[House Hearing, 112 Congress]
[From the U.S. Government Publishing Office]
HACKED OFF: HELPING LAW ENFORCEMENT
PROTECT PRIVATE FINANCIAL INFORMATION
=======================================================================
FIELD HEARING
BEFORE THE
COMMITTEE ON FINANCIAL SERVICES
U.S. HOUSE OF REPRESENTATIVES
ONE HUNDRED TWELFTH CONGRESS
FIRST SESSION
__________
JUNE 29, 2011
__________
Printed for the use of the Committee on Financial Services
Serial No. 112-43
U.S. GOVERNMENT PRINTING OFFICE
67-938 PDF WASHINGTON : 2011
-----------------------------------------------------------------------
For sale by the Superintendent of Documents, U.S. Government Printing
Office Internet: bookstore.gpo.gov Phone: toll free (866) 512-1800; DC
area (202) 512-1800 Fax: (202) 512-2104 Mail: Stop IDCC, Washington, DC
20402-0001
HOUSE COMMITTEE ON FINANCIAL SERVICES
SPENCER BACHUS, Alabama, Chairman
JEB HENSARLING, Texas, Vice BARNEY FRANK, Massachusetts,
Chairman Ranking Member
PETER T. KING, New York MAXINE WATERS, California
EDWARD R. ROYCE, California CAROLYN B. MALONEY, New York
FRANK D. LUCAS, Oklahoma LUIS V. GUTIERREZ, Illinois
RON PAUL, Texas NYDIA M. VELAZQUEZ, New York
DONALD A. MANZULLO, Illinois MELVIN L. WATT, North Carolina
WALTER B. JONES, North Carolina GARY L. ACKERMAN, New York
JUDY BIGGERT, Illinois BRAD SHERMAN, California
GARY G. MILLER, California GREGORY W. MEEKS, New York
SHELLEY MOORE CAPITO, West Virginia MICHAEL E. CAPUANO, Massachusetts
SCOTT GARRETT, New Jersey RUBEN HINOJOSA, Texas
RANDY NEUGEBAUER, Texas WM. LACY CLAY, Missouri
PATRICK T. McHENRY, North Carolina CAROLYN McCARTHY, New York
JOHN CAMPBELL, California JOE BACA, California
MICHELE BACHMANN, Minnesota STEPHEN F. LYNCH, Massachusetts
THADDEUS G. McCOTTER, Michigan BRAD MILLER, North Carolina
KEVIN McCARTHY, California DAVID SCOTT, Georgia
STEVAN PEARCE, New Mexico AL GREEN, Texas
BILL POSEY, Florida EMANUEL CLEAVER, Missouri
MICHAEL G. FITZPATRICK, GWEN MOORE, Wisconsin
Pennsylvania KEITH ELLISON, Minnesota
LYNN A. WESTMORELAND, Georgia ED PERLMUTTER, Colorado
BLAINE LUETKEMEYER, Missouri JOE DONNELLY, Indiana
BILL HUIZENGA, Michigan ANDRE CARSON, Indiana
SEAN P. DUFFY, Wisconsin JAMES A. HIMES, Connecticut
NAN A. S. HAYWORTH, New York GARY C. PETERS, Michigan
JAMES B. RENACCI, Ohio JOHN C. CARNEY, Jr., Delaware
ROBERT HURT, Virginia
ROBERT J. DOLD, Illinois
DAVID SCHWEIKERT, Arizona
MICHAEL G. GRIMM, New York
FRANCISCO ``QUICO'' CANSECO, Texas
STEVE STIVERS, Ohio
STEPHEN LEE FINCHER, Tennessee
Larry C. Lavender, Chief of Staff
C O N T E N T S
----------
Page
Hearing held on:
June 29, 2011................................................ 1
Appendix:
June 29, 2011................................................ 33
WITNESSES
Wednesday, June 29, 2011
Hammac, Douglas ``Clay'', Criminal Investigator, Shelby County
Sheriff's Office, Shelby County, Alabama....................... 14
Hillman, Randall I., Executive Director, Alabama District
Attorneys Association.......................................... 9
Smith, Alvin T., Assistant Director, Office of Investigations,
United States Secret Service................................... 7
Warner, Gary, Director of Research in Computer Forensics, The
University of Alabama Birmingham............................... 12
APPENDIX
Prepared statements:
Hammac, Douglas ``Clay''..................................... 34
Hillman, Randall I........................................... 39
Smith, Alvin T............................................... 43
Warner, Gary................................................. 50
HACKED OFF: HELPING LAW
ENFORCEMENT PROTECT PRIVATE
FINANCIAL INFORMATION
----------
Wednesday, June 29, 2011
U.S. House of Representatives,
Committee on Financial Services,
Washington, D.C.
The committee met, pursuant to notice, at 2:03 p.m., at the
National Computer Forensics Institute, 2020 Valleydale Road,
Suite 209, Hoover, Alabama, Hon. Spencer Bachus [chairman of
the committee] presiding.
Members present: Representatives Bachus and Fincher.
Also present: Representative Rogers.
Chairman Bachus. Good afternoon. I see we have a group of
witnesses seated. We also have several people in the audience
who played an integral part in helping fund the project: Tony
Petelos, the Mayor of Hoover; and Tommy Smith of the District
Attorneys Association.
Randy, do you want to introduce some of them?
Mr. Hillman. Yes, sir. Yes, sir, Mr. Chairman. There are
several elected DAs here. Tommy Smith is the district attorney
from Tuscaloosa County. He's president of the association.
Chairman Bachus. Where is Tommy? There he is. Hey, Tommy.
Mr. Hillman. With your permission, Mr. Chairman, could I
ask them to stand?
Chairman Bachus. Yes.
Mr. Hillman. Any elected district attorneys, would you
stand, please?
Mr. Chairman, we have Chris McCool, the district attorney
in Fayette, Lamar, and Pickens County; Brandon Falls, the DA in
Jefferson County; Steve Marshall, the DA in Marshall County;
and Tommy Smith, president of the association. Thank you.
Chairman Bachus. Do you have your investigators here?
Mr. Hillman. Yes, sir.
Chairman Bachus. And we have several members of the
legislature. Would you stand up?
Mike, since you're the senior guy, why don't you introduce
yourself? You are in front.
Mr. Hill. I'm Mike Hill, a State Representative from Shelby
County.
Mr. Johnson. Wayne Johnson, District 22 Representative,
from Huntsville.
Senator Blackwell. Slade Blackwell, Senator from
Birmingham.
Chairman Bachus. And Jan Williams in the back.
Mr. Demarco. And Paul DeMarco.
Chairman Bachus. And Paul DeMarco, Representative DeMarco.
So we appreciate--I thank everyone in the civil service and
the District Attorneys Association. The State of Alabama was
very supportive in their funding. I recognize the Shelby County
Sheriff. Do you want to stand up and introduce yourself?
Do you have any other sheriffs? I'll let you introduce
them.
Sheriff Curry. Sir, I don't think there are any other
sheriffs present.
Chairman Bachus. Okay. We appreciate Shelby County's
participation. I'm going to--I'm supposed to read this right
now.
Without objection--actually, I can do it at the end of the
hearing.
At this time, is there anybody else present who--the Secret
Service--Gary, do you have anybody you want to introduce?
Mr. Warner. If I may, yes, sir. We have the privilege of
hosting a National Science Foundation group of researchers this
summer, and several of our past student researchers from that
team have joined us today, if they could stand briefly.
Allison Peck and Hugo and Megan were selected out of 116
applicants to come and study computer forensics at UAB this
summer as a courtesy of the National Science Foundation. So we
want to thank the National Science Foundation for them being
with us.
Chairman Bachus. Thank you. At this time, we're going to
have opening statements from the witnesses. I'll introduce the
witnesses.
I really want to kind of emphasize some things that some of
you might not get into. I'm going to do it sort of from the
standpoint of, I'm a former trial lawyer, which may be a dirty
word.
But computer forensics is the process of extracting,
analyzing, and preserving data. It is the process of getting it
successfully introduced either at trial or into evidence or
ready for evidence. It's a virtual gold mine of very vast,
precise, and most importantly in a trial setting, our
investigation of reliable and valuable information.
It's not a human being sitting on a witness stand with
evidence that is imprecise or contradictory, subject to memory
loss or prejudice or motive.
Two witnesses may testify about the same conversation. Each
tells a different story, and each tells sometimes what they
think is true.
Several witnesses might testify and still the picture is
unclear and a gap exists. They tell a story about a steamboat
up in New England that went around a bay, and it sank right in
front of hundreds of people. And they said they were unable to
determine what happened because there were too many witnesses.
And that is somewhat true. That's certainly not true with
forensic evidence. It's altogether different.
Think about what's on your computer at home. It's
thoroughly accurate. It's the most factual information
available on what, when, and to whom something was said or when
you did something, like in the Casey Anthony trial.
That information about chloroform was downloaded and, in
fact, the technician who testified in the Casey Anthony trial
on national TV was trained in this very center. And if you saw
that testimony, the defense attorneys were unable to shake her.
She was prepared for everything that they had to do. And also,
I'm sure that she assisted the judge, or at least the
prosecution, in the proper predicate to be laid so that there
wouldn't be reversible error.
I know we have judges here today. We have a group of 26
judges from all around the Nation who are learning how to
properly introduce evidence, how to rule on it so there won't
be reversible error as they preside over a trial.
And I think law enforcement is very frustrated when a case
goes up on appeal and it's turned back for a procedural
technicality.
Not only emails and instant messages, but your personal and
financial records are on a computer. Letters and memos, Web
sites you have visited, it's all there.
I heard someone say this: It's like reading your mind in
realtime, when you basically almost know what someone is
thinking, what their motive is, and what's going on.
It can be highly revealing. And if you're engaged in
criminal conduct--that's what this is all about--it's highly
incriminating.
