Skip to content

Business as Usual: FBI Pittsburgh Talks Cybersecurity Awareness

October is National Cybersecurity Awareness Month and what better way to end the week and month than exploring this topic with Doug Olson, Assistant Special Agent in Charge - Cyber Intelligence Branch of the FBI Pittsburgh Field Office?

Doug has decades of experience fighting crime at all levels and is a recognized cyber crime expert. He will detail top cyber threats and how to maintain safety on today's show. Plus, get up to date on emerging threats related to the COVID-19 Pandemic.

This a unique opportunity to stay safe and up to date on key cybersecurity trends that both impact you and your business. Please join us!

 

 

Transcription: 

Things media and marketing with the tech Council. And today we have some great guests. Wrapping up a week that I think you'll find very, very interesting and relevant to our time. So before we start a couple of things, one is that we've muted your microphones. And the second thing is, is that this chat, you can ask questions in the chat, this is not an opportunity to sell this is an opportunity to just hear from our guests. That's really what we want. So if you have some, some questions, some comments, etc, Jonathan's gonna keep his eye on that and make sure that we have an opportunity to engage. We run this pretty casually, but it's a past half hour. So I want to thank Huntington bank for being continued sponsors with us since March. And if you don't know them, get to know them, because they're very, they're huge believers and supporters in the tech ecosystem. I also want to give a big shout out to our friends and longtime partners as well. And that's ethical intruder. I want to thank the entire team of ethical intruder for their support of today's program. David Kane if you don't know him, he is at one of the region's top experts in cybersecurity and related issues. They're focused on evaluations that reproduce vulnerable paths a hacker may take at a business tactical Ethical Hacker teams conduct simulated malicious breaches and real time reviews of client business applications and web accessible entry points. I'm telling you, he's helped us at the tech Council. We have used him to help educate us, and to see where our own holes are. And I want to thank them for just always being such a good partner. And if you don't know them, reach out to them. So we are hosting today, Special Agent in Charge Douglas Olsen, and acting Supervisory Special Agent Patrick Myers. Now, Patrick, if you are here, we didn't see when you logged in. But if you were here, will you just unmute yourself and tell us that you're here and we'll make sure that

there you are. Hello.

Yeah. Just made it in sorry.

Okay. That's okay. And they are from the Pittsburgh Office of the SPI FBI. So we are going to be talking about Cybersecurity Awareness Month. And in a minute, we're going to get to that and the many ways the FBI and our Pittsburgh Office in general work to foil these attacks. But before then I want to ask Mr. Olson and Mr. Meyers, I'm being pretty formal. I hope you will be okay. If I use your first names as we go. Great. Okay. To tell us about themselves. You know, your background, how did you become, you know, involved in the FBI? What led you there? What was your journey? So can we can we start with Pat, Patrick?

Sure. Hope you guys can hear me. Okay. Great. I'm in a little bit of a noisy place. But, um, yeah, so, I've, I've always been a computer nerd. I have a undergrad and graduate degree from WVU in computer science. I worked as a programmer in different intel community facets, God contracts for many years. 10 years as a computer programmer. It wasn't until recently that I became a special agent. Previously, I was at the Washington field office as a computer scientist. And I've been lucky enough to land in Pittsburgh is my first office as a special agent on a cyber squad that is exceptional. That's,

that's about it. Um, yeah,

I would say that you're probably pretty busy. So we're gonna get we're gonna get to that in a moment. So now let's talk to Doug. Doug Olson.

Yeah, I've been, I've been lucky enough to have like 17 years with the bureau. But before that, I was, I was in the Marine Corps for a number of years. I went to Virginia Tech undergraduate. I went, I first worked in like a small resident agency in the Charlotte office. And then at that time, the den director, instituted a policy of mandatory rotational transfers. So if you're in a small office, she had to go to a big office. So I went to Manhattan, and I was there for four years, and that's where I had both my kids and got married and all that good stuff. From there. I went down to FBI headquarters, and I was a supervisor there for about three or four years. And then I went all the way out to the west coast and worked out of the Portland office. And in most of these roles, I wasn't just working cyber stuff. I was working pretty much every violation the FBI does, because in a small office, you kind of have to cover a cover down on everything. But when you're a bigger office, you can kind of concentrate on specific violations. But when I got out to the west coast, I thought it would be neat to do an overseas tour. So I put in To become a legal attache in Stockholm, Sweden, and that's where I was before I came to, to Pittsburgh. And in that experience, we had a great cyber and counterintelligence and CT partnership with the Swedes. And I've benefited from having almost four years of like rotating cyber agents Come come out and work with me. And it was amazing watching the interaction that our field offices have in the United States field offices, a lot like Pittsburgh have directly with our foreign partners to try to mitigate cyber threats. And from that, this job came up and in Pittsburgh, and I applied I got here about a year ago. So it's, it's been great. And I'm just I'm just amazed with all the stuff that goes on with this office by do i do kind of favor our cyber program, I kind of think we're, we're second to none in that. And that's why I asked Patrick to be on the call today with me as well. He's, he's acting and one of our supervisor roles on one of those cyber squads.

