[ISN] The FBI's cybercrime battle

From: InfoSec News (isnat_private)
Date: Thu Jun 20 2002 - 02:58:55 PDT

  • Next message: InfoSec News: "[ISN] Security UPDATE, June 19, 2002"

    By Margaret Kane 
    Staff Writer, CNET News.com
    June 19, 2002, 10:10 AM PT
    The FBI was able to nail John Dillinger, but how well would it stack
    up against uber-hacker Kevin Mitnick?
    Probably not well. Sharply criticized for its lack of technical
    know-how, the FBI has taken a pounding after recent reports disclosed
    that glitches in the agency's Carnivore online surveillance technology
    may have hindered investigations into terrorism threats.
    Agents have increasingly complained that the Bureau's outdated
    technology has hampered their ability to analyze other threats. But
    with the nation's law enforcement agencies turning their attention to
    the so-called war on terrorism, the FBI is getting an upgrade.
    A recent reorganization placed fighting cybercrime at the top of the
    Bureau's priorities. The job of meeting that challenge falls to
    Assistant Director Larry Mefford, who heads the Bureau's new Cyber
    Division. Mefford, who previously worked in counterterrorism security
    planning at the Los Angeles, Atlanta and Salt Lake City Olympics,
    served as the Bureau's special agent in charge of the San Francisco
    office, where he oversaw all operations, including terrorism and
    cybercrime programs.
    CNET News.com recently talked with Mefford about his division's role
    in the new FBI structure, cybercrime, and the wider war against
    Q: Let's talk about your new role. What is the Cyber Division's
    mission? What areas is it taking on?
    A: The director (FBI chief Robert Mueller) created the Cyber Division
    in order to consolidate a historically fragmented approach to
    cybercrime. It brings together all of the FBI's responsibilities to
    conduct investigations of criminal activity that occur over the
    Internet or involve computers or networks. It's the full gamut of what
    we refer to as cybercrimes--everything from hacking and
    (denial-of-service attacks) to Internet fraud, theft of identity, and
    theft of intellectual property. What we're really looking at are those
    crimes where computers or networks are either the tools or the targets
    of activity.
    How big is the department?
    A lot depends on homeland security. We're still in the process of
    defining everything, but we're looking at a figure of hundreds at the
    start-up stage. We'll grow from there.
    How will it be managed?
    Most of these criminal investigations will be operated out of field
    offices around the country. Major intrusion cases are likely to be
    managed directly from headquarters. That's a big change for us.  
    Historically, field offices have run cases. This is similar to the
    concept (being put in place for) terrorism cases. We'll have a similar
    approach on major cyberattacks. If we have another (denial-of-service
    attack), that's likely to be directed from headquarters. But
    intellectual property, fraud, child porn cases will still be managed
    at FBI offices around the country. Our role at the Cyber Division will
    be to provide support and make sure they're successful. We'll be
    helping them connect the dots, as they say now.
    Your division and appointment were announced back in April. Last
    month, the Bureau announced a major overhaul, and cybersecurity was
    listed as the No. 3 priority. How does that affect what you're doing?
    Clearly, being prioritized to that degree affects us significantly.  
    We're in the process of creating this division from scratch.  
    Historically, the responsibilities to address some of the activity
    we're talking about were fragmented among many different management
    units. It was difficult for the community and the private sector to
    interface with us as an organization (because you) had to go to
    various points. Clearly, 9/11 had an impact on our reorganization, and
    one area was an initiative to improve the efficiency of operations.
    We also have a function to provide protection against
    counterintelligence and terrorism threats against the U.S. If there
    were a foreign government attack or a terrorist attack against
    computer networks, the Cyber Division would have a role in
    investigating or supporting other FBI entities that have a primary
    role in (investigating those crimes). We would help the terrorism guys
    and the people doing counterintelligence or espionage.
    And how is that working out in terms of your focus?
    The vast majority of our effort is focused on illegal criminal
    activity. In the past, it was very difficult to find any quantifiable
    data on the extent of the activity. As part of the Cyber Division,
    we've incorporated the FBI's Internet Fraud Complaint Center (part of
    the National White Collar Crime Center), which serves as a conduit to
    solicit complaints regarding Internet crime. It started (looking at)  
    fraud, and we're going to expand to other types of crime. That data
    will be analyzed and distributed to the FBI and to local authorities.
    The focus