General

Part 1 is here. The next topics we discussed were Violent Gangs/Criminal Enterprises and Undercover Operations/Profiling.

Gangs/Criminal Enterprise

I was surprised to hear about the amount of gang activity in the Midwest. I knew there was a certain amount, but never did I anticipate that it was as prevalent as it is. The main activity that gangs are invovled in in the Midwest is drug trafficking and distribution although all other criminal activities are represented.

One of the primary tools the FBI uses in combating violent gangs are Safe Streets Task Forces. A Safe Streets Task force is a multi-jurisdictional task force comprised of FBI, state and local law enforcement personnel.

Another great resource is the National Gang Intelligence Center (NGIC.) The NGIC is a multi-agency effort that takes information from all over the country and the world and integrates it. It is then available to those agencies and has proved to be a valuable resource for gang information and analytical support.

It was interesting to hear about the tactics they use to compromise these gangs.

Undercover Operations/Profiling

The conversation about Undercover Operations was particularly interesting. A common misconception, one that I operated under, is that every FBI agent can be an undercover agent. This is not true. Here is are some stats on the FBI:

There are currently about 33,000 FBI employees. This includes agents, support staff, intelligence analysts, tech specialists, etc. Of that 33,000ish number, about 13,000 are special agents which you have to be in order to work undercover. Of that 13000, there are only about 1400 agents actively available for undercover work. I use the words about and ish because the actual numbers are confidential.

Now, you might be thinking that it isn't any big deal to get more if they need them. Again, nope. The vetting process for an agent to become undercover approved is a long and arduous one. I won't go into to detail, but let's just say if you managed to have any secrets after your Top Secret clearance check, you won't after this process.

There is also a rigorous ongoing safeguarding process than ensures that undercover agents are still dealing with the almost overwhelming stresses of what they do.

One thing that increases my respect for the people I am meeting with and interacting with is they don't try to sugar coat things. They share both the good things and the things that were not the FBI's proudest moments. For instance, when undercover operations first began in the early 70s, there was little guidance about what was appropriate and what wasn't. As a result, things occurred that shouldn't have. They learned from that and made the program better.

I can't go into much more detail about what we learned, but suffice it to say it was really cool 🙂

Violent Crimes

The final bit of the evening was used to discuss the Violent Crimes efforts the FBI is involved in. These fall into three categories:

  1. Counter Terrorism
  2. Adult Crimes
  3. Child Protection

They were touched on briefly and we will be talking about them in more depth later in the program.

In Closing

I am really looking forward to this week's session. We will be talking about Cyber Crime, a child focused Internet safety program that the FBI is part of, and White Collar Crime.

Keep tuned in for more!

-Kevin

Reblog this post [with Zemanta]

{ 3 comments }

Commenting vs Being Nasty

by kriggins on March 29, 2010

in Announcement, General

I am a big fan of comments on this blog. I really enjoy interacting with those who visit.

I am not a big fan of people who feel it is necessary to leave extremely nasty and vile remarks. Luckily, that hasn't been too much of a problem until today.

Today, somebody left a comment on the FBI Citizens' Academy post that was not aimed at having conversation about the topic.  The author's only intent was to call me names and say how bad the FBI is.

If the author was interested is discussing why he thought I should temper my enthusiasm, I would have left it there and responded. I actually started out editing the comment to remove the insults and innuendos I don't want my nieces and nephews to see 🙂 and then typed a reply.

Then I stopped.

The author didn't leave a legitimate email address and used an anonymous proxy to hide his IP address. If he didn't want to be contacted about his views, I sure wasn't going to waste my time addressing them.

Anyway, in light of this experience, I thought it time to make it clear what my policy is regarding comments on this blog. So here it is and it's really simple.

Comments Allowed

  • Comments that espouse my unfathomable wisdom 😉
  • Comments that add to the discussion.
  • Comments that disagree with me - Please. Go for it. I am happy to have a spirited debate.

Comments Disallowed

  • Anything I deem to be in poor taste or offensive. Yup. Anything, and I pick.

That's it in a nutshell. Please feel free to weigh in, just keep it civil 🙂

-Kevin

{ 4 comments }

On March 23rd, 2010, I attended my first session of the FBI Citizens' Academy. I was quite excited and the experience was everything I hoped it would be.

Fair warning, I am going to sound like an FBI fan boy in these posts and there are several reasons for this.

  1. The agents I have met through my association with Infragard and, now, with the Academy are truly dedicated men and women who go above and beyond the call of duty in their efforts to fulfill the FBI's mandates.
  2. Not only are they dedicated, but they are great people! Would you give up 7 evenings to tell a group of people what and why you do what you do? I truly appreciate the sacrifice they are making so that I can learn more about how the FBI works.
  3. By no means the last reason, but the FBI does some really cool stuff and I get to learn about it directly from the people who are in the trenches. Very very nifty.