That's great. So what your actual role right here, that's quite a journey that you've had, we hope, we hope you plant your flag in Pittsburgh for a while. I know that.

I don't plan on leaving anytime soon.

Good. Good. So tell us about what what are like your roles and responsibilities so that we get an we get an idea.

So I'm SAIC Chrisman wanted to be on this call today. But you know, he's obviously in charge of the entire field office. So all the different programs that the FBI works if you think of criminal programs, and national security programs, and then and then of course, we have a big cyber piece of that. And under him is his three asecs. So like one a sec, and asecs, an acronym Assistant Special Agent in Charge, and I'm one of them. And under my branch, there's three branches as I cover cyber, counterintelligence, and intelligence. And then under that intelligence umbrella, we also have like a human intelligence squad, we have our surveillance squads, we have our linguists, all these different kinds of entities that feed into it. But the the three squads that I have of agents are cyber specific squads, and that falls under me. And then I have a colleague, Joe rothrock, who's coming in, and he covers down on all those traditional criminal programs. So if you think about gangs, and you think about, like, what we call transnational organized crime. If you think of violent crimes against children, like violent crimes in general, all that stuff falls under the criminal a sec. And then I have a third counterpart part. And he covers down on all our resident agencies in West Virginia, because this office not only covers western Pennsylvania covers the whole state of West Virginia. So down there, we have an assortment of Resident agencies, and he manages all all those resident agencies, and he also has the counterterrorism program and the domestic terrorism program. And that's kind of how we're, we're split up.

Okay, that's great. Thank you for doing that. I want to go over to Patrick, and say, Patrick, so what is your job? Can you tell us what you can know?

So totally classified? No, I'm just

make nothing up. You can.

We do a lot of stuff that's not classified. Of course, the squad we are on his squad 16. It's a Russian counterintelligence, and Russian cyber national security. We also have another squad that specializes in Russian cybercrime. So mainly financially motivated crimes. They also do the transnational organized crime that has a dark market Nexus. We also have a third squad that is China, ci and and cyber. I work on the Russia side national security. We do large enterprise investigations with several other offices. We're the lead office on on these investigations. We primarily look at the Gru, we use national security tools, such as Pfizer and 702. To track some of these actors track operational accounts and personas, and also the actors themselves the Gru officers behind the keyboards. So it's a difficult thing that we do, because a lot of times, we can't, we can't surveil these individuals, the pattern of life has to be done from a digital side. So we do use the legal process in a very aggressive manner, since we do have an aggressive US Attorney's Office in the Western District of Pennsylvania. So mainly, a lot of my job is kind of a support role to other agents who have different aspects of this case. I use my computer science background to do a lot of programming to take the large amounts of data that come back and just throw together ad hoc systems so that we can ask questions of ourselves and ask questions, the data to to find people And figure out who is actually committing the crimes. So we do interesting things like taking a location history file out of Google search warrants or whatever it is that we get, and overlaying that with IP logins or search histories of operational accounts, and finding a pattern to try to identify likely subjects, and then tying those subjects down. more concretely, and that that always ends in a large indictment. We've had several out of the Pittsburgh Office, we actually, we own the DNC case, originally, they got taken out to special counsel Robert Muller's office, and then we did do a follow up on that. We had a Gru indictment in October of 2018. With some of the other aspects of that case, and then we just had another one last week that was announced for six Gru officers involved in some of the most destructive attacks across the world causing $10 billion worth of damage, including not Pecha, Olympic destroyer, among others. So day to day, are everything we do looks different. It's whatever questions we're asking of ourselves with the data, and finding the right person to help us with that. And then communicating up. And, and as a sec, Olson said, we do work with a lot of foreign partners. So we're talking to our legal deshays daily, were talking to headquarters daily, and the other offices that work this with us, it's a it's a very collaborative effort. It takes the whole world to track somebody that you can't get eyes on, especially in a place like Russia. So I hope that answers your question.

