Wed, 2013-08-21 18:00
Date: Wednesday, August 21, 2013
Time: 6:00 p.m. - 8:00 p.m.
Location: Dilworth Neighborhood Grille - 911 E. Morehead Street, Charlotte, NC
Description: By popular demand from those who have requested an evening meeting, we our conducting our first – so please come & join us for an informative gathering!!
Our speaker for the first Wed. evening meeting (8/21/13) is our own Doris Gardner, former FBI (retired 12/31/12) now Mandiant. We will also discuss the FBI’s new
Doris is the Principle Threat Intelligence Analyst for Mandiant where she assists organizations in detecting, responding to and containing computer intrusions. Prior to retiring she worked counterintelligence, and before that she established and supervised the FBI cyber crime squad for over seven years for the state of N.C. Within two months of the creation of the N.C. cyber crime squad, agents from the squad solved the Lowe’s bombing investigation through the electronic trail of an e-mail message. The Cyber Crime squad is responsible for the first federal prosecution of a wireless intrusion and for the longest sentence ever given to a hacker.
Prior to being assigned to FBI Charlotte, she was assigned to the National Infrastructure Protection Center (NIPC), at FBI headquarters. As a headquarters supervisor, she managed the infrastructure protection and computer crime program for the FBI. She also ran a multi-federal agency crisis action team investigating hundreds of intrusions into government systems during 1998-1999. Additionally, she provided international computer crime investigator’s training to the International police in Russia, Malaysia, Singapore, Thailand, Poland, Romania and Hungary, and served as the chairman for Interpol’s High Tech Crimes Region, which includes North, Central and South America from 1997-1999.
Prior to FBI headquarters, she was assigned to the FBI’s Baltimore division and was the originator of an FBI undercover operation (UC) called “Innocent Images.” The Innocent Images investigation targeted individuals who: 1) used the Internet to meet and lure minors into sexually explicit relationships, and 2) used the Internet to distribute or trade child pornography. This is the longest running UC operation in FBI history.
Doris is going to present and discuss the recent report disclosing “APT1” and China’s involvement.
Since 2004, Mandiant has investigated computer security breaches at hundreds of organizations around the world.
The majority of these security breaches are attributed to advanced threat actors referred to as the “Advanced Persistent Threat” (APT). Mandiant continues to track dozens of APT groups around the world; however, this presentation will be focused on the most prolific of these groups.
This group is referred to as “APT1” and it is one of more than 20 APT groups with origins in China.
The activity directly observed likely represents only a small fraction of the cyber espionage that APT1 has conducted. Though our visibility of APT1’s activities is incomplete, we have analyzed the group’s intrusions against nearly 150 victims over seven years. From our unique vantage point responding to victims, we tracked APT1 back to four large networks in Shanghai. We uncovered a substantial amount of APT1’s attack infrastructure, command and control, and modus operandi (tools, tactics, and procedures). In an effort to underscore there are actual individuals behind the keyboard, we are revealing three personas we have attributed to APT1. These operators, like soldiers, may merely be following orders given to them by others.
Our analysis has led us to conclude that APT1 is likely government-sponsored and one of the most persistent of China’s cyber threat actors. In seeking to identify the organization behind this activity, our research found that People’s Liberation Army (PLA’s) Unit 61398 is similar to APT1 in its mission, capabilities, and resources.
Mark your calendars and register online prior to the meeting at our chapter site, http://www.ncinfragard.org/calendar.asp?mn=2.