[House Hearing, 112 Congress] [From the U.S. Government Publishing Office] HACKED OFF: HELPING LAW ENFORCEMENT PROTECT PRIVATE FINANCIAL INFORMATION ======================================================================= FIELD HEARING BEFORE THE COMMITTEE ON FINANCIAL SERVICES U.S. HOUSE OF REPRESENTATIVES ONE HUNDRED TWELFTH CONGRESS FIRST SESSION __________ JUNE 29, 2011 __________ Printed for the use of the Committee on Financial Services Serial No. 112-43U.S. GOVERNMENT PRINTING OFFICE 67-938 PDF WASHINGTON : 2011 ----------------------------------------------------------------------- For sale by the Superintendent of Documents, U.S. Government Printing Office Internet: bookstore.gpo.gov Phone: toll free (866) 512-1800; DC area (202) 512-1800 Fax: (202) 512-2104 Mail: Stop IDCC, Washington, DC 20402-0001 HOUSE COMMITTEE ON FINANCIAL SERVICES SPENCER BACHUS, Alabama, Chairman JEB HENSARLING, Texas, Vice BARNEY FRANK, Massachusetts, Chairman Ranking Member PETER T. KING, New York MAXINE WATERS, California EDWARD R. ROYCE, California CAROLYN B. MALONEY, New York FRANK D. LUCAS, Oklahoma LUIS V. GUTIERREZ, Illinois RON PAUL, Texas NYDIA M. VELAZQUEZ, New York DONALD A. MANZULLO, Illinois MELVIN L. WATT, North Carolina WALTER B. JONES, North Carolina GARY L. ACKERMAN, New York JUDY BIGGERT, Illinois BRAD SHERMAN, California GARY G. MILLER, California GREGORY W. MEEKS, New York SHELLEY MOORE CAPITO, West Virginia MICHAEL E. CAPUANO, Massachusetts SCOTT GARRETT, New Jersey RUBEN HINOJOSA, Texas RANDY NEUGEBAUER, Texas WM. LACY CLAY, Missouri PATRICK T. McHENRY, North Carolina CAROLYN McCARTHY, New York JOHN CAMPBELL, California JOE BACA, California MICHELE BACHMANN, Minnesota STEPHEN F. LYNCH, Massachusetts THADDEUS G. McCOTTER, Michigan BRAD MILLER, North Carolina KEVIN McCARTHY, California DAVID SCOTT, Georgia STEVAN PEARCE, New Mexico AL GREEN, Texas BILL POSEY, Florida EMANUEL CLEAVER, Missouri MICHAEL G. FITZPATRICK, GWEN MOORE, Wisconsin Pennsylvania KEITH ELLISON, Minnesota LYNN A. WESTMORELAND, Georgia ED PERLMUTTER, Colorado BLAINE LUETKEMEYER, Missouri JOE DONNELLY, Indiana BILL HUIZENGA, Michigan ANDRE CARSON, Indiana SEAN P. DUFFY, Wisconsin JAMES A. HIMES, Connecticut NAN A. S. HAYWORTH, New York GARY C. PETERS, Michigan JAMES B. RENACCI, Ohio JOHN C. CARNEY, Jr., Delaware ROBERT HURT, Virginia ROBERT J. DOLD, Illinois DAVID SCHWEIKERT, Arizona MICHAEL G. GRIMM, New York FRANCISCO ``QUICO'' CANSECO, Texas STEVE STIVERS, Ohio STEPHEN LEE FINCHER, Tennessee Larry C. Lavender, Chief of Staff C O N T E N T S ---------- Page Hearing held on: June 29, 2011................................................ 1 Appendix: June 29, 2011................................................ 33 WITNESSES Wednesday, June 29, 2011 Hammac, Douglas ``Clay'', Criminal Investigator, Shelby County Sheriff's Office, Shelby County, Alabama....................... 14 Hillman, Randall I., Executive Director, Alabama District Attorneys Association.......................................... 9 Smith, Alvin T., Assistant Director, Office of Investigations, United States Secret Service................................... 7 Warner, Gary, Director of Research in Computer Forensics, The University of Alabama Birmingham............................... 12 APPENDIX Prepared statements: Hammac, Douglas ``Clay''..................................... 34 Hillman, Randall I........................................... 39 Smith, Alvin T............................................... 43 Warner, Gary................................................. 50 HACKED OFF: HELPING LAW ENFORCEMENT PROTECT PRIVATE FINANCIAL INFORMATION ---------- Wednesday, June 29, 2011 U.S. House of Representatives, Committee on Financial Services, Washington, D.C. The committee met, pursuant to notice, at 2:03 p.m., at the National Computer Forensics Institute, 2020 Valleydale Road, Suite 209, Hoover, Alabama, Hon. Spencer Bachus [chairman of the committee] presiding. Members present: Representatives Bachus and Fincher. Also present: Representative Rogers. Chairman Bachus. Good afternoon. I see we have a group of witnesses seated. We also have several people in the audience who played an integral part in helping fund the project: Tony Petelos, the Mayor of Hoover; and Tommy Smith of the District Attorneys Association. Randy, do you want to introduce some of them? Mr. Hillman. Yes, sir. Yes, sir, Mr. Chairman. There are several elected DAs here. Tommy Smith is the district attorney from Tuscaloosa County. He's president of the association. Chairman Bachus. Where is Tommy? There he is. Hey, Tommy. Mr. Hillman. With your permission, Mr. Chairman, could I ask them to stand? Chairman Bachus. Yes. Mr. Hillman. Any elected district attorneys, would you stand, please? Mr. Chairman, we have Chris McCool, the district attorney in Fayette, Lamar, and Pickens County; Brandon Falls, the DA in Jefferson County; Steve Marshall, the DA in Marshall County; and Tommy Smith, president of the association. Thank you. Chairman Bachus. Do you have your investigators here? Mr. Hillman. Yes, sir. Chairman Bachus. And we have several members of the legislature. Would you stand up? Mike, since you're the senior guy, why don't you introduce yourself? You are in front. Mr. Hill. I'm Mike Hill, a State Representative from Shelby County. Mr. Johnson. Wayne Johnson, District 22 Representative, from Huntsville. Senator Blackwell. Slade Blackwell, Senator from Birmingham. Chairman Bachus. And Jan Williams in the back. Mr. Demarco. And Paul DeMarco. Chairman Bachus. And Paul DeMarco, Representative DeMarco. So we appreciate--I thank everyone in the civil service and the District Attorneys Association. The State of Alabama was very supportive in their funding. I recognize the Shelby County Sheriff. Do you want to stand up and introduce yourself? Do you have any other sheriffs? I'll let you introduce them. Sheriff Curry. Sir, I don't think there are any other sheriffs present. Chairman Bachus. Okay. We appreciate Shelby County's participation. I'm going to--I'm supposed to read this right now. Without objection--actually, I can do it at the end of the hearing. At this time, is there anybody else present who--the Secret Service--Gary, do you have anybody you want to introduce? Mr. Warner. If I may, yes, sir. We have the privilege of hosting a National Science Foundation group of researchers this summer, and several of our past student researchers from that team have joined us today, if they could stand briefly. Allison Peck and Hugo and Megan were selected out of 116 applicants to come and study computer forensics at UAB this summer as a courtesy of the National Science Foundation. So we want to thank the National Science Foundation for them being with us. Chairman Bachus. Thank you. At this time, we're going to have opening statements from the witnesses. I'll introduce the witnesses. I really want to kind of emphasize some things that some of you might not get into. I'm going to do it sort of from the standpoint of, I'm a former trial lawyer, which may be a dirty word. But computer forensics is the process of extracting, analyzing, and preserving data. It is the process of getting it successfully introduced either at trial or into evidence or ready for evidence. It's a virtual gold mine of very vast, precise, and most importantly in a trial setting, our investigation of reliable and valuable information. It's not a human being sitting on a witness stand with evidence that is imprecise or contradictory, subject to memory loss or prejudice or motive. Two witnesses may testify about the same conversation. Each tells a different story, and each tells sometimes what they think is true. Several witnesses might testify and still the picture is unclear and a gap exists. They tell a story about a steamboat up in New England that went around a bay, and it sank right in front of hundreds of people. And they said they were unable to determine what happened because there were too many witnesses. And that is somewhat true. That's certainly not true with forensic evidence. It's altogether different. Think about what's on your computer at home. It's thoroughly accurate. It's the most factual information available on what, when, and to whom something was said or when you did something, like in the Casey Anthony trial. That information about chloroform was downloaded and, in fact, the technician who testified in the Casey Anthony trial on national TV was trained in this very center. And if you saw that testimony, the defense attorneys were unable to shake her. She was prepared for everything that they had to do. And also, I'm sure that she assisted the judge, or at least the prosecution, in the proper predicate to be laid so that there wouldn't be reversible error. I know we have judges here today. We have a group of 26 judges from all around the Nation who are learning how to properly introduce evidence, how to rule on it so there won't be reversible error as they preside over a trial. And I think law enforcement is very frustrated when a case goes up on appeal and it's turned back for a procedural technicality. Not only emails and instant messages, but your personal and financial records are on a computer. Letters and memos, Web sites you have visited, it's all there. I heard someone say this: It's like reading your mind in realtime, when you basically almost know what someone is thinking, what their motive is, and what's going on. It can be highly revealing. And if you're engaged in criminal conduct--that's what this is all about--it's highly incriminating. Last year--I think I have it in my written remarks--one of your software companies estimated that there's $1 trillion of software fraud worldwide. Here, at least $37 billion worth of losses. Just this month, we have seen cyber security attacks and cyber attacks on Citigroup, on the Federal Reserve, and on the CIA. So we're not talking about just criminal activity or financial crime, which was the motivation originally behind this center, but we're talking about actually espionage and people all over the world. And we'll get some terrific testimony. I want to applaud the Secret Service. This institute was opened at a very--District Attorney Association--I think this was originally you working with the Secret Service, the District Attorneys of the United States. I think the sheriff's department and the police department were involved. You wanted a place to train people. This is very complex, very detailed, very precise work, and it's very expensive, too, because of the software that is needed. It's always changing and evolving. But law enforcement and sheriffs and police departments didn't have the resources to combat these crimes. And if you think about it, any time someone commits a crime, they're going to use an electronic device. It's almost impossible to do that without using cell phones. We're not talking about just computers. We're talking about cell phones. We're talking about iPads. We're talking about BlackBerrys. I know probably a year after this center opened, a detective who was trained here went back to a small town in Virginia and got out a computer that had been over in the corner for about 3 years, and they tried unsuccessfully to get anything out of it. Using the software he was given here, he was able to pull it off the computer and successfully prosecuted a guy for sodomizing a 6-year-old child. So it's pretty hard to put a figure on how valuable this center is. But, thanks to the Secret Service, thanks to the Alabama and National District Attorneys Office and the sheriff's department, thanks to the State legislature and the City of Hoover and Shelby County, and