Modern	
  Cyber	
  Threats	
  and	
  How	
  To	
  
           Combat	
  Them

     An	
  ISACA	
  Panel	
  moderated	
  by...
Topics	
  to	
  be	
  covered	
  by	
  this	
  panel

1.	
  IdenIfy	
  What	
  Threats	
  are	
  Out	
  There	
  in	
  the...
Current	
  Threats

•   Web	
  2.0	
  and	
  client-­‐side	
  a[acks
•   Targeted	
  messaging	
  a[acks
•   Botnets
•   R...
Web	
  2.0	
  and	
  client-­‐side	
  a[acks

• Social	
  network	
  a[acks	
  –	
  Twi[er,	
  MySpace,	
  
  Facebook,	
 ...
Examples
• Mikeyy	
  worm	
  –	
  Twi[er	
  –	
  Apr	
  09
• Koobface	
  worm	
  –	
  Facebook	
  –	
  Sept	
  09
• Securi...
Koobface	
  Worm
•   Koobface,	
  an	
  anagram	
  of	
  Facebook,	
  is	
  a	
  computer	
  worm	
  that	
  targets	
  th...
Spear	
  Phishing
• TargeIng	
  of	
  specific	
  person	
  or	
  people
   – Uses	
  fake	
  email	
  from	
  known	
  per...
Spear	
  Phishing	
  




                        8
Top	
  10	
  BotNets
•   1.	
  Rustock	
  (genera4ng	
  43%	
  of	
  all	
  spam)
      –    The	
  current	
  king	
  of	...
 More	
  Top	
  10	
  BotNets
•   6.	
  Lethic	
  (4.5%)
      –    The	
  malware	
  acts	
  as	
  a	
  proxy	
  by	
  re...
Rootkits
• Usually	
  pinpoint	
  focus	
  for	
  target
• Hardcore	
  tech-­‐driven	
  a[ack
• Either	
  ideology,	
  emb...
Examples
•   TDSS
•   Gromozon
•   Mebroot
•   Fu	
  and	
  FuTo
•   Agony
•   AFX
•   MBR	
  rootkits
Logic	
  Bombs
•   Disgruntled	
  employee	
  syndrome
•   Usually	
  discovered	
  a^er	
  employee	
  leaves
•   Very	
 ...
ID	
  The^	
  methods	
  
•   Dumpster	
  Diving
•   Online	
  “phishing”	
  –	
  11%	
  only
•   Stealing	
  Wallets/Pock...
DDOS	
  &	
  Other	
  A[acks
• The	
  long	
  standing	
  DDOS	
  a[ack	
  sIll	
  works
• Targeted	
  a[acks	
  going	
  ...
CombaIng	
  the	
  Threats
• User	
  awareness	
  and	
  training
• Incident	
  Response	
  capability
• In-­‐bound	
  &	
...
Countermeasures
• Web	
  2.0	
  a[acks	
  detected	
  via	
  behavior	
  based	
  
  protecIon	
  methods	
  (IDS/IPS	
  l...
Threat	
  Analysis
• ExaminaIon	
  for	
  detailed	
  evaluaIon
   – Significance
   – Type	
  of	
  Malware	
  
   – Proba...
Incident	
  Response	
  Stages	
  


1. PreparaIon          4.	
   EradicaIon
2. IdenIficaIon         5.	
   Recovery
3. Co...
Types	
  of	
  Incident	
  Response	
  Tools	
  
                                     Needed
•   File	
  System	
  NavigaI...
Response	
  Tools	
  Available

• MulIple	
  types                        1.    Tools	
  Used
                            ...
Understanding	
  the	
  Risk
          The	
  Market	
  Value	
  of	
  SensiIve	
  Data


            980€-4.900€         ...
Malware:	
  what	
  is	
  it	
  really?
•   Malware is software designed to infiltrate or damage a computer
    system wit...
A bigger problem than we think

• Malware is now economically motivated and backed by
organized crime and foreign interest...
What	
  is	
  spyware?
• Spyware is software installed on a computer that gathers information without
  the user's knowled...
How	
  spyware	
  infiltrates
• People	
  don’t	
  purposefully	
  and	
  knowingly	
  install	
  spyware
     – Can	
  be	...
Spyware	
  threats	
  organizaIons
• Wastes	
  compuIng	
  resources
     – Sends	
  back	
  informaIon	
  periodically,	
...
How	
  botnets	
  are	
  used	
  to	
  commit	
  
