[gsc] e-gold = treason... Well not officially...

The Phoenix Dollar info at phoenixdollar.net
Wed Dec 12 01:05:44 PST 2007


This is the run of the mill propaganda piece relating to e-gold and  
western express which then leads to a neat little
piece where he tells us 40% of all us people will have to telecommute  
since they will be sick with pandemic flu at some
unknown date in the future. I did not know western express ran a  
digital currency? Is that a mistake or are they referring
to Goldage?

They spent most of the time paving the way to make e-gold look  
entirely evil and they also mention that they will be
conducting investigations offshore to finish the clean up job. I  
guess that goes right in line with the kidnapping UK
people thing that got press recently.

I don't think anyone is safe offshore. I never did actually.

Remember, this is treason! ahhhhh

They seem to want to force crime offshore. That makes no sense since  
it already is offshore and the attacks on US banks
will continue from offshore. So they are essentially taking credit for
an existing phenomenon as if they pushed cyber crime offshore when in
reality it was "offshore" always. These people can't even stop a syn- 
flood. ugggh.

Politics butting up against cyber anything is entirely too interesting
to miss!


http://www.dhs.gov/xnews/releases/pr_1197409593155.shtm

Remarks of Assistant Secretary of Cybersecurity and Communications  
Greg Garcia at the New York Metro Infragard Alliance
Security Summit

Release Date: December 11, 2007

New York, NY
(Remarks as prepared)

New York is such a fitting place to hold a security summit. With its  
storied history and thousands of financial
institutions, it is the world's financial nucleus. All of you, as  
leaders in your respective companies and organizations,
understand the full weight of your responsibilities to New York City  
itself, the nation, and quite honestly, the world.
Because as Wall Street goes, so does the rest of the world. That is  
quite a responsibility to shoulder.

Yet you have continuously demonstrated your understanding and  
commitment to upholding this reputation. Time and again,
whether facing a natural disaster or terrorist attack, you have found  
ways to ensure that roughly five and a half trillion
dollars flows unabated through our financial systems each and every  
day. That's five and a half trillion dollars a day in
activities that are critical to our citizens' basic needs and our  
Nation's economy.

It's the delivery of paychecks, utility bill payments, ATM  
withdrawals, and the over $733 million of Internet sales that
occurred this past cyber Monday -- the first Monday after  
Thanksgiving, which is considered the most active online
shopping day of the year.

As New Yorkers know, our adversaries will stop at nothing to destroy  
the infrastructures we have all worked so hard to
build and protect. Whether they are cyber criminals, hacktivists, or  
nation states, our adversaries are pursuing ever more
sophisticated and determined cyber attacks on U.S. government and  
private sector networks.

I'm watching as companies  household names with huge market  
capitalization and seemingly tremendous resources  expose
their networks and data to infiltration and information theft. I'm  
seeing the same with government agencies on a regular
basis. So we're all at risk, and we're all responsible. We have made  
some progress but there is much more we all have to
do to protect our critical systems.

So let me tell you what we're doing at DHS to make the United States  
the most difficult and dangerous place in the world
to conduct cyber crime. I think you will see that you each have a  
very important role to play in helping to make this
happen.

Let me start with an overview of the threats as we see them at DHS.  
As you all know, the threats are real. Hackers are
becoming more sophisticated and focused in their efforts. Criminal  
computer code is now written at the PhD level, and sold
cheaply on the Internet.

Hackers are making massive efforts to compromise computer systems on  
a global scale. What was once a nuisance committed
by various individuals years ago has now progressed into organized  
efforts by highly skilled professionals.

Today's professional hackers develop and sell malware toolkits to  
other criminals on the black market. In turn, the
buyers of these toolkits can conduct online scams and spread malware  
more proficiently than ever before.

Why do they do this? Because cyber crime is big business. The number  
of hackers attacking banks worldwide jumped 81
percent over the past year. Botnets, spear phishing, key loggers, and  
other attacks make up the more-than-$100 billion
global market for cyber-crime , surpassing drug trafficking from a  
monetary perspective. Worst of all, the money obtained
through cyber crime can be used to finance terrorism.

The numbers don't lie. From October 1, 2006, through September 30,  
2007, our US-CERT which I'll describe in more detail
in a momenthandled more than 37,000 incidents, compared with almost  
24,000 the year before. This increase can be
attributed to not only more attacks on our public and private  
networks, but also better situational awareness levels and
reporting rates.

I'll tell you now: many of these malicious attacks are designed to  
steal information and disrupt, deny access to, degrade
or destroy critical federal or private sector information systems.  
Our adversaries are also seeking our intellectual
capital and proprietary information, which we have spent years and  
billions of dollarsdeveloping.

Unfortunately, none of this will dissipate if we do not have the same  
level of organization and coordination that our
adversaries are using against us. This dynamic underscores the  
absolute necessity for IT security and the importance of a
nationwide call to secure cyberspace. It's something we can't afford  
not to do.