many other trials. We have had at least one case where someone was being investigated for a murder, and they were cleared, forensic evidence cleared them. So you had someone who may have been charged and was able to prove their innocence. The witnesses today are going to tell you about some of the details of cyber crime, which is now, I guess, the fastest growing crime in America. And none of us are safe. Of course, I think very seldom is there not a person who is either--has been hacked or will be hacked, their computer. I don't know whether it was my computer or someone else's that was hacked, but I have had charges on my credit card, and I was notified the very next day that it had, in fact, happened. And it's kind of funny when you go on there--or not funny, but you go in and you actually see those charges. But with that, I would like to introduce and to turn it over to Mike Rogers, one of the senior members of the Homeland Security Committee, to make an opening statement. Mr. Rogers. I just wanted to thank Spencer for calling this hearing. As he mentioned, I was on the Homeland Security Committee before it was a standing committee. It was a select committee before 9/11, and we recognize the real threat of cyber security authorities have for our Nation. The Department has been working aggressively to that end. I'm very pleased with the presence of this entity, this site in Alabama. Folks don't think about this kind of cutting- edge technology here in Alabama, but it is here, and we're very proud of it. Randy and his folks have done a good job in the outset of keeping me apprised of what they have been doing. I have been very supportive, and I know this will be very critical in continuing to protect our Nation. A lot of people think about the Department and the FBI and the Secret Service being on the cutting edge, but the fact is, we can't do it without local law enforcement. These partnerships that we have in local communities are critical in identifying these cells, the people who are problems, the threats, and monitoring activity. And I have been amazed through the work of this entity, like Spencer said, how much of our lives is on a gadget, whether it's a computer or BlackBerry or cell phone. And even when it comes to small drug deals, there is a cell phone involved. This is very critical technology, and I'm very supportive of it and look forward to the testimony we have here today. Like Spencer, I had Secret Service knock on my door one day and tell me that someone had attempted to steal my identity, as well as the identities of about 20 other Members of Congress. Fortunately, they didn't succeed, but it could be anybody. You never know who they are. Thank you. We look forward to hearing the testimony and asking a few questions. Chairman Bachus. Thank you. And actually, I asked Gary Warner to introduce those people, but you're with UAB. That reminds me, Gary Warner actually was one of the people who called and told me that my congressional site had been hacked. So anyway, let me introduce our witnesses. Oh, I'm sorry. Steve is one of my good friends and one of the newly elected Republicans to the Congress and to the Financial Services Committee. In fact, he is the newest member of the Financial Services Committee. Steve Fincher. And-- Mr. Fincher. Thank you, Mr. Chairman. Chairman Bachus. I take back everything I said about your tie. Mr. Fincher. Well, Mr. Chairman, I'm wearing my orange tie today for Auburn. It's not Tennessee. It's Auburn. My middle son is a big Auburn fan. I was able to bring him down last year to homecoming and it is just a great, great college, a great place. I was listening to the chairman and Congressman Rogers talking about hacking into our credit cards. And I thought one day that mine had been hacked into. Come to find out, my wife had been shopping. Seriously, that's what I thought it was. So it's an honor to be here with you guys today. We can't say enough about local, State, and Federal law enforcement and what you guys do in the legal system. It's not if we're going to have an attack; it's when. We're either moving forwards or backwards. And it's an honor to be able to serve in the leadership of someone like Chairman Bachus because he gets it. I'm from Tennessee and I'm just a common sense guy. My background is a seven-generation cotton farmer. We need to make sure that our priorities are in the right order. And a lot of times, they're not. But you guys are offering a great service to this country, and you're going to stand in the gap when we have another attack and when they attack us in this way, because as many of us know, this could shut our country down if the right people get the right information and go about it the right way. So I am very, very interested in hearing what the panel has to say today, and it's good to be back in the State of Alabama, one of our bordering States. With that, I will turn it back over to Chairman Bachus. Chairman Bachus. I'm going to introduce the witnesses at this time. I just noticed that Joe Borg is here, the Alabama Securities Commissioner. Joe, would you stand up? Randy, did you introduce everyone in the unit? And how about the Secret Service Commission? Do have anybody you want to introduce? I know you have several people here. Mr. Hillman. I do, actually. Chairman Bachus. In fact, it was testified to before some of our security members, which was incredible. Mr. Hillman. I do, Mr. Chairman. Thank you. I would like to recognize several of our people who are here today: Special Agent in Charge Ken Jenkins, who is in charge of our Criminal Investigative Division, which again is our sort of nexus of nationwide oversight; Deputy Special Agent in Charge Pablo Martinez, whom I think you have met before; and Special Agent in Charge Roy Sexton of the Birmingham office, which is responsible for the entire State of Alabama and has a lot of interaction obviously with this institute among others that are here. Chairman Bachus. Thank you. Will you gentlemen stand up? Thanks. Thank you. And let me say this: When I was talking to different people who played a role, obviously the bigger role is the Secret Service. The Secret Service is the entity that runs this center--along with the cooperation of the district attorneys--and makes their expertise available. So we can't thank you enough, I think, for the excellent job you do. And this obviously goes beyond counterfeiting, and it is a tremendous challenge. So thank you very much. Spencer Collier is the Alabama Homeland Security Director. Thank you. Mr. Hillman. U.S. Attorney Joyce Vance is here. Chairman Bachus. Okay. I had no idea. Would you please stand up? Ms. Vance. I am happy to be here with you. Chairman Bachus. Thank you very much. Congratulations on your appointment. Ms. Vance. Thank you. Chairman Bachus. Her father is Judge Vance, who is actually a sitting judge who was attacked and wounded by a bomb. But anyway, we'll go ahead now and introduce our witnesses. Gary Warner is director of research in computer forensics at the University of Alabama at Birmingham where he teaches in the computer and information science and justice science departments with more than 20 years of IT experience. He previously served on the national boards of the FBI InfraGard program and the DHS Energy ISAC. His lab works closely with the Birmingham FBI cyber crimes task force and the Birmingham USSS electronic crimes task force with whom he shares his research on spam, malware, investigating on-line crime, and--I guess that's phishing. How do you-- Mr. Warner. Phishing. It's tricky with the ``P-H.'' Chairman Bachus. Thank you. Randy Hillman is the executive director of the Alabama District Attorneys Association of the State Office for Prosecution Services, a position he has held since January 2002. Prior to this, he was chief assistant DA for the Shelby County District Attorney's Office. And Robbie is here. Were you introduced, Robbie? Mr. Owens. I was left out as usual. Mr. Hillman. Thank you, Mr. Chairman. I appreciate that. Robbie Owens is the district attorney from Shelby County, which is where this facility is located. Chairman Bachus. Thank you. During Mr. Hilman's tenure, he led trial counsel in seven capital murder prosecutions where the defendant received the death penalty or life without parole, many of them tried before my former partner, and he tried numerous other high-profile cases, including the road rage murder. Randy is a member of the Alabama Bar Association, Shelby County Bar Association. He's on the Board of Trustees at the University of West Alabama and the Board of Directors for Owens House, which is a child advocacy center. He was really a moving force in visualizing the need for the National Computer Forensic Institute, and working with the Secret Service in partnership to bring it here. It wouldn't have happened without Randy and his association. Or it may have cost a whole lot-- I don't know whether you know this, in the crowd, but the City of Hoover--you can see what a beautiful facility this is-- donated this at no charge for 7 years rent free. One of the sites they were considering was up at Aniston Army Depot, where they were going to spend several million dollars to renovate it. Mr. Rogers. Thank you for reminding everybody we lost. Chairman Bachus. I actually always wanted to renovate something and--it was one of the few things that hadn't gone to West Virginia. You can actually get here from there. But Clay Hammac is a 7-year veteran of the Shelby County Sheriff's office, currently assigned as a criminal investigator specializing in financial and electronic crimes. He's a 2008 graduate of the National Computer Forensic Institute and has utilized his skills and training received here to investigate crimes ranging from the typical on homicide to organized financial crime rings. And that was the case off 280 there? Mr. Hammac. Yes, sir. That's right. Chairman Bachus. That was one of the most heinous crimes you can imagine. Mr. Hammac holds a degree in finance from the University of South Alabama, and an MBA from Regis University in Denver. And finally, I guess the star witness is A.T. Smith, Assistant Director of the United States Secret Service. We're honored to have you here in Hoover. A.T. Smith is from Greenville, South Carolina, and was appointed Assistant Director of the Office of Investigations in October 2010. In this capacity, he develops and implements policy for all Secret Service criminal investigations pertaining to counterfeit currency and financial crimes and electronic crimes. Mr. Smith is responsible for oversight of the Secret Service Criminal Investigative Division, Forensic Service Division, Investigative Support Division, Asset and Forfeiture Division, International Programs Division, and over 3,000 personnel assigned to 140 domestic and 22 international offices in 6 continents. Some of those are pretty unfriendly territories. So we welcome our witnesses. Do any of you want to suggest an order we go in? Why don't you go first, Mr. Smith, since you are here as our guest? STATEMENT OF ALVIN T. SMITH, ASSISTANT DIRECTOR, OFFICE OF INVESTIGATIONS, UNITED STATES SECRET SERVICE Mr. Smith. Thank you, and good afternoon, Chairman Bachus and members of the committee. If I might, just at the outset, let me say that with regard to what you said about the Secret Service being integral in the forming of this institute, that is true. But we are equal among partners. And we are all in this together. I can assure you that no one has worked harder, again as you pointed out, than Randy Hillman to design and coordinate and actually get this facility to where it is today. So I want to