Last year--I think I have it in my written remarks--one of
your software companies estimated that there's $1 trillion of
software fraud worldwide. Here, at least $37 billion worth of
losses.
Just this month, we have seen cyber security attacks and
cyber attacks on Citigroup, on the Federal Reserve, and on the
CIA.
So we're not talking about just criminal activity or
financial crime, which was the motivation originally behind
this center, but we're talking about actually espionage and
people all over the world. And we'll get some terrific
testimony.
I want to applaud the Secret Service. This institute was
opened at a very--District Attorney Association--I think this
was originally you working with the Secret Service, the
District Attorneys of the United States. I think the sheriff's
department and the police department were involved. You wanted
a place to train people.
This is very complex, very detailed, very precise work, and
it's very expensive, too, because of the software that is
needed. It's always changing and evolving. But law enforcement
and sheriffs and police departments didn't have the resources
to combat these crimes.
And if you think about it, any time someone commits a
crime, they're going to use an electronic device. It's almost
impossible to do that without using cell phones.
We're not talking about just computers. We're talking about
cell phones. We're talking about iPads. We're talking about
BlackBerrys.
I know probably a year after this center opened, a
detective who was trained here went back to a small town in
Virginia and got out a computer that had been over in the
corner for about 3 years, and they tried unsuccessfully to get
anything out of it.
Using the software he was given here, he was able to pull
it off the computer and successfully prosecuted a guy for
sodomizing a 6-year-old child.
So it's pretty hard to put a figure on how valuable this
center is. But, thanks to the Secret Service, thanks to the
Alabama and National District Attorneys Office and the
sheriff's department, thanks to the State legislature and the
City of Hoover and Shelby County, and many other trials.
We have had at least one case where someone was being
investigated for a murder, and they were cleared, forensic
evidence cleared them. So you had someone who may have been
charged and was able to prove their innocence.
The witnesses today are going to tell you about some of the
details of cyber crime, which is now, I guess, the fastest
growing crime in America. And none of us are safe.
Of course, I think very seldom is there not a person who is
either--has been hacked or will be hacked, their computer.
I don't know whether it was my computer or someone else's
that was hacked, but I have had charges on my credit card, and
I was notified the very next day that it had, in fact,
happened. And it's kind of funny when you go on there--or not
funny, but you go in and you actually see those charges.
But with that, I would like to introduce and to turn it
over to Mike Rogers, one of the senior members of the Homeland
Security Committee, to make an opening statement.
Mr. Rogers. I just wanted to thank Spencer for calling this
hearing. As he mentioned, I was on the Homeland Security
Committee before it was a standing committee. It was a select
committee before 9/11, and we recognize the real threat of
cyber security authorities have for our Nation. The Department
has been working aggressively to that end.
I'm very pleased with the presence of this entity, this
site in Alabama. Folks don't think about this kind of cutting-
edge technology here in Alabama, but it is here, and we're very
proud of it.
Randy and his folks have done a good job in the outset of
keeping me apprised of what they have been doing. I have been
very supportive, and I know this will be very critical in
continuing to protect our Nation.
A lot of people think about the Department and the FBI and
the Secret Service being on the cutting edge, but the fact is,
we can't do it without local law enforcement. These
partnerships that we have in local communities are critical in
identifying these cells, the people who are problems, the
threats, and monitoring activity.
And I have been amazed through the work of this entity,
like Spencer said, how much of our lives is on a gadget,
whether it's a computer or BlackBerry or cell phone.
And even when it comes to small drug deals, there is a cell
phone involved. This is very critical technology, and I'm very
supportive of it and look forward to the testimony we have here
today.
Like Spencer, I had Secret Service knock on my door one day
and tell me that someone had attempted to steal my identity, as
well as the identities of about 20 other Members of Congress.
Fortunately, they didn't succeed, but it could be anybody. You
never know who they are. Thank you. We look forward to hearing
the testimony and asking a few questions.
Chairman Bachus. Thank you. And actually, I asked Gary
Warner to introduce those people, but you're with UAB.
That reminds me, Gary Warner actually was one of the people
who called and told me that my congressional site had been
hacked.
So anyway, let me introduce our witnesses.
Oh, I'm sorry. Steve is one of my good friends and one of
the newly elected Republicans to the Congress and to the
Financial Services Committee. In fact, he is the newest member
of the Financial Services Committee. Steve Fincher. And--
Mr. Fincher. Thank you, Mr. Chairman.
Chairman Bachus. I take back everything I said about your
tie.
Mr. Fincher. Well, Mr. Chairman, I'm wearing my orange tie
today for Auburn. It's not Tennessee. It's Auburn. My middle
son is a big Auburn fan. I was able to bring him down last year
to homecoming and it is just a great, great college, a great
place.
I was listening to the chairman and Congressman Rogers
talking about hacking into our credit cards. And I thought one
day that mine had been hacked into. Come to find out, my wife
had been shopping. Seriously, that's what I thought it was.
So it's an honor to be here with you guys today. We can't
say enough about local, State, and Federal law enforcement and
what you guys do in the legal system. It's not if we're going
to have an attack; it's when. We're either moving forwards or
backwards.
And it's an honor to be able to serve in the leadership of
someone like Chairman Bachus because he gets it.
I'm from Tennessee and I'm just a common sense guy. My
background is a seven-generation cotton farmer. We need to make
sure that our priorities are in the right order. And a lot of
times, they're not.
But you guys are offering a great service to this country,
and you're going to stand in the gap when we have another
attack and when they attack us in this way, because as many of
us know, this could shut our country down if the right people
get the right information and go about it the right way.
So I am very, very interested in hearing what the panel has
to say today, and it's good to be back in the State of Alabama,
one of our bordering States.
With that, I will turn it back over to Chairman Bachus.
Chairman Bachus. I'm going to introduce the witnesses at
this time. I just noticed that Joe Borg is here, the Alabama
Securities Commissioner. Joe, would you stand up?
Randy, did you introduce everyone in the unit? And how
about the Secret Service Commission? Do have anybody you want
to introduce? I know you have several people here.
Mr. Hillman. I do, actually.
Chairman Bachus. In fact, it was testified to before some
of our security members, which was incredible.
Mr. Hillman. I do, Mr. Chairman. Thank you. I would like to
recognize several of our people who are here today: Special
Agent in Charge Ken Jenkins, who is in charge of our Criminal
Investigative Division, which again is our sort of nexus of
nationwide oversight; Deputy Special Agent in Charge Pablo
Martinez, whom I think you have met before; and Special Agent
in Charge Roy Sexton of the Birmingham office, which is
responsible for the entire State of Alabama and has a lot of
interaction obviously with this institute among others that are
here.
Chairman Bachus. Thank you. Will you gentlemen stand up?
Thanks.
Thank you. And let me say this: When I was talking to
different people who played a role, obviously the bigger role
is the Secret Service. The Secret Service is the entity that
runs this center--along with the cooperation of the district
attorneys--and makes their expertise available. So we can't
thank you enough, I think, for the excellent job you do.
And this obviously goes beyond counterfeiting, and it is a
tremendous challenge. So thank you very much.
Spencer Collier is the Alabama Homeland Security Director.
Thank you.
Mr. Hillman. U.S. Attorney Joyce Vance is here.
Chairman Bachus. Okay. I had no idea. Would you please
stand up?
Ms. Vance. I am happy to be here with you.
Chairman Bachus. Thank you very much. Congratulations on
your appointment.
Ms. Vance. Thank you.
Chairman Bachus. Her father is Judge Vance, who is actually
a sitting judge who was attacked and wounded by a bomb.
But anyway, we'll go ahead now and introduce our witnesses.
Gary Warner is director of research in computer forensics at
the University of Alabama at Birmingham where he teaches in the
computer and information science and justice science
departments with more than 20 years of IT experience.
He previously served on the national boards of the FBI
InfraGard program and the DHS Energy ISAC. His lab works
closely with the Birmingham FBI cyber crimes task force and the
Birmingham USSS electronic crimes task force with whom he
shares his research on spam, malware, investigating on-line
crime, and--I guess that's phishing. How do you--
Mr. Warner. Phishing. It's tricky with the ``P-H.''
Chairman Bachus. Thank you.
Randy Hillman is the executive director of the Alabama
District Attorneys Association of the State Office for
Prosecution Services, a position he has held since January
2002. Prior to this, he was chief assistant DA for the Shelby
County District Attorney's Office.
And Robbie is here. Were you introduced, Robbie?
Mr. Owens. I was left out as usual.
Mr. Hillman. Thank you, Mr. Chairman. I appreciate that.
Robbie Owens is the district attorney from Shelby County,
which is where this facility is located.
Chairman Bachus. Thank you.
During Mr. Hilman's tenure, he led trial counsel in seven
capital murder prosecutions where the defendant received the
death penalty or life without parole, many of them tried before
my former partner, and he tried numerous other high-profile
cases, including the road rage murder.
Randy is a member of the Alabama Bar Association, Shelby
County Bar Association. He's on the Board of Trustees at the
University of West Alabama and the Board of Directors for Owens
House, which is a child advocacy center.
He was really a moving force in visualizing the need for
the National Computer Forensic Institute, and working with the
Secret Service in partnership to bring it here. It wouldn't
have happened without Randy and his association. Or it may have
cost a whole lot--
I don't know whether you know this, in the crowd, but the
City of Hoover--you can see what a beautiful facility this is--
donated this at no charge for 7 years rent free.
One of the sites they were considering was up at Aniston
Army Depot, where they were going to spend several million
dollars to renovate it.
Mr. Rogers. Thank you for reminding everybody we lost.
Chairman Bachus. I actually always wanted to renovate
something and--it was one of the few things that hadn't gone to
West Virginia. You can actually get here from there.