Our mission is clear. Securing the systems that maintain and operate  
critical infrastructures is vital to national
security, public safety, and economic prosperity.

How do we do this? Collaboration and information sharing. It's a  
common theme in many of the speeches you hear because
public/private partnerships, like InfraGard and the Financial  
Services and Multi-State Information Sharing and Analysis
Centers (ISACs), are essential to protecting our critical  
infrastructures.

Let's be realistic. Private industry owns and operates more than 85  
percent of the United States' critical
infrastructures. That means the Federal Government cannot address  
cyber threats alone. Obviously, if a cyber attack
occurs, the larger percentage of potential immediate victims will  
also be in the private sector. This includes the
financial services industry. So not only does it make sense to  
collaborate with each other, it is an absolute necessity.

At DHS, one of our best information sharing mechanisms is the United  
States Computer Emergency Readiness Team, or
US-CERT. The nation's cyber watch and warning center, US-CERT  
coordinates the defense against and response to cyber
attacks in coordination with the private sector.

It also analyzes and reduces cyber threats and vulnerabilities,  
disseminates cyber threat warning information, and
manages incident response activities with a wide range of  
stakeholders. US-CERT's activities allow us to see potential
trends and coordinate appropriate deterrence and response activities  
across sectors.

A prime example of this occurred just last month when the US-CERT  
served as the key data gathering and distribution
center for a potential cyber threat to both government and private  
sector systems maintaining critical infrastructures.

By taking advantage of its information-sharing relationships, US-CERT  
distributed a notice defining the malicious
activity and addressing how partners could detect and prevent it from  
affecting their networks. This directly strengthened
the security and resilience of our nation's critical infrastructures.

The key lesson here is that by sharing our knowledge, we can better  
protect our nation. But we also know that this
information sharing relationship is not as mature yet as it can be.

The feedback we received from our private sector partners after this  
information notice was, overall, very positive and
appreciative.

But it included a reminder that such notices would be more useful if  
DHS could provide more threat-based context  that
is, what is the nature of these attacks? Where do they come from?  
What is their intent?

Well, we continue to be limited in what we can share with partners  
who don't have appropriate security clearances,
(indeed that's an issue within the U.S. government agencies as well).  
And we have to find better, quicker ways to get you
relevant information that you can act on.

And, from our perspective, when we provide you information you  
already have, we realize both sides need to better
calibrate our exchange of information so we make most effective use  
of our limited time and resources.

So we're learning, and we're working to improve our information  
sharing. That's one of InfraGard's key tenets and the
ultimate goal for all our actions.

As we move into the discussion portion of this event, I'm very  
interested to hear your ideas about other ways we can
share useful and relevant information between sectors.

In addition to sharing information with its public and private  
partners, one of US-CERT's most important responsibilities
is increasing the Federal Government's awareness of its own network  
activity.

We know from our friends in law enforcement that situational  
awareness is the primary method a beat cop uses to protect a
neighborhood. As I'm sure Joe can recall from his days on the force,  
a veteran officer works to deter crime wherever
possible and catches criminals by understanding their environment,  
watching for trends and patterns, and knowing the
rhythms of the community.

We know the same is true for cyber first responders. So we created an  
early warning system that watches for malicious
patterns in network traffic and notes irregular activity. Just as in  
neighborhood policing, out-of-the-ordinary events or
activities can tip off agency cyber responders to potential trouble.

EINSTEIN, as it is known, is that early warning system. It monitors  
participating agencies' network gateways for traffic
patterns that indicate the presence of computer worms or other  
unwanted traffic. By collecting this information, EINSTEIN
gives our analysts a big-picture view of potentially malicious  
activity on federal networks.

Prior to EINSTEIN, it took cyber security responders four to five  
days to gather and share critical data on federal
government computer security risks. Today, we can produce that  
information in as little as four to five hours.

By analyzing network traffic for potential cyber threats before they  
can exploit vulnerabilities, EINSTEIN makes it more
difficult, more time consuming, and more expensive for cyber  
criminals to reach and impact their intended targets.
EINSTEIN provides us with unique traffic pattern analysis that US- 
CERT, as appropriate, can share with its partners. Now
another program that exemplifies knowledge sharing in action is the  
National Vulnerability Database.

Sponsored by my office and the National Institute of Standards and  
Technology (NIST), the National Vulnerability Database
or NVD puts the more than 28,000 known cyber security vulnerabilities  
into a single publicly available resource. NIST
analysts then score them according to the severity of their risk.

Accessed at a rate of 48 million hits a year, the NVD's data enables  
all organizations to automate their vulnerability
management, security measurement, and compliance activities through a  
series of security checklists and metrics.