No, that's great. That's great. I, you know, I just also, I really should have set the stage so that people can understand that we have amazing capabilities here. I think Doug alluded to that, in terms of why it was good to come to Pittsburgh for him. You know, we really possess, you know, the assets with the FBI and the US Attorney's office with a reputation that's really known all across North America. Doug, can you just talk about why? Why are we known for you know, why is that notoriety attributed to the Pittsburgh southwest Virginia? off?

You know, that's like the age old question. We get that question all the time. Like, I think I'm sorry,

no, no,

no, I mean, and, and, and I wish there was like an easy answer. I think of it kind of like a three legged stool, I think it's this kind of unique combination of like, there are a lot of people with a good cyber background that come from the Pittsburgh area, kind of, if you look at like, if you look at the universities around here with with Pitt and CMU, it's kind of like, it's kind of like the new business structure of Pittsburgh in a way to have that, that innovation and technology. So I think I think we have a good feeding bed, where there's people who want to come back to this office and work that type of stuff. So we have a lot of really good agents and analysts, and professional support people that are just really innovative, they think out of the box, especially kind of defying what you categorizes like regular government people, right and, and probably working for a lot less than than they could make like elsewhere. The other aspect of it is like, I think we have a really aggressive US Attorney's Office, which is rare, because one of the most difficult things with cyber cases, is explaining, in simple terms, the complexities of cyber to a jury to a judge, or even other prosecutors. So we've had prosecutors that have taken the time to sit down with our agents to learn enough about it, that they can communicate it in simple terms, in layman's terms, basically, to to juries and stuff, and they've established like a track record of, you know, the answer in a cyber cases and always prosecution, but if you're effective at that, then you can be effective at a lot of other methods that we use. So I think, I think the US Attorney's Office being aggressive and, and taking the time to work something that might often look like it's out of District like, like, there's because of the nature of cybercrime, you know, you can kind of be hamstrung by the fact that you're always in our system, you're always trying to tie it to the locality that you're in, and we're able to do that, but you can't underestimate like the value of having those, those good, good prosecutors in there. And I think I think kind of the, the combination of those two things over time is just kind of like earned us a reputation and we're always trying to improve like it's, it's one of these things like we don't we don't rest on our laurels. Patrick just talked about an indictment last week of Gru members. We also had an indictment the week before and a criminal cyber case where 14 cyber subjects were like indicted worldwide. So we've and the third thing I was going to talk about was just the relationships we have with foreign partners, we're lucky that there's a, there's a headquarters entity right across the river from us called surf view. There's like a business consortium there where we have all different private and public partners. They're both nationally and internationally. So we're able to leverage that. And also direct relationships through the league at offices overseas, so that we're working directly with foreign partners. So I think it's the, it's the innovation in the area, which lends to our workforce. And then it's those aggressive prosecutors in the Western District of PA. And then it's those international partnerships that we make that some officers just don't know, you know, how to start with that type of stuff. And we've just been able to kind of leverage all three of that, to make it kind of special here, I think,

yeah, that's great. I just, we have a lot of questions. But I want to ask you one thing about, you know, it's the end of cybersecurity month, you know, Awareness Month. But what really, what I want to talk about is right now, we had the we had the Attorney General on at the beginning of COVID. And he gave us a lot of great information and perspective. But now here we are a few months later, can you talk to us about this the landscape that's even changed since then? Or what's changing? And what kind of threats you've seen in terms of COVID? Ah,

I think I think it's a combination of factors, right? Because you got COVID, you got the election next week. There's, there's, there's all different stuff going on, I think, I think the landscape has changed, but it's in a lot of ways it stayed the same, like people are more and more on their devices, they're on their phones, or online. Companies are more dependent about mechanisms like zoom, and, and other ways to like, communicate, because people are working from home. So it is a target rich environment. It's always been a target rich environment. But I don't think it's ever been such a target rich environment as is now and that that could be, you know, if you're talking about like ransomware attacks, or any of like our traditional cyber attacks, it's also when you start to talk about disinformation, misinformation, people are kind of like ripe for that, because there's a lot of fear in terms of COVID. And there's a lot of like, fear and anxiety, I think, with the coming election, and then we had all the civil unrest and the protests over the summer, too. So I think, you know, everything is magnified by those like aspects. And then you take something that pretty much already was taking over, which is, you know, just online social media. And I think that's even been more exaggerated by all that, because people are trying to find a way to connect and communicate and businesses need to make that happen. So we have all these additional vulnerabilities and kind of blind spots that that may not have may not have been quite so apparent before. All this all this happened.

