[gsc] e-gold = treason... Well not officially...
The Phoenix Dollar
info at phoenixdollar.net
Wed Dec 12 01:05:44 PST 2007
This is the run of the mill propaganda piece relating to e-gold and
western express which then leads to a neat little
piece where he tells us 40% of all us people will have to telecommute
since they will be sick with pandemic flu at some
unknown date in the future. I did not know western express ran a
digital currency? Is that a mistake or are they referring
to Goldage?
They spent most of the time paving the way to make e-gold look
entirely evil and they also mention that they will be
conducting investigations offshore to finish the clean up job. I
guess that goes right in line with the kidnapping UK
people thing that got press recently.
I don't think anyone is safe offshore. I never did actually.
Remember, this is treason! ahhhhh
They seem to want to force crime offshore. That makes no sense since
it already is offshore and the attacks on US banks
will continue from offshore. So they are essentially taking credit for
an existing phenomenon as if they pushed cyber crime offshore when in
reality it was "offshore" always. These people can't even stop a syn-
flood. ugggh.
Politics butting up against cyber anything is entirely too interesting
to miss!
http://www.dhs.gov/xnews/releases/pr_1197409593155.shtm
Remarks of Assistant Secretary of Cybersecurity and Communications
Greg Garcia at the New York Metro Infragard Alliance
Security Summit
Release Date: December 11, 2007
New York, NY
(Remarks as prepared)
New York is such a fitting place to hold a security summit. With its
storied history and thousands of financial
institutions, it is the world's financial nucleus. All of you, as
leaders in your respective companies and organizations,
understand the full weight of your responsibilities to New York City
itself, the nation, and quite honestly, the world.
Because as Wall Street goes, so does the rest of the world. That is
quite a responsibility to shoulder.
Yet you have continuously demonstrated your understanding and
commitment to upholding this reputation. Time and again,
whether facing a natural disaster or terrorist attack, you have found
ways to ensure that roughly five and a half trillion
dollars flows unabated through our financial systems each and every
day. That's five and a half trillion dollars a day in
activities that are critical to our citizens' basic needs and our
Nation's economy.
It's the delivery of paychecks, utility bill payments, ATM
withdrawals, and the over $733 million of Internet sales that
occurred this past cyber Monday -- the first Monday after
Thanksgiving, which is considered the most active online
shopping day of the year.
As New Yorkers know, our adversaries will stop at nothing to destroy
the infrastructures we have all worked so hard to
build and protect. Whether they are cyber criminals, hacktivists, or
nation states, our adversaries are pursuing ever more
sophisticated and determined cyber attacks on U.S. government and
private sector networks.
I'm watching as companies household names with huge market
capitalization and seemingly tremendous resources expose
their networks and data to infiltration and information theft. I'm
seeing the same with government agencies on a regular
basis. So we're all at risk, and we're all responsible. We have made
some progress but there is much more we all have to
do to protect our critical systems.
So let me tell you what we're doing at DHS to make the United States
the most difficult and dangerous place in the world
to conduct cyber crime. I think you will see that you each have a
very important role to play in helping to make this
happen.
Let me start with an overview of the threats as we see them at DHS.
As you all know, the threats are real. Hackers are
becoming more sophisticated and focused in their efforts. Criminal
computer code is now written at the PhD level, and sold
cheaply on the Internet.
Hackers are making massive efforts to compromise computer systems on
a global scale. What was once a nuisance committed
by various individuals years ago has now progressed into organized
efforts by highly skilled professionals.
Today's professional hackers develop and sell malware toolkits to
other criminals on the black market. In turn, the
buyers of these toolkits can conduct online scams and spread malware
more proficiently than ever before.
Why do they do this? Because cyber crime is big business. The number
of hackers attacking banks worldwide jumped 81
percent over the past year. Botnets, spear phishing, key loggers, and
other attacks make up the more-than-$100 billion
global market for cyber-crime , surpassing drug trafficking from a
monetary perspective. Worst of all, the money obtained
through cyber crime can be used to finance terrorism.
The numbers don't lie. From October 1, 2006, through September 30,
2007, our US-CERT which I'll describe in more detail
in a momenthandled more than 37,000 incidents, compared with almost
24,000 the year before. This increase can be
attributed to not only more attacks on our public and private
networks, but also better situational awareness levels and
reporting rates.
I'll tell you now: many of these malicious attacks are designed to
steal information and disrupt, deny access to, degrade
or destroy critical federal or private sector information systems.
Our adversaries are also seeking our intellectual
capital and proprietary information, which we have spent years and
billions of dollarsdeveloping.