                                       financial	
  fraud
•	
  A	
  bot	
...
And	
  they	
  are	
  using	
  new	
  
                                    methods
• 	
  Botnets	
  are	
  beginning	
  to...
The	
  problem	
  of	
  keylogging

• Keyloggers	
  are	
  programs	
  that	
  run	
  in	
  the	
  background	
  
  record...
Commercial	
  Keylogger
    Example




                          31
Commercial	
  Keylogger
    Example




                          32
Commercial	
  Keylogger
    Example




                          33
SophisIcated	
  Social	
  
                                    Engineering
• Common	
  social	
  engineering	
  techniques...
No real bank would do this!




                        35
InfecIon	
  strategies	
  used	
  by	
  
                              hackers
• Common	
  infecIon	
  strategies	
  used	...
Overview	
  of	
  Targeted	
  A[acks
•   CharacterisIcs	
  of	
  Targeted	
  A[acks:
    –   Involve	
  “Highly	
  CriIcal...
InformaIon?	
  Ready	
  available!	
  
•   IT	
  departments	
  know	
  about	
  sites...but	
  so	
  do	
  all	
  the	
  ...
…step-­‐by-­‐step	
  guides	
  available!	
  
• You	
  no	
  longer	
  need	
  to	
  go	
  underground	
  or	
  to	
  univ...
40
Do it yourself! Incredible!




                        41
Example	
  -­‐	
  Denial	
  of	
  Service

• You visit a web site and
  click on a link


• A few seconds later,
  many ap...
Example
                          RedirecIon	
  of	
  sites

• You connect to online
  banking to see your
  accounts

• A...
Example
                    Sending	
  files	
  in	
  background

• A postcard is received by
  email


• An applet execute...
Example
                  Harm	
  exectutables
• There is type of
 attack that seems to
 be from known
 companies who
 inv...
Example	
  -­‐	
  Phising	
  and	
  scam
•      Pakistan	
  Earthquake	
  –	
  We	
  found	
  the	
  URL	
  h[p://
       ...
Strategy: Protect every vector


                           Antivirus/
                       Antispyware                 ...
Strategy: Consider other
                approaches

                                     Internet
• Effectiveness vs. Eff...
THANK	
  YOU
Modern	
  Cyber	
  Threats	
  and	
  How	
  To	
  
           Combat	
  Them

   An	
  ISACA	
  Panel	
  mode...
Upcoming SlideShare
Loading in...5
×

Modern cyber threats_and_how_to_combat_them_panel

1,492

Published on

I was honored to share a panel with some colleagues at ISRM Conference in Las Vegas (September 2010). I prepared this quick presentation as a guide that I guess might be of some help for others

Published in: Technology
0 Comments
3 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
1,492
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
0
Comments
0
Likes
3
Embeds 0
No embeds