publicly thank him as well. Thank you for the opportunity to testify on the emerging threat that cyber criminals pose to both personal and business finances and to financial institutions. On February 1, 2010, the Department of Homeland Security delivered the quadrennial Homeland Security Review, which established a unified strategic framework for Homeland Security missions and goals and underscored the need for a safe and secure cyberspace. In order to be successful in this mission, we have to disrupt criminal organizations and other malicious hackers engaged in high consequence or widescale cyber crime. In this arena, the Secret Service has been leading the Department's effort for some time. As the original guardian of the Nation's financial payment systems, the Secret Service has a long history of protecting American consumers, industries, and financial institutions. Over the past decade, Secret Service investigations have revealed a significant increase in the quantity and complexity of cyber crime cases. Broader access to advanced computer technologies and the widespread use of the Internet has fostered the proliferation of computer-related crimes targeting our Nation's financial infrastructure. Current trends show an increase in network intrusions, hacking attacks, malicious software, and account takeovers which result in data breaches that affect every sector of the American economy. As a result of this increase and in line with the Department's focus of creating a safer cyber environment, the Secret Service developed a multifaceted approach to combat cyber crime by expanding our electronic crimes special agent program, expanding our network of Electronic Crimes Task Forces, creating a cyber intelligence session, expanding our presence overseas, performing partnerships with academic institutions, focusing on cyber security, and working with the DHS to establish the National Computer Forensic Institute. The Secret Service partnerships with State and local law enforcement remain at the very core of our approach and are reflected in our task force model and through the work conducted here at the NCFI. The 31 Electronic Crimes Task Forces (ECTFs) that the Secret Service established domestically and abroad exemplify the Secret Service's commitment to sharing information and to best practices. Membership in these ECTFs include more that 4,000 private sector partners; nearly 2,500 international, Federal, State, and local law enforcement officials; and more than 350 academic partners. Based on this model, the Secret Service has been responsible for the arrest of numerous transnational cyber criminals who were responsible for some of the largest network intrusion cases ever prosecuted in the United States. These intrusions resulted in the theft of hundreds of millions of account numbers and a financial loss of approximately $600 million to the financial and retail institutions nationwide directly impacting the lives of many American citizens. Recognizing that cyber crime is not just a Federal problem, the Secret Service partnered with the National Protection and Programs Director of DHS, the Alabama District Attorneys Association, the State of Alabama, and the City of Hoover to create a center where State and local law enforcement officials, prosecutors, and judges could be trained on cyber- related crimes. I am proud to say that since its establishment, 644 State and local law enforcement officials, 216 prosecutors, and 72 judges representing over 300 agencies from all 50 States as well as 2 U.S. Territories have received training from the Secret Service here at the NCFI. In concert with our Federal, State, and local law enforcement partners, the Secret Service will continue to play a critical role in preventing, protecting, and investigating all forms of cyber crime. Chairman Bachus and distinguished members of the committee, this concludes my prepared remarks, and I will be happy to answer any questions that you may have. [The prepared statement of Assistant Director Smith can be found on page 43 of the appendix.] Chairman Bachus. Thank you. Mr. Hillman? STATEMENT OF RANDALL I. HILLMAN, EXECUTIVE DIRECTOR, ALABAMA DISTRICT ATTORNEYS ASSOCIATION Mr. Hillman. Thank you, Mr. Chairman. Chairman Bachus, Congressman Fincher, Congressman Rogers, Governor Bentley, honorable members of the Alabama legislature, other guests, and our respected colleagues in law enforcement, thank you for the opportunity to address this committee today. In the last 25 years, the criminal justice community has witnessed two watershed events with respect to criminal law. The first is the advent of DNA evidence. The second, and the reason that we're here today, is the creation and proliferation of digital evidence and cyber crime. In my current position as executive director of the Alabama District Attorneys Association, it is my daily job to analyze and attempt to meet the needs of law enforcement and prosecutors. Without question, the need for digital evidence training is one of our most pressing. The media work escalation of digital evidence can be compared to a tidal wave looming over the criminal justice community. This type of evidence is present in the majority of all cases, whether it is identity theft, phishing, child pornography, murder or any other crime. We have very quickly moved from just blood and guts to megabytes and megapixels. The question is, do we as law enforcement agents and prosecutors have the means to gather that evidence? And the answer in most cases is a resounding no, we do not. Gentlemen, you know better than most anyone that we cannot stick our proverbial heads in the sand. We must endeavor to be ahead of the curve. We must be ahead of the criminals who would prey on our family's financial security. This effort starts here at home. When I was a child, the bank was a brick building in the center of town that you walked into to deposit a check or to withdraw money. Today, we can access our virtual bank nearly anywhere. This convenience, although desirable, makes us extremely vulnerable to criminals. I will submit to you that not one individual in this room has not had their personal data or financial holdings compromised in some way due to a surreptitious intrusion by a cyber criminal. We are not immune and our children are not immune either. They are by definition prime targets for identity thieves because they have identifiers. They have information that is considered pristine because they generally will not discover that their identity has been compromised for several years. This gives the criminal a very long time to use our identity fraudulently. We are bringing forth a crop of young adults who will exist entirely on technology-based banking and commerce. Today, our kids and young adults have credit cards, PayPal accounts, PlayStation credit accounts, Wii accounts, and Apple APP accounts. Each of these areas are fertile grounds for a cyber criminal. And once one of these accounts is compromised, who we will call? More often than not, it will be your local police department or your local prosecutor who will then be asked to investigate and prosecute these bad guys. Additionally, at the opening of this facility in 2007, Chairman Bachus stated that terrorists such as Osama Bin Laden were using technology and the Internet to fund and to manage their worldwide terrorist networks most often by identity theft, bank fraud, and phishing. Recently, his comments were proven true after the capture and killing of Bin Laden. Bin Laden had in his possession hundreds of computer disks and digital devices containing priceless evidence that will be used to understand terrorist networks and ultimately help eliminate them. Similarly, domestic and international terrorists and common criminals fund their criminal enterprises through the use of cyber crime and digital devices. They do this by compromising banking systems through network intrusion and stolen identities. This not only cripples our banking industry and financial institutions, but it devastates our citizens. Some would say this is strictly a Federal matter, Mr. Chairman, but I wholeheartedly disagree. The State and local law enforcement in this country tries over 95 percent of the criminal cases. Those officers on the street are the first responders and they are absolutely critical to building an identity theft or network intrusion case and will, in the end, provide the key evidence that will convict criminals and provide restitution for victims. Members of this committee, it's imperative that all law enforcement agents and prosecutors be given the ability to protect your constituents. It is both shocking and tragic that law enforcement is ill equipped and trained to respond to a digital crime scene. I submit to you that the only way we can change this is by greatly expanding training for law enforcement and prosecutors and by providing them with the equipment they need to do their jobs properly. Unless and until we do these things, thieves, scammers, pedophiles, and other criminals will continue to go unpunished because they know that we simply do not have the ability to reach out and catch them. Chairman Bachus, Senator Shelby, Alabama District Attorneys and my staff at the ADAA set out to address this issue some years ago. We experienced the lack of quality computer forensics training firsthand. Our trials in attempting to find trained law enforcement agents and prosecutors to staff our own computer forensics labs were the catalyst. Because no one entity made it their mission to train law enforcement, prosecutors, and trial judges in digital evidence, we were left in a very difficult position of staffing these labs. This facility that you are at now, the National Computer Forensics Institute, is a direct result of this need and the unprecedented cooperation of all levels of government, from the highest Federal agencies to the smallest local governments. This facility focuses on all computer-related crimes with an emphasis on financial crimes, and more importantly, is taught by true investigators who have been and are now in the field each day. They understand and teach the curriculum from a law enforcement perspective, not that of an academician or a layman. I witness each and every day the inherent value of quality digital evidence training and education here, and I know that the graduates from this facility have both solved thousands of criminal cases and have prevented many others from being committed. In closing, I would like to thank you for being here, Mr. Chairman and members of this committee. Your presence is both a sign and a promise that you are committed to a unified front against cyber criminals. Furthermore, I respectfully challenge you to join me and my colleagues in law enforcement to ensure that training facilities like NCFI that train authorities to investigate, prosecute, and even prevent cyber crimes and other crimes remain as one of our top priorities. Thank you, Mr. Chairman. [The prepared statement of Mr. Hillman can be found on page 39 of the appendix.] Chairman Bachus. Thank you. And, Gary, before we go to you, I notice that one of our Supreme Court judges is here, Michael Joiner. Would you stand up, Mike? Judge Joiner. Court of Criminal Appeals. Chairman Bachus. Court of Criminal Appeals. I appreciate you being here. And did you try the four criminals that we were talking about earlier? Judge Joiner. I tried many of the ones you talked about earlier. Chairman Bachus. Okay. We appreciate you. Are there any other judges or anyone else that I should have introduced? I didn't have a list. A lot of times I have a list, but I didn't get