Okay, well, Jonathan, why don't you start with some of the questions like Elliott has a question.

No, there's some great ones here. We're gonna need like an extra hour on the show, guys. So let's say actually, they're kind of grouped into some some clusters here, maybe just being able to talk more about our local preparedness for the elections. Did you see new vulnerabilities there? Do you feel like the elections move forward, that we're going to be safe across the country, but also here in Pittsburgh, as far as cyber threats are concerned?

I'll start with that. I mean, our kind of our, the way we're set up is we're sort of preparing for anything, we're setting up a, there's a national command posts at FBI headquarters, and then we're setting up a local command post for the election, here at our FBI office, but we're also tied into the state and locals and in terms of like, what they're setting up in terms of the election. So it's kind of, it's kind of like, be prepared for anything, but we don't really know what that's gonna. That's what that's going to look like. I know, we had a meeting with the Secretary of State for the state of Pennsylvania a couple weeks ago. And, you know, I don't want to speak for the state, but we always have to, like remind people is it's like, very important for real or perceived for federal there not to be any federal interference with like the election. So because of that, we're kind of limited on what we can do during this period right now and through election day. So mainly what we are is in a support role right now, in terms of any intelligence support or communication support that we can give to the locals to kind of find out trends that are going on nationally, so that we can communicate that to to our local partners here in Pennsylvania, so maybe they can get ahead of it if something's happening somewhere else or so that other offices can learn from what's happening here so we can address it more quickly, but we can Can't really respond to like a polling center, or anything related to the election until after the polls closed, because it's very important, just the way the US is set up is those are run by by the state. So we're just trying to support it in the best way we can. And we're also kind of equipping them to what federal election violations would be. And what those crimes like look like. We're trying to give cyber awareness briefings to people so they know what disinformation and misinformation looks like. And we're constantly like, you're around talking to people about hardening their networks, offline backups, making sure your patches are installed, like all the things that you want to be doing all the time those things still apply, you know, during this period as well.

Very cool. And what about the internet of things with industry? 4.0 happening so many connected devices, creating more vulnerabilities? any insight on that?

Patrick, you want to touch on Alan?

Sure. Um, so yeah, Internet of Things has been a pretty hot topic for a while. We have seen especially in the actors that that squad 16 tracks, a lot of interest in it. A lot of folks using open source tools to to scan the internet, using their own scanners and also using showed and census, things like this to, to find devices that have open CVS that can be exploited for financial gain or, or other other types of, of crimes to be committed. It is a very vulnerable landscape right now, especially since there's more and more devices coming online every day, a lot of times, people aren't removing the old devices, they're just abandoned, and they're still plugged in, which does give a nice attack platform for some of the cyber criminals. It's something to be aware of, it's something to definitely bring into people's attention, as we are very disposable society where it's great to like to buy the new things, you know, absolutely.

And what about the the idea around? If you see more cybersecurity issues around trade secrets, and so forth, especially with people working from home now, it seems like there's more vulnerability, because you're passing files back and forth between your home and the office that there could be a vulnerability there.

Yeah, absolutely. I'm a traditional target platform, targeting private sector businesses, it is now more vulnerable at home, home, Wi Fi routers that are never patched a lot of people using VPNs, not not knowing exactly how they work, or how they should be using them. Bringing files that can be sensitive to businesses onto their own networks, that their home networks are inherently more insecure. So yeah, it's, it's definitely a concern.

I think a lot of businesses are probably looking at the perceived cost savings of having all these people work from home. But they also need to look at the long term security implications of that. And how much harder is to secure your, your, your network when you have it spread spread so thin.

Any questions often?

Oh, they there's a bunch here. So um, that's the the most recent one that just came in from Dan motion? What kind of prior experience do you look for in cybersecurity job applicants? that's changing gears a little bit?