But Clay Hammac is a 7-year veteran of the Shelby County
Sheriff's office, currently assigned as a criminal investigator
specializing in financial and electronic crimes. He's a 2008
graduate of the National Computer Forensic Institute and has
utilized his skills and training received here to investigate
crimes ranging from the typical on homicide to organized
financial crime rings. And that was the case off 280 there?
Mr. Hammac. Yes, sir. That's right.
Chairman Bachus. That was one of the most heinous crimes
you can imagine.
Mr. Hammac holds a degree in finance from the University of
South Alabama, and an MBA from Regis University in Denver.
And finally, I guess the star witness is A.T. Smith,
Assistant Director of the United States Secret Service. We're
honored to have you here in Hoover.
A.T. Smith is from Greenville, South Carolina, and was
appointed Assistant Director of the Office of Investigations in
October 2010. In this capacity, he develops and implements
policy for all Secret Service criminal investigations
pertaining to counterfeit currency and financial crimes and
electronic crimes.
Mr. Smith is responsible for oversight of the Secret
Service Criminal Investigative Division, Forensic Service
Division, Investigative Support Division, Asset and Forfeiture
Division, International Programs Division, and over 3,000
personnel assigned to 140 domestic and 22 international offices
in 6 continents. Some of those are pretty unfriendly
territories.
So we welcome our witnesses. Do any of you want to suggest
an order we go in? Why don't you go first, Mr. Smith, since you
are here as our guest?
STATEMENT OF ALVIN T. SMITH, ASSISTANT DIRECTOR, OFFICE OF
INVESTIGATIONS, UNITED STATES SECRET SERVICE
Mr. Smith. Thank you, and good afternoon, Chairman Bachus
and members of the committee.
If I might, just at the outset, let me say that with regard
to what you said about the Secret Service being integral in the
forming of this institute, that is true.
But we are equal among partners. And we are all in this
together. I can assure you that no one has worked harder, again
as you pointed out, than Randy Hillman to design and coordinate
and actually get this facility to where it is today. So I want
to publicly thank him as well.
Thank you for the opportunity to testify on the emerging
threat that cyber criminals pose to both personal and business
finances and to financial institutions.
On February 1, 2010, the Department of Homeland Security
delivered the quadrennial Homeland Security Review, which
established a unified strategic framework for Homeland Security
missions and goals and underscored the need for a safe and
secure cyberspace.
In order to be successful in this mission, we have to
disrupt criminal organizations and other malicious hackers
engaged in high consequence or widescale cyber crime.
In this arena, the Secret Service has been leading the
Department's effort for some time. As the original guardian of
the Nation's financial payment systems, the Secret Service has
a long history of protecting American consumers, industries,
and financial institutions.
Over the past decade, Secret Service investigations have
revealed a significant increase in the quantity and complexity
of cyber crime cases. Broader access to advanced computer
technologies and the widespread use of the Internet has
fostered the proliferation of computer-related crimes targeting
our Nation's financial infrastructure.
Current trends show an increase in network intrusions,
hacking attacks, malicious software, and account takeovers
which result in data breaches that affect every sector of the
American economy.
As a result of this increase and in line with the
Department's focus of creating a safer cyber environment, the
Secret Service developed a multifaceted approach to combat
cyber crime by expanding our electronic crimes special agent
program, expanding our network of Electronic Crimes Task
Forces, creating a cyber intelligence session, expanding our
presence overseas, performing partnerships with academic
institutions, focusing on cyber security, and working with the
DHS to establish the National Computer Forensic Institute.
The Secret Service partnerships with State and local law
enforcement remain at the very core of our approach and are
reflected in our task force model and through the work
conducted here at the NCFI.
The 31 Electronic Crimes Task Forces (ECTFs) that the
Secret Service established domestically and abroad exemplify
the Secret Service's commitment to sharing information and to
best practices.
Membership in these ECTFs include more that 4,000 private
sector partners; nearly 2,500 international, Federal, State,
and local law enforcement officials; and more than 350 academic
partners.
Based on this model, the Secret Service has been
responsible for the arrest of numerous transnational cyber
criminals who were responsible for some of the largest network
intrusion cases ever prosecuted in the United States.
These intrusions resulted in the theft of hundreds of
millions of account numbers and a financial loss of
approximately $600 million to the financial and retail
institutions nationwide directly impacting the lives of many
American citizens.
Recognizing that cyber crime is not just a Federal problem,
the Secret Service partnered with the National Protection and
Programs Director of DHS, the Alabama District Attorneys
Association, the State of Alabama, and the City of Hoover to
create a center where State and local law enforcement
officials, prosecutors, and judges could be trained on cyber-
related crimes.
I am proud to say that since its establishment, 644 State
and local law enforcement officials, 216 prosecutors, and 72
judges representing over 300 agencies from all 50 States as
well as 2 U.S. Territories have received training from the
Secret Service here at the NCFI.
In concert with our Federal, State, and local law
enforcement partners, the Secret Service will continue to play
a critical role in preventing, protecting, and investigating
all forms of cyber crime.
Chairman Bachus and distinguished members of the committee,
this concludes my prepared remarks, and I will be happy to
answer any questions that you may have.
[The prepared statement of Assistant Director Smith can be
found on page 43 of the appendix.]
Chairman Bachus. Thank you. Mr. Hillman?
STATEMENT OF RANDALL I. HILLMAN, EXECUTIVE DIRECTOR, ALABAMA
DISTRICT ATTORNEYS ASSOCIATION
Mr. Hillman. Thank you, Mr. Chairman. Chairman Bachus,
Congressman Fincher, Congressman Rogers, Governor Bentley,
honorable members of the Alabama legislature, other guests, and
our respected colleagues in law enforcement, thank you for the
opportunity to address this committee today.
In the last 25 years, the criminal justice community has
witnessed two watershed events with respect to criminal law.
The first is the advent of DNA evidence. The second, and the
reason that we're here today, is the creation and proliferation
of digital evidence and cyber crime.
In my current position as executive director of the Alabama
District Attorneys Association, it is my daily job to analyze
and attempt to meet the needs of law enforcement and
prosecutors. Without question, the need for digital evidence
training is one of our most pressing.
The media work escalation of digital evidence can be
compared to a tidal wave looming over the criminal justice
community. This type of evidence is present in the majority of
all cases, whether it is identity theft, phishing, child
pornography, murder or any other crime.
We have very quickly moved from just blood and guts to
megabytes and megapixels. The question is, do we as law
enforcement agents and prosecutors have the means to gather
that evidence? And the answer in most cases is a resounding no,
we do not.
Gentlemen, you know better than most anyone that we cannot
stick our proverbial heads in the sand. We must endeavor to be
ahead of the curve. We must be ahead of the criminals who would
prey on our family's financial security. This effort starts
here at home.
When I was a child, the bank was a brick building in the
center of town that you walked into to deposit a check or to
withdraw money.
Today, we can access our virtual bank nearly anywhere. This
convenience, although desirable, makes us extremely vulnerable
to criminals.
I will submit to you that not one individual in this room
has not had their personal data or financial holdings
compromised in some way due to a surreptitious intrusion by a
cyber criminal.
We are not immune and our children are not immune either.
They are by definition prime targets for identity thieves
because they have identifiers. They have information that is
considered pristine because they generally will not discover
that their identity has been compromised for several years.
This gives the criminal a very long time to use our identity
fraudulently.
We are bringing forth a crop of young adults who will exist
entirely on technology-based banking and commerce. Today, our
kids and young adults have credit cards, PayPal accounts,
PlayStation credit accounts, Wii accounts, and Apple APP
accounts.
Each of these areas are fertile grounds for a cyber
criminal. And once one of these accounts is compromised, who we
will call? More often than not, it will be your local police
department or your local prosecutor who will then be asked to
investigate and prosecute these bad guys.
Additionally, at the opening of this facility in 2007,
Chairman Bachus stated that terrorists such as Osama Bin Laden
were using technology and the Internet to fund and to manage
their worldwide terrorist networks most often by identity
theft, bank fraud, and phishing.
Recently, his comments were proven true after the capture
and killing of Bin Laden. Bin Laden had in his possession
hundreds of computer disks and digital devices containing
priceless evidence that will be used to understand terrorist
networks and ultimately help eliminate them.
Similarly, domestic and international terrorists and common
criminals fund their criminal enterprises through the use of
cyber crime and digital devices. They do this by compromising
banking systems through network intrusion and stolen
identities. This not only cripples our banking industry and
financial institutions, but it devastates our citizens.
Some would say this is strictly a Federal matter, Mr.
Chairman, but I wholeheartedly disagree. The State and local
law enforcement in this country tries over 95 percent of the
criminal cases. Those officers on the street are the first
responders and they are absolutely critical to building an
identity theft or network intrusion case and will, in the end,
provide the key evidence that will convict criminals and
provide restitution for victims.
Members of this committee, it's imperative that all law
enforcement agents and prosecutors be given the ability to
protect your constituents. It is both shocking and tragic that
law enforcement is ill equipped and trained to respond to a
digital crime scene.
I submit to you that the only way we can change this is by
greatly expanding training for law enforcement and prosecutors
and by providing them with the equipment they need to do their
jobs properly.
Unless and until we do these things, thieves, scammers,
pedophiles, and other criminals will continue to go unpunished
because they know that we simply do not have the ability to
reach out and catch them.
Chairman Bachus, Senator Shelby, Alabama District Attorneys
and my staff at the ADAA set out to address this issue some
years ago. We experienced the lack of quality computer
forensics training firsthand. Our trials in attempting to find
trained law enforcement agents and prosecutors to staff our own
computer forensics labs were the catalyst.
Because no one entity made it their mission to train law
enforcement, prosecutors, and trial judges in digital evidence,
we were left in a very difficult position of staffing these
labs. This facility that you are at now, the National Computer
Forensics Institute, is a direct result of this need and the
unprecedented cooperation of all levels of government, from the
highest Federal agencies to the smallest local governments.
