According to FBI Director Christopher Wray, they can best be defeated through cooperation between law enforcement agencies, academia, and the private sector. In a speech on Jan. 28, Wray shared with an audience of roughly 1,900 attendees an example less than 36 hours old: the disruption of the Emotet criminal botnet, which was carried out with the European Union Agency for Law Enforcement Cooperation.

“Emotet has for years enabled criminals to push additional malware onto victim networks in critical sectors, like health care, e-commerce, technology, and government. Emotet is one of the longest-running and most pervasive denial-of-delivery services out there,” he said.

The operation was successful, he said, because cybersecurity experts on both continents had applied lessons learned from previous disruptions of botnets, which are networks of internet-connected devices that can be used to perform Distributed Denial-of-Service (DDoS) attacks, steal data, send spam, and allow the attacker to access the device and its connection.

“It’s the kind of disruption that demands cooperation,” he said.

Wray made the announcement during a talk titled “The FBI’s Strategy for Tackling Cyber Threats in 2021 and Beyond,” part of a virtual speaker series sponsored by the International Conference on Cyber Security (ICCS), which is jointly presented by the FBI and Fordham. In-person ICCS events, such as those scheduled for July, have been postponed until public health authorities advise that they’re safe.

In addition to Emotet, Wray cited examples such as the bureau’s success in the September prosecution of the Chinese hacking group Apt41, which was targeting private companies, as well as a partnership with the NSA that lead to last year’s discovery of a sophisticated type of malware developed by the Russian military.

Wray answered audience questions that were presented by Joseph M. McShane, S.J., president of Fordham, who served as moderator. Questions ranged from how the bureau retains talent that might otherwise work in the private sector (their attrition rate is very low) to the ways they go about identifying cybercrimes in general. Asked how private industry can help the justice department defeat domestic threats, Wray advocated a preemptive approach.

“There’s a saying that the best time to patch the roof is when the sun is shining. It’s the same concept here. We want people to start to build those relationships with their local FBI field office before they have a major intrusion,” he said.

On the challenge of misinformation campaigns and social media, Wray made it clear that the bureau is concerned with the threat, not the content.

“We’re not the truth police of the internet. What we focus on is the actor,” he said.

He noted that when the bureau learned that Internet Research Agency, the Russian troll farm that was active during the 2016 presidential election, was actively planning to spread disinformation and distrust in 2020, the FBI tipped off Facebook and Twitter in September to its presence on their networks.

“It’s a situation where we, rather than bringing an enforcement action, we’re feeding tips to the social media companies, which were able to take very quick actions themselves using their own terms of service,” he said.

“Because activity that might not readily lend itself to a criminal case or national security action often very readily violates their terms of service.”

It was another example of the private sector and law enforcement working together to defeat a shared enemy, he said.

“The way we do business today, and so many of the changes we’ve made to our strategy are a product of our work with [the private industry]. We’ve been working with your concerns and suggestions and we’ve taken them to heart. We’ve shifted the way we think and the way we operate so we can have a more significant effect on our adversaries.”

Wray’s talk was followed by a discussion with Ed Stroz, GABELLI ’79, the founder of a firm formerly called Stroz Friedberg and now known as Aon Cyber Solutions, and Matt Gorham, assistant director of the FBI’s Cyber Division. Stroz, a former FBI agent himself, focused on the nuts and bolts of how a private company actually works with the bureau.

Gorham echoed Wray’s suggestion to make a connection before an intrusion, as that will establish a baseline level of trust. This will be important because in the near future, he predicted there will be an increase in ransomware and malware-for-hire services. And, he said, people should feel confident that when they call the FBI for help, the bureau knows that they were the victim.

“And we know how to work with a victim,” he said.

“A lot of times this comes down to a level of comfort that we’re not out there to look at your content; what we’re really looking for are those artifacts of intrusion,” he added, noting that people develop trust in the bureau after working with them once.

“It’s been my experience that there may be a hesitancy to call the FBI the first time; it’s a very quick call the second time.”

At The Red Team Experience, a panel discussion held the second day of the International Conference on Cyber Security, Michah Zenko shared that possible scenario with an audience of security professionals as an example of what red teams can prepare a firm for before it actually happens.

“I always think of the first ever red team meeting as an act of therapy,” said Zenko, the author of Red Team, How to Succeed By Thinking Like the Enemy (Basic Books, 2015).