Um, I think, I mean, one thing they're doing now, we get a lot of help. I mean, the one thing is like, we definitely have a team approach here. So it's not just special agents that are working on these cases, we have we have, we have computer scientists, we have intelligence analysts that might might have some, a lot of them have like significant cyber skills. And then we have what we call SOS, which are like staff operations specialists. And that's kind of like a tactical analyst, I guess you could say that works out directly on cases. So there's a lot of different avenues to come into the Bureau and the Bureau is, is very interested in people that have significant demonstrated skills, but they're also interested in people that have an aptitude. So what they do actually at the academy now for new agents is they, they give them like a sans aptitude test. And if you if you score high on that test, then the Bureau's willing to bring you in, and then train you once you're on board. So it's like we're not just looking for people that have like developed skills, but it's that aptitude And usually, it's like anything else, if you if you have an interest, and you're and you're really interested in that type of stuff. You know, it usually lends itself to the aptitude as well. So I would say, you know, we're interested in all different people on the spectrum. Of course, we'd love to get people like Patrick every single time. When they come in, but sometimes what we hope to do is develop a Patrick from somebody who's not there yet. And like a lot of organizations, we have to, we have to train people in house sometimes to get to get them where they need to be.

That I'd like that as well that we do train a lot of people up and attitude is, I'd say the number one thing that we look for 90% of a job on a cyber squad is not cyber, we do throw around buzzwords, doesn't mean you have to understand them. We have support staff that does a lot of the the good nerdy work for us. Like, for instance, my case, on a lot of my cases, he was a school teacher. So you don't have to be cyber you. You just have to be willing to learn and wanting to learn.

So we're as we near to the end, there's a couple of things. Well, you know, in terms of some of the most damaging attacks, are there any helpful hints or anything that you want to say, to all of us, I mean, we have a great relationship in this region, with your office and the pH G's office. And we are very proud of it. And we know that people come here. And if you're on the call, and you don't know that you really should know that because this is the epicenter of some really interesting and collaborative work that's been highly successful, even over like the last decade, in terms of solving problems, but tell us, is there anything, any kind of advice that you could tell us that we might not be thinking about, because most of the people on this call up are probably pretty sophisticated about security matters.

And that's, I don't, I don't know, if you're not already thinking about it. But one thing I would say is, um, calls like this are really good. Like, it's like, just having some sort of like, relationship or point of contact with the FBI is good. That way, like, if you're not on our distribution for like pins and messages like that, if there's some sort of indicators of compromise we can send out then then obviously, we can send it directly to your, to your security folks. Beyond that, it's probably stuff that all your members are doing, you know, so it's like, I don't, you know, it's offline backups. I mean, a lot of this stuff costs money. So you're limited in terms of like funding on the stuff, but it's just, it's just doing those regular continuing actions, and not dropping the ball on that. And then I think also, like, I think, I think when we're talking about those, those susceptible, like endpoints like it's, it's, it's education of your workforce, right, like some of the people that maybe aren't directly related to your cyber security arm and maybe your weakest vulnerabilities, especially in this environment.

Well, good. I want to Patrick, do you want to add anything to that?

Nope, nope.

That's clear and cut.

So that, you know, is there any way that do you give material out or people can get on a mailing list? Or is there anything that you'd like to share with this group? In terms of staying connected?

Yeah, we have a we have what we call like a private sector coordinator here that works with our with our cyber squads, and that's going to actually change hands this this December, but I mean, what I'd say is like, Audrey, I can get with you and I can make sure that we have all of your membership on that on that list. So that you know, we're doing outreach with them. And then they also know that they have like a good conduit and point of contact there because I think it I think it helps on the prevention side, but it definitely really helps like if you if you do become the victim of something, you know, when you talk about the financial Kill Chain or anything like that, just moving quickly, to make some a small problem stay small instead of becoming like a big problem.

Well, first of all, thank you, Doug Olsen and Patrick Myers for joining us. Welcome to Pittsburgh, even though you've been here for a year Doug, we hope you stay for a while. I do want to tell everyone before we log off and that next week we have some guests and Monday we have a lot of diamonds. She's the new managing partner at foreign to venture fund. Tuesday. We have the director of supplier diversity at Highmark health, Robert James. And then we have Justin Mendell director at Allegheny investors Alliance. And then we have rich Fitzgerald, allegheny county executive. So we have a busy week next week. And I want to give a deep appreciation to David Cain and his team at ethical intruder. They're easy to find if you want to reach out to them at ethical intruder.com. You can find them there. And everyone thanks to Huntington bank, and everyone have a fabulous weekend. Stay safe.

Thank you. Thanks so much.

Transcribed by https://otter.ai