This facility focuses on all computer-related crimes with
an emphasis on financial crimes, and more importantly, is
taught by true investigators who have been and are now in the
field each day. They understand and teach the curriculum from a
law enforcement perspective, not that of an academician or a
layman.
I witness each and every day the inherent value of quality
digital evidence training and education here, and I know that
the graduates from this facility have both solved thousands of
criminal cases and have prevented many others from being
committed.
In closing, I would like to thank you for being here, Mr.
Chairman and members of this committee. Your presence is both a
sign and a promise that you are committed to a unified front
against cyber criminals.
Furthermore, I respectfully challenge you to join me and my
colleagues in law enforcement to ensure that training
facilities like NCFI that train authorities to investigate,
prosecute, and even prevent cyber crimes and other crimes
remain as one of our top priorities.
Thank you, Mr. Chairman.
[The prepared statement of Mr. Hillman can be found on page
39 of the appendix.]
Chairman Bachus. Thank you. And, Gary, before we go to you,
I notice that one of our Supreme Court judges is here, Michael
Joiner. Would you stand up, Mike?
Judge Joiner. Court of Criminal Appeals.
Chairman Bachus. Court of Criminal Appeals. I appreciate
you being here. And did you try the four criminals that we were
talking about earlier?
Judge Joiner. I tried many of the ones you talked about
earlier.
Chairman Bachus. Okay. We appreciate you. Are there any
other judges or anyone else that I should have introduced?
I didn't have a list. A lot of times I have a list, but I
didn't get one.
Mr. Hillman. Mr. Chairman, former Congressman Bob McEwen is
with us today.
Chairman Bachus. Oh, wow! Bob, it is good to see you. Thank
you. We're honored to have everyone.
Do we have any other law enforcement officers that we have
not recognized? Would you stand up? Thank you. I appreciate you
all being here.
Chris Curry of Birmingham. So--I guess he's deputy chief;
is that--
Mr. Curry. Chief deputy, yes, sir.
Chairman Bachus. Chief deputy. I want to welcome you.
With that, Mr. Warner.
STATEMENT OF GARY WARNER, DIRECTOR OF RESEARCH IN COMPUTER
FORENSICS, THE UNIVERSITY OF ALABAMA BIRMINGHAM
Mr. Warner. Thank you, Mr. Chairman. Mr. Chairman and
members of the committee, I'm very happy to be before you today
at this hearing. I think this hearing is a sign of your wisdom
and your leadership in the financial services area. I'm very
glad that you chose to have it here in Alabama because there
are some very neat things happening here at the National
Computer Forensics Institute and around the State. So we thank
you for that.
Some of you may wonder what the University has to do with
law enforcement. We feel like we're contributing to the cyber
crime efforts in three main areas.
First, we're training the next generation of cyber crime
investigators. Because we have a partnership with our computer
science and our justice science programs, we feel like we're
offering a very unique graduate, someone who comes with both a
formal understanding of the justice process and a computer
science background to go with it.
The second area is that we're providing through my research
lab training and tools and techniques for fighting cyber crime.
Some of these datasets that we work with, there are a million
computers involved in a single live net. And you need some
high-powered computer science if you're going to be able to
analyze those sorts of datasets.
The third area that we're working with is in the area of
outreach and public education. We call it actually reducing the
victim pool.
The more we can identify outstanding threats that are
currently emerging, the more we can protect people by sharing
information with them in the media and in speaking in specialty
conferences. We don't just do training for computer scientists;
we also do training for health care information and workers for
educators and other organizations.
I think it's important that the committee understand that
this is the fastest growing category of crime.
If we look back to the year 2000, in 2000, there were only
360 million people on the Internet. And almost all of them were
in the United States.
That year, e-commerce really took off for the first time.
There were $5 billion worth of transactions that year.
If we go forward a decade to 2010, we're sitting at $164
billion of online commerce last year, a 3200 percent increase.
We now have 2 billion users of the Internet, and only 13
percent of them are in the United States.
We're now dealing with a situation where the United States
is the holder of most of the wealth that's accessible to the
Internet, and yet 87 percent of the Internet users live in
countries, many with shattered economies, which would like a
piece of that wealth.
One of the areas that we're struggling with is the lack of
computer science that has been applied to this area. Not only
has the criminal element grown on the Internet, as the economy
has grown, we're also dealing with very advanced sophisticated
computer criminals.
These people are getting advanced computer science degrees,
Ph.D.s in computer science and economics, and then are unable
to find a job in their home economies. And they're taking those
technology skills and working with the Russian Mafia and other
organizations to come after our money.
Law enforcement has not had a similar increase in focus in
high-tech crime fighting. That's one of the things we're
contributing from the University.
I'm also very concerned about the lack of complaints. When
we look at the Federal Trade Commission's consumer sentinel
report, last year they identified 1.3 million victims of fraud
and identity theft.
Unfortunately, all of the best surveys were saying there
were closer to a million victims of identity theft. Where do
those other 9.7 million complaints go?
We have trained our consumers that to be a victim of a
cyber crime is not something that you should engage law
enforcement on. You should call your bank. You should call your
credit card company.
Until we have access to the truth about those complaints,
until we know how many victims of cyber crime there are and
until we have a good way of gathering that evidence in a way
that has meaning, not just I lost some money but answering
particular questions, we aren't going to be able to do
intelligence-based policing of the Internet.
That's one of the places that we have also established a
partnership that you may not have heard of. It's called
Operation Swordphish.
Randy Hillman's office and my lab at UAB have been working
with the Department of Prosecutorial Services and the Alabama
District Attorneys Association and the Department of Public
Safety in Alabama to try to do something about this.
We have developed a Web site and a PSA campaign to attract
complaints from Alabama citizens who may have been victims of
cyber crime and are unaware that they ought to be reporting
these things to law enforcement.
Our Web site will gather those complaints. Our students
will help to triage that data and combine it with the evidence
that we have in our databases so that we can make qualified
referrals to law enforcement.
We think that this is one of the important things we have
to do to move forward, and we're looking forward to answering
any other questions you may have about these efforts.
[The prepared statement of Mr. Warner can be found on page
50 of the appendix.]
STATEMENT OF DOUGLAS ``CLAY'' HAMMAC, CRIMINAL INVESTIGATOR,
SHELBY COUNTY SHERIFF'S OFFICE, SHELBY COUNTY, ALABAMA
Mr. Hammac. Chairman Bachus and distinguished members of
this community, thank you for the opportunity to testify before
you today regarding the growing need for continued training and
resources to be made available to local and State law
enforcement at the National Computer Forensics Institute.
It has become unfortunately far too common for law
enforcement to encounter evidence of electronic crimes such as
fraud, embezzlement, and even espionage.
Without specialized training and resources, these cases
would certainly be impossible for local and State agencies to
investigate and prosecute due to the anonymity of the Internet.
Without question, electronic and financial crimes are the
fastest growing crime trends in the United States and
throughout the globe.
With each passing year, identity theft of individuals and
organizations behind it become more complex and capable of
rapid adaptation due to changing circumstances.
The foundation of identity-related crime is the compromise
of secured data held by private institutions, which typically
is achieved by means of electronic intrusions. And it's common
knowledge within the law enforcement community that on any
given day, there are thousands, if not tens of thousands of
individuals throughout the world hacking various point-of-sale
systems here within the United States as well as compromising
networks that hold valuable consumer information that will
inevitably be used by or sold to other criminal elements.
The growth of these crimes trends has unfortunately far
outpaced the growth of resources available to combat this
activity. Fortunately, the NCFI provides local and State law
enforcement agencies with the ability to confront these crimes
as they affect individual citizens of our communities and
throughout the country.
Electronic crimes are becoming more popular due to the fact
that the criminals have discovered that in many small towns
across our country, local law enforcement simply does not have
the resources or the capability to investigate such crimes.
As a result, the criminals exploit the lack of resources,
and complex electronic and financial crimes are often unsolved.
These crimes are difficult to solve due to the fact that
electronic crimes are often faceless crimes. The traditional
means of investigative work such as neighborhood canvassing,
witness interviews, and processing physical evidence are all
too often unnecessary and ineffective with these type of
crimes.
With the assistance of the NCFI, law enforcement men and
women across this country have received specialized training in
complicated fields of data analysis and computer forensics.
They have taken this training back to their respective
agencies throughout the country, and they are now fighting on
the front lines in this war against electronic crime.
Shelby County Sheriff Chris Curry is one of the many law
enforcement leaders in this country who has recognized the
change in crime trends within our communities and the United
States.
Sheriff Curry chose to utilize the NCFI to invest in his
personnel and capitalize on this specialized training.
Prior to attending the NCFI, I, like many of my colleagues,
had a very basic understanding of computer skills. Three years
later, I have completed more than 100 forensic examinations on
computers and cell phones. Many of the examinations have been
at the request of neighboring law enforcement agencies, as is
the case for many graduates of NCFI, thus alleviating the case
loads for State crime labs as well as the Secret Service.
And though my training at the NCFI has assisted me in the
investigation and resulting arrests of violent crimes such as
the quintuple homicide I was requested to assist with less than
24 hours after completing my training here, it has proven
equally vital in the investigation of financial crimes that
range from embezzlement to organized crime scenes.
As a very brief example, I was recently contacted by an
employee of a nationally recognized insurance company. The
employee made a simple complaint indicating that she believed
her 401(k) account was electronically compromised.
Utilizing the training that I received from the NCFI, I was
able to trace electronic routing numbers, bank account numbers,
and identifying IP addresses. Not only did I identify the
offender that compromised the data entry of the retirement
account, but also illustrated that he had done the same to 4
other employees as well as embezzled nearly $100,000 from the
insurance company.
That offender has since been arrested and indicted by a
grand jury in two separate jurisdictions. The potential loss in
this case cannot be identified by dollars and cents. The money
involved in this case makes up the retirement accounts that the
victims have invested in and depend on for many years to come.