“It’s having an honest conversation about what do you care about most, what degree of resources are you committed to protecting, how will you marshal resources, how good are you at putting out fires, and what is your relationship with third party responders and law enforcement, when a breach happens?”

The panel, which was moderated by Ed Stroz, GABELLI ’79, co-founder and president of Stroz Friedberg, (now known as now known as Aon Cyber Solutions) explored the intricacies involved in hiring an outside firm to try to break into ones’ own computer networks and stop just short of causing irreversible harm. Done right, Stroz said, a sustained attack, done without any of lower management’s knowledge, can provide valuable insight for employees who are willing to learn.

“If you were to draw a picture of a company’s computer network, they almost never show the people; they only show the devices. It’s not wrong; that’s how most networks maps look,” he said.

“But I think if you really want to do it correctly, you have to show the people, because they are part of the computer network.”

Jude Keenan, director at AON Cyber Solutions, said there is often confusion between penetration (or PEN) testing, and red team testing, with the former offering breadth, and the latter offering depth. Many companies falsely equate internal tests to be the same, he said.

“For us, we need to have buy in from executive level members, someone who has the authority to say, ‘I give you permission to steal really what is our company IP, crown jewels and have no one else to know about it,’” he said.

“It’s pretty important from that perspective, because if the blue team knows know someone is going to attack the, then it’s not really an accurate test.”

Stroz said the tricky part of red teaming, which takes its name from military exercises where red teams play offense and blue teams play defense, is balancing the need to show weaknesses in a company’s networks with the potential downside of embarrassing and demoralizing employees.

Often, he noted, red teams will discover flaws that a company’s IT staff was previously aware of, but couldn’t convince their superiors to address. Together though, everyone can work to address the issues before they become problems.

“In my experience, clients who are going through a real cyber-attack, everybody’s IQ drops about 20 points, because it’s human nature,” he said.

“You tighten up, you go back to primitive thinking, the reptile brain kicks in. Everybody does it, including me. But one way to minimize the bad side of that is to inoculate yourself and be aware of it and try through a bit of preparation. Any preparation that helps you build resilience is going to benefit you.”

After the exhibit closed in February, the reproduction was carefully taken down and packed away. In November, it was given a new home in Fordham’s Butler Commons on the Rose Hill campus.

Joseph M. McShane, S.J., president of Fordham, called the gift a welcome addition to the University’s collection, one that will “touch our hearts, engage our minds, and lift our spirits.”

“It is an honor to once again partner with the Met, one of New York City’s preeminent cultural institutions, and to provide a permanent home to a reproduction of Michelangelo’s most ambitious and stirring masterpiece,” he said.

“Such a work embodies the divine grace of God. Its presence will remind us of our own Catholic heritage.”

The fresco, which Michelangelo painted between 1508 and 1512 at the behest of Pope Julius II, is one of the most famous pieces of art in the world. Among its features are narrative scenes from the Book of Genesis, the Book of Maccabees, and the Gospel of Matthew. One of its most iconic images is the artist’s rendition of The Creation of Adam.

The gift is emblematic of both the Met’s and Fordham’s extensive roots in New York City. Father McShane first saw the fresco during an early morning tour of the exhibit arranged by Fordham Trustee Fellow Edward M. Stroz, GABELLI ’79, and his wife Sally Spooner. They were joined by Erin Pick, then a senior administrator at the Met, and Maria Ruvoldt, Ph.D., chair of the department of art history at Fordham.

He said he knew from the moment he entered the room that it would be a magnificent addition to Fordham’s campus. As chance would have it, the group crossed paths with Carmen Bambach, Ph.D., a curator at the Met who specializes in Italian Renaissance art. From 1989 to 1995, Bambach was also an assistant professor of art and music history at Fordham when Father McShane was dean of Fordham College at Rose Hill.

 “She looked at me and said, ‘You hired me at Fordham.’ I smiled and said that I had indeed hired her,” Father McShane said.

“After the tour was over, Erin, Carmen, and Maria worked on a proposal that we could place before the Met leadership to see if we could secure the piece for Fordham. Much to my surprise, we were informed a few weeks later that the Met approved our proposal.”

Quincy Houghton, deputy director for exhibitions at the Met, echoed the bond between the museum and Fordham.

“We are pleased that this painting will have a future life at Fordham, as another manifestation of the many scholarly connections between our two institutions, and that it will be widely used as a teaching tool,” he said.

“We look forward to seeing it in its new home.”