one. Mr. Hillman. Mr. Chairman, former Congressman Bob McEwen is with us today. Chairman Bachus. Oh, wow! Bob, it is good to see you. Thank you. We're honored to have everyone. Do we have any other law enforcement officers that we have not recognized? Would you stand up? Thank you. I appreciate you all being here. Chris Curry of Birmingham. So--I guess he's deputy chief; is that-- Mr. Curry. Chief deputy, yes, sir. Chairman Bachus. Chief deputy. I want to welcome you. With that, Mr. Warner. STATEMENT OF GARY WARNER, DIRECTOR OF RESEARCH IN COMPUTER FORENSICS, THE UNIVERSITY OF ALABAMA BIRMINGHAM Mr. Warner. Thank you, Mr. Chairman. Mr. Chairman and members of the committee, I'm very happy to be before you today at this hearing. I think this hearing is a sign of your wisdom and your leadership in the financial services area. I'm very glad that you chose to have it here in Alabama because there are some very neat things happening here at the National Computer Forensics Institute and around the State. So we thank you for that. Some of you may wonder what the University has to do with law enforcement. We feel like we're contributing to the cyber crime efforts in three main areas. First, we're training the next generation of cyber crime investigators. Because we have a partnership with our computer science and our justice science programs, we feel like we're offering a very unique graduate, someone who comes with both a formal understanding of the justice process and a computer science background to go with it. The second area is that we're providing through my research lab training and tools and techniques for fighting cyber crime. Some of these datasets that we work with, there are a million computers involved in a single live net. And you need some high-powered computer science if you're going to be able to analyze those sorts of datasets. The third area that we're working with is in the area of outreach and public education. We call it actually reducing the victim pool. The more we can identify outstanding threats that are currently emerging, the more we can protect people by sharing information with them in the media and in speaking in specialty conferences. We don't just do training for computer scientists; we also do training for health care information and workers for educators and other organizations. I think it's important that the committee understand that this is the fastest growing category of crime. If we look back to the year 2000, in 2000, there were only 360 million people on the Internet. And almost all of them were in the United States. That year, e-commerce really took off for the first time. There were $5 billion worth of transactions that year. If we go forward a decade to 2010, we're sitting at $164 billion of online commerce last year, a 3200 percent increase. We now have 2 billion users of the Internet, and only 13 percent of them are in the United States. We're now dealing with a situation where the United States is the holder of most of the wealth that's accessible to the Internet, and yet 87 percent of the Internet users live in countries, many with shattered economies, which would like a piece of that wealth. One of the areas that we're struggling with is the lack of computer science that has been applied to this area. Not only has the criminal element grown on the Internet, as the economy has grown, we're also dealing with very advanced sophisticated computer criminals. These people are getting advanced computer science degrees, Ph.D.s in computer science and economics, and then are unable to find a job in their home economies. And they're taking those technology skills and working with the Russian Mafia and other organizations to come after our money. Law enforcement has not had a similar increase in focus in high-tech crime fighting. That's one of the things we're contributing from the University. I'm also very concerned about the lack of complaints. When we look at the Federal Trade Commission's consumer sentinel report, last year they identified 1.3 million victims of fraud and identity theft. Unfortunately, all of the best surveys were saying there were closer to a million victims of identity theft. Where do those other 9.7 million complaints go? We have trained our consumers that to be a victim of a cyber crime is not something that you should engage law enforcement on. You should call your bank. You should call your credit card company. Until we have access to the truth about those complaints, until we know how many victims of cyber crime there are and until we have a good way of gathering that evidence in a way that has meaning, not just I lost some money but answering particular questions, we aren't going to be able to do intelligence-based policing of the Internet. That's one of the places that we have also established a partnership that you may not have heard of. It's called Operation Swordphish. Randy Hillman's office and my lab at UAB have been working with the Department of Prosecutorial Services and the Alabama District Attorneys Association and the Department of Public Safety in Alabama to try to do something about this. We have developed a Web site and a PSA campaign to attract complaints from Alabama citizens who may have been victims of cyber crime and are unaware that they ought to be reporting these things to law enforcement. Our Web site will gather those complaints. Our students will help to triage that data and combine it with the evidence that we have in our databases so that we can make qualified referrals to law enforcement. We think that this is one of the important things we have to do to move forward, and we're looking forward to answering any other questions you may have about these efforts. [The prepared statement of Mr. Warner can be found on page 50 of the appendix.] STATEMENT OF DOUGLAS ``CLAY'' HAMMAC, CRIMINAL INVESTIGATOR, SHELBY COUNTY SHERIFF'S OFFICE, SHELBY COUNTY, ALABAMA Mr. Hammac. Chairman Bachus and distinguished members of this community, thank you for the opportunity to testify before you today regarding the growing need for continued training and resources to be made available to local and State law enforcement at the National Computer Forensics Institute. It has become unfortunately far too common for law enforcement to encounter evidence of electronic crimes such as fraud, embezzlement, and even espionage. Without specialized training and resources, these cases would certainly be impossible for local and State agencies to investigate and prosecute due to the anonymity of the Internet. Without question, electronic and financial crimes are the fastest growing crime trends in the United States and throughout the globe. With each passing year, identity theft of individuals and organizations behind it become more complex and capable of rapid adaptation due to changing circumstances. The foundation of identity-related crime is the compromise of secured data held by private institutions, which typically is achieved by means of electronic intrusions. And it's common knowledge within the law enforcement community that on any given day, there are thousands, if not tens of thousands of individuals throughout the world hacking various point-of-sale systems here within the United States as well as compromising networks that hold valuable consumer information that will inevitably be used by or sold to other criminal elements. The growth of these crimes trends has unfortunately far outpaced the growth of resources available to combat this activity. Fortunately, the NCFI provides local and State law enforcement agencies with the ability to confront these crimes as they affect individual citizens of our communities and throughout the country. Electronic crimes are becoming more popular due to the fact that the criminals have discovered that in many small towns across our country, local law enforcement simply does not have the resources or the capability to investigate such crimes. As a result, the criminals exploit the lack of resources, and complex electronic and financial crimes are often unsolved. These crimes are difficult to solve due to the fact that electronic crimes are often faceless crimes. The traditional means of investigative work such as neighborhood canvassing, witness interviews, and processing physical evidence are all too often unnecessary and ineffective with these type of crimes. With the assistance of the NCFI, law enforcement men and women across this country have received specialized training in complicated fields of data analysis and computer forensics. They have taken this training back to their respective agencies throughout the country, and they are now fighting on the front lines in this war against electronic crime. Shelby County Sheriff Chris Curry is one of the many law enforcement leaders in this country who has recognized the change in crime trends within our communities and the United States. Sheriff Curry chose to utilize the NCFI to invest in his personnel and capitalize on this specialized training. Prior to attending the NCFI, I, like many of my colleagues, had a very basic understanding of computer skills. Three years later, I have completed more than 100 forensic examinations on computers and cell phones. Many of the examinations have been at the request of neighboring law enforcement agencies, as is the case for many graduates of NCFI, thus alleviating the case loads for State crime labs as well as the Secret Service. And though my training at the NCFI has assisted me in the investigation and resulting arrests of violent crimes such as the quintuple homicide I was requested to assist with less than 24 hours after completing my training here, it has proven equally vital in the investigation of financial crimes that range from embezzlement to organized crime scenes. As a very brief example, I was recently contacted by an employee of a nationally recognized insurance company. The employee made a simple complaint indicating that she believed her 401(k) account was electronically compromised. Utilizing the training that I received from the NCFI, I was able to trace electronic routing numbers, bank account numbers, and identifying IP addresses. Not only did I identify the offender that compromised the data entry of the retirement account, but also illustrated that he had done the same to 4 other employees as well as embezzled nearly $100,000 from the insurance company. That offender has since been arrested and indicted by a grand jury in two separate jurisdictions. The potential loss in this case cannot be identified by dollars and cents. The money involved in this case makes up the retirement accounts that the victims have invested in and depend on for many years to come. Law enforcement is dedicated to not only responding to these reports of criminal activity but also preventing these criminal acts. And such a task would be more than challenging without the tools and resources made available to us through the NCFI. Chairman Bachus and distinguished members of this committee, this concludes my prepared statement. Thank you for this opportunity to testify on behalf of local law enforcement officers, and I'll be pleased to answer any questions that you have. [The prepared statement of Mr. Hammac can be found on page 34 of the appendix.] Chairman Bachus. Congressman Rogers? Mr. Rogers. As you heard, Chairman Bachus and Congressman Fincher are with the Financial Services Committee, so they're going to be much more focused, I'm sure, on the financial crime than I am. I'm more focused on threats to our homeland than cyber security stuff. My concern is there, so I'm going to make that the focus of my questions. Mr. Smith, you talked