Law enforcement is dedicated to not only responding to
these reports of criminal activity but also preventing these
criminal acts. And such a task would be more than challenging
without the tools and resources made available to us through
the NCFI.
Chairman Bachus and distinguished members of this
committee, this concludes my prepared statement. Thank you for
this opportunity to testify on behalf of local law enforcement
officers, and I'll be pleased to answer any questions that you
have.
[The prepared statement of Mr. Hammac can be found on page
34 of the appendix.]
Chairman Bachus. Congressman Rogers?
Mr. Rogers. As you heard, Chairman Bachus and Congressman
Fincher are with the Financial Services Committee, so they're
going to be much more focused, I'm sure, on the financial crime
than I am. I'm more focused on threats to our homeland than
cyber security stuff.
My concern is there, so I'm going to make that the focus of
my questions.
Mr. Smith, you talked about a number of people who received
their training here, a relatively small number when you think
about it. What is the number that you think should be annually
having access to this training?
Mr. Smith. As I said, we have trained a significant number
of people. And quite frankly, the positive of that is--which I
didn't elaborate on as much--that we used this as a force
multiplier, because what we are able to accomplish here through
training is literally putting a mini crime lab, if you will, in
every one of the locations that those individuals represent.
When they go back to the field, they are able to take the
knowledge and expertise that they gain here and apply that not
only in their department there locally, but as you heard Mr.
Hammac say, from other departments regionally.
And I think we have done a very good job in terms of
spreading the wealth, if you will. There has been pretty equal
representation from all of the States across the country.
Having said that, we, as you saw in my prepared remarks,
operate at about 25 percent here. We understand, like certainly
members of the committee do, that budget issues are always a
concern. But quite frankly, we could always do more, if that
opportunity comes our way.
It would be hard for me to put an exact number on that
because again, it is such a benefit for us to approach this, as
I have said, from a force multiplier standpoint.
So in terms of actual numbers, I'm sure that's something
that we could get for you after we delve a little further, if
need be. I think that would be the best way to answer it. We
could always use a little more, but certainly I think we're
able to accomplish a lot with what we are able to have and to
do.
Mr. Rogers. Thank you. Mr. Hillman?
Mr. Hillman. Congressman, right now we are running at this
facility somewhere around 25 percent capacity. We could--we are
putting, give or take, 400 people per year in this facility.
The capacity is 1,600. And we have--
Mr. Rogers. This is a big facility. Just because you have
the capacity doesn't mean it's needed. That's what I'm after.
Mr. Hillman. Yes, sir.
Mr. Rogers. How many people would like to get in here but
can't because you just don't have the funding to meet that need
and it's really inhibiting your ability to pursue leads and
crimes and threats that are out there that need pursuing?
That's what I'm asking.
Mr. Hillman. Congressman, we are running anywhere from 8 to
10 to 12 applicants per spot right now trying to get in here.
Mr. Rogers. How is that applicant selected and how are
they--what's the criteria for their approval?
Mr. Hillman. The Secret Service, that's the State and local
law enforcement candidates through their local field offices.
There are special agents in charge--in charge of gathering
those names and then they select those candidates.
The Alabama District Attorneys Association, that's the
candidates for prosecutors and judges throughout the country.
There's a lot of give and take on both sides. There are lots of
people from different jurisdictions who need to come here that
we might not know about that the Secret Service does and vice
versa.
Mr. Rogers. Mr. Smith, how many of these folks are backed
up and can't get in here because of space?
Mr. Smith. Again, as Mr. Hillman said, I would say on
average with every class, we turn away about 60 percent of the
candidates who apply.
Mr. Rogers. What's the criteria of the ones that you do
approve?
Mr. Smith. Again, like Mr. Hillman said, it's almost a
pyramid. The local agencies, sheriffs' offices, and police
departments make it known to our special agents in charge that
our--within our 45 field offices around the country that they
have a candidate that they would like to put forward and are
interested in having someone attend this training.
From there, that special agent in charge will submit the
names and the biographical information of those individuals,
and then it is actually looked at again at our headquarters
level to do the things that I mentioned a minute ago, to make
sure that we're disbursed equally across the country, that
those areas which have a very high incidence of this sort of
crime are given some priority.
So it's really a lot of things that go into the equation.
We try to make sure at the end of the day that the back-and-
forth multiplier, a term that I use, that we're putting the
right number of people in the right places based on the
availability that we have and, again, trying to be equal
across-the-board throughout the entire country.
Mr. Rogers. As you heard Randy Hillman state in his opening
statement, when Bin Laden was killed, we captured a lot of
computer data that has been a real wealth of information for us
in the fight on terror. That has been the case throughout the
Middle East when we have killed leaders in the Al-Qaeda
movement.
What a lot of people may not understand is that we have a
lot of those cells here, folks here who are collaborating. The
best example, as most of you are aware of, is the young man
from Mobile who graduated from high school and is over there
fighting, the same thing, using the Internet.
How much of the information sent to you is information that
is relevant to the terrorist threat, or would that really go to
the FBI more than to you?
Mr. Smith. Probably more to the FBI. But I will say that
again, as you probably know, there is a protective intelligence
portion of the Secret Service. We're concerned about threats,
particularly those involving our techniques and that sort of
thing.
So there is certainly, post 9/11, a lot more interaction, a
lot more communication among the agencies, as there should be.
And so quite often, we will get leads from either the
intelligence community or other law enforcement agencies on the
very things that you're talking about, certainly that involve
the technique. We have a high interest in that.
But for the most part, it would be either the intelligence
agencies or probably the FBI in terms of counter-terrorists.
Mr. Rogers. It seems like to me overseas is Secret Service.
I knew the answer to that question. I'm glad you pointed to
that aggressively.
What I want to get to is: Do you work with the Justice
Department and the FBI to provide the same computer forensic
service to them as well? Do they have a separate agency that
does what this one does?
Mr. Smith. Again, post 9/11, there is a lot more sharing
than there ever was before.
Chairman Bachus. So FBI agents would apply to you to come
here in an effort to train?
Mr. Smith. We have not done that. This is primarily State
and local law enforcement who train here.
Mr. Fincher. Do you know where the FBI gets this kind of
training?
Mr. Smith. Within their own venue. I think they do have
training, and I think they take it down into other things out
there through the National Institute of Justice and so forth.
I'm really not qualified to speak too far in depth on that, but
I believe they do.
Mr. Rogers. What about local law enforcement who has not
been able to get in in this community--and this would be the
attorneys office here, sheriff, whatever--that's not had the
opportunity to get one of their personnel sent here for
training? Do they have the opportunity to just send the
hardware over here for analysis?
I understand that the ideal is to have the investigators
working the case go through it because they know pig trails
they may want to go down. But in the absence of that, can they
just send hardware over here to be analyzed with some ideas
about what they're looking for and then you send a report back?
Mr. Hillman. Yes, sir, they can. In the back of this
facility is the Birmingham or the Alabama ECTFS, Electronics
Training Task Force, who belong to the Secret Service that we
are partners in.
Those investigators back there have the ability and the
training and the wherewithal to take in those cases from
different agencies.
The evidence room back there is full of cases that have
been brought to us by other law enforcement agencies that don't
have this kind of training or equipment, and we help them out.
Mr. Rogers. And how much of a backlog--how many weeks and
months of a backlog do you have in analyzing that hardware?
Mr. Hillman. We're able to turn it around pretty quickly.
Before we established these in our Alabama Computer Forensics
labs that you gentlemen helped us start, the turnaround time on
evidence that I know is going to the FBI was somewhere around 2
years.
With those labs, with the ECTFs, we are able to turn it
around generally within a matter of days, if not a week or two
at most. And we prioritize items when they come in. If we have
a pretty hot case, a murder case, an abduction case, a really
hot financial fraud case, we put that at the top of the stack,
and we work those first and we can turn it around in a matter
of hours or days.
Mr. Rogers. Do you have experienced counsel at the Federal
level? I know the Department has its own intelligence besides
the security officials. Of course, the FBI does.
Do you have a clearinghouse, if you get a tip or
information from analyzing one of the computers that may relate
to a terrorist threat, you share that with a larger group of
intelligence officials?
Mr. Smith. Yes, sir, we do. And that goes on the
intelligence side of the house. We have a Director of the
Secret Service who is responsible for protecting intelligence,
and that goes to them. They interface and communicate quite
literally daily with the other intelligence entities around the
country.
Mr. Rogers. The 9/11 Commission found that one of its
biggest concerns is stove-piping, information sharing in
Federal agencies. In your opinion, is that stove-piping problem
gone?
Mr. Smith. As I said a minute ago, there certainly is a lot
more sharing of information than there was before and--
Mr. Rogers. It's not a guess.
Mr. Smith. I don't know everything that's going on. There's
always that possibility. But I think from our perspective,
certainly we share information. I think that the other Federal
agencies, both within the Department as well as outside the
Department, certainly the Justice Department and others, we
have excellent relationships with.
If I could add just a follow-up about our electronic
process. As I mentioned, we have 31 task forces across the
United States and 2 in foreign countries now. They as well take
in computers that need to be imaged that may be the results of
searches or other crimes and that sort of thing. Certainly,
there is a priority put on the major crimes.
But they are--we do work for most any agency that asks
again whether it--it might be as financial crime or whether it
involves pornography--or any other crime related to computers,
which touches almost everything now.
These task forces that are around the country do that. And
they do respond to the local agencies and other Federal
agencies which occasionally ask for help.
So outside the perimeters here, I will be glad to have a
briefing schedule for you and provide some more information
about exactly the amount of work they do.
Mr. Rogers. I appreciate that. I asked Mr. Warner this
question before. I was waiting for what would hopefully be a
second round of questions. I don't want to take up all your
time.
Mr. Warner, I want to talk about your priorities. And what
is your greatest unmet need here in your view?