Unfortunately, none of this will dissipate if we do not have the same
level of organization and coordination that our
adversaries are using against us. This dynamic underscores the
absolute necessity for IT security and the importance of a
nationwide call to secure cyberspace. It's something we can't afford
not to do.
Our mission is clear. Securing the systems that maintain and operate
critical infrastructures is vital to national
security, public safety, and economic prosperity.
How do we do this? Collaboration and information sharing. It's a
common theme in many of the speeches you hear because
public/private partnerships, like InfraGard and the Financial
Services and Multi-State Information Sharing and Analysis
Centers (ISACs), are essential to protecting our critical
infrastructures.
Let's be realistic. Private industry owns and operates more than 85
percent of the United States' critical
infrastructures. That means the Federal Government cannot address
cyber threats alone. Obviously, if a cyber attack
occurs, the larger percentage of potential immediate victims will
also be in the private sector. This includes the
financial services industry. So not only does it make sense to
collaborate with each other, it is an absolute necessity.
At DHS, one of our best information sharing mechanisms is the United
States Computer Emergency Readiness Team, or
US-CERT. The nation's cyber watch and warning center, US-CERT
coordinates the defense against and response to cyber
attacks in coordination with the private sector.
It also analyzes and reduces cyber threats and vulnerabilities,
disseminates cyber threat warning information, and
manages incident response activities with a wide range of
stakeholders. US-CERT's activities allow us to see potential
trends and coordinate appropriate deterrence and response activities
across sectors.
A prime example of this occurred just last month when the US-CERT
served as the key data gathering and distribution
center for a potential cyber threat to both government and private
sector systems maintaining critical infrastructures.
By taking advantage of its information-sharing relationships, US-CERT
distributed a notice defining the malicious
activity and addressing how partners could detect and prevent it from
affecting their networks. This directly strengthened
the security and resilience of our nation's critical infrastructures.
The key lesson here is that by sharing our knowledge, we can better
protect our nation. But we also know that this
information sharing relationship is not as mature yet as it can be.
The feedback we received from our private sector partners after this
information notice was, overall, very positive and
appreciative.
But it included a reminder that such notices would be more useful if
DHS could provide more threat-based context that
is, what is the nature of these attacks? Where do they come from?
What is their intent?
Well, we continue to be limited in what we can share with partners
who don't have appropriate security clearances,
(indeed that's an issue within the U.S. government agencies as well).
And we have to find better, quicker ways to get you
relevant information that you can act on.
And, from our perspective, when we provide you information you
already have, we realize both sides need to better
calibrate our exchange of information so we make most effective use
of our limited time and resources.
So we're learning, and we're working to improve our information
sharing. That's one of InfraGard's key tenets and the
ultimate goal for all our actions.
As we move into the discussion portion of this event, I'm very
interested to hear your ideas about other ways we can
share useful and relevant information between sectors.
In addition to sharing information with its public and private
partners, one of US-CERT's most important responsibilities
is increasing the Federal Government's awareness of its own network
activity.
We know from our friends in law enforcement that situational
awareness is the primary method a beat cop uses to protect a
neighborhood. As I'm sure Joe can recall from his days on the force,
a veteran officer works to deter crime wherever
possible and catches criminals by understanding their environment,
watching for trends and patterns, and knowing the
rhythms of the community.
We know the same is true for cyber first responders. So we created an
early warning system that watches for malicious
patterns in network traffic and notes irregular activity. Just as in
neighborhood policing, out-of-the-ordinary events or
activities can tip off agency cyber responders to potential trouble.
EINSTEIN, as it is known, is that early warning system. It monitors
participating agencies' network gateways for traffic
patterns that indicate the presence of computer worms or other
unwanted traffic. By collecting this information, EINSTEIN
gives our analysts a big-picture view of potentially malicious
activity on federal networks.
Prior to EINSTEIN, it took cyber security responders four to five
days to gather and share critical data on federal
government computer security risks. Today, we can produce that
information in as little as four to five hours.
By analyzing network traffic for potential cyber threats before they
can exploit vulnerabilities, EINSTEIN makes it more
difficult, more time consuming, and more expensive for cyber
criminals to reach and impact their intended targets.
EINSTEIN provides us with unique traffic pattern analysis that US-
CERT, as appropriate, can share with its partners. Now
another program that exemplifies knowledge sharing in action is the
National Vulnerability Database.
Sponsored by my office and the National Institute of Standards and
Technology (NIST), the National Vulnerability Database
or NVD puts the more than 28,000 known cyber security vulnerabilities
into a single publicly available resource. NIST
analysts then score them according to the severity of their risk.
Accessed at a rate of 48 million hits a year, the NVD's data enables
all organizations to automate their vulnerability
management, security measurement, and compliance activities through a
series of security checklists and metrics.