about a number of people who received their training here, a relatively small number when you think about it. What is the number that you think should be annually having access to this training? Mr. Smith. As I said, we have trained a significant number of people. And quite frankly, the positive of that is--which I didn't elaborate on as much--that we used this as a force multiplier, because what we are able to accomplish here through training is literally putting a mini crime lab, if you will, in every one of the locations that those individuals represent. When they go back to the field, they are able to take the knowledge and expertise that they gain here and apply that not only in their department there locally, but as you heard Mr. Hammac say, from other departments regionally. And I think we have done a very good job in terms of spreading the wealth, if you will. There has been pretty equal representation from all of the States across the country. Having said that, we, as you saw in my prepared remarks, operate at about 25 percent here. We understand, like certainly members of the committee do, that budget issues are always a concern. But quite frankly, we could always do more, if that opportunity comes our way. It would be hard for me to put an exact number on that because again, it is such a benefit for us to approach this, as I have said, from a force multiplier standpoint. So in terms of actual numbers, I'm sure that's something that we could get for you after we delve a little further, if need be. I think that would be the best way to answer it. We could always use a little more, but certainly I think we're able to accomplish a lot with what we are able to have and to do. Mr. Rogers. Thank you. Mr. Hillman? Mr. Hillman. Congressman, right now we are running at this facility somewhere around 25 percent capacity. We could--we are putting, give or take, 400 people per year in this facility. The capacity is 1,600. And we have-- Mr. Rogers. This is a big facility. Just because you have the capacity doesn't mean it's needed. That's what I'm after. Mr. Hillman. Yes, sir. Mr. Rogers. How many people would like to get in here but can't because you just don't have the funding to meet that need and it's really inhibiting your ability to pursue leads and crimes and threats that are out there that need pursuing? That's what I'm asking. Mr. Hillman. Congressman, we are running anywhere from 8 to 10 to 12 applicants per spot right now trying to get in here. Mr. Rogers. How is that applicant selected and how are they--what's the criteria for their approval? Mr. Hillman. The Secret Service, that's the State and local law enforcement candidates through their local field offices. There are special agents in charge--in charge of gathering those names and then they select those candidates. The Alabama District Attorneys Association, that's the candidates for prosecutors and judges throughout the country. There's a lot of give and take on both sides. There are lots of people from different jurisdictions who need to come here that we might not know about that the Secret Service does and vice versa. Mr. Rogers. Mr. Smith, how many of these folks are backed up and can't get in here because of space? Mr. Smith. Again, as Mr. Hillman said, I would say on average with every class, we turn away about 60 percent of the candidates who apply. Mr. Rogers. What's the criteria of the ones that you do approve? Mr. Smith. Again, like Mr. Hillman said, it's almost a pyramid. The local agencies, sheriffs' offices, and police departments make it known to our special agents in charge that our--within our 45 field offices around the country that they have a candidate that they would like to put forward and are interested in having someone attend this training. From there, that special agent in charge will submit the names and the biographical information of those individuals, and then it is actually looked at again at our headquarters level to do the things that I mentioned a minute ago, to make sure that we're disbursed equally across the country, that those areas which have a very high incidence of this sort of crime are given some priority. So it's really a lot of things that go into the equation. We try to make sure at the end of the day that the back-and- forth multiplier, a term that I use, that we're putting the right number of people in the right places based on the availability that we have and, again, trying to be equal across-the-board throughout the entire country. Mr. Rogers. As you heard Randy Hillman state in his opening statement, when Bin Laden was killed, we captured a lot of computer data that has been a real wealth of information for us in the fight on terror. That has been the case throughout the Middle East when we have killed leaders in the Al-Qaeda movement. What a lot of people may not understand is that we have a lot of those cells here, folks here who are collaborating. The best example, as most of you are aware of, is the young man from Mobile who graduated from high school and is over there fighting, the same thing, using the Internet. How much of the information sent to you is information that is relevant to the terrorist threat, or would that really go to the FBI more than to you? Mr. Smith. Probably more to the FBI. But I will say that again, as you probably know, there is a protective intelligence portion of the Secret Service. We're concerned about threats, particularly those involving our techniques and that sort of thing. So there is certainly, post 9/11, a lot more interaction, a lot more communication among the agencies, as there should be. And so quite often, we will get leads from either the intelligence community or other law enforcement agencies on the very things that you're talking about, certainly that involve the technique. We have a high interest in that. But for the most part, it would be either the intelligence agencies or probably the FBI in terms of counter-terrorists. Mr. Rogers. It seems like to me overseas is Secret Service. I knew the answer to that question. I'm glad you pointed to that aggressively. What I want to get to is: Do you work with the Justice Department and the FBI to provide the same computer forensic service to them as well? Do they have a separate agency that does what this one does? Mr. Smith. Again, post 9/11, there is a lot more sharing than there ever was before. Chairman Bachus. So FBI agents would apply to you to come here in an effort to train? Mr. Smith. We have not done that. This is primarily State and local law enforcement who train here. Mr. Fincher. Do you know where the FBI gets this kind of training? Mr. Smith. Within their own venue. I think they do have training, and I think they take it down into other things out there through the National Institute of Justice and so forth. I'm really not qualified to speak too far in depth on that, but I believe they do. Mr. Rogers. What about local law enforcement who has not been able to get in in this community--and this would be the attorneys office here, sheriff, whatever--that's not had the opportunity to get one of their personnel sent here for training? Do they have the opportunity to just send the hardware over here for analysis? I understand that the ideal is to have the investigators working the case go through it because they know pig trails they may want to go down. But in the absence of that, can they just send hardware over here to be analyzed with some ideas about what they're looking for and then you send a report back? Mr. Hillman. Yes, sir, they can. In the back of this facility is the Birmingham or the Alabama ECTFS, Electronics Training Task Force, who belong to the Secret Service that we are partners in. Those investigators back there have the ability and the training and the wherewithal to take in those cases from different agencies. The evidence room back there is full of cases that have been brought to us by other law enforcement agencies that don't have this kind of training or equipment, and we help them out. Mr. Rogers. And how much of a backlog--how many weeks and months of a backlog do you have in analyzing that hardware? Mr. Hillman. We're able to turn it around pretty quickly. Before we established these in our Alabama Computer Forensics labs that you gentlemen helped us start, the turnaround time on evidence that I know is going to the FBI was somewhere around 2 years. With those labs, with the ECTFs, we are able to turn it around generally within a matter of days, if not a week or two at most. And we prioritize items when they come in. If we have a pretty hot case, a murder case, an abduction case, a really hot financial fraud case, we put that at the top of the stack, and we work those first and we can turn it around in a matter of hours or days. Mr. Rogers. Do you have experienced counsel at the Federal level? I know the Department has its own intelligence besides the security officials. Of course, the FBI does. Do you have a clearinghouse, if you get a tip or information from analyzing one of the computers that may relate to a terrorist threat, you share that with a larger group of intelligence officials? Mr. Smith. Yes, sir, we do. And that goes on the intelligence side of the house. We have a Director of the Secret Service who is responsible for protecting intelligence, and that goes to them. They interface and communicate quite literally daily with the other intelligence entities around the country. Mr. Rogers. The 9/11 Commission found that one of its biggest concerns is stove-piping, information sharing in Federal agencies. In your opinion, is that stove-piping problem gone? Mr. Smith. As I said a minute ago, there certainly is a lot more sharing of information than there was before and-- Mr. Rogers. It's not a guess. Mr. Smith. I don't know everything that's going on. There's always that possibility. But I think from our perspective, certainly we share information. I think that the other Federal agencies, both within the Department as well as outside the Department, certainly the Justice Department and others, we have excellent relationships with. If I could add just a follow-up about our electronic process. As I mentioned, we have 31 task forces across the United States and 2 in foreign countries now. They as well take in computers that need to be imaged that may be the results of searches or other crimes and that sort of thing. Certainly, there is a priority put on the major crimes. But they are--we do work for most any agency that asks again whether it--it might be as financial crime or whether it involves pornography--or any other crime related to computers, which touches almost everything now. These task forces that are around the country do that. And they do respond to the local agencies and other Federal agencies which occasionally ask for help. So outside the perimeters here, I will be glad to have a briefing schedule for you and provide some more information about exactly the amount of work they do. Mr. Rogers. I appreciate that. I asked Mr. Warner this question before. I was waiting for what would hopefully be a second round of questions. I don't want to take up all your time. Mr. Warner, I want to talk about your priorities. And what is your greatest unmet need here in your view? Mr. Warner. I think the greatest unmet need is the ability to open cases. And what I mean by ``open'', most phishing cases, for instance--phishing is the-- Mr. Rogers. Define ``phishing.'' Mr. Warner. Phishing is when a counterfeit bank Web site is created by a hacker. They make a site that looks just like the real financial institution's Web site, and they usually break into someone's Web site