No notes for slide

Modern cyber threats_and_how_to_combat_them_panel

  1. 1. Modern  Cyber  Threats  and  How  To   Combat  Them An  ISACA  Panel  moderated  by  Todd  Fitzgerald Panelists: Jack  Callaghan R.  Kinney  Wiliams Ramsés  Gallego
  2. 2. Topics  to  be  covered  by  this  panel 1.  IdenIfy  What  Threats  are  Out  There  in  the   “Wild” 2.  Summarize  the  Key  Steps  to  an  Incident   IdenIficaIon 3.  UIlize  the  Tools,  Techniques,  and  TacIcs  to   Combat  Threats 4.  Determine  What  is  Really  Vulnerable  in  Their   Network
  3. 3. Current  Threats • Web  2.0  and  client-­‐side  a[acks • Targeted  messaging  a[acks • Botnets • Rootkits • Logic  Bombs • Data  The^ • IdenIty  The^
  4. 4. Web  2.0  and  client-­‐side  a[acks • Social  network  a[acks  –  Twi[er,  MySpace,   Facebook,  LinkedIn,  etc. • Mashup  Technology • Dynamic  Altering  Exploits  on  sites • Embedded  Malware  on  LegiImate  Sites • 50K  new  malware  per  week  –  MulIple  vendors
  5. 5. Examples • Mikeyy  worm  –  Twi[er  –  Apr  09 • Koobface  worm  –  Facebook  –  Sept  09 • Security  researchers  -­‐  >60K  pieces  of  malware   on  Twi[er  in  2009 • Phishing  episodes  through  Facebook  accounts   –  May  09 • MulIple  legiImate  sites  with  malware
  6. 6. Koobface  Worm • Koobface,  an  anagram  of  Facebook,  is  a  computer  worm  that  targets  the  Microso^   Windows  users  of  the  social  networking  websites  Facebook,  MySpace,  hi5,  Bebo,   Friendster  and  Twi[er.  Koobface  ulImately  a[empts,  upon  successful  infecIon,  to   gather  sensiIve  informaIon  from  the  vicIms  such  as  credit  card  numbers.  It  was   first  detected  in  December  2008  and  a  more  potent  version  appeared  in  March   2009. • Koobface  spreads  by  delivering  Facebook  messages  to  people  who  are  'friends'  of  a   Facebook  user  whose  computer  has  already  been  infected.  Upon  receipt,  the   message  directs  the  recipients  to  a  third-­‐party  website,  where  they  are  prompted  to   download  what  is  purported  to  be  an  update  of  the  Adobe  Flash  player.  If  they   download  and  execute  the  file,  Koobface  is  able  to  infect  their  system.  It  can  then   commandeer  the  computer's  search  engine  use  and  direct  it  to  contaminated   websites.  There  can  also  be  links  to  the  third-­‐party  website  on  the  Facebook  wall  of   the  friend  the  message  came  from  someImes  having  comments  like  LOL  or   YOUTUBE.  If  the  link  is  opened  the  trojan  virus  will  infect  the  computer  and  the  PC   will  become  a  Zombie  or  Host  Computer. 6
  7. 7. Spear  Phishing • TargeIng  of  specific  person  or  people – Uses  fake  email  from  known  person • Family  Member • Business  Associate – Almost  always  contains  key-­‐logger  Trojan – Used  to  retrieve   • Corporate  Data • Financial  Data • Personal  Data 7
  8. 8. Spear  Phishing   8
  9. 9. Top  10  BotNets • 1.  Rustock  (genera4ng  43%  of  all  spam) – The  current  king  of  spam,  its  malware  employs  a  kernel-­‐mode  rootkit,  inserts  random  text  into  spam   and  is  capable  of  TLS  encrypIon.  Concentrates  solely  on  pharmaceuIcal  spam.   • 2.  Mega-­‐D  (10.2%) – A  long-­‐running  botnet  that  has  had  its  ups  and  downs,  owing  to  the  a[enIon  it  a[racts  from   researchers.  Concentrates  mostly  on  pharmaceuIcal  spam.   • 3.  Fes4  (8%) – A  newer  spambot  that  employs  a  kernel  mode  rootkit  and  is  o^en  installed  alongside  Pushdo  on  the   same  host. • 4.  Pushdo  (6.3%) – A  mulI-­‐faceted  botnet  or  botnets,  with  many  different  types  of  campaigns.  A  major  distributor  of  malware   downloaders  and  blended  threat  e-­‐mails,  but  also  sends  pharma,  replica,  diploma  and  other  types  of  spam.   • 5.  Grum  (6.3%) – Also  employs  a  kernel-­‐level  rootkit.  A  wide  range  of  spamming  templates  changes  o^en,  served  up  by  mulIple  Web   servers.  Mostly  pharma  spam.   9