Mr. Warner. I think the greatest unmet need is the ability
to open cases. And what I mean by ``open'', most phishing
cases, for instance--phishing is the--
Mr. Rogers. Define ``phishing.''
Mr. Warner. Phishing is when a counterfeit bank Web site is
created by a hacker. They make a site that looks just like the
real financial institution's Web site, and they usually break
into someone's Web site and add that content onto their server.
My lab has identified 180,000 counterfeit bank Web sites so
far. We see 521 new counterfeit bank Web sites on a daily
basis.
One of my students was doing research for his master's
thesis--interviewing the heads of security for very large
banks, the top 10 banks, and asked as one of his questions,
what percentage of those phishing cases do you believe are
investigated by law enforcement? The highest number he got was
perhaps 1 percent.
These are not being treated like crimes. Someone performs a
computer intrusion where they break into a Web server. They
counterfeit a bank Web site. They send out spam illegally
through Botnets pretending to be the bank, which they're not.
They steal the personal financial information, and then
they take the money out of the victims' accounts, and no one is
investigating that as a crime, because they say the bank will
give you your money back.
So that's the biggest challenge for me. How do we turn that
into a crime that someone is going to investigate?
Mr. Rogers. Seeing that need, what do you need to meet that
need in a more responsible fashion?
Mr. Warner. We have the evidence. We need law enforcement
people who have time cleared out of their schedule to deal with
that evidence.
You spoke about the Homeland Security priority, and I
firmly believe that's a very important priority. But for an
example, we established a firm identity on a particular
criminal whom we knew had stolen information from more than 1.4
million Americans. The field office where that crime was being
worked, the agent was told he was not to work on any cases that
did not involve terrorism. They didn't have anyone free to work
on something as low priority as 1.4 million people having their
money stolen. Even though we already knew the criminal's
identity, there just wasn't enough manpower to work on it.
Mr. Rogers. Thank you, Mr. Warner.
Chairman Bachus. Mr. Fincher?
Mr. Fincher. Yes, sir. Thank you, Mr. Chairman.
Back to Mr. Warner. Can you tell where most of these
hackers, where they were? Where are they?
Mr. Warner. Sure. Most of the sophisticated hacking that we
see is coming from Eastern Europe. These are Russians,
Estonians, Ukrainians. Primarily, Ukraine has the most talented
computer programmers, the people who create computer viruses.
Most of the low-tech crime comes from Nigeria. The truth is,
it's just a funnel of money going overseas and no one's
stopping it.
If someone steals $70 million, that's a Federal
investigation, and there have been some fantastic arrests just
recently on those type of cases. But who's going to help you
when somebody steals $600 from your wife? No one.
Mr. Fincher. What type of oversight or regulation do you
think is needed to tighten this gap? It kills me as a
Republican to talk about the government always skimping when
more regulation is needed.
Mr. Warner. One of the things is that the criminals are
very aware of our current policies. For instance, one of the
best ways to identify someone stealing money out of bank
accounts is to do what's called an ACH wire transfer, an
automated clearinghouse financial transfer.
The most common identifier that it's a criminal is if you
suddenly have lots of transactions between $9,500 and $9,900.
The criminals know if it's $10,000, it's a suspicious activity
report.
As long as they keep below the thresholds, they feel safe.
We have to start, as I already mentioned, reporting every cyber
crime as a crime.
Mr. Fincher. Mr. Hillman, the cost of people coming here
and time, how much time does it take to run through the
process?
Mr. Hillman. Actually, Congressman, I'm glad you asked that
question.
When we established this facility, it was our agreement
with the Secret Service to work--my guys who work with me and I
are fond of saying, ``The answer is money, what's the
question?''
When we started putting this thing together, the greatest
need in law enforcement was for money and training. We knew
that the law enforcement agents who would come here would not
have the money to pay. And so, we decided to take care of that.
When we vet a candidate and we select that candidate,
whether it be State or local law enforcement, a prosecutor or a
judge, we fly them in, we house them, we feed them, and we
train them.
In a couple of cases, the network intrusion course and the
true forensic course, the 5-week course, we send them home with
equivalent software that we just trained them to use.
The only outlay of dollars that they have as an agency is
to cover that officer's shift while he's gone.
Mr. Fincher. What does it cost?
Mr. Hillman. Right now, with the annual appropriation
coming from NPPD and Homeland Security through the service and
out to here, it is about $4 million. And for that, you're
getting roughly 400 bodies, give or take, depending on what
classes we schedule and how we do that.
One other thing, Congressmen, if I may, that we haven't
even touched on yet is the aspect of cell phone forensics. That
is a completely different animal on how you extract that data.
Most of the things that we're seeing now are moving toward
cell phones, PDAs, the iPhones, those types of things. We have
to get on top of that because we're seeing that tidal wave of
digital evidence coming our way, and that requires a different
set of skills to get to that evidence.
That is one of the things that we have been working on with
the Secret Service. We have changed our curriculum this year to
add a cell phone class as well as a social networking class,
which is another way the bad guys can get to you and get to
your financial information and that sort of thing.
So we will definitely need--to answer your question, we
definitely need help in the area of cell phone forensics as
well.
Mr. Fincher. My last question is for the Shelby County
sheriff's guy.
Being from a rural county, so rural we don't even have a
traffic light in my county--
Chairman Bachus. No traffic lights.
Mr. Fincher. No traffic lights in my county, Crockett
County. We're pretty small.
Chairman Bachus. You need to invest in infrastructure.
Mr. Fincher. But we're not going to raise taxes.
What can we do, because we have great law enforcement but
it is sophisticated and it is passing us by?
What can we do to be more productive and to get more of our
guys into facilities like this?
Mr. Hammac. Sir, I'm going to echo Mr. Hillman and Mr.
Smith's statements. This training is absolutely necessary. The
need though is, I would say, volume.
Though we have had some well-qualified folks who have come
through these doors and go back to their agencies not only
working for their agencies but neighboring agencies, they
quickly discover--the phrase around here is, ``If you build it,
they will come.''
Their computer labs are quickly overflowing with evidence
and requests. Before we realize it, we're so backlogged that
we're virtually ineffective in getting the evidence turned
around in a timely manner.
The answer is, we need additional resources. We need backup
as the police say. We need some additional bodies who are there
to help us and assist us in this fight on the front line.
And that's beneficial in the sense that many of these cases
we investigate carry us across multiple jurisdictions and
across State lines. Having the confidence to say we will reach
out to a neighboring law enforcement agency several States
away, they're going to have the capability to assist us in this
investigation at the part that we are in.
Mr. Fincher. Okay. One more question, Mr. Chairman. This
is--I guess, Mr. Smith, what types of financial institutions
and their customers are most at risk for cyber attacks, larger
banks with more assets or smaller banks? And how at risk are
community banks for cyber attacks?
Mr. Smith. One of the things that we have seen--and again,
in my prepared remarks, we talk about the Verizon studies that
the Secret Service participates in.
The first few years of this, we saw the larger entities
more often than not attacked, the larger banks. And a lot of
times, they already--and certainly since a lot of these attacks
have occurred, they have placed a lot of security measures
within their systems to protect them.
So of late, the trend has been more of what you're saying,
smaller banks, smaller businesses and that sort of thing. And I
think the criminal is a criminal is a criminal. They're going
to always take the path of least resistance.
So when you harden up one side of the house, they're going
to go for the softer side. And a bank, because they have not
been involved in hacks or breaches of the smaller businesses,
if you will, for a period of time, now that the other side has
hardened up, we're seeing more of that.
Chairman Bachus. I want to thank--specifically, I want to
compliment the Secret Service. There have been many cases where
financial institutions' computers have been compromised and
there's fraud going on over a matter of hours or days, and it
is the Secret Service that calls and informs these banks that
their systems have been compromised, and it's hard to put a
dollar amount on how valuable that is.
As I said, everything from ATMs to their entire credit card
operation, so you have done an extremely good job. And I think
what Mr. Warner mentioned is that you are up against some of
the most sophisticated criminal organizations in the world.
Some of these organizations have several hundred, is my
understanding--several hundred members. And they are highly
skilled, and you have had some real international successes.
On occasion, I think these people travel from time to time.
And I think that local law enforcement, their training here
will assist in criminals being apprehended, and it gives you
more eyes in the field.
I can also say that the 900 or 1,000 people who train here
is probably not an altogether accurate figure in that these
people go back and train other people.
We have had the head of the whole LAPD forensic task force
who was in here probably 2 years ago. When he came here, he was
swapping information and techniques that he had already learned
with other departments and with the staff here. And I guess you
would call it almost a cross-pollination. It was exchanging
information.
And, of course, his intention was to go back and train the
LAPD. He was very impressed. This was a career officer who was
very excited about--and he was actually a specialist already.
And so that whole department--I'm sure we'll never know how
many crimes they solved.
So I think there's a $4 million a year investment by the
Secret Service. And just a few of these cases being just
financial fraud, and then we have cases like child pornography,
rape cases, child predator cases where people are killed.
It's hard to put a number on when you catch one of these
people. I think we know and the legislators know and law
enforcement knows that child predators repeat these crimes.
They don't just kill one child. They don't just kidnap, rape,
and murder one child. They're going to continue to do that
until they're caught. They're going to continue to abuse
children.
And financial fraud, these people are going to continue to
do it until they're caught.
I had a case where a Congressman in Texas contacted me
about a suspected child abuse involving sexual abuse. And we
were able to get the name of someone who was within another
county, an officer who had been trained here. And that person
was able to assist them in that investigation.
So I don't know how many times that has happened, but I
would--if any of you wish to comment--I know you're dealing
with these organizations in Eastern Europe, and there's only so
much that you want to share your techniques or the extent of
that. But there have been some incredible successes.
They are, I guess, incredibly sophisticated--in fact, in
many cases, these people are much more sophisticated than our
guys. Their techniques and their operations are far more
sophisticated than Al-Qaeda. And, several of them become
multimillionaires. So they have the financial resources, too.
