Category: Federal Bureau of Investigation

Source: Federal Bureau of Investigation (FBI) State Crime News

Director Christopher Wray has named Kieran Ramsey as the special agent in charge of the Portland Field Office. Most recently, Mr. Ramsey served as the director of the FBI Hostage Recovery Fusion Cell (HRFC) in the Counterterrorism Division at FBI Headquarters in Washington, D.C.

Mr. Ramsey joined the FBI as a special agent in 1998 and was assigned to the Seattle Field Office. He worked on a public corruption task force, an organized crime squad, and on the Seattle Joint Terrorism Task Force. Mr. Ramsey also served as the senior leader of Seattle’s Evidence Response Team and deployed to the World Trade Center after 9/11.

In 2005, Mr. Ramsey was promoted to supervisory special agent and worked in the Counterterrorism HUMINT Operations Unit at FBI Headquarters. He served in that position for two years and was promoted to legal attaché in Cairo in 2007. As legat, he served as the principal FBI official for U.S. embassies in Egypt, Sudan, and Libya.

Mr. Ramsey was promoted in 2010 to supervisory senior resident agent of the New Hampshire offices, under the Boston Field Office. In that position, he also directed the New Hampshire Safe Streets Task Force and the New Hampshire Joint Terrorism Task Force. He was promoted in 2013 to assistant special agent in charge of the Boston’s Counterterrorism Branch, and led the Boston Marathon Bombing Task Force to its conclusion.

He was named legal attaché in Rome in 2017, covering Italy, The Holy See, and Malta. Mr. Ramsey was promoted to section chief in 2018 and named the director of the Hostage Recovery Fusion Cell. The interagency HRFC leads the U.S. government’s efforts to recover U.S. national hostages held abroad.

Prior to joining the FBI, Mr. Ramsey was a special agent with the U.S. Customs Service. He earned a bachelor’s degree from Northeastern University in Boston and a master’s degree from Georgetown University in Washington.

Source: Federal Bureau of Investigation (FBI) State Crime News

Welcome to the Oregon FBI’s Tech Tuesday segment. Today: Building a digital defense with smart passwords and passphrases.

Last week, we talked about how bad actors are using stolen email passwords to gain access to smart home devices—think of items such as surveillance cameras and internet-connected doorbells. They are using that access to make 911 calls to law enforcement, resulting in a mass response—including SWAT teams. The best way to protect yourself is to use complex passwords or passphrases for online accounts, and don’t reuse passwords across different accounts.

The start of the new year is a great time to look at the passwords you use and make some easy—but consequential—changes.

Rule number 1 – Make sure, at the very least, that your email, financial, and health accounts all have unique passwords or passphrases.

Rule number 2 – Make sure your password or passphrase is as long as the system will allow.

Rule number 3 – Creating new passwords doesn’t have to be super complicated… just make sure they are complex. One easy way to do that is to create a passphrase. Pick a string of words that only you would associate with each other.

For instance, picture a scene that is unique to you such as your backyard and put those thoughts together. “Broken oak tree with fence needing staining overcome by snails and moss” can become “brokenoakstainsnailsmoss”. That’s 24 characters. Add in a capital, special character, and a number and you just made your passphrase even stronger, but still easy to remember: “Brokenoak$tainsnailsmo55”.

Make sure you avoid well known strings of words that other people would put together—such as the colors of the rainbow or the name of a popular book.

Rule Number 4 – A password or passphrase is only the first piece of what’s called multi-factor authentication (or MFA). To keep yourself safe, you need at least two—preferably more—pieces to that MFA puzzle. Here’s an easy way to remember what multi-factor authentication includes:

• Something you know (passphrase or password)
• Something you have (such as a randomly-generated PIN texted to your phone)
• Something you are (such as face or fingerprint imaging)

Finally, consider using a reputable password manager. A manager is a program that saves all of your passwords locally or in a cloud vault, and all you have to remember is that one, very complex master passphrase. As with everything, there are no guarantees of 100% safety, but the more roadblocks you can build, the safer you likely will be.

If you believe your email or other smart device credentials have been compromised, you should report the incident to the FBI’s Internet Crime Center at www.ic3.gov or call your FBI local office.

Source: Federal Bureau of Investigation (FBI) State Crime News

The FBI’s Portland Field Office, working with the Oregon State Police, the Salem Police Department, the Portland Police Bureau, and all of our other local, state, and federal partners, is preparing for any potential violent activity related to the recent unrest in Washington, D.C., and elsewhere.

Given the unrest at the United States Capitol on January 6, 2021, we are maintaining a heightened posture to monitor for any emerging threats to our region. We are focused on identifying, investigating, and disrupting individuals who were involved in the siege of the U.S. Capitol and/or those who may continue to incite violence and engage in criminal activity here locally.

