in your inbox. I mean, I have been having different people telling me that it's serious and that it's running the underground economy, but I just thought it was an annoying email message that we got. Well, we had the SoBig.fworm came out, as a lot of you may have remember, and that infected hundreds of thousands of computers. Estimates were that it infected a total of 200 million email messages and its first week were affected by SoBig.f. SoBig.f, to just refresh your memory on it, the thing about it was it was supposed to go out and update itself, so it had this component where sometime, it was like a month after it came out, it was going to go and connect to 19 file servers on the Internet and download a new code, and so we were really concerned about it. A lot of analysis was done on it. Well, kind of one of the consequences of doing this are outcomes of doing this detailed analysis of SoBig.f. So we find that the main purpose of this piece of mailware, the main purpose of this virus is to send out spam. It's to turn the infected computer into a spam relay. So we have an extremely well-written and aggressive virus that somebody was obviously paid a lot of money to write that the main purpose of this thing is to send out spam. So for me and a lot of other people, that was really a wake-up call for us. We saw this happening and we're like, you know, there is a lot more to spam than just annoying email messages. The other thing that we had was kind of like on the heels of this SoBig.f worm. In September of 2003, we had these massive denial of service attacks that were being carried out against some of the anti-spam sites. So I mentioned a few seconds ago that the spammers have no qualms about launching a denial of service attack to take out somebody that's blocking them. And they were actually paying these different groups of cyber criminals to go out and launch these denial of service attacks. And these attacks were pretty severe. They weren't only taking out the anti-spam sites, but you know, like all the denial of service attacks, it's not a surgical strike, you know, it takes out a lot of stuff in the blast radius around there. Well, these were knocking out ISPs. These were knocking out corporate connections, all because of this massive denial of service that was going on. So it's kind of this stuff, all these things, you know, conspired to make us realize that spam is really part of the underground economy, a serious part of it, and it's contributing to the organized crime that's occurring there. But probably the most significant part, the aspect of this organized crime community is stuff that we grouped together under this big umbrella that we call carding. Okay, so, and carding is basically anything having to do with credit card fraud, bank account numbers, any of these things that are going on, phishing, all of this stuff where people are getting ripped off online. Okay, so who are these guys doing the carding? You guys all remember this movie? Okay, yeah, I don't know. But yeah, so is that what these guys are like? I don't know, maybe, or is it more something like this? So you got to know the subtle thing there is he's got the binary code. That's how you know he's a cyber criminal. He's got the binary code. Okay, so that was almost as bad as the fight on that thing. Okay. All right, enough of that stuff. Let's talk about carding. We've got a group out there. We kind of bunched these people together. We call them the International Carders Alliance, and this, I think, is really the heart of organized cyber crime. International Carders Alliance is a group of a lot of different, it's an assemblage of many different organized cyber crime groups that have websites, they have dump sites, they have IRC channels, they have people with different skill levels that are organized into distinct units and that are carrying out these operations on the internet. So who are these people? When I talk about the International Carders Alliance, these are highly organized criminal network based primarily in Eastern Europe. So this is where we're seeing most of the stuff coming from right now. At least that's been the case for the last three or four years. I'm not saying it's going to stay there and not move anywhere else, but it's really stuff that's primarily coming out of Eastern Europe. It consists of specialized cells for specific functions. So there's groups of people that are part of the structure that each carry out their different roles, and I'm going to talk about those roles in a little bit, but it is extremely organized and extremely regimented, and this is why I'm saying it's organized cyber crime. These guys utilize web forms, and you can probably familiar with some of these sites, Carter Portal, IACA, Mazafaka, Seattle Crew. These are all sites where these people would communicate with each other, they would make deals with each other, they would arrange for the flow of goods between each other, and it's all part of this thing we call carding. And as with trading stuff, you know they would market for things bought and sold online. And to give you an idea of how serious these guys are, they even have their own marketing. Okay, just so there's no confusion here, these guys are not doing something legal, okay? They're not talking about software consulting or business process consulting. These guys are writing mailware, they're stealing credit cards, they're throwing the credit cards into dumps, putting them onto white plastic, sending people to ATMs to take out money. This is what these guys do, and they even have their own advertising. So that gives you an idea of how far this has evolved. It's pretty cool advertising too, isn't it? It is. There's bad as... Yeah, I don't know who that is, but there's bad as them. You'll have to tell me later. So what are some of these... Here's an example of one of the sites. This is a site called Carter Planet, and this is an example of a typical post on