But do any of you wish to comment further?
Mr. Smith. I would add, Mr. Chairman, in regard to what was
said about the fact that these criminals can be anywhere.
Certainly, a lot of them are outside the United States. And as
you heard, a lot of them are in Eastern Europe. So it's through
the training that the State and local agencies get here and
then a portion of us trying to share some of our expertise with
them, not that we're total experts. But again, we're trying. We
do recognize these things.
In fact, just last month we officially opened a Secret
Service office in Tallinn, Estonia, which is in the Baltic
region, because again, so much of the computer crime and cases
such as that originate in that area or that region.
So we try to be as proactive as we can. And again, it goes
back to that cross-pollination or force multiplier methodology.
We try to take that beyond the borders of the United
States. And that's why in all of the foreign offices that we
have around the world, we use the same methodology that I
described earlier for our investigative mission. We try to
recruit--have good liaison, good cooperation with the local
entities there, whether it is the local law enforcement or the
State militia or whatever the law enforcement entity in that
country might be.
And as I said a moment ago about our Electronic Crimes Task
Forces, we extended that as well. We recently just opened two
ECTFs: one in London, England; and the other one in Rome,
Italy.
And quite frankly, the one in Rome, Italy, has a lot of
interest in it, particularly from private sectors. The law
enforcement entities are involved and interested, but also Post
Paliano, which is the equivalent of the head of the postal
service--is the chairman of the ECTF out there as far as
quarterly meetings are concerned.
So we try to gain as much expertise as we can outside of
the United States, because again, as the professor mentioned,
that's quite a problem there.
Chairman Bachus. Okay. These are very risky operations
because some of these people and some of these countries care
nothing about retaliating. And then there is a hatred or an
envy of the United States. So it's amazing how many of these
people don't think there's anything dishonest about stealing
money from American citizens. It's almost regarded as a noble
profession.
And it's very hard. Sometimes, the locals do not prosecute
those crimes, although the Secret Service has had greater
success in breaking those barriers. But I know you are
basically overwhelmed.
A hundred hard drives will fill the library of Congress.
Probably somewhere in America, there are 100 hard drives in the
last week that have been recovered.
And one of the things about the training that the Secret
Service gives local law enforcement officers and that also
other local law enforcement officers here is that they learn
how to, as I said earlier, extract this information. It can be
on the computer. But if you don't have the expertise and if you
don't have expensive software--we're talking about, what,
$14,000 or $15,000 worth of software, sometimes the most
advanced software. And the criminals are always one step ahead.
It's just like with counterfeiting. They have become more
and more sophisticated. Now, we have a new hundred-dollar bill
coming out, which will stop them for awhile. But it's a
daunting task.
But I'm very grateful myself that the Secret Service has
seen fit to partner with our local, State, and Federal
agencies. It's a must. And I give you high marks because a lot
of times Federal agencies, just like State and local agencies,
focus on their jurisdiction. They are protective of that. And
you have not shown any inclination to do that.
These are resources that could be diverted and that are
probably diverted from some of your own operations to this
operation. So, we're very thankful.
As I mentioned at the start, the testimony offered in the
Casey Anthony case, that lady was very well trained and she was
equal to the defense attorneys. She was probably one of the
finest there was.
Judges go back and train other judges. Judge Joiner knows
this. If one has the training, that judge in a circuit will try
all those cases. He may try all the cases involving complex
forensic matters.
He will teach his fellow jurists. He will go to courses and
law enforcement training courses, and they will train other
people.
And some of these departments will see what the software is
here and they'll buy it and such. And I'm sure a lot of that is
going on.
Mr. Rogers. Thank you, Mr. Chairman. I want to go back to
the subject matter I was talking about with Mr. Smith here
earlier.
I would point out to the folks that these field hearings
are congressional hearings just like we have in Washington. The
primary purpose of a congressional hearing, whether it's in
Washington, D.C., or here, is to weigh in on the information
and that helps us develop policies. That's why you see this
lady over here taking everything down.
When I was talking with Mr. Smith earlier about the number
of people going through it and what the need is, there's a
reason for that.
One of the problems that I found on the Committee of
Homeland Security for years is it's hard--and the same thing is
true for the defense of the Armed Services Committee which I
serve. We try to get information out to people who know it so
we can make a better policy.
The problem is, Mr. Smith has a boss who works for the
Secretary of Homeland Security who works for the President who
has been given a number. And that's your budget, and you salute
and say yes, sir, and make it work.
I don't work for their boss. My job is to make a policy. So
I'm trying to get Mr. Smith here what he needs.
If Mr. Smith tells me what he really needs, it may cost
more than $4 million a year, which means his boss is going to
get mad at him because his boss is going to get in trouble with
the Secretary.
So having said that, I'm going to talk to Mr. Smith again.
My preacher says if you want to know what somebody's
priorities are, you look at their checkbook register and their
calendar. Wherever they spend their time and money is what
their priorities are.
My priority is protecting the homeland. Cyber security is
critically important. And that partnership between the Federal
Government, State, and locals is absolutely essential.
So I look at the numbers we're talking about--we're
training about 8 people per State in this technology. That
seems inadequate to me.
And I understand we have budget constraints, but the
Department of Homeland Security has nearly $50 billion a year
to spend. And some of it is being wasted. That doesn't mean we
can't shift it over here.
So having said that, what's the number we need? Nobody is
paying attention. You can tell me.
Mr. Rogers. Be careful.
Mr. Smith. Could I just refer to my earlier testimony? That
way, I won't contradict myself.
Mr. Rogers. You will be amazed how many generals I have
come to me and state, I talked to you privately. That doesn't
help me if it's not on the record.
Really, there has to be some number that you think this
entity could meet that is reasonable that would give you a
better reach into the problem areas that we have. And if you
don't want to tell me--Randy, maybe you will be able to tell
me?
Mr. Smith. I would like to defer to Mr. Hillman on that.
Mr. Hillman. Congressman, I will tell you very quickly, $16
million a year would put us at capacity and start to scratch
the surface on the needs that we have in law enforcement.
Mr. Rogers. So you think you have to be at capacity?
Mr. Hillman. I think--no, sir. We're going to do with what
we have, the best we can. But if we are at capacity, we--you
talk about the force multiplier that Mr. Smith was talking
about. It will get even larger and larger.
Think about this, Congressman. We're losing probably $100
billion a year if not more to financial fraud in this country
every year. Think about when this committee considered--and I
can't remember--I don't know what the protocol was, but they
gave the TARP money and bailout to financial institutions. I
don't know how many billion dollars that was, 600-plus billion
dollars.
If they're losing a hundred billion dollars a year in this
country, you're feeding money in this arm and they're
hemorrhaging out of this arm to fraud and phishing. It doesn't
take long for that $600 billion to just wash out and go
overseas or somewhere else.
All we're asking for is a very small investment in law
enforcement that will help prevent some of that stuff and will
cover some of those dollars that are going to Estonia and
Latvia and--
Mr. Rogers. If you had $16 million, you said a little while
ago that 40 percent of your applicants are being approved. Do
you think that applicant pool will grow?
Mr. Hillman. Absolutely.
Mr. Rogers. How much of the--you have a $4 million a year
budget.
Mr. Hillman. Yes, sir.
Mr. Rogers. I know that you prevent some crimes, have
successful prosecution that recoups money.
Do you get a pool of ceased assets which you're able to
participate in the distribution of that to help sponsor this
entity?
Mr. Hillman. It depends on what type of crime you're
working. Generally, when we get into the larger financial
crimes--we join in with Ms. Vance's office, the U.S. Attorney's
office. They have asset forfeiture divisions and they have
asset forfeiture laws that help us draw in those assets,
whatever we can put our hands on.
Mr. Rogers. What percentage of your budget each year is
pooled into assets?
Mr. Hillman. None.
Mr. Rogers. So you haven't been able to generate this so
far?
Mr. Hillman. Not that I know of.
Mr. Rogers. How about you, Mr. Smith?
Mr. Smith. We do receive funding from TEOAF, but again,
that is for very specific new initiatives normally with a 2- or
3-year life span startups.
So our relationship, if you will, is very, very good with
TEOAF and the funding that we receive for them which we put
toward our investigative mission almost in total. And that goes
toward major case funding and the purchase of equipment. That
again is sort of a force multiplier. There's part of that money
that eventually could help to buy equipment to solve a crime
that somebody was trained here who ultimately uses that piece
of equipment.
I know that's a very convoluted answer, but that is sort of
the way that we have to operate. TEOAF, as an entity,
determines how much money we get each year, but of the amount
they give us, we put almost 100 percent of it toward
investigations.
Mr. Rogers. The last question I'm going to ask, I know Mr.
Smith says it's not for him. Mr. Warner, I know that there have
been major players in the computer world who have suggested
lately that to help prevent phishing and spam, there be an
Internet charge for mass mailings like that per email. That
sounds like a tax to me. But if it's only for mass
distribution, do you feel like it's practical or there are
problems with that?
Mr. Warner. Yes, I can answer that. The problem, though,
right now, Mr. Congressman, is that criminals don't use the
Internet the way you and I use it. The criminal is not
registering an account and paying his bills. He's sending out
millions of emails and soliciting.
The criminal is breaking into your home computer and
sending the email through your home computer.
Mr. Rogers. Then I'm against it. That's a tax on me.
Mr. Warner. Right. The criminal's email sending--we have
seen Botnets broken down by the FBI in the last year where one
particular criminal could send 14 billion emails each day. He
did that by having a network of over 3 million computers all
around the world that were sending spam on his behalf.
Mr. Rogers. Thank you very much, Mr. Chairman. That's all I
have.
Mr. Fincher. I just have a couple more points.
Chairman Bachus. He wants a traffic light.
Mr. Fincher. I'll leave it like it is, Mr. Chairman. It's
very rural.