  10. 10.  More  Top  10  BotNets • 6.  Lethic  (4.5%) – The  malware  acts  as  a  proxy  by  relaying  SMTP  from  a  remote  server  to  its  desInaIon.  Mostly  pharma  and   replica  spam. • 7.  Bobax  (4.3%) – Another  long-­‐running  botnet  that  employs  sophisIcated  methods  to  locate  its  command  servers.  Mostly   pharma  spam. • 8.  Bagle  (3.5%) – The  name  derives  from  an  earlier  mass-­‐mailing  worm.  Nowadays,  Bagle  variants  act  as  proxies  for  data,  and   especially  spam. • 9.  Maazben  (2.0%) – By  default,  uses  a  proxy-­‐based  spam  engine.  However,  it  may  also  use  a  template-­‐based  spam  engine  if  the  bot   runs  behind  a  network  router.  Focuses  on  Casino  spam.   • 10.  Donbot  (1.3%) – Donbot  is  named  a^er  the  string  "don"  found  in  the  malware  body.  Mainly  pharma  spam. 10
  11. 11. Rootkits • Usually  pinpoint  focus  for  target • Hardcore  tech-­‐driven  a[ack • Either  ideology,  embezzlement,  or    “genng   back  at”  revenge  driven • Hard  to  isolate • Harder  to  remove/clean  up • DefiniIon  from  Gary  Hoagland's  book:   – "A  rootkit  is  a  set  of  programs  and  code  that  allows   a  permanent  and  undetectable  presence  on  a   computer."  
  12. 12. Examples • TDSS • Gromozon • Mebroot • Fu  and  FuTo • Agony • AFX • MBR  rootkits
  13. 13. Logic  Bombs • Disgruntled  employee  syndrome • Usually  discovered  a^er  employee  leaves • Very  destrucIve • Hard  to  detect  before  first  “bomb”  is  triggered
  14. 14. ID  The^  methods   • Dumpster  Diving • Online  “phishing”  –  11%  only • Stealing  Wallets/Pocketbooks • Home  Stealing • Mailbox  Raiding • Address  Fraud • PretexIng • Shoulder  Surfing • “Vishing  and  Smishing” • Skimming • Data  Breach 14
  15. 15. DDOS  &  Other  A[acks • The  long  standing  DDOS  a[ack  sIll  works • Targeted  a[acks  going  for  detailed  data   retrieval  and  now  occurring  more  frequently • SomeImes  a[acks  are  open  and  intenIonal   – Google  issue  with  Pakistan  from  several  years  ago
  16. 16. CombaIng  the  Threats • User  awareness  and  training • Incident  Response  capability • In-­‐bound  &  out-­‐bound  filters  at  gateways
  17. 17. Countermeasures • Web  2.0  a[acks  detected  via  behavior  based   protecIon  methods  (IDS/IPS  like) • Develop  and  implement  IDS  and  IPS  devices  to   understand  scripIng    -­‐  similar  to  browsers • UIlize  filter  feedbacks  to  improve  filtering • Develop  user  “distrust  by  default”  on  all   incoming  data  (both  Internet  and  e-­‐mail  based)   unIl  protecIon  methods  improve
  18. 18. Threat  Analysis • ExaminaIon  for  detailed  evaluaIon – Significance – Type  of  Malware   – ProbaIve  Value – Meets  criteria  for  inclusion • InterpretaIon  is  carried  out  separately
  19. 19. Incident  Response  Stages   1. PreparaIon 4.   EradicaIon 2. IdenIficaIon 5.   Recovery 3. Containment 6.   Follow-­‐Up
  20. 20. Types  of  Incident  Response  Tools   Needed • File  System  NavigaIon  tool • Hashing  tool • Binary  Search  tool • Imaging  tool – Bit  Copy – File  System • Deep  Retrieval  tool – Bit  Level – File  System • File  Chain  NavigaIon  tool • Network  Log  File  Analysis  tool
  21. 21. Response  Tools  Available • MulIple  types 1. Tools  Used 2. Log  Parser – OperaIng  System  based   3. ProDiscover • Windows  –  Microso^ 4. TCPView • UNIX  –  mulIple  types 5. Microso^  tools  –  if  Windows • Macintosh 6. TCPDump     7. Sysinternals.com  tools  –  if  Windows – Environmental  Based 8. Foundstone.com  tools – Network  Based 9. File  control  uIliIes  –  DD,  etc. 10. Wireshark  (packet  sniffer) – Management  Based 11. Nmap  (security)  Open  Source   Network  Scanner 21
  22. 22. Understanding  the  Risk The  Market  Value  of  SensiIve  Data 980€-4.900€ 147€ Trojan to steal account information Birth certificate 490€ 98€ Credit Card Number Social Security card with PIN 78-294€ 6€-24€ Billing data Credit card number 6€ 147€ PayPal account Driver's license logon and password 22
  23. 23. Malware:  what  is  it  really? • Malware is software designed to infiltrate or damage a computer system without the owner's informed consent. The expression is a general term used by computer professionals to mean a variety of forms of hostile, intrusive, or annoying software or program code • Software is considered malware based on the perceived intent of the creator rather than any particular features. Malware includes computer viruses, worms, trojan horses, most rootkits, spyware, dishonest adware, crimeware and other malicious and unwanted software 23