and add that content onto their server. My lab has identified 180,000 counterfeit bank Web sites so far. We see 521 new counterfeit bank Web sites on a daily basis. One of my students was doing research for his master's thesis--interviewing the heads of security for very large banks, the top 10 banks, and asked as one of his questions, what percentage of those phishing cases do you believe are investigated by law enforcement? The highest number he got was perhaps 1 percent. These are not being treated like crimes. Someone performs a computer intrusion where they break into a Web server. They counterfeit a bank Web site. They send out spam illegally through Botnets pretending to be the bank, which they're not. They steal the personal financial information, and then they take the money out of the victims' accounts, and no one is investigating that as a crime, because they say the bank will give you your money back. So that's the biggest challenge for me. How do we turn that into a crime that someone is going to investigate? Mr. Rogers. Seeing that need, what do you need to meet that need in a more responsible fashion? Mr. Warner. We have the evidence. We need law enforcement people who have time cleared out of their schedule to deal with that evidence. You spoke about the Homeland Security priority, and I firmly believe that's a very important priority. But for an example, we established a firm identity on a particular criminal whom we knew had stolen information from more than 1.4 million Americans. The field office where that crime was being worked, the agent was told he was not to work on any cases that did not involve terrorism. They didn't have anyone free to work on something as low priority as 1.4 million people having their money stolen. Even though we already knew the criminal's identity, there just wasn't enough manpower to work on it. Mr. Rogers. Thank you, Mr. Warner. Chairman Bachus. Mr. Fincher? Mr. Fincher. Yes, sir. Thank you, Mr. Chairman. Back to Mr. Warner. Can you tell where most of these hackers, where they were? Where are they? Mr. Warner. Sure. Most of the sophisticated hacking that we see is coming from Eastern Europe. These are Russians, Estonians, Ukrainians. Primarily, Ukraine has the most talented computer programmers, the people who create computer viruses. Most of the low-tech crime comes from Nigeria. The truth is, it's just a funnel of money going overseas and no one's stopping it. If someone steals $70 million, that's a Federal investigation, and there have been some fantastic arrests just recently on those type of cases. But who's going to help you when somebody steals $600 from your wife? No one. Mr. Fincher. What type of oversight or regulation do you think is needed to tighten this gap? It kills me as a Republican to talk about the government always skimping when more regulation is needed. Mr. Warner. One of the things is that the criminals are very aware of our current policies. For instance, one of the best ways to identify someone stealing money out of bank accounts is to do what's called an ACH wire transfer, an automated clearinghouse financial transfer. The most common identifier that it's a criminal is if you suddenly have lots of transactions between $9,500 and $9,900. The criminals know if it's $10,000, it's a suspicious activity report. As long as they keep below the thresholds, they feel safe. We have to start, as I already mentioned, reporting every cyber crime as a crime. Mr. Fincher. Mr. Hillman, the cost of people coming here and time, how much time does it take to run through the process? Mr. Hillman. Actually, Congressman, I'm glad you asked that question. When we established this facility, it was our agreement with the Secret Service to work--my guys who work with me and I are fond of saying, ``The answer is money, what's the question?'' When we started putting this thing together, the greatest need in law enforcement was for money and training. We knew that the law enforcement agents who would come here would not have the money to pay. And so, we decided to take care of that. When we vet a candidate and we select that candidate, whether it be State or local law enforcement, a prosecutor or a judge, we fly them in, we house them, we feed them, and we train them. In a couple of cases, the network intrusion course and the true forensic course, the 5-week course, we send them home with equivalent software that we just trained them to use. The only outlay of dollars that they have as an agency is to cover that officer's shift while he's gone. Mr. Fincher. What does it cost? Mr. Hillman. Right now, with the annual appropriation coming from NPPD and Homeland Security through the service and out to here, it is about $4 million. And for that, you're getting roughly 400 bodies, give or take, depending on what classes we schedule and how we do that. One other thing, Congressmen, if I may, that we haven't even touched on yet is the aspect of cell phone forensics. That is a completely different animal on how you extract that data. Most of the things that we're seeing now are moving toward cell phones, PDAs, the iPhones, those types of things. We have to get on top of that because we're seeing that tidal wave of digital evidence coming our way, and that requires a different set of skills to get to that evidence. That is one of the things that we have been working on with the Secret Service. We have changed our curriculum this year to add a cell phone class as well as a social networking class, which is another way the bad guys can get to you and get to your financial information and that sort of thing. So we will definitely need--to answer your question, we definitely need help in the area of cell phone forensics as well. Mr. Fincher. My last question is for the Shelby County sheriff's guy. Being from a rural county, so rural we don't even have a traffic light in my county-- Chairman Bachus. No traffic lights. Mr. Fincher. No traffic lights in my county, Crockett County. We're pretty small. Chairman Bachus. You need to invest in infrastructure. Mr. Fincher. But we're not going to raise taxes. What can we do, because we have great law enforcement but it is sophisticated and it is passing us by? What can we do to be more productive and to get more of our guys into facilities like this? Mr. Hammac. Sir, I'm going to echo Mr. Hillman and Mr. Smith's statements. This training is absolutely necessary. The need though is, I would say, volume. Though we have had some well-qualified folks who have come through these doors and go back to their agencies not only working for their agencies but neighboring agencies, they quickly discover--the phrase around here is, ``If you build it, they will come.'' Their computer labs are quickly overflowing with evidence and requests. Before we realize it, we're so backlogged that we're virtually ineffective in getting the evidence turned around in a timely manner. The answer is, we need additional resources. We need backup as the police say. We need some additional bodies who are there to help us and assist us in this fight on the front line. And that's beneficial in the sense that many of these cases we investigate carry us across multiple jurisdictions and across State lines. Having the confidence to say we will reach out to a neighboring law enforcement agency several States away, they're going to have the capability to assist us in this investigation at the part that we are in. Mr. Fincher. Okay. One more question, Mr. Chairman. This is--I guess, Mr. Smith, what types of financial institutions and their customers are most at risk for cyber attacks, larger banks with more assets or smaller banks? And how at risk are community banks for cyber attacks? Mr. Smith. One of the things that we have seen--and again, in my prepared remarks, we talk about the Verizon studies that the Secret Service participates in. The first few years of this, we saw the larger entities more often than not attacked, the larger banks. And a lot of times, they already--and certainly since a lot of these attacks have occurred, they have placed a lot of security measures within their systems to protect them. So of late, the trend has been more of what you're saying, smaller banks, smaller businesses and that sort of thing. And I think the criminal is a criminal is a criminal. They're going to always take the path of least resistance. So when you harden up one side of the house, they're going to go for the softer side. And a bank, because they have not been involved in hacks or breaches of the smaller businesses, if you will, for a period of time, now that the other side has hardened up, we're seeing more of that. Chairman Bachus. I want to thank--specifically, I want to compliment the Secret Service. There have been many cases where financial institutions' computers have been compromised and there's fraud going on over a matter of hours or days, and it is the Secret Service that calls and informs these banks that their systems have been compromised, and it's hard to put a dollar amount on how valuable that is. As I said, everything from ATMs to their entire credit card operation, so you have done an extremely good job. And I think what Mr. Warner mentioned is that you are up against some of the most sophisticated criminal organizations in the world. Some of these organizations have several hundred, is my understanding--several hundred members. And they are highly skilled, and you have had some real international successes. On occasion, I think these people travel from time to time. And I think that local law enforcement, their training here will assist in criminals being apprehended, and it gives you more eyes in the field. I can also say that the 900 or 1,000 people who train here is probably not an altogether accurate figure in that these people go back and train other people. We have had the head of the whole LAPD forensic task force who was in here probably 2 years ago. When he came here, he was swapping information and techniques that he had already learned with other departments and with the staff here. And I guess you would call it almost a cross-pollination. It was exchanging information. And, of course, his intention was to go back and train the LAPD. He was very impressed. This was a career officer who was very excited about--and he was actually a specialist already. And so that whole department--I'm sure we'll never know how many crimes they solved. So I think there's a $4 million a year investment by the Secret Service. And just a few of these cases being just financial fraud, and then we have cases like child pornography, rape cases, child predator cases where people are killed. It's hard to put a number on when you catch one of these people. I think we know and the legislators know and law enforcement knows that child predators repeat these crimes. They don't just kill one child. They don't just kidnap, rape, and murder one child. They're going to continue to do that until they're caught. They're going to continue to abuse children. And financial fraud, these people are going to continue to do it until they're caught. I had a case where a Congressman in Texas contacted me about a suspected child abuse involving sexual abuse. And we were able to get the name of someone who was within another county, an officer who had been trained here. And that person was able to assist them in that investigation. So I don't know how many times that has happened, but I would--if any of you wish to comment--I know you're dealing with these organizations in Eastern Europe, and there's only so much that you want to share your techniques or the extent of that. But there have been