Recently, your colleagues in the payment card industry recognized the
value of the database to their cyber risk
management efforts. Last June, the industry's data security standards
required that all credit card processing vendors use
the National Vulnerability Database to evaluate the security of their
payment systems.
Essentially, it says that vendors must ensure that their systems do
not include vulnerabilities that score higher than a
pre-determined NVD number. This greatly enhances the security of
every credit card transaction, prevents disruptions of
key operating systems, and protects consumer information.
The value of the NVD is not limited to the credit card processing
industry. If you haven't investigated the potential
beneficial uses of this program in your companies, I strongly
encourage you to do so immediately. You can access it by
going to US-CERT's homepage (www.USCERT.gov) and searching for NVD.
The NVD is a wonderful example of an industry-lead adoption of a
valuable government tool. And it also underscores our
role in the federal government, to provide resources that help all of
you do your jobs more effectively.
Let's move to another example of collaboration and information
sharing. You know, in many ways, the enemy is already at
the gate. So if we are going to secure cyberspace, we must marshal
our defenses, learn from each other, and work together
as never before. I'm a true believer in the phrase, you play how you
train. This is why exercises are critical to our
national and financial security.
InfraGard members already understand this. The Vermont InfraGard is a
key planner in the state of Vermont's first ever
cyber exercise, which my office is helping to design and implement.
The lessons learned from next month's exercise will
aid in the development of a cyber annex to the state of Vermont's
emergency operations plan.
At the national level, we are actively planning for the March 2008
national cyber exercise, Cyber Storm II, which follows
the highly successful cyber storm I held in February 2006. This
exercise examines our response and coordination mechanisms
against a simulated cyber event affecting international, federal,
state, and local governments, and the private sector.
By organizing and executing an exercise such as cyber storm, DHS is
able to test our planning, information sharing and
response to attack scenarios, assess our strengths and weaknesses in
those areas, and learn how to improve response
capabilities.
I am thrilled that the financial services sector, through the
financial services ISAC, is once again fully engaged in the
planning and execution of the cyber storm exercise.
Their participation in the exercise demonstrates their firm
commitment to cyber preparedness and I hope sends a signal to
other sectors that cyber security measures need to be taken seriously.
Throughout the country, at every level of government and within the
private sector, people are dedicating themselves to
ending cyber crime. To do this at CS&C it's necessary for my office
to engage in robust collaboration and information
sharing with our law enforcement partners. We do this through a
liaison office in the US-CERT, which houses liaison
officers from the U.S. Secret Service and FBI.
For example, maintaining the necessary division of authorities, US-
CERT and the FBI worked closely together to identify
and investigate cyber criminals and threats during Operation Bot
Roast II. An ongoing and coordinated initiative,
Operation Bot Roast finds and captures the criminals that overtake
people's computers to conduct criminal activities.
Since it began last June, the FBI, with US-CERT's technical input,
captured eight individuals responsible for infecting
over one million compromised computers. We estimate the economic loss
to be at more than $20 million to date. As the
investigation continues, I have no doubt those numbers will increase.
At DHS, we know that online payment systems are profitable money
makers for criminals. A recent 24-month Secret Service
investigation of e-gold, an online payment system favored by
criminals, resulted in the seizure of over $16 million.
In Miami, a Secret Service's cyber crime fraud investigation
recovered more than 200,000 stolen credit card account
numbers at a potential loss exceeding $75 million.
And here in New York, a Secret Service investigation with the
Manhattan District Attorney's office led to the indictment
of 17 people and a company called Western Express, a digital currency
transmittal service.
The defendants are facing charges related to global trafficking in
stolen credit card numbers, cyber crime, and identity
theft. Based on the over 1.3 terabytes of digital evidence it
obtained from search warrants and subpoenas, the Secret
Service estimates that approximately $15 million flowed through
Western Express' digital currency accounts. Additional
judicial action is ongoing with respect to targets identified overseas.
We're starting to really hurt the criminals. Eventually, they are
going to realize that it is just too expensive both
financially and in potential jail time to conduct business in the
United States.
In addition to catching the criminals, my office also works closely
with the Departments of Justice and Defense to
prepare for and, if necessary, respond to a national-level cyber
incident. As co-chairs of the National Cyber Response
Coordination Group (NCRCG), we work with 19 different federal
agencies, including the FBI and the Secret Service, to
ensure that the full range and weight of the Federal Government's
cyber capabilities are deployed in a coordinated and
effective fashion.
For example, the NCRCG recently convened to address and respond to
the denial of service attack against the government of
Estonia, a NATO ally. Additionally, the NCRCG will be an active
participant in Cyber Storm II.
