professionalization of the office itself, these are a clear edith had that we're stepping into a new century and the future was going to be terrific. to n that note, thank you for be d kathy dalton with us tonight to tell us about life of edith roosevelt, the 20th first lady of the 20th century. thank you for your scholarship.

>> the third and final experimental airplane that the right brothers built and today survives as the second oldest of airplanes today. this airplane was constructed flown in six year's time between the time they built success of nd the this particular airplane. this was a plane built less than two years after the first flight kitty hawk, north carolina on 1903.ber 17,

what's interesting is they were four times. they were the proof of concept f power heavier than air flight. the airplane behind me, the 1905 flier 3 was capable of repeated takeoffs and landings, repeated flights, of not just for a few a time, but upwards of 40 minutes by october of 1905. airplane could fly graceful circles, figure eights, turn, and fly very much like a modern airplane flies. a modern s very much airplane capable of being controlled through three axles of flight. yawl. roll, and >> american tv looks at the history and literary life of day ohio, saturday noon on

c-span 2, sunday at 5:00 p.m. on c-span 3. and data y theft security. g.m.ceoour and a half by daniel actorson. the affordable care act and the website, healthcare.gov. the event opened with the panel of the evolution and trends of

cybercriminals and looked how consumers could protect themselves from identity theft. this is a little less than an hour and a half. >> thank you, i'm rob, or so believe.een led to we'll get to it. > verizon, the director of cybersecurity and public safety. we have a unique position to see hat happens when security fails. as we travel around the world, it leads to ultimate data theft. share and need to research that perspective with the rest of the world. o we put out a data report every year. you can get it from verizon.com. dvir.e prior to that, i was with the

service. so today's conversation, i've been involved in investigating on identity theft since 2001. 've been sharing insights from the law enforcement component as well as our time in verizon. >> thank you. i'm abigail davenport. we're a public opinion and research firm. i do research on a wide variety topics and have the privilege to doing safety and on-line institute in the past few years on parent, teen, their about privacy and security and safety and identity theft, particularly most recently in the fall. did a survey of teens looking ore specifically about their attitudes regarding ietdty theft, what their behaviors are, hat they're doing to protect themselves. what they might be able to do more of. i can bring that perspective in and teens and s the way they approach this

issue. >> alan friedman. brookings. computer be in science. i wasn't good at it. policy,degree in public which makes me an immediate okra and cultural behaviorist, if you're mediocre thing, you sort of have to move to washington. paper on identity theft from a systemic risk perspective. february, ook in cybersecurity and cyberwar tying together how the different related to broader international discussions. >> i'm an assistant u.s. attorney. our office is the first one to so-called chips unit.

so i work on these types of much every day. >> do the first question here -- now.ng over them just the problem in financial terms billion. 2005 at $32 $20.9 ow down to only billion in 2012, which is great. customers hit by identity fraud stayed around 5% in the last seven years. just getting -- is the profit margin out of this but not enough? what's the overall dynamic we see here? >> what's interesting -- i don't know the population statistics. what's interesting about looking at the numbers there, we that the number of data reaches is certainly going up every year. we're looking at the data breach

report. we analyzed 47,000 incident, 621 breach.result in data so if you look at the evolution and their desire a central location factor.eneficial >> building on the idea that a seeing is risk we're emerging from data breach, a a ry out of carnegie miller that ars ago that found the laws actually helped -- the data so it looked how states adopted laws and period of r in the time. on average, 6% reduction, a large number when you talk about the numbers we've been talking a difference. bigger question is how

people are using the data. andy is right, these are criminal acts. are people extracting value from the system? credit cards trade on the open market for dollars. to that.attribute the heavy lifting is not getting the data, it's using the data. credit card, i can go on a spree and have a nice day on the town. of your credit cards, that doesn't scale. so the defenses have to focus on economics, raising the cost of the attacker of efficiently and most importantly extracting data. any time you can remove the tool from a cybercriminals and make them do things by hand, you've helped to reduce crime. that's an excellent point. up on malware, a lot of