some incredible successes. They are, I guess, incredibly sophisticated--in fact, in many cases, these people are much more sophisticated than our guys. Their techniques and their operations are far more sophisticated than Al-Qaeda. And, several of them become multimillionaires. So they have the financial resources, too. But do any of you wish to comment further? Mr. Smith. I would add, Mr. Chairman, in regard to what was said about the fact that these criminals can be anywhere. Certainly, a lot of them are outside the United States. And as you heard, a lot of them are in Eastern Europe. So it's through the training that the State and local agencies get here and then a portion of us trying to share some of our expertise with them, not that we're total experts. But again, we're trying. We do recognize these things. In fact, just last month we officially opened a Secret Service office in Tallinn, Estonia, which is in the Baltic region, because again, so much of the computer crime and cases such as that originate in that area or that region. So we try to be as proactive as we can. And again, it goes back to that cross-pollination or force multiplier methodology. We try to take that beyond the borders of the United States. And that's why in all of the foreign offices that we have around the world, we use the same methodology that I described earlier for our investigative mission. We try to recruit--have good liaison, good cooperation with the local entities there, whether it is the local law enforcement or the State militia or whatever the law enforcement entity in that country might be. And as I said a moment ago about our Electronic Crimes Task Forces, we extended that as well. We recently just opened two ECTFs: one in London, England; and the other one in Rome, Italy. And quite frankly, the one in Rome, Italy, has a lot of interest in it, particularly from private sectors. The law enforcement entities are involved and interested, but also Post Paliano, which is the equivalent of the head of the postal service--is the chairman of the ECTF out there as far as quarterly meetings are concerned. So we try to gain as much expertise as we can outside of the United States, because again, as the professor mentioned, that's quite a problem there. Chairman Bachus. Okay. These are very risky operations because some of these people and some of these countries care nothing about retaliating. And then there is a hatred or an envy of the United States. So it's amazing how many of these people don't think there's anything dishonest about stealing money from American citizens. It's almost regarded as a noble profession. And it's very hard. Sometimes, the locals do not prosecute those crimes, although the Secret Service has had greater success in breaking those barriers. But I know you are basically overwhelmed. A hundred hard drives will fill the library of Congress. Probably somewhere in America, there are 100 hard drives in the last week that have been recovered. And one of the things about the training that the Secret Service gives local law enforcement officers and that also other local law enforcement officers here is that they learn how to, as I said earlier, extract this information. It can be on the computer. But if you don't have the expertise and if you don't have expensive software--we're talking about, what, $14,000 or $15,000 worth of software, sometimes the most advanced software. And the criminals are always one step ahead. It's just like with counterfeiting. They have become more and more sophisticated. Now, we have a new hundred-dollar bill coming out, which will stop them for awhile. But it's a daunting task. But I'm very grateful myself that the Secret Service has seen fit to partner with our local, State, and Federal agencies. It's a must. And I give you high marks because a lot of times Federal agencies, just like State and local agencies, focus on their jurisdiction. They are protective of that. And you have not shown any inclination to do that. These are resources that could be diverted and that are probably diverted from some of your own operations to this operation. So, we're very thankful. As I mentioned at the start, the testimony offered in the Casey Anthony case, that lady was very well trained and she was equal to the defense attorneys. She was probably one of the finest there was. Judges go back and train other judges. Judge Joiner knows this. If one has the training, that judge in a circuit will try all those cases. He may try all the cases involving complex forensic matters. He will teach his fellow jurists. He will go to courses and law enforcement training courses, and they will train other people. And some of these departments will see what the software is here and they'll buy it and such. And I'm sure a lot of that is going on. Mr. Rogers. Thank you, Mr. Chairman. I want to go back to the subject matter I was talking about with Mr. Smith here earlier. I would point out to the folks that these field hearings are congressional hearings just like we have in Washington. The primary purpose of a congressional hearing, whether it's in Washington, D.C., or here, is to weigh in on the information and that helps us develop policies. That's why you see this lady over here taking everything down. When I was talking with Mr. Smith earlier about the number of people going through it and what the need is, there's a reason for that. One of the problems that I found on the Committee of Homeland Security for years is it's hard--and the same thing is true for the defense of the Armed Services Committee which I serve. We try to get information out to people who know it so we can make a better policy. The problem is, Mr. Smith has a boss who works for the Secretary of Homeland Security who works for the President who has been given a number. And that's your budget, and you salute and say yes, sir, and make it work. I don't work for their boss. My job is to make a policy. So I'm trying to get Mr. Smith here what he needs. If Mr. Smith tells me what he really needs, it may cost more than $4 million a year, which means his boss is going to get mad at him because his boss is going to get in trouble with the Secretary. So having said that, I'm going to talk to Mr. Smith again. My preacher says if you want to know what somebody's priorities are, you look at their checkbook register and their calendar. Wherever they spend their time and money is what their priorities are. My priority is protecting the homeland. Cyber security is critically important. And that partnership between the Federal Government, State, and locals is absolutely essential. So I look at the numbers we're talking about--we're training about 8 people per State in this technology. That seems inadequate to me. And I understand we have budget constraints, but the Department of Homeland Security has nearly $50 billion a year to spend. And some of it is being wasted. That doesn't mean we can't shift it over here. So having said that, what's the number we need? Nobody is paying attention. You can tell me. Mr. Rogers. Be careful. Mr. Smith. Could I just refer to my earlier testimony? That way, I won't contradict myself. Mr. Rogers. You will be amazed how many generals I have come to me and state, I talked to you privately. That doesn't help me if it's not on the record. Really, there has to be some number that you think this entity could meet that is reasonable that would give you a better reach into the problem areas that we have. And if you don't want to tell me--Randy, maybe you will be able to tell me? Mr. Smith. I would like to defer to Mr. Hillman on that. Mr. Hillman. Congressman, I will tell you very quickly, $16 million a year would put us at capacity and start to scratch the surface on the needs that we have in law enforcement. Mr. Rogers. So you think you have to be at capacity? Mr. Hillman. I think--no, sir. We're going to do with what we have, the best we can. But if we are at capacity, we--you talk about the force multiplier that Mr. Smith was talking about. It will get even larger and larger. Think about this, Congressman. We're losing probably $100 billion a year if not more to financial fraud in this country every year. Think about when this committee considered--and I can't remember--I don't know what the protocol was, but they gave the TARP money and bailout to financial institutions. I don't know how many billion dollars that was, 600-plus billion dollars. If they're losing a hundred billion dollars a year in this country, you're feeding money in this arm and they're hemorrhaging out of this arm to fraud and phishing. It doesn't take long for that $600 billion to just wash out and go overseas or somewhere else. All we're asking for is a very small investment in law enforcement that will help prevent some of that stuff and will cover some of those dollars that are going to Estonia and Latvia and-- Mr. Rogers. If you had $16 million, you said a little while ago that 40 percent of your applicants are being approved. Do you think that applicant pool will grow? Mr. Hillman. Absolutely. Mr. Rogers. How much of the--you have a $4 million a year budget. Mr. Hillman. Yes, sir. Mr. Rogers. I know that you prevent some crimes, have successful prosecution that recoups money. Do you get a pool of ceased assets which you're able to participate in the distribution of that to help sponsor this entity? Mr. Hillman. It depends on what type of crime you're working. Generally, when we get into the larger financial crimes--we join in with Ms. Vance's office, the U.S. Attorney's office. They have asset forfeiture divisions and they have asset forfeiture laws that help us draw in those assets, whatever we can put our hands on. Mr. Rogers. What percentage of your budget each year is pooled into assets? Mr. Hillman. None. Mr. Rogers. So you haven't been able to generate this so far? Mr. Hillman. Not that I know of. Mr. Rogers. How about you, Mr. Smith? Mr. Smith. We do receive funding from TEOAF, but again, that is for very specific new initiatives normally with a 2- or 3-year life span startups. So our relationship, if you will, is very, very good with TEOAF and the funding that we receive for them which we put toward our investigative mission almost in total. And that goes toward major case funding and the purchase of equipment. That again is sort of a force multiplier. There's part of that money that eventually could help to buy equipment to solve a crime that somebody was trained here who ultimately uses that piece of equipment. I know that's a very convoluted answer, but that is sort of the way that we have to operate. TEOAF, as an entity, determines how much money we get each year, but of the amount they give us, we put almost 100 percent of it toward investigations. Mr. Rogers. The last question I'm going to ask, I know Mr. Smith says it's not for him. Mr. Warner, I know that there have been major players in the computer world who have suggested lately that to help prevent phishing and spam, there be an Internet charge for mass mailings like that per email. That sounds like a tax to me. But if it's only for mass distribution, do you feel like it's practical or there are problems with that? Mr. Warner. Yes, I can answer that. The problem, though, right now, Mr. Congressman, is that criminals don't use the Internet the way you and I use it. The criminal is not registering an account and paying his bills. He's sending out millions of emails and soliciting. The criminal is breaking into your home computer and sending the email through your home computer. Mr. Rogers. Then I'm against it. That's a tax on me. Mr. Warner. Right. The criminal's email sending--we