Ruvoldt said that although the fresco is among the most famous paintings in the world, it’s often seen in piecemeal fashion, such as the well-known section featuring the nearly touching hands in The Creation of Adam.

“Typically, when students learn about this in an art history classroom, they’re seeing a projection on the wall. They don’t have the experience of the entirety of the composition, and the experience, frankly, of just looking up at it, which sounds a little simple, but was key to the way the painting was meant to be understood,” she said.

“Michelangelo really got that the people who would be looking at it would be looking at it from below. So, it’s a unique experience for students to see it.”

Among the details one can observe in the full reproduction is evidence that Michelangelo actually realized, halfway through the production, that he’d have to rethink his approach. Ruvoldt said the latter sections feature visible changes in the scale of the figures, and compositions become simpler, so they’re more discernible from below.

Watch Ruvoldt give a guided explanation of the fresco reproduction.

Butler Commons, which is named for the founder of Marymount College and is just one floor above the University’s theology department, is an ideal location for it, she said, because it’s open to all. The University will open it to members of the campus community in January, and members of the public can arrange visits in the same manner they currently use to visit the University’s Museum of Greek, Etruscan, and Roman Art.

“I picture it as something that not only art history professors can bring students in to look at it, but the theology department as well. The subject matter is the entire story of Genesis, the prophets, and the ancestors of Christ—it could be interesting as well for interdisciplinary investigation.”

The gift is only the latest collaboration between the two institutions. Last year, Fordham lent the Met Cristóbal de Villalpando’s Adoration of the Magi; the museum restored it and included its July exhibition Cristóbal de Villalpando: Mexican Painter of the Baroque.

Update: While Butler Commons will remain secured, any member of the Fordham community who wishes to view the reproduction can contact the reception desk at Tognino Hall during business hours to have them open the room. During the weekends and after business hours, Public Safety will respond and open the room for any requested viewing. Members of the public can also make arrangements to view the artwork during business hours. No food or beverages are permitted in Butler Commons.

Edward Stroz, CBA ’79, founder and co-president of the global consulting firm Stroz Friedberg, LLC, said that the field of information science—known as informatics—has become critical to the collection, delivery and analysis of data now that millions of documents exist electronically. Stroz delivered the 2010 Clavius Distinguished Lecture presented by Fordham’s Department of Computer and Information Science.

Informatics is a science that studies the gathering, interpreting and transforming of information into connected computer networks and complex systems. While certain fields of science have begun to use informatics to further their disciplines, the justice system lags behind, Stroz said.

“I know a fair amount about evidence, and it has struck me that the use of informatics in our justice system has been rather unexplored,” said Stroz, a former special agent for the Federal Bureau of Investigation who specializes in computer crime. “Many lawyers who have a little gray hair are still in the Stone Age when it comes to understanding how electronic documents compare to paper documents.”

In his lecture, “The Role of Informatics in Our Justice System,” Stroz outlined some pitfalls of having an inexperienced team parse electronic data to present as fact in a case:

• Some lawyers misunderstand the term “create date” in a document’s metadata and, therefore, may make an innocent, yet mistaken, analysis of how long a document has existed;

• An altered electronic document may be erroneously admitted into evidence;

• Lawyers may not be able to tell the difference between “original” and “duplicate” electronic documents.

Conversely, Stroz cited the “immaculate memo” in a famous Enron litigation as an example of how an informatics analyst can uncover the smoking gun in a case. The memo, which proved that Enron manipulated a $7 million sale, was rumored to exist, said Stroz, but nobody had allegedly “handled” it. It was eventually discovered in a network share file with the use of forensic programming, said Stroz, and introduced into evidence.

In today’s world of e-mail, BlackBerries, hard drives, multiple servers and off-site storage, Stroz said, practically nothing is wiped out. Even a suspect’s Internet search trail can be revisited to prove intent.

Because of the relative newness of the field of electronic discovery, Stroz said, many people today want third-party assurance that data identification, preservation and production has been done right.

Among the other challenges that informatics can address, he said, is the need for a common lexicon to facilitate better mining of data and keyword searching. In the past, Stroz said, keyword searches have been shown by studies to be extremely inaccurate, missing up to 70 percent of the relevant data.

“This shows a need for increased dialogue between lawyers and people who are information scientists,” he said. “If you don’t get all the material and preserve it, you could miss one document even if you get 99.99 percent of the documents.

“[And] it could be the fact that turns everything on its head,” he said.

The lecture marked the 25th anniversary of the department’s first graduating class.