Recently, your colleagues in the payment card industry recognized the  
value of the database to their cyber risk
management efforts. Last June, the industry's data security standards  
required that all credit card processing vendors use
the National Vulnerability Database to evaluate the security of their  
payment systems.

Essentially, it says that vendors must ensure that their systems do  
not include vulnerabilities that score higher than a
pre-determined NVD number. This greatly enhances the security of  
every credit card transaction, prevents disruptions of
key operating systems, and protects consumer information.

The value of the NVD is not limited to the credit card processing  
industry. If you haven't investigated the potential
beneficial uses of this program in your companies, I strongly  
encourage you to do so immediately. You can access it by
going to US-CERT's homepage (www.USCERT.gov) and searching for NVD.

The NVD is a wonderful example of an industry-lead adoption of a  
valuable government tool. And it also underscores our
role in the federal government, to provide resources that help all of  
you do your jobs more effectively.

Let's move to another example of collaboration and information  
sharing. You know, in many ways, the enemy is already at
the gate. So if we are going to secure cyberspace, we must marshal  
our defenses, learn from each other, and work together
as never before. I'm a true believer in the phrase, you play how you  
train. This is why exercises are critical to our
national and financial security.

InfraGard members already understand this. The Vermont InfraGard is a  
key planner in the state of Vermont's first ever
cyber exercise, which my office is helping to design and implement.  
The lessons learned from next month's exercise will
aid in the development of a cyber annex to the state of Vermont's  
emergency operations plan.

At the national level, we are actively planning for the March 2008  
national cyber exercise, Cyber Storm II, which follows
the highly successful cyber storm I held in February 2006. This  
exercise examines our response and coordination mechanisms
against a simulated cyber event affecting international, federal,  
state, and local governments, and the private sector.

By organizing and executing an exercise such as cyber storm, DHS is  
able to test our planning, information sharing and
response to attack scenarios, assess our strengths and weaknesses in  
those areas, and learn how to improve response
capabilities.

I am thrilled that the financial services sector, through the  
financial services ISAC, is once again fully engaged in the
planning and execution of the cyber storm exercise.

Their participation in the exercise demonstrates their firm  
commitment to cyber preparedness and I hope sends a signal to
other sectors that cyber security measures need to be taken seriously.

Throughout the country, at every level of government and within the  
private sector, people are dedicating themselves to
ending cyber crime. To do this at CS&C it's necessary for my office  
to engage in robust collaboration and information
sharing with our law enforcement partners. We do this through a  
liaison office in the US-CERT, which houses liaison
officers from the U.S. Secret Service and FBI.

For example, maintaining the necessary division of authorities, US- 
CERT and the FBI worked closely together to identify
and investigate cyber criminals and threats during Operation Bot  
Roast II. An ongoing and coordinated initiative,
Operation Bot Roast finds and captures the criminals that overtake  
people's computers to conduct criminal activities.

Since it began last June, the FBI, with US-CERT's technical input,  
captured eight individuals responsible for infecting
over one million compromised computers. We estimate the economic loss  
to be at more than $20 million to date. As the
investigation continues, I have no doubt those numbers will increase.

At DHS, we know that online payment systems are profitable money  
makers for criminals. A recent 24-month Secret Service
investigation of e-gold, an online payment system favored by  
criminals, resulted in the seizure of over $16 million.

In Miami, a Secret Service's cyber crime fraud investigation  
recovered more than 200,000 stolen credit card account
numbers at a potential loss exceeding $75 million.

And here in New York, a Secret Service investigation with the  
Manhattan District Attorney's office led to the indictment
of 17 people and a company called Western Express, a digital currency  
transmittal service.

The defendants are facing charges related to global trafficking in  
stolen credit card numbers, cyber crime, and identity
theft. Based on the over 1.3 terabytes of digital evidence it  
obtained from search warrants and subpoenas, the Secret
Service estimates that approximately $15 million flowed through  
Western Express' digital currency accounts. Additional
judicial action is ongoing with respect to targets identified overseas.

We're starting to really hurt the criminals. Eventually, they are  
going to realize that it is just too expensive  both
financially and in potential jail time  to conduct business in the  
United States.

In addition to catching the criminals, my office also works closely  
with the Departments of Justice and Defense to
prepare for and, if necessary, respond to a national-level cyber  
incident. As co-chairs of the National Cyber Response
Coordination Group (NCRCG), we work with 19 different federal  
agencies, including the FBI and the Secret Service, to
ensure that the full range and weight of the Federal Government's  
cyber capabilities are deployed in a coordinated and
effective fashion.

For example, the NCRCG recently convened to address and respond to  
the denial of service attack against the government of
Estonia, a NATO ally. Additionally, the NCRCG will be an active  
participant in Cyber Storm II.