have seen Botnets broken down by the FBI in the last year where one particular criminal could send 14 billion emails each day. He did that by having a network of over 3 million computers all around the world that were sending spam on his behalf. Mr. Rogers. Thank you very much, Mr. Chairman. That's all I have. Mr. Fincher. I just have a couple more points. Chairman Bachus. He wants a traffic light. Mr. Fincher. I'll leave it like it is, Mr. Chairman. It's very rural. So many times, we don't appreciate what we have until we don't have it anymore. And so many times, you guys aren't appreciated enough for what you're doing. That's why it's crucial that we focus at length today--Mr. Rogers focused on the financial side, and I want to stay with that, staying ahead of the criminals because it's becoming such a liability issue that if they hit us right and hit us hard enough, it will take us down big time. It's so important. Mr. Chairman, I go back to this. It seems like every conversation--and this is why we have been so focused, not to get political, to get our economy moving again and get people back to work and get revenue rolling again, because we can fund the things that are important. These things are very important. Should there be requirements, you think, like Tennessee? Should it be mandatory, or maybe at the State level, that at least one person for each county comes through here? Because there are so many things slipping through the cracks that they can't see until it's too late. And we actually can see it. It has cost us how many billions of dollars? But if the money was there and we could do what we need to do here, you guys could do what you need to do, should that be something that is looked at, or is it one per State and then the States can take it or one per district? What do you think, just your opinion? Mr. Hillman. Congressmen, when we look at those candidates--and I'll let Mr. Smith respond as well--you have to look at the pockets of crime and where the hot spots are. You're going to have more in Los Angeles than you will in a rural county in Nevada. So we have to pay attention to that, and they do a very good job of looking at those areas and you kind of concentrate assets there. On the flip side of that, in South Alabama, one rural county, there might not be another investigator who knows how to do this for five or six counties. So you want somebody there so that you don't have to drive all the way to Birmingham to find an investigator who's capable of doing it. I don't know that you could put a requirement like that on it because it's moving all the time, and it depends on what type of crime. A whole bunch of variables go into that. You have to--you're talking about financial crimes. Think about it. Every dope dealer is going to send text messages. You're getting capital murder cases set up with emails now. So it just really depends. But the key thing is getting bodies out there who know what they're doing and can handle this evidence, because it's coming down on top of us very quickly, and we are way behind the eight ball in catching them. Mr. Fincher. Two more things, Mr. Smith: one, what is the greatest expenditure at the training center; and two, kind of go through the jurisdiction of how we deal--as Mr. Warner said a few minutes ago--with these guys all over the world and do we have problems with trying to beat that back? Mr. Smith. I think as far as the institution is concerned, the costs are fairly equally divided. Out of the $4 million, it's fairly equal between the travel costs, the per diem costs to the individuals while they're here as well as the equipment costs. If you look at that across-the-board, it is pretty equal. In terms of the jurisdictional issues that I spoke about a moment ago, in the Secret Service at least, we take that force multiplier approach. We use our foreign offices to liaison and try to always have good relationships with law enforcement there. And that works for us on two levels. First, on the protective mission, because so many of our protectees travel abroad constantly now. So we need that. And that is on one level how we interact quite a lot with the host countries or countries that our protectees may visit. But at the same time, those field offices in those foreign countries are assigned to the Office of Investigations, so they come under our office. And to the other side of the mission with the investigations, we use that same formula to try to incorporate the work that we are doing with the host country. Sometimes, we're able to actually lend some expertise to them because this is a new arena for law enforcement agencies in those countries as well. And so we try as best we can to brief them or give them some adequate training. And as someone said earlier, some of the countries are easier to deal with than others. We have had great success in a good number of them. Particularly in some of the eastern countries, we have been successful not only in making arrests, but actually being able to extradite a few people along the way. Mr. Fincher. Thank you guys for your service. Chairman Bachus. Let me close by saying that the Secret Service investigates financial, cyber crime, and counterfeiting. Admission to this institute is somewhat restrictive, and there is a lot of demand for this center or institute. The feedback has been very complimentary. They come here and learn how to investigate other types of crimes, which are not under the charge of the Secret Service. So the $4 million that you're spending is a small investment--I'll say if they break into my bank account, that's one thing. If they harm my grandchild, that's quite another. So the Secret Service is rendering a valuable service outside their primary charge. And I'm very appreciative of that. We also have had briefings on financial service. I think you were there. Some of what you're up against is pretty overwhelming. And that's also a demanding area. I think maybe some others need to step up and find other funding sources to help fund this. The Secret Service is the primary agency and will have jurisdiction over it, but there may be other ways to help fund it. Do you know what I mean? I'm open to any suggestions. I do want to let the record show that I have been very nice to the Secret Service. Without objection, the hearing-- Is there anyone who wants to make a final comment? This, I think, has been a very good hearing. And the testimony--without objection, the hearing will remain open for thirty-- Judge Cole. Mr. Chairman, I apologize for interrupting. My name is Karen Cole. I'm a trial judge from Florida, and we have our entire class of trial judges here today. And I just wanted to let you know that we are grateful for what you are doing and we are particularly grateful for the Institute for what we are learning here today. There is nothing like this institute available in our jurisdictions, and we need to be able to understand the testimony when it is presented to us by law enforcement, and that's what we're learning here today. Thank you so much for the work you do. Chairman Bachus. Great. There are 26 judges in your class? Judge Cole. Yes. Chairman Bachus. Would you--I think time will allow. I would like for you each to stand up and give your name and your jurisdiction, if that's okay, your State or your city. Judge Cole. Jacksonville, Florida, Circuit Judge Karen Cole. Judge Leiber. I'm Dennis Leiber from the Circuit Court of Kent County, Grand Rapids, Michigan. Judge Higgins. I'm Cheryl Higgins, Circuit Judge for Albemarle County, Virginia. Judge Staab. I'm Tracy Staab, Spokane Municipal Court in Washington. Judge McGinnis. Mark McGinnis. I'm a trial judge in Appleton, Wisconsin, and part of the faculty here. Chairman Bachus. Thank you. Judge Landenburg. My name is David Landenburg. I'm representing the domestic violence coordinating issue with regard to cyber crimes that pop up every day, and I'm from Tacoma, Washington. Judge Deason. Donald Deason. I'm a trial judge, District Court Judge from Oklahoma County, State of Oklahoma. Judge Giacomo. I'm William Giacomo. I'm a Justice of the United States Supreme Court, Westchester County, New York. Judge Hoort. I'm David Hoort. I'm a circuit judge from Ionia County, Michigan, and I think we have about seven traffic lights. Judge Cunningham. James Cunningham, Jr., from Anoka County, Minnesota, right outside Minneapolis. Chairman Bachus. Okay. Judge Jarrett. Lisa Jarrett. I'm a District Court Judge, Trial Division, in San Antonio, Texas. Judge Morris. I'm Judge Denise Langford Morris from the Oakland Circuit Court in Pontiac, Michigan. But more importantly, I'm a former Assistant United States Attorney. And I can't tell you how much we feel comfortable and satisfied with what we are receiving this week and more so impressed with the staff here. The staff is impeccable from the moment that we were accepted. Thank you. Judge Kennedy. John Kennedy, Superior Court of New Jersey, Newark. Judge Berger. Wendy Berger. I'm a Circuit Court Judge in St. Johns County in St. Augustine, Florida. Judge Krueger. Kurt Krueger, a Trial Court Judge in District Court, Butte, Montana. Judge Evans. My name is Michael Evans. I'm a Superior Court Judge in Kelso, Washington. Judge Newman. Clifton Newman. I'm a Circuit Court Judge from Columbia, South Carolina. Judge Moore. I'm Daniel Moore. I'm a Circuit Court Judge and Major Felony Court Judge in Clark County, Indiana, near Louisville, Kentucky. Judge Miller. I'm Rich Miller. I'm a District Judge from Madill, Oklahoma. I was told by a lot of the OU football fans that they were treated more graciously than they had ever been treated when they played Alabama in 2003. I have to agree. It's so nice and has been such a wonderful experience to be able to come here today. Judge VerSteeg. I'm Pat VerSteeg. I'm an Associate District Court Judge from western Oklahoma. In my home county, we have no traffic lights either. Judge Brnovich. Susan Brnovich, Superior Court in Maricopa County, Arizona. Judge Snyder. Irvin Snyder. I'm a New Jersey State Superior Court Judge. I serve in Camden County, which is just outside of Philadelphia. And we have a traffic light on every corner. Judge Crawford. I'm Charlie Crawford, Circuit Court Judge for Viera, Florida. I'm proud to come home. I'm a graduate of Cumberland School of Law. Judge Meyer. I'm Sam Meyer. I'm a District Court Judge of Thurston County, which is in Olympia, Washington. Chairman Bachus. That was very inspiring. And Mr. Smith and Mr. Hillman, I think that was very--they were very complimentary of the center. And I would ask the judges, who are always very influential people in their towns and cities, to talk to their local Members of Congress and tell them about the value that you received here. And we appreciate the job you have done. We appreciate your sacrifice for coming here and staying and applying yourself to what is a complex set of issues, and it's a complex field of the law. And you obviously--it speaks well of you that you are participating and would more better serve your constituents. So I think it's a compliment to you. And we are just overjoyed to have you. Now, Tony, that has to make you feel good as Mayor of Hoover. Mayor Petelos. Absolutely, Mr. Chairman. Chairman Bachus. With that, I want to recognize Wayne--is it Pacine--who is the interagency project manager for the Board of Governors of the Federal Reserve System. Thank you for being here. And Greg Garcia, who is the FSSCC chairman of the cyber committee. Is he here? Okay. All right. Thank you very much, and this hearing is adjourned. [Whereupon, the hearing was adjourned.] A P P E N D I X June 29, 2011
![]()