that site. It's posted... You can see the topic of the post is USA Dumps. Now, when these guys talk about dumps, what do they mean by a dump? It's basically account information from your credit card that's on the front of the credit card, plus stuff that they call the Track 2 data, which is data that's encoded on the magnetic strip. It's an algorithm of some sort. I don't really understand the details behind it, but it's an algorithm that allows the credit card to work when you run it through some type of point-of-sale device or whatever. So they combine this data into something they call a dump and sell it. And you can see that this guy is offering a dump at different prices, a Visa Classic for $38, a Visa Gold for $75, a Visa Platinum for $100, et cetera. Now, the other interesting thing about this post is that if you look right here, it might be hard for some of you to see in the back, but underneath the guy's name, it says Capodicapi. Capodicapi. If you guys that watch the Sopranos are familiar with La Casa Nostra, the mafia, Italian organized crime, will recognize that term from that. It's a rank in the traditional Italian mafia organized crime structure. Well, this group here, this organized crime group, Carter Planet, organized themselves into the same structure as the Italian mafia. And I'm going to show here, I'll actually skip ahead. I won't skip ahead to scratch that. I'm going to show you slide in a little bit that shows that structure. It's actually kind of cool. Here's another form from Shadow Crew. And you look at these forms, you can see that there's all sorts of, they're talking about identification, credit cards, all sorts of stuff. You could go to these sites and find whatever it is that you're looking for. Here's another one from Carter Planet. Now, what's interesting about this one, if you look a few down here to where it says COB, that's right there, the COB. COB stands for change of billing. Okay, so part of this whole process would be, you steal a bunch of credit card numbers, you get the track two data, you've got what's called a dump, but you can't really use it to go out and buy anything, right? Because most credit card companies know what your home address is and they're not going to ship something to any place other than your home address, right? Well, there's actually people online part of this organized crime structure whose specialty is to change that home address, to call it change of billing. So what these guys do, they'll get the credit card dumps first, they'll call up the various issuers of the credit cards and use social engineering to get the address changed from your home address to whatever these guys want to use as a dump site. And here's what a dump looks like. Okay, so what do these guys do? Conduct network intrusions on merchant processors, write viruses in mailware, you spam phishing to exploit eBay credit cards, whatever it is, it's all part of their daily activities. Software piracy, they'll do software piracy too, you know, because you could make money doing that. Illegal pharmaceuticals, big way of making money online. Escrow and auction fraud, we're seeing a lot of this has to do with like eBay and other types of places. And they'll use compromised credit cards and other online accounts to conduct reshipping operations where they basically buy goods from an American eagle or something like that and have them shipped over to Nigeria. How do they work? What are their skills? These are people that do computer intrusions. This will be one of their specialties. Some of them are data brokers. These are the guys that are selling the dumps, moving the data around, stuff like that. Distribution activities, finding someone to have the stuff shipped to, finding someone to actually go to an ATM and take out money with the stolen credit cards. They produce counterfeit documents. Whenever we execute a search warrant on these guys, we find that they have all sorts of counterfeit documents in their possession, passports, driver's license, you name it. Money laundering, really that's another whole other aspect to this thing is that really what we're talking about is money laundering and this is why like us in the FBI get concerned about this from a terrorism aspect because this is a great way for people to launder money. This is the organized crime structure I was talking about earlier that I just wanted to show this slide. This is the group Carter Planet and remember the guy that posted this, he was a cappa da cappy. So they have all these different ranks and these, any of you that are, anyone here that's students of organized crime will know these all come from La Casa Nostra. This all comes from the Italian mafia. The same ranks, cappa da cappy, cappy, cappos which is the next level below that. Now what's interesting about this, if you don't think this is real, if you just think this is just a bunch of goofballs online, on this slide here, everything from the cappo level up, everything from the cappo level up, they would meet in real life, in Eastern Europe, in person, several times a year. So this entire group was meeting all around Europe. This was real, this was a real structure, a real organized crime structure. We're working on it, yeah. We've got some of them, yeah, yeah. That site's down, that's all I'll say is that site's no longer out there, at least not in the same incarnation it was a couple of years ago. And it doesn't, all of this doesn't have to happen online. So this doesn't have to start with a phishing scam that leads to your credit card information getting stolen. It doesn't have to start with an e-commerce site being popped. There's other ways for these guys to get this information, some of them just more traditional, in real life type methods. One is with ATM scammers. This is an ATM scamer that we seized out of the mail. It was being shipped here from Europe and it looks like a regular ATM that would go on the storefront or whatever