  24. 24. A bigger problem than we think • Malware is now economically motivated and backed by organized crime and foreign interest • The development of highly critical malware such as targeted attacks is also on the rise • The level of sophistication behind malware makes it extremely difficult for traditional solutions to detect and remove • There are many bot networks to de-fraud business models and consumers through sophisticated social engineering 24
  25. 25. What  is  spyware? • Spyware is software installed on a computer that gathers information without the user's knowledge and relays that information to advertisers or other 3rd parties • Several subcategories of spyware: – Adware • Advertising-supported software that displays pop-up advertisements whenever the program is running. Often collect personal information and web surfing habits – System monitors • Programs that capture everything you do on your computer, from keystrokes, emails and chat room dialogue, to which sites you visit and which programs you run – Trojan horses • Malicious programs that appear harmless but steal or destroy data or provide unauthorised external access 25
  26. 26. How  spyware  infiltrates • People  don’t  purposefully  and  knowingly  install  spyware – Can  be  included  with  applicaIons  you  want  to  install,  such  as  peer-­‐to-­‐peer   clients  or  desktop  uIliIes – Some  silently  load  when  you  visit  a  seemingly-­‐innocent  Web  page  (‘The   Ghost  in  the  browser’) • Installed  silently  in  the  background  –  most  users  never  know   their  computers  are  infected
  27. 27. Spyware  threats  organizaIons • Wastes  compuIng  resources – Sends  back  informaIon  periodically,  o^en  daily – Consumes  an  organisaIon’s  bandwidth • Exposes  proprietary  informaIon – It  could  send  files  to  a  compeItor’s  server   – It  could  monitor  e-­‐mail  and  send  out  the  contents • Poses  serious  security  risks – It  could  send  emails  on  behalf  of  the  user – It  could  provide  a  spy  or  hacker  with  a  backdoor  into  the  systems – It  could  change  documents  and  specificaIons  on  systems  to  damage  research  or   other  projects • May  introduce  compliance  risks 27
  28. 28. How  botnets  are  used  to  commit   financial  fraud •  A  bot  network  consists  of  a  “controller”  and  compromised  zombie  PCs.  There  have   been  cases  of  bot  networks  containing  up  to  1.5  Million  zombie  PCs  like  in  the  Dutch   botnet  case •  The  bots  that  infect  systems  can  perform  several  acIons  such  as  relay  spam,  launch   malware  and  perform  ID  the^ •  Some  of  the  common  methods  for  bot  infecIon  is  through  websites  that  contain   exploits  and  vulnerabiliIes  that  acIvely  transmit  malware  to  the  PC  visiIng  the  site.   •  Components  can  also  be  downloaded  such  as  AcIveX  controls,  etc  that  will  then   deal  with  the  rest  of  the  infecIon  process •  Social  engineering  techniques  also  exist  to  infect  systems  through  spam,  phishing   and  other  content.  Once  a  PC  has  become  infected  it  can  receive  remote  commands   from  the  “bot  master”  remotely 28
  29. 29. And  they  are  using  new   methods •  Botnets  are  beginning  to  use  P2P  networks  to  gain   control  of  more  computers •  Researchers  were  previously  able  to  shut  down  a   botnet  by  targeIng  its  Command  &  Control  center   (and  IRC  channel  or  website).  Hackers  are  now  using   P2P  networks  to  connect  bots  in  a  more  “horizontal,”   peer  manner,  which  makes  shunng  down  the  botnets   much  more  difficult 29
  30. 30. The  problem  of  keylogging • Keyloggers  are  programs  that  run  in  the  background   recording  all  keystrokes  and  which  may  also  send  those   keystrokes  (potenIally  including  passwords  or   confidenIal  informaIon)  to  an  external  party • 2  types  of  Keylogger  programs: – Commercial   – Viral  (included  as  part  of  blended  threat  with  Worm,  Trojan  Horse,  BOT,  etc.. 30
  31. 31. Commercial  Keylogger Example 31
  32. 32. Commercial  Keylogger Example 32