focus, it's focused on technology. it's a business. stupid one, a criminal one, but they're economic motivations and if you can make it more xpensive to try to make a living this way, realistically, if criminals wanted to work real job. would get a so. >> i hate to disagree right out box. >> that's why we're here. >> no, no -- but i think a lot of the criminals that we look at, especially the sophisticated a s, really do treat it like job. i get up in the morning and go to work. these guys get up probably later than i do. as hard. just it's someone you've arresting proffering and you realize how much work it is. alan said,ld on what montization is not a simple

thing. especially if you are data,ing large amounts of you need oftentimes, you need a network of lower level people. you need runners. you need people who you can sort wrong.ifice if things go and it's much more difficult than you would think to actually the dollars out of stolen identities. >> one of the bigger cases that out, and you probably remembered the gentleman's name. i can't remember it. ut it was linked to compromising 33 million credit card numbers and the department demonstrated ings that he had earned $200,000 over three or four years. that is not a lot of money for a smart guy in the tech industry. >> reconsider the life choices, i'm thinking. >> albert gonzalez had $1 buried in his back yard. >> right. >> right. >> what we're focused on here i infrastructure that the criminals are leveraging, right? and over time, you'll see as we

panel today, the evolution of the cybercriminal and the infrastructure that them has evolved. those commitmenting the crime impacting us 10, 15 years ago, now the ones commercializing, industrializing ground.dz the xhodization of malware, and infrastructure for making it easier than most that don't have programming or computer science background to engage in activity.nal that's going to continue to anonymity. and what zach and his team does the recent arrests, i don't think the public truly nderstands how difficult it is to merge the on-line identity with the real world identity. hat's a daunting task and it becomes quite cumbersome. so the efforts that the office law enforcement around the world, secret service, they do a good job of being able to merge that. very challenging and the results of that, though,

that s a broader picture we'll paint for you today. >> okay. the second question may shed a on this.ght another stat factoid. 11.8% of notified breach victims were victims of identity fraud. 2012, the number climbed to 22.5%. so it seems that we're talking industrializing and sort of getting a mechanism exploiting this. a wholey if you can get bunch of credit card numbers darks at a points about someone it's easier to monetize that. can you drive up the cost of it? besides if we assume the data going to happen on some level, what's the step to youto increase the cost of, know, getting an -- getting the oney out of the data you acquire? lawo going to speak from my enforcement background and not necessarily from the verizon

brand. the at's interesting about evolution of the infrastructure is that it's built upon a certain mindset, right? and that mindset is embed in that culture for well over a decade. in order to operate within that environment, you have to have certain skills you. have to have a certain respect for the community if you will. it polices itself, right. mindset ution and that has been permeated to -- it's not a large group of individuals at it, zach look and you can shed more light on the current role. fighting, at least that are affecting the payment system. identity theft and the payment card industry, it's a small number, it's not a large individuals that are doing this. it's those that honed their skills. --can you >> i would like to not because i don't want to give any to the criminal. at the end of the day, it's less than a few thousand if you will.

so that's important to understand. because as zach and his team and are having rcement his -- successes every year, we focus on -- i don't think we ruly understand the importance of that one arrest or two arrests a year of that high-level criminal kachlt we don't understand what it means. about nowfrom 2008 to changes in the statistics in the ethods to the bad guy and how they have to attack the organizations and the shifts and the cat and mouse game every the data breach report we use. there's statistical changes of thebad guys are going after data they want based upon those arrests. that's an important part. statistically there are things that are occurring year over year as far as ecurity information and the weaknesses and the vulnerabilities that exist, the ad guy has to find different ways. we see the changes year-over-year in the statistics. >> to get back to the economic angle.

market etition and the is a little more extensive? >> a removal and return on their investment like other businesses. when they find that vulnerability, they can leverage hat across a spectrum or software. >> on to the next thing. >> just to jump in, embarrassing story. when i first talked -- i tried cybercrimee case that isn't a law enforcement issue. which i gave an interpol over ence, it didn't go very well. nd actually got good education shortly there after. but i think there are some things that we can look at. as things evolve, we're seeing a change in the data seeing, the curve of the loss. for payment card fraud, people getting a lot more notifications because there are a lot more cards out there. talk to the card processors, a lot of them are test case, right?