Effective cyber and communications risk management requires us to be
prepared for a national crisis beyond those caused
by terrorists or criminals. Now, I've talked a lot about cyber
viruses. But we still have to contend with the more
traditional biological virus that is, the potential effects of a
public health crisis, such as an outbreak of pandemic
flu.
The spread of pandemic disease across the U.S. will be rapid and
unpredictable. We estimate that as much as 40 percent of
the workforce will be unable to report to work during peak periods of
an outbreak and you don't get to pick which 40
percent that could be.
Naturally, telecommuting will be a key mechanism to keeping our
businesses and government operational during a pandemic
flu.
Preparing for the increase in telecommuting is a demonstration of
public-private collaboration in action. A working group
led by my one of my components the National Communications
Systemand including experts from the Federal Reserve Board,
the Department of the Treasury, the Financial and Banking Information
Infrastructure Committee, and the Financial Services
Sector Coordinating Council, meets monthly to plan for the potential
communications consequences of a pandemic influenza.
What the working group found is that, while the telecommunications
backbone is unlikely to experience congestion, the
so-called last mile to the home and the enterprise could
experience disruptive congestion. But it concluded that this
disruption could be mitigated if certain safeguards and practices are
implemented by enterprises and telecommuters.
In collaboration with major internet service providers (ISPs),
telecommunications carriers, and equipment and service
vendors, the working group developed the following best practices
that we strongly encourage businesses and government
agencies to consider:
1. Limit remote access to users critical to maintaining business
continuity;
2. Limit access to business critical services through the
enterprise connection;
3. Adjust or retime automatic desktop backup software and
software updates for telecommuters;
4. Obtain a telecommunications service priority (TSP) for
enterprise;
5. Subscribe to government emergency telecommunications service
(GETS) cards and/or wireless priority service (WPS)
capabilities for critical it staff; and
6. Enhance your cyber security posture due to increased reliance
on communications and it, reduced support staff, and
increased threat of cyber attack.
Implementing these practices will help reduce significant impacts on
our nation's economy. All of us must do everything
possible to keep our nation operating and delivering critical
services under even the most challenging circumstances.
I consider everyone in this room today a key partner in the effort to
strengthen our nation's cyber infrastructure. You
understand that the Internet, and the many enterprise networks that
depend on it, is one of the central platforms for
business operations, supply chain management, and business continuity.
However, I'm more concerned about the people who aren't in this room
because, as a recent business roundtable report
suggests, they don't understand that this is a matter of their own
business survival. Cyberspace is a profitable
marketplace and enabler of market activity. But if businesses,
whether in the financial services sector or otherwise,
haven't made the investment in the people, processes, and
technologies that will keep them operational in a crisis, our
economy, in fact our very way of life, is at stake. We can't let this
happen.
So here's what we all need to do.
First, memorize US-CERT's website address www.USCERT.gov and give
it to everyone who needs it. Tell your partner
organizations and businesses to sign up for the cyber security alerts
and to report any potential cyber incident, threat,
or attack they find.
uWe can only act upon the information we know about. The information
our partners provide increases our understanding and
awareness of the health of the overall cyber infrastructure and
improves our response and protective measures.
Second, encourage your partners to participate in public-private
partnerships like InfraGard and the financial services
ISAC. These collaborations act as force multipliers for increasing
awareness of cyber security challenges as well as
implementing actionable and enduring solutions.
Additionally, they serve as an easily accessible mechanism to educate
people on how cyber vulnerabilities can have real
world consequences to our physical infrastructures.
Finally, encourage your colleagues to make security a part of their
everyday business operations. It doesn't take long
for cyber events to have real world consequences. Have them look at
every step of their business lifecyclefrom system
configuration to in-house software developmentto see if common
security practices are being followed and that response
plans are prepared accordingly. Help them realize that when they
build a culture of security within their organizations
they make great strides in ensuring the resilience of their business
operations.
Laws such as Sarbanes-Oxley, the Gramm-Leach-Bliley Act, and the
Health Insurance Portability and Accountability Act
(HIPAA) place a fiduciary responsibility on them to ensure the
security of their customers' information and their systems.
However, in reality, these recommendations are simply the right thing
to do for their companies, their customers, their
fellow citizens, and the nation as a whole. So let's work together to
make it happen.
Before I close, I would like to make one last comment. Thank you for
your commitment to cyber security and your active
participation in InfraGard. I have had a chance to work with members
across the country and know what an important role
you all play in our cyber security awareness efforts.
I urge you to use the time at this meeting to learn as much as you
can, and then share your knowledge with your
colleagues, professional networks, friends and families.
Cyber security is a complex problem, yes, but the dangers are easily
understood, and the solution is simple: you can't
guard all of cyberspace, but you can protect your piece of it.
More information about the cypherpunks-legacy
mailing list