History of the FBI

The session began with Weyson Dunn, Special Agent in Charge of the of the Omaha Division of the FBI, giving us a brief history of the FBI. The first thing he talked about was the heraldry of the FBI seal. Heraldry is a fascinating topic and we learned the meaning of each facet of the seal. If you hover your mouse over the image below, you will see annotations that describe the meaning of each part of the seal.

Here are a few of tidbits about the FBI that I thought were interesting:

  1. Although the organization was established in 1908, it did not become officially known as the Federal Bureau of Investigation until 1935.
  2. The Director of the FBI is limited to serving a 10 year term. This limit was established after the tenure of J. Edgar Hoover to ensure that there would never again be a lifelong Director.
  3. The Director of the FBI, while appointed by a sitting President when necessary, cannot be removed by one. In other words, the Director's position does not change with the administration.
  4. In the '30s, with the increase of the gangster threat, the FBI was given broader cross-jurisdictional powers and began providing services to other law enforcement agencies. Those services include a centralized Identification Lab and a Technical Crime lab.
  5. The '40s and '50s brought the threat of subversion and the branching out of the FBI into foreign  investigation. The FBI actually preceded the CIA in gathering foreign intelligence.
  6. The '60s brought civil rights as the focal point.
  7. The '70s and '80s were dominated by white collar crime and currently, counter intelligence is a primary focus.

If you are curious about more history of the FBI, take a look at this page.

Mission and Priorities

The FBI has a clearly articulated mission and well defined priorities. From the FBI Quick Facts page:

The FBI's mission is:

To protect and defend the United States against terrorist and foreign intelligence threats, to uphold and enforce the criminal laws of the United States, and to provide leadership and criminal justice services to federal, state, municipal, and international agencies and partners.

The FBI currently has 10 priorities. They are:

1. Protect the United States from terrorist attack
2. Protect the United States against foreign intelligence operations and espionage
3. Protect the United States against cyber-based attacks and high-technology crimes
4. Combat public corruption at all levels
5. Protect civil rights
6. Combat transnational/national criminal organizations and enterprises
7. Combat major white-collar crime
8. Combat significant violent crime
9. Support federal, state, local and international partners
10. Upgrade technology to successfully perform the FBI's mission

We will be covering each of the these priorities in the weeks to come and get to do some other cool things like hostage negotiation role playing and shooting FBI weaponry.

In Closing

We had two more sessions after S.A.C Dunn finished his opening remarks and they were also fascinating. Look for part 2 of the week 1 synopsis soon.

If you have any questions you would like me to ask while at the sessions or have any comments, please leave them below or email me. My contact info is on the About page.

-Kevin

Reblog this post [with Zemanta]

{ 1 comment }

Well, I intended to do a nice post about the 2nd birthday of the blog with nifty stats and other fascinating tidbits, but, with the week we've had, it completely slipped my mind.

Two years ago on March 22nd, the first Infosec Ramblings post went live. At that time, it was on WordPress.com.

Since then, there have been 490 posts, 799 comments, 1998 interesting bits linked to, and we are sneaking up on 1000 subscribers to the RSS feed.

Thank you to all of you out there who take the time to pay attention to my drivel and be assured that it will continue. 🙂

-Kevin

{ 0 comments }

I am really excited about a new opportunity that I can finally talk about.

No, I am not joining the FBI....yet 🙂 I have, however, been accepted to the FBI Citizens' Academy.

From the FBI Citizens' Academy site:

Want to find out first hand how the FBI works? Hear how the Bureau tracks down spies and terrorists? Learn how to collect and preserve evidence? See what it is like to fire a weapon and put yourself in the shoes of a Special Agent making a split-second, life-or-death decision?

I think this is going to be a lot of fun and give me a much greater understanding and appreciation of what the FBI does.

Here is a link to a Q&A with some folks that have attended.

I will be blogging about the experience as much as I am allowed.

-Kevin

Reblog this post [with Zemanta]

{ 8 comments }

I'm sitting at home this evening and I should have been doing any number of productive things, but foremost on my mind for some bizarre reason was the question "What kinds of stats can I generate from my bits posts?" I know, I know, you were thinking the exact same thing 🙂

So, with the help of a quick wget call to Delicious (wget --no-check-certificate -O <output.file> https://<username>:<password>@api.del.icio.us/v1/posts/all?tag=<tagyouwant>), a little awk, sort, and uniq magic  plus a pivot table in Excel I bring you stats!

Current Number of Interesting Information Security Bits Posts = 1687

Number of Unique Sites = 428

Number of Links to Most Frequently Referenced Site = 60

Most Frequently Referenced Site = http://www.computerworld.com.