is 're trying to find out this a good card? that triggers an alerpt. nce you get a phone call, you're going say yes when javelin calls you, slight we need to understand the data and types.ferent similarly, when we're talking banks he organizations, interested in understanding the value of their own internal credentials. they're ebsites, brands. but wasn't until recently that banks were going after a huge network of websites trying individuals to act as patsies. theftz are the -- these are runners we talk about. this affects our business. we need to go after this. to draw rtant distinction between how you raise a cost in the payment card versus the broader more complicated frauds that require the sophistication you talked about. so this question is for zach.

july, the u.s. attorney's office in new jersey announced the biggest conspiracy bust in u.s. history. involving the theft of more than 160 million credit card numbers you guys istically, must have been the victim of that. and hundreds of millions of losses.in was this a big difference in the scale that they were doing it, ofiously, the scale in terms the techniques that they're ones?compared to other the short answer is yes. perception out a there that every other eastern teenager in a sweatshirt is able to, you know, out of the cloud and americans tear rise and wells tern europeans. case.not the

f you want to engage in this high-level long-term activity, extremely difficult you need a tremendous amount of skills and even more you need a group of eople who have a division of labor. so what separated, we think -- separated this crew out from, you know, your run of the things.up are a few the biggest thing was patience. guys were willing to wait or six months or a year after infill straiting to hang out, systems.ly, in the and not ex-fill trait any data. so that the systems would not brand new code and then exfiltration and see what's the change?

to took place just now allow the exfiltration. desperate for cash and only looking for a quick it, you're not going to take that time. the first difference between these guys and almost everybody else is they were willing to and be patient. second, they had this -- this -- division of labor where skilled in ple were the initial hack. skilled e were people at exfiltration. hen finally skilled at montization. most groups, most gangs, don't kind of really specific division of labor. the other thing that really should be pointed out is that the case that we announced in really a continuation case. albert gonzalez the albert gonzalez case is a number of reasons and

andy actually worked on it. high school, i think -- no. but -- but it was -- it was an mazing case that resulted in the longest sentence in cyberhistory, albert gonzalez is 20 years right now. for one- he was amazing albert gonzalez was caught initially. he flipped. cooperating at a high level. at the same time he was cooperating at a high level on hacking at , he was extremely high level on the other hand, simultaneously. and he's quite a character. it was caught again. arrest really case, on this heartland which -- which is the -- it was results as of

july of this year. and i think andy can probably exactly howtails on the case went down. next question, we have had this from home. credit card, you get a nice letter notifying there's been a data breach and your credit eck record, inform your bank, change your pass words. any of the steps we did in the they do anything? we didn't check credit reports. the finances seemed normal. on, seemed like nothing happened. advice constructive? >> i think the answer is yes. do helps.hat you and i think there are real world

right?ies that work, so, you know, thiefs are looking for soft targets, right? they're looking for soft targets on the subway. they're looking for soft targets they're burglarizing houses and looking for soft targets and hey're engaging in identity theft and data breaches. if you change your pass words on a regular basis, if you use longer pass words, two-step awe occasion, anything of those things are going to put you ahead of 99.9% of the population. nothing is going to stop the most sophisticated person, perhaps, from obtaining your data. you get to the next step montization for and your data, your information is a little more difficult to would they spend the time if you're just a regular erson, to obtain it as opposed to going down the line and finding the person whose pass 1-2-3-4, which is not a

good idea. all those things work. longer pass words, changing pass words. cybernew jersey, he had a cheap idea that would be extremely, i think, extremely useful and extremely effective. he said, you know, anybody can a lap these days and buy top or a desk top for $300. or desk top for $300. you set it up in your house. that you do on that computer is your on-line banking, right? that's the only thing. you don't check "the new york times," g mail, anything, except for your on-line banking. turn the computer off when you're not using it. hat would make your bank information a lot more security. advice ission of that get a