NEW!- You should read about the latest police centers being set up around the country called Fusion Centers.
The FBI is the premier law enforcement institution in the US. Originally meant to deter organized and violent crime, they became tasked with counterterrorism and domestic terrorism after 9/11. Because they have so many roles in police work in the United States, I'm going to primarily concentrate on the one role that interests me most- their Infragard program. Originally conceived in the Cleveland office of the FBI, the Infragard program was meant to combat growing cyber crimes in 1996. However, after 9/11 their focus broadened to combat attacks against critical infrastructures in the US. Infragard is actually a partnership between US agencies and the public/private sector. Theoretically, anyone can join, but according to their website, infragard.net, the FBI does a background check on potential members. Since most of the US infrastructure such as water, electrical, and other utilities are privately own, this is really an organization about protecting the interests of the rich and politically connected. Anyway, each chapter of an Infragard entity is geographically based around an FBI field office, mostly around the division level, however, some other organizations at larger cities which don't have an FBI division office have a chapter. Each of these chapters also has an FBI Special Agent Coordinator. Considering the fact that they also share classified information with certain members of an Infragard chapter, it makes it worthwhile to learn which companies and universities are also members. You can find a list of the national chapters at http://www.infragard.net/chapters/index.htm. Just click on your state of interest.
This project is broken out by state and for each state I list the major field office(s) for that state. When I could find the information, I also list out the resident agencies and their addresses, but I did not include any imagery on those offices. Not all states had a field office and some field offices had jurisdiction over several states. Below is the list of states for this project:
FBI Headquarters in DC
Alabama
Alaska
Arizona
Arkansas
California
Colorado
Connecticut
Florida
Georgia
Hawaii
Illinois
Indiana
Kentucky
Louisiana
Maryland
Massachusetts
Michigan
Minnesota
Mississippi
Missouri
Nebraska
Nevada
New Jersey
New Mexico
New York
North Carolina
Ohio
Oklahoma
Oregon
Pennsylvania
South Carolina
Tennessee
Texas
Utah
Virginia
Washington DC Field Office
Washington State
Wisconsin
Now that I have completed the first round of my research on the FBI and their Infragard program, I come away with these insights:
1. The FBI and the US Secret Service share jurisdiction for all computer crimes. All FBI offices have at least one computer crimes specialist.
2. The Infragard program contains an Information Sharing and Analysis Center which is broken down into these sub-sections- chemical, emergency, energy, financial, food and agriculture, government, information technology, telecommunications, transportation, and water.
3. Most of the Infragard meetings were open to the public. But a few offices keep their meetings closed, probably hiding behind a defense of "national security."
4. The FBI heads up what are called Regional Computer Forensics Laboratories (RCFLs) which are staffed by participating law enforcement agencies. The FBI trains most of these personnel on how to conduct computer forensics, from tag and bagging to initial research. At the time of this report there were 12 opened in the country and the plan was to have 13 by 2006. See the site report for California for more information.
5. I'm not sure if this applies to all RCFLs, but the San Diego RCFL uses the Linux command "dd" and a program called SafeBack to make two master copies of seized harddrives. From those two any working copies are made for both RCFL analysis and the defense team. There is some indication that the FBI also uses programs called ILook and LogiCube. Pertaining to LogiCube, it is really a hardware device which is used to quickly mirror a harddrive by plugging the harddrive into one end of it, allowing on-site examination of a harddrive where time, access, or control are limited (i.e., secret warrants). You should do some Googling on these two programs because it gives you an indication of how the FBI does forensics.
6. Companies that partner with the FBI and their Infragard program are exempt from the Freedom of Information Act. Supposedly, this is to encourage participation among the private sector, but will most likely be used to avoid responsibility for piss-poor practices. So, all you CEOs who had your company's customer data stolen in 2005 can go fuck yourselves with a baseball bat. >:(
7. Although I'm not sure about this, the FBI may have classified email accounts. These might be internal accounts used to exchange intelligence on various cases. I believe this might be the case because on the Honolulu Site Report, I came across the reference of "unclassified email address", which makes me wonder if there are "classified email accounts."
8. The Windows operating system seems to receive the bulk of attention from the forensics labs. I think I read somewhere once where the Canadians can render assistance when performing analysis on Macs. It does make me wonder how these RCFLs perform analysis on equipment used by someone who uses Linux exclusively. From several of their class offerings, I saw nothing about Linux forensics, except the fact that the RCFLs use Linux in performing their forensic duties.
9. The FBI has their own fleet of aircraft to perform surveillance and eavesdropping. There are possibly more than 80 planes and all 56 field offices have access to them. For more detailed information, see the State of Indiana Report.
It appears that Infragard likes to hold its annual conferences in Washington, DC around late July/early August. Some of their Powerpoint presentations from the July 2005 conference can be found on Google by doing a search using this criteria:
inurl:infragard.net filetype:ppt site:infragard.net
Some of them are classified "Unclassified/FOUO", For Official Use Only, which makes me wonder why the premier group of people tasked with cyber security and infrastructure protection would forget about Google's caching service. In some cases these presentations give locations of key ports and facilities. Keep up the good work guys! One of the presentators, Mr. Michael X. Clawson, comforted the attendees by listing these myths about the drinking water supply:
- Water system pressure provides security against contamination
- Water systems have sufficient redundancy
- Buried components are protected
- Dilution in water systems means large quantities of toxins are necessary
- Physical security alone can protect systems.
After reading this particular presentation I think I'll only use bottled water from now on. You should really take a look at these presentations because it gives you an idea of what the Infragard group is really focused upon, unless of course, they've been pulled out of Google's cache.
Here is the Infragard's Annual Report for 2004. It's very interesting in that it gives information on EVERY Infragard chapter in the country. You know I downloaded this puppy. I haven't located their 2005 report. Yet.
There is an excellent website at http://www.computerforensicscommunity.com/ which talks about everything related to computer forensics. This is a must read to understand what the FBI and my old nemesis, the Secret Service, may be doing.
From the Georgia State website which defines the functions of a Resident Agency:
"The Atlanta Division of the Federal Bureau of Investigation includes the Atlanta Field Office and 14 Resident Agencies throughout Georgia. Resident Agencies are smaller regional offices of the FBI that address all FBI investigative programs. They work closely with state, county, and municipal authorities in their respective areas.
The Resident Agencies provide for an FBI presence throughout Georgia and are critical for the development of liaison with state and local law enforcement."
obligatory line to keep Geocities from deleting project- 932758776353