that basically steal your credit card information. Here's, this is another one. This one I think is really cool. This is, you can see it's a plain old fashioned ATM and the bad guy has slipped over the top of it this device that's basically going to skim your ATM card when you stick it in. So this device is going to record your ATM card, your ATM card will go in and still function because it's going to go into the real slot on this machine so you'll take out money, you'll think everything's okay, you're not going to realize that your number was just stolen. Now you might be thinking, oh, well I'm still going to be safe because this guy's not going to get my PIN number, right? Okay, well he actually is going to get your PIN number. I'm going to explain to you how this is done. If you look in the upper left hand corner there, you see what looks like something innocent, just a box containing brochures for the bank. Okay, take a closer look on that, it has a little hole in it and you look on the backside, it's got a camera in it, a wireless camera. Most of it's battery as you can see as you would expect, most of it's battery, but you can see there's a little wireless camera on the left there and an antenna on the right. So how this guy would work his scam is he would put the skimmer on top of the ATM device, go out to his car, fire up his laptop, and then watch people typing their PIN numbers in. And then he would write that down and then at the end of the day, or whenever he was done doing it, he'd go take the skimmer off and then he would have all the PIN numbers. Actually he's really kind of smart. Okay, so what are we doing about this? I'm going to wrap up this presentation by talking about some new methods, some new things that the FBI's trying to help us go after these guys. And really at the heart of that is an initiative that we have going on right now. We call it the National Cyber Forensics and Training Alliance and it's based out of Pittsburgh. That's where I'm from in Pittsburgh. I work at this facility. It's something that's very unique for the FBI and for the other participants. Basically what this is in a nutshell, it's a place, I go to work every day, I work with a bunch of other agents there, but we sit side by side with people like yourself. We sit in the same room with people from industry, people from academia, people that don't have a gun and a badge. And we do that because it's our belief that the FBI, the government, does not have all the information, does not have all the answers to the cybercrime problem. The people that have the real answers to this problem are the people that are dealing with it every day, trying to protect their assets, trying to protect their resources. These are the people that have the answers to the cybercrime problem. The NCFTA, it's a joint effort between industry, law enforcement, and academia. And the main focus is to combat cybercrime and improve network security. I'm running out of time here, so I'm speeding things up a little bit. NCFTA, what is it? It's a non-profit, okay, so it's neutral. It's not FBI space that I work at. It doesn't belong to some company like Microsoft. It's neutral space where we all go to and we're able to share ideas and information. It's located in Pittsburgh, and it really stemmed out, as I said, stemmed out of the belief that us in law enforcement don't hold all the keys to solving the cybercrime problem. This is really the NCFTA in a nutshell. All these different law enforcement groups that you see, these are all represented at this facility that I work with. We all have office space there. All these different academic institutions. One of the reasons we located this in Pittsburgh was because of the strong academic computer security institutions they have in Pittsburgh. Most notably, the computer emergency response team is there along with these other great universities. And also all of our wonderful industry, private sector partners that help us out with things on a daily basis. This is really what the NCFTA is about and it's a really exciting place to work. The advantage is that industry experts provide valuable data. They're really the eyes and the ears of the NCFTA. Information flows between all these three components. So I share stuff with the industry folks. They share stuff with me. It's really a very effective means for combating cyber crime. And each group provides a unique... Is that 10 minutes? Was that the 10 minute signal or the... Okay, okay, good. I had more time than I thought then. All right, well, we'll have some time for questions then. And it really provides a neutral environment. There's no ownership of anything there. We have NDAs that we sign. It's a great environment for us to work at. Academia. This is the benefits to academia and to us is that the analysts that work there, many of the analysts are actually students at some of these institutions that I just showed you in Pittsburgh. They are multidisciplinary, so they come in, they have backgrounds doing intelligence studies, information security, all sorts of different things. But the best part about it, for me, working with these students, is they bring a unique and creative perspective to looking at these problems. Anybody here in the audience that works in government, you know that we're not really good at thinking outside the box, okay? You may have found out if you've noticed that or not. This is great. We work with these guys. These people don't even know what the box is, okay? They haven't been beaten down by the system yet, okay? So it's really extremely valuable for us in government just to be able to work with these people, and we get a lot of great stuff from them. And as I said, I'm there on the law enforcement side. We also have a representative from U.S. Postal Inspection Service and members of the Pittsburgh High Technology Crime Task Force. And what the other participants, the non-government folks there, get out of