To that end, the FBI in Oregon is running a command post to gather intelligence and coordinate with our law enforcement partners on potential threats. We also have special agents, bomb technicians, the FBI Evidence Response Team, tactical teams, intelligence teams, and others to support investigations and counter any potential threat of violence to the state capitol, federal buildings, and our shared community.

We need the public’s help to protect our state and the rights of peaceful protesters. We are urging people in Oregon to call us at (503) 224-4181 or go to tips.fbi.gov to submit information regarding any potential violence at any upcoming protest or event. You can also call 1 (800) CALL-FBI. If you know of an immediate emergency, call 911.

We cannot be successful without the help of the American people as we work to fulfill our mission: protect the American people and uphold the U.S. Constitution.

Source: Federal Bureau of Investigation (FBI) State Crime News

Welcome to the Oregon FBI’s Tech Tuesday segment. Today: Building a digital defense against smart home swatting attacks.

Nationally, smart home device manufacturers have notified law enforcement that offenders have been using stolen email passwords to access smart devices with cameras and voice capabilities to carry out swatting attacks.

What is Swatting?

Swatting is a term used to describe a hoax call made to emergency services, typically reporting an immediate threat to human life. The goal is to draw a response from law enforcement and the SWAT team to a specific location. Confusion on the part of homeowners or responding officers has resulted in health-related or violent consequences in some other parts of the country. These attacks also pull limited resources away from valid emergencies. Swatting may be motivated by revenge, used as a form of harassment, or used as a prank, but it is a serious crime that may have potentially deadly consequences. Offenders often use spoofing technology to anonymize their own phone numbers to make it appear to first responders as if the emergency call is coming from the victim’s phone number. This enhances their credibility when communicating with dispatchers.

How is this version of Swatting carried out?

Recently, offenders have been using victims’ smart devices to carry out swatting attacks. To gain access to the devices, offenders are likely taking advantage of customers who reuse their email passwords for their smart device. The offenders use stolen email passwords to log into the device and hijack features, including the live-stream camera and device speakers. They then call emergency services to report a crime at the victim’s residence. As law enforcement responds to the residence, the offender watches the live stream footage and engages with the responding police through the camera and speakers. In some cases, the offender also livestreams the incident on shared online community platforms.

Protection and Defense

If you have smart home devices with cameras and/or voice options, there are a few basic ways to protect yourself:

• Use complex passwords or passphrases for online accounts, and don’t reuse passwords across different accounts.
• Use multi-factor authentication (MFA) for all online accounts and any device that touches the Internet. Best bet—don’t use a secondary email address for that secondary layer of authentication. Use a mobile phone number, virtual or physical tokens, or biometric options (such as a face or fingerprint scan).

Next week, we will talk more about how to create strong passphrases without driving yourself crazy.

If you have been victimized in this kind of crime, make sure to file a report with your local police department. If you believe your email or other smart device credentials were compromised, you should also report the incident to the FBI’s Internet Crime Center at www.ic3.gov or call your FBI local office.

Source: Federal Bureau of Investigation (FBI) State Crime News

Welcome to the Oregon FBI’s Tech Tuesday segment. This week: building a digital defense against tech support fraud.

You just received some really cool new gadget under the tree that is supposed to make your life easier—but you can’t even begin to make sense of the instructions, if the device even had such a thing. It’s enough to take the joy out of what’s left of your holiday season.

The fact of the matter is that many of us need help… if not now, then down the road. Here are two scenarios that you need to watch out for. In the first scam, you do an Internet search for help with your device. You see posts or even paid ads that look legit… but aren’t.

In the second scenario, the scam starts with the fraudster contacting you first. You get a message—via email, text, social media post, or even a pop up on your screen—from someone pretending to represent a well-known, reputable tech company. He tells you that some bad actor has already hacked your device, and you need help immediately to deal with some devastating malware that is about to destroy it.

Here’s how to protect yourself:

• If you get a call from someone you don’t know, who says that you have a problem with your computer, hang up. It’s a scam.
• If you get a pop-up message on your screen saying that you have a security issue and need to call a specific number or click on a link for help, ignore it.
• If you have what you think is a problem, try shutting down and restarting first. Sometimes that resolves the problem.
• Make sure all anti-virus and malware software is up-to-date. Set your system to update automatically, and, when in doubt, run a scan yourself to see if there is an infection.
• If you do need tech support, go to a company that you know and trust. You should make the initial contact, preferably in person or by phone, using publicly-available contact information.
• Back up your files and important documents. No system is going to be completely secure. Copy all of your files to an external hard drive or cloud storage. If your computer breaks or is hacked, you will still have access to your files.

Finally, remember that the legitimate tech companies will neither contact you unsolicited to ask for access to your computer nor will they ask for account passwords.

If you have been victimized by a cyber fraud, be sure to file a report at the FBI’s Internet Crime Complaint Center at www.ic3.gov or call your FBI local office.