!"# %"&' (")*&+,' (-. /, - 01',-+ +" 2-+3".

-4 5,6&'3+7

Cyber aLLacks and warfare are among Lhe greaLesL LhreaLs Lo Lhe unlLed SLaLes. 1he federal governmenL and
prlvaLe lndusLry spend bllllons of dollars every year ln people and Lechnology Lo defend crlLlcal sysLems and
daLa. Cur cyber defenders musL sLop Lhe LhreaL every Llme an lnLruslon aLLempL ls made, buL our adversarles
only have Lo geL lL rlghL once. ually medla reporLs of cyber breaches, loss of personal lnformaLlon, dlsclosure
of classlfled lnformaLlon, and sLaLe-sponsored advanced perslsLenL LhreaLs (A1s) flll Lhe headllnes.



!"#$% '()*+%,- (. /*%0123'*(

CovernmenL agencles and Lhe prlvaLe secLor are aLLacked llLerally every hour of every day by unskllled hackers
Lrylng for any vulnerablllLy Lhey can flnd. 1he real concern however, are organlzed crlme rlngs and forelgn
counLrles LhaL have armles of hlghly skllled aLLackers wlLh Lhe flnanclal backlng and paLlence Lo geL lnLo
neLworks and sLay lnslde once Lhey have creaLed an openlng. 1hese organlzaLlons wlll pay developers
Lhousands of dollars Lo creaLe cusLom malware, ofLen referred Lo as zero day" aLLacks LhaL wlll sllp pasL
neLwork securlLy defense-ln-depLh sysLems and explolL compuLers because securlLy sysLems haven'L seen Lhls
new LhreaL before and don'L know Lo sLop lL.

A common LacLlc used by aLLackers ls Lo obfuscaLe Lhelr lnLerneL roLocol (l) address, maklng lL more dlfflculL
Lo Lrace lllegal acLlvlLy and Lo puL blocks ln place on neLwork devlces such as flrewalls or rouLers. Cne way Lhls
obfuscaLlon occurs ls when an aLLacker hl[acks anoLher compuLer and Lhen uses Lhe hl[acked compuLer Lo do
Lhelr crlmlnal acLlvlLy. 1hese hl[acked compuLers are ofLen referred Lo as [ump polnLs." When an aLLacker
uses a [ump polnL Lo do Lhelr hacklng, lL wlll make lL look llke Lhe [ump polnL was Lhe source of Lhe aLLack.









8.+,'.,+ 8.+,'.,+
9++-6:,' ;&)* <"3.+ =36+3) 5,'>,'
8< 9??',@@ ABCDECFDFCGF
H"',3I. 8< 9??',@@
8< 9??',@@ JFCDKGCFFLCAM
N.3+,? 5+-+,@ 8< 9??',@@

When l was ln law enforcemenL l lnvesLlgaLed a case [usL llke whaL was descrlbed above. An organlzed crlme
rlng found a vulnerable compuLer ln Lhe aclflc norLhwesL LhaL Lhey explolLed and Look conLrol over, maklng lL
Lhelr [ump polnL. 1he aLLacker Lhen used Lhls [ump polnL Lo explolL anoLher compuLer LhaL belonged Lo an
employee of a medlcal faclllLy. Cnce Lhe medlcal cenLer compuLer was compromlsed, Lhe aLLacker proceeded
Lo obLaln Lhe credenLlals necessary Lo draln Lens of Lhousands of dollars from Lhe medlcal cenLer's bank
accounL.

uurlng Lhe lnvesLlgaLlon, an l address was ldenLlfled as Lhe source of Lhls aLLack. l obLalned a subpoena for
Lhe lnLerneL Servlce rovlder (lS), whlch held LhaL l address and dlscovered lL was asslgned Lo an elderly
couple ln a nearby sLaLe aL Lhe Llme of Lhls aLLack. A search warranL was obLalned for Lhelr resldence and law
enforcemenL selzed Lhelr compuLer and senL lL Lo us for analysls. ln shorL, we dlscovered LhaL Lhls unforLunaLe
elderly couple had noLhlng Lo do wlLh Lhls aLLack excepL for provldlng a hlgh-speed lnLerneL connecLlon and
vulnerable compuLer Lo Lhe aLLacker. We were never able Lo ldenLlfy Lhe aLLacker ln Lhls case.


!"#$% '()*+%,- (. +%'45%%6%)*(7%8'(8)6

1he case hlghllghLed above ls flnanclally moLlvaLed, buL lL could have easlly been an aLLacker uslng Lhls [ump
polnL Lo hack lnLo naLlonal securlLy lnformaLlon or Lhe energy lnfrasLrucLure. 1here are some easy sLeps any
compuLer owner can Lake Lo harden Lhemselves agalnsL becomlng an accompllce Lo a cyber-LerrorlsL. Some
of Lhe sLeps compuLer users can do Lo proLecL Lhemselves and Lhe counLry lnclude:

1. Always have anLl-vlrus sofLware lnsLalled and updaLed dally wlLh Lhe laLesL deflnlLlons.
2. lnsLall operaLlng sysLem securlLy paLches and updaLes.
3. keep Lhlrd-parLy sofLware appllcaLlons updaLed.
4. lf uslng Wlll aL home, ensure lL ls proLecLed wlLh encrypLlon and conslder oLher sLeps such as MAC
address fllLerlng and hldlng Lhe SSlu.
3. 1urn off your compuLer and/or lnLerneL connecLlon lf away for an exLended amounL of Llme.
6. use a flrewall (sofLware or hardware).
7. uon'L cllck on llnks embedded ln emall messages when Lhey are susplclous or unLrusLed.
8. use Lough passwords and don'L re-use passwords (e.g., don'L use Lhe same password Lo logln Lo your
compuLer as you do for your emall and lnLerneL banklng).
9. use encrypLlon on all your devlces when avallable.

Lveryone should pracLlce Lhese and oLher lnformaLlon securlLy sLeps Lo proLecL Lhemselves from becomlng a
vlcLlm of ldenLlLy LhefL, flnanclal fraud, forgery, and oLher crlmlnal acLlvlLy. 8y reduclng Lhe number of
explolLable compuLers wlLhln Lhe unlLed SLaLes lL proLecLs our clLlzens and our naLlon from Lhls Lype of cyber
aLLack.