Effective cyber and communications risk management requires us to be  
prepared for a national crisis beyond those caused
by terrorists or criminals. Now, I've talked a lot about cyber  
viruses. But we still have to contend with the more
traditional biological virus  that is, the potential effects of a  
public health crisis, such as an outbreak of pandemic
flu.

The spread of pandemic disease across the U.S. will be rapid and  
unpredictable. We estimate that as much as 40 percent of
the workforce will be unable to report to work during peak periods of  
an outbreak  and you don't get to pick which 40
percent that could be.

Naturally, telecommuting will be a key mechanism to keeping our  
businesses and government operational during a pandemic
flu.

Preparing for the increase in telecommuting is a demonstration of  
public-private collaboration in action. A working group
led by my one of my components the National Communications  
Systemand including experts from the Federal Reserve Board,
the Department of the Treasury, the Financial and Banking Information  
Infrastructure Committee, and the Financial Services
Sector Coordinating Council, meets monthly to plan for the potential  
communications consequences of a pandemic influenza.

What the working group found is that, while the telecommunications  
backbone is unlikely to experience congestion, the
so-called last mile  to the home and the enterprise  could  
experience disruptive congestion. But it concluded that this
disruption could be mitigated if certain safeguards and practices are  
implemented by enterprises and telecommuters.

In collaboration with major internet service providers (ISPs),  
telecommunications carriers, and equipment and service
vendors, the working group developed the following best practices  
that we strongly encourage businesses and government
agencies to consider:

    1. Limit remote access to users critical to maintaining business  
continuity;
    2. Limit access to business critical services through the  
enterprise connection;
    3. Adjust or retime automatic desktop backup software and  
software updates for telecommuters;
    4. Obtain a telecommunications service priority (TSP) for  
enterprise;
    5. Subscribe to government emergency telecommunications service  
(GETS) cards and/or wireless priority service (WPS)
capabilities for critical it staff; and
    6. Enhance your cyber security posture due to increased reliance  
on communications and it, reduced support staff, and
increased threat of cyber attack.

Implementing these practices will help reduce significant impacts on  
our nation's economy. All of us must do everything
possible to keep our nation operating and delivering critical  
services under even the most challenging circumstances.

I consider everyone in this room today a key partner in the effort to  
strengthen our nation's cyber infrastructure. You
understand that the Internet, and the many enterprise networks that  
depend on it, is one of the central platforms for
business operations, supply chain management, and business continuity.

However, I'm more concerned about the people who aren't in this room  
because, as a recent business roundtable report
suggests, they don't understand that this is a matter of their own  
business survival. Cyberspace is a profitable
marketplace and enabler of market activity. But if businesses,  
whether in the financial services sector or otherwise,
haven't made the investment in the people, processes, and  
technologies that will keep them operational in a crisis, our
economy, in fact our very way of life, is at stake. We can't let this  
happen.

So here's what we all need to do.

First, memorize US-CERT's website address  www.USCERT.gov  and give  
it to everyone who needs it. Tell your partner
organizations and businesses to sign up for the cyber security alerts  
and to report any potential cyber incident, threat,
or attack they find.


uWe can only act upon the information we know about. The information  
our partners provide increases our understanding and
awareness of the health of the overall cyber infrastructure and  
improves our response and protective measures.

Second, encourage your partners to participate in public-private  
partnerships like InfraGard and the financial services
ISAC. These collaborations act as force multipliers for increasing  
awareness of cyber security challenges as well as
implementing actionable and enduring solutions.

Additionally, they serve as an easily accessible mechanism to educate  
people on how cyber vulnerabilities can have real
world consequences to our physical infrastructures.

Finally, encourage your colleagues to make security a part of their  
everyday business operations. It doesn't take long
for cyber events to have real world consequences. Have them look at  
every step of their business lifecyclefrom system
configuration to in-house software developmentto see if common  
security practices are being followed and that response
plans are prepared accordingly. Help them realize that when they  
build a culture of security within their organizations
they make great strides in ensuring the resilience of their business  
operations.

Laws such as Sarbanes-Oxley, the Gramm-Leach-Bliley Act, and the  
Health Insurance Portability and Accountability Act
(HIPAA) place a fiduciary responsibility on them to ensure the  
security of their customers' information and their systems.
However, in reality, these recommendations are simply the right thing  
to do for their companies, their customers, their
fellow citizens, and the nation as a whole. So let's work together to  
make it happen.

Before I close, I would like to make one last comment. Thank you for  
your commitment to cyber security and your active
participation in InfraGard. I have had a chance to work with members  
across the country and know what an important role
you all play in our cyber security awareness efforts.

I urge you to use the time at this meeting to learn as much as you  
can, and then share your knowledge with your
colleagues, professional networks, friends and families.

Cyber security is a complex problem, yes, but the dangers are easily  
understood, and the solution is simple: you can't
guard all of cyberspace, but you can protect your piece of it.





More information about the cypherpunks-legacy mailing list