  33. 33. Commercial  Keylogger Example 33
  34. 34. SophisIcated  Social   Engineering • Common  social  engineering  techniques: – Spear-­‐Phishing  and  other  highly  targeted  scams – Spam  with  exploits – Phishing  emails  that  direct  users  to  web-­‐sites  with  hidden  Trojans – Malware  through  IM  channels 34
  35. 35. No real bank would do this! 35
  36. 36. InfecIon  strategies  used  by   hackers • Common  infecIon  strategies  used  by  hackers – A  web  site  is  physically  hacked  and  seeded  with   Trojans  (i.e.  Superbowl  website  case) – Phishing  emails  with  exploits – Malware  through  IM  channels – Malware  a[ached  to  freeware  and  shareware – Malware  in  the  form  of  video  codecs – InfecIon  through  botnets 36
  37. 37. Overview  of  Targeted  A[acks • CharacterisIcs  of  Targeted  A[acks: – Involve  “Highly  CriIcal”  malware  tailored  towards  a[acking  a  specific  target   (i.e.  Bank  Of  America) – Such  malware  target  a  specific  set  of  confidenIal  informaIon  to  capture  and   send  to  a  3rd  party – Targeted  a[acks  always  involve  a  hacker  hired  to  design  malware  to  bypass   specific  defenses – A[acks  are  very  localized;  therefore,  distribuIon  is  limited.  In  most  cases  AV   labs  do  not  receive  a  sample  which  results  in  no  signature  file – Current  security  soluIons  will  not  detect  the  malware  because  the  hacker   has  prepared  against  commonly  used  AV  programs – Hackers  are  using  sophisIcated  stealth  techniques  such  as  rootkits  to  hide   the  presence  of  malware 37
  38. 38. InformaIon?  Ready  available!   • IT  departments  know  about  sites...but  so  do  all  the  other  departments! – QuesIon  is…do  we  know  who,  when,  where  and  how? – More  importantly…do  we  have  the  means  to  stop  it? • InformaIon  is  easy  to  find!  (131,000,000  results  returned  on  Google  when   the  search  term  ‘How  To  Hack’  is  used) • Hacking  tools  can  be  easy  to  use – Some  don’t  require  any  programming  skills  at  all!  (Keyloggers  can  come   with  nice  user  interfaces,  such  as  ‘ The  Perfect  Keylogger’)  with  a  ‘Next’,   ‘Next’,  ‘Next’  install! 38
  39. 39. …step-­‐by-­‐step  guides  available!   • You  no  longer  need  to  go  underground  or  to  university  to   learn  how  to  become  a  successful  hacker! 39
  40. 40. 40
  41. 41. Do it yourself! Incredible! 41
  42. 42. Example  -­‐  Denial  of  Service • You visit a web site and click on a link • A few seconds later, many applications start to run in the computer • You can only close the program to prevent the attack. The machine does not work 42
  43. 43. Example RedirecIon  of  sites • You connect to online banking to see your accounts • A hostile applet sends an identical page • You introduce your credentials while a hacker is receiving them or they are being sent to an Internet directory 43
  44. 44. Example Sending  files  in  background • A postcard is received by email • An applet executes an animation • That applet is copying the last Word document and is sending it in the background to the Internet 44
  45. 45. Example Harm  exectutables • There is type of attack that seems to be from known companies who invite to install the last security patch or Service Pack • The executable file is a Trojan or malicious code that puts our environment at risk 45
  46. 46. Example  -­‐  Phising  and  scam • Pakistan  Earthquake  –  We  found  the  URL  h[p:// pakistanhelp.com   • We  analyzed  it  and  we  saw  that  there  were  signs  of   phising • In this case, the ‘help’ options include the download of an Excel file to be sent by fax • A real and legal organization would never do this…. 46
  47. 47. Strategy: Protect every vector Antivirus/ Antispyware Data Leak Prevention Secure Content Manager Firewall VPN 47
  48. 48. Strategy: Consider other approaches Internet • Effectiveness vs. Efficiency • SaaS approach • UTM devices • More than one solution will leverage your security • Education, education, education • Centralised management 48
  49. 49. THANK  YOU Modern  Cyber  Threats  and  How  To   Combat  Them An  ISACA  Panel  moderated  by  Todd  Fitzgerald Panelists: Jack  Callaghan R.  Kinney  Wiliams Ramsés  Gallego

×