that and they get to see for better or worse how us in law enforcement work and what's important to us in terms of fighting cyber crime. You know, if they've got something they think is a case that we should be working on, well, they get to see like what we go through every day, what we need to make our cases, and what we need to collect evidence. Okay. Now, the last thing I'm going to, the last slide I'm going to show today and talk about, this is another, what I really believe is another vital aspect to the NCFTA model and to the general security of the internet. And this is what I call the white knights of the internet. Now, you guys all know that's Gandalf fighting a bell-rog, right? Does everybody know that? Okay. Okay. Because when I showed this slide to somebody earlier, they said, and I said white knights, they said, yeah, you should have that guy from Lord of the Rings with the white hair. I said, you mean Gandalf? Yeah. That is Gandalf. So, okay. Sorry, I'm a dark knight. Not everyone is a Lord of the Rings dark. But these white knights, these are really the people that are, in my opinion, keeping the wheels on the internet. These are our private organizations, private companies that help us on a daily basis, tracking down cyber criminals. And they're also doing a lot in their own regards just to keep the internet going. So, you know, Spam House, I can't say enough about Spam House. They're one of our biggest partners right now. They provide us with intelligence that not only allows us to go after some of these spammers that I was talking about earlier, but it's stuff that leads to all sorts of other cyber criminals. So, the stuff that we get from Spam House, you know, it goes into putting these guys that are running botnets in jail. It goes into, you know, all sorts of bad things that are happening on the internet right now. Computer Emergency Response Team, again, a fantastic resource that we have there in Pittsburgh. And then some of these other places, familiar with Castle Cops, I don't know if you guys know about Castle Cops. Pretty cool. They're like a computer security group on the internet, gather a lot of really good data on phishing sites. Bottom line is there are all sorts of groups out there that are outside of law enforcement that have valuable information to help not only me in law enforcement, but to keep the wheels on the internet. And I think these people up here are really key at keeping the wheels on the internet. So, that is my presentation. I think we have about five minutes for questions. If anybody has any questions they would like to ask. Yes, sir. Okay, the question is how does somebody get involved in the NCFTA? If you're in Pittsburgh, just stop by and pay us a visit. If you're not in Pittsburgh, contact me at one of the numbers that you see up here on the screen. Yes, sir. Okay, the question is, if you see questionable activity, how can you find out if we know about it? The best way is to contact your local FBI office to make them aware of it. Theoretically, everything that we're working on goes into a big database somewhere and so they should be able to search that and let you know that. Probably a better thing to do though is to get involved with some of our public outreach offers like InfraGuard or the National Cyber Forensics and Training Alliance where you can be plugged into these people on a little bit more personal level than just calling the FBI office out of the blue. Any other questions? Yes, sir. The question is all the numbers in the presentation. Where do they come from? The data that I showed first regarding the dollar damages from cybercrime comes from the Computer Security Institute. If you Google Computer Security Institute and go to their website, someone just mentioned you gocsi.com is the URL. Gocsi.com, they have what's called the CSI FBI security report. That's where most of those numbers came from. Any other? Yes, sir. The question is in the beginning of the lecture I mentioned a malware that's evading antivirus detection and wants to know if I was lumping spyware in with that. Yes, I was lumping spyware in with that. The question is how big is the organization that I showed that had the structure that modeled the mafia, Carter Planet? It's I think about 60, 70 members from what we know about. Yes, sir. The question is the stuff that we work on is it primarily commercial or is it military? It's both. We're really concerned with things that are negatively impacting the internet. We just focus on a Pacific company or something like that. It's really stuff that's negatively impacting the internet. The question is where does our organization get the new... Oh, where do we get the bad guys from? Well, it's again, this is really what's at the heart of how the model works is that everybody that participates in this project comes to us with different intel comes to us with information and they usually come in saying, hey, we're going to hit with something right now. This is who we think is behind it the entire intel base that we have. Oh, there was a question was I said that we have something like 40% of mailware is not being detected and the question was, is spyware included in that? Yes, spyware is included in that. Oh. I'm sorry. Mailware in general. I don't know what you mean by packaged spyware. I'm sorry. Last question right here from the guy in the gray shirt. That's something that I have personally been involved with. The question is, how much organization are we seeing from local street level type street gangs becoming organized and using websites and other such stuff to enhance their communications? That's something I'm really involved with directly but I know it's going on. I know it's going on. Someone just mentioned something to me before my presentation that they're starting to see the street gangs get into the stuff now too. So everybody's doing it. If you have any questions, I can take them on the hall here. Thank you.