So many times, we don't appreciate what we have until we
don't have it anymore. And so many times, you guys aren't
appreciated enough for what you're doing. That's why it's
crucial that we focus at length today--Mr. Rogers focused on
the financial side, and I want to stay with that, staying ahead
of the criminals because it's becoming such a liability issue
that if they hit us right and hit us hard enough, it will take
us down big time.
It's so important. Mr. Chairman, I go back to this. It
seems like every conversation--and this is why we have been so
focused, not to get political, to get our economy moving again
and get people back to work and get revenue rolling again,
because we can fund the things that are important.
These things are very important. Should there be
requirements, you think, like Tennessee? Should it be
mandatory, or maybe at the State level, that at least one
person for each county comes through here? Because there are so
many things slipping through the cracks that they can't see
until it's too late. And we actually can see it. It has cost us
how many billions of dollars? But if the money was there and we
could do what we need to do here, you guys could do what you
need to do, should that be something that is looked at, or is
it one per State and then the States can take it or one per
district? What do you think, just your opinion?
Mr. Hillman. Congressmen, when we look at those
candidates--and I'll let Mr. Smith respond as well--you have to
look at the pockets of crime and where the hot spots are.
You're going to have more in Los Angeles than you will in a
rural county in Nevada.
So we have to pay attention to that, and they do a very
good job of looking at those areas and you kind of concentrate
assets there.
On the flip side of that, in South Alabama, one rural
county, there might not be another investigator who knows how
to do this for five or six counties. So you want somebody there
so that you don't have to drive all the way to Birmingham to
find an investigator who's capable of doing it.
I don't know that you could put a requirement like that on
it because it's moving all the time, and it depends on what
type of crime. A whole bunch of variables go into that.
You have to--you're talking about financial crimes. Think
about it. Every dope dealer is going to send text messages.
You're getting capital murder cases set up with emails now. So
it just really depends.
But the key thing is getting bodies out there who know what
they're doing and can handle this evidence, because it's coming
down on top of us very quickly, and we are way behind the eight
ball in catching them.
Mr. Fincher. Two more things, Mr. Smith: one, what is the
greatest expenditure at the training center; and two, kind of
go through the jurisdiction of how we deal--as Mr. Warner said
a few minutes ago--with these guys all over the world and do we
have problems with trying to beat that back?
Mr. Smith. I think as far as the institution is concerned,
the costs are fairly equally divided. Out of the $4 million,
it's fairly equal between the travel costs, the per diem costs
to the individuals while they're here as well as the equipment
costs. If you look at that across-the-board, it is pretty
equal.
In terms of the jurisdictional issues that I spoke about a
moment ago, in the Secret Service at least, we take that force
multiplier approach. We use our foreign offices to liaison and
try to always have good relationships with law enforcement
there. And that works for us on two levels. First, on the
protective mission, because so many of our protectees travel
abroad constantly now. So we need that. And that is on one
level how we interact quite a lot with the host countries or
countries that our protectees may visit.
But at the same time, those field offices in those foreign
countries are assigned to the Office of Investigations, so they
come under our office. And to the other side of the mission
with the investigations, we use that same formula to try to
incorporate the work that we are doing with the host country.
Sometimes, we're able to actually lend some expertise to them
because this is a new arena for law enforcement agencies in
those countries as well. And so we try as best we can to brief
them or give them some adequate training.
And as someone said earlier, some of the countries are
easier to deal with than others. We have had great success in a
good number of them. Particularly in some of the eastern
countries, we have been successful not only in making arrests,
but actually being able to extradite a few people along the
way.
Mr. Fincher. Thank you guys for your service.
Chairman Bachus. Let me close by saying that the Secret
Service investigates financial, cyber crime, and
counterfeiting. Admission to this institute is somewhat
restrictive, and there is a lot of demand for this center or
institute. The feedback has been very complimentary. They come
here and learn how to investigate other types of crimes, which
are not under the charge of the Secret Service.
So the $4 million that you're spending is a small
investment--I'll say if they break into my bank account, that's
one thing. If they harm my grandchild, that's quite another.
So the Secret Service is rendering a valuable service
outside their primary charge. And I'm very appreciative of
that.
We also have had briefings on financial service. I think
you were there. Some of what you're up against is pretty
overwhelming. And that's also a demanding area.
I think maybe some others need to step up and find other
funding sources to help fund this.
The Secret Service is the primary agency and will have
jurisdiction over it, but there may be other ways to help fund
it. Do you know what I mean? I'm open to any suggestions.
I do want to let the record show that I have been very nice
to the Secret Service. Without objection, the hearing--
Is there anyone who wants to make a final comment? This, I
think, has been a very good hearing. And the testimony--without
objection, the hearing will remain open for thirty--
Judge Cole. Mr. Chairman, I apologize for interrupting. My
name is Karen Cole. I'm a trial judge from Florida, and we have
our entire class of trial judges here today. And I just wanted
to let you know that we are grateful for what you are doing and
we are particularly grateful for the Institute for what we are
learning here today. There is nothing like this institute
available in our jurisdictions, and we need to be able to
understand the testimony when it is presented to us by law
enforcement, and that's what we're learning here today. Thank
you so much for the work you do.
Chairman Bachus. Great. There are 26 judges in your class?
Judge Cole. Yes.
Chairman Bachus. Would you--I think time will allow. I
would like for you each to stand up and give your name and your
jurisdiction, if that's okay, your State or your city.
Judge Cole. Jacksonville, Florida, Circuit Judge Karen
Cole.
Judge Leiber. I'm Dennis Leiber from the Circuit Court of
Kent County, Grand Rapids, Michigan.
Judge Higgins. I'm Cheryl Higgins, Circuit Judge for
Albemarle County, Virginia.
Judge Staab. I'm Tracy Staab, Spokane Municipal Court in
Washington.
Judge McGinnis. Mark McGinnis. I'm a trial judge in
Appleton, Wisconsin, and part of the faculty here.
Chairman Bachus. Thank you.
Judge Landenburg. My name is David Landenburg. I'm
representing the domestic violence coordinating issue with
regard to cyber crimes that pop up every day, and I'm from
Tacoma, Washington.
Judge Deason. Donald Deason. I'm a trial judge, District
Court Judge from Oklahoma County, State of Oklahoma.
Judge Giacomo. I'm William Giacomo. I'm a Justice of the
United States Supreme Court, Westchester County, New York.
Judge Hoort. I'm David Hoort. I'm a circuit judge from
Ionia County, Michigan, and I think we have about seven traffic
lights.
Judge Cunningham. James Cunningham, Jr., from Anoka County,
Minnesota, right outside Minneapolis.
Chairman Bachus. Okay.
Judge Jarrett. Lisa Jarrett. I'm a District Court Judge,
Trial Division, in San Antonio, Texas.
Judge Morris. I'm Judge Denise Langford Morris from the
Oakland Circuit Court in Pontiac, Michigan. But more
importantly, I'm a former Assistant United States Attorney. And
I can't tell you how much we feel comfortable and satisfied
with what we are receiving this week and more so impressed with
the staff here.
The staff is impeccable from the moment that we were
accepted. Thank you.
Judge Kennedy. John Kennedy, Superior Court of New Jersey,
Newark.
Judge Berger. Wendy Berger. I'm a Circuit Court Judge in
St. Johns County in St. Augustine, Florida.
Judge Krueger. Kurt Krueger, a Trial Court Judge in
District Court, Butte, Montana.
Judge Evans. My name is Michael Evans. I'm a Superior Court
Judge in Kelso, Washington.
Judge Newman. Clifton Newman. I'm a Circuit Court Judge
from Columbia, South Carolina.
Judge Moore. I'm Daniel Moore. I'm a Circuit Court Judge
and Major Felony Court Judge in Clark County, Indiana, near
Louisville, Kentucky.
Judge Miller. I'm Rich Miller. I'm a District Judge from
Madill, Oklahoma. I was told by a lot of the OU football fans
that they were treated more graciously than they had ever been
treated when they played Alabama in 2003. I have to agree. It's
so nice and has been such a wonderful experience to be able to
come here today.
Judge VerSteeg. I'm Pat VerSteeg. I'm an Associate District
Court Judge from western Oklahoma. In my home county, we have
no traffic lights either.
Judge Brnovich. Susan Brnovich, Superior Court in Maricopa
County, Arizona.
Judge Snyder. Irvin Snyder. I'm a New Jersey State Superior
Court Judge. I serve in Camden County, which is just outside of
Philadelphia. And we have a traffic light on every corner.
Judge Crawford. I'm Charlie Crawford, Circuit Court Judge
for Viera, Florida. I'm proud to come home. I'm a graduate of
Cumberland School of Law.
Judge Meyer. I'm Sam Meyer. I'm a District Court Judge of
Thurston County, which is in Olympia, Washington.
Chairman Bachus. That was very inspiring. And Mr. Smith and
Mr. Hillman, I think that was very--they were very
complimentary of the center. And I would ask the judges, who
are always very influential people in their towns and cities,
to talk to their local Members of Congress and tell them about
the value that you received here.
And we appreciate the job you have done. We appreciate your
sacrifice for coming here and staying and applying yourself to
what is a complex set of issues, and it's a complex field of
the law. And you obviously--it speaks well of you that you are
participating and would more better serve your constituents. So
I think it's a compliment to you. And we are just overjoyed to
have you.
Now, Tony, that has to make you feel good as Mayor of
Hoover.
Mayor Petelos. Absolutely, Mr. Chairman.
Chairman Bachus. With that, I want to recognize Wayne--is
it Pacine--who is the interagency project manager for the Board
of Governors of the Federal Reserve System.
Thank you for being here. And Greg Garcia, who is the FSSCC
chairman of the cyber committee. Is he here?
Okay. All right. Thank you very much, and this hearing is
adjourned.
[Whereupon, the hearing was adjourned.]
A P P E N D I X
June 29, 2011