This is a bit distorted. For some reason all the direct links go to www.computerworld.com instead of the blog from which they came.

Number of Links to Most Frequently Referenced Non-"news" Site = 46

Most Frequently Referenced Non-"news" Site = http://www.securosis.com

Number of Links to Most Infrequently Referenced Site = 1 ( 230 sites tied)

The top 20 non-"news" sites:

http://securosis.com
http://www.securitycatalyst.com
http://blog.rootshell.be
http://taosecurity.blogspot.com
http://www.sophos.com
http://devcentral.f5.com
http://www.rationalsurvivability.com
http://blog.uncommonsensesecurity.com
http://sansforensics.wordpress.com
http://risktical.com
http://jeremiahgrossman.blogspot.com
http://synjunkie.blogspot.com
http://isc.sans.org
http://preachsecurity.blogspot.com
http://ha.ckers.org
http://blog.security4all.be
http://carnal0wnage.blogspot.com
http://www.f-secure.com
http://www.room362.com
http://www.mkeay.net

What does all this tell us? I have no idea, but it was fun to do 😉 I will be creating a blog roll that contains the Top 20 referenced non-"news" sites and updating it periodically for those who are interested.

-Kevin

{ 0 comments }

Hug a Veteran Today!

by kriggins on November 11, 2009

in Announcement, General

There are several times every year when I think about the armed services of the United States. Days like Independence Day, the anniversary of D-Day, the anniversary of the attack on Pearl Harbor and others. Many times, I have wanted to let the people who serve our country in this manner know how much I appreciate that service.

On occasion I have had the opportunity to walk up to a serving member of our armed services, shake their hand and say thank you for your service. Nearly every time, the reaction is one of surprise followed by gratitude. It deeply saddens me that the first reaction is surprise.

The men and women who serve in the Armed Services of the United States of America deserve our gratitude and our respect. It is through their sacrifice that we continue to experience the freedom and security we have.

Today is Veterans Day. I urge you to find at least one person who is serving or has served in the armed services and thank them. Shake their hand or, better yet, give them a hug. I will be. Let’s make today a special day for these people to whom we owe so much.

To all those who serve and have served to guarantee the freedom and security of the United States of America, I thank you from the bottom of my heart. Your sacrifice is greatly appreciated.

Kevin

{ 0 comments }

Blogger Meetup Logo

Last night was the RSA Europe 2009 Security Bloggers Meetup. It was held at the Fountains Abbey Pub in London, UK and was a complete success.

Dale and I showed up at the pub at 6:00 to start setting up. With the help of Melanie from eclat marketing, we were able to get everything ready on time.

People started trickling in around 7:30 and we eventually had 30+ people all having a great time enjoying the chance to relax and talk with their peers.

Things clicked right along and the last of us left around 11:00.

I enjoyed making new acquaintances and talking with a number of people in person that I have interacted with on-line.

I would like to thank Dale Pearson (http://www.securityactive.co.uk/) for his invaluable help in arranging things for the meetup. Without his efforts, the event would not have been anywhere as successful as it was.

We would also like to express our sincere gratitude to our sponsors who allowed us to provide nibblies and drinks:

www.qualys.com | www.ironkey.com | www.isaca.org | www.eskenzipr.com | www.eclat.co.uk

We are already looking forward to next year and hoping to make it an even bigger success!

Kevin, Dale and Benny

{ 3 comments }

My Fudsec.com Post

by kriggins on September 30, 2009

in Announcement, General

A few weeks ago, I was asked to contribute to fudsec.com.

Fudsec's goal is stated as "Showcasing Fear, Uncertainty and Doubt from the Information Security Industry"

I was happy to contribute and feel honored that I was asked. There is a lot of really good content published and I look forward to what's to come.

You can see my contribution here: I'm Not Secure and You Can't Make Me

Thanks Craig for allowing me to participate.

-Kevin

{ 0 comments }

Why NAC Isn’t Everywhere

by kriggins on September 21, 2009

in General, Tips

Network Access Control (NAC) was touted to be the end-all be-all technology that would answer all the our prayers for a way to ensure that only authorized devices can access our networks. Several years later, NAC is still around, but not as prevalent as you would think it would be.

Jennifer Jabbusch, the author of Security Uncorked, has released a white paper that explains why and then goes on to offer some suggestions to the vendors of these products that might help them moving forward.

I was lucky enough to get to read the paper when it was in draft form. I strongly recommend you give it a look. It is well written and contains a lot of really good information.

Catching the Unicorn: A technical exploration of why NAC is failing

-Kevin

Catching the Unicorn:
A technical exploration of why NAC is failing

Reblog this post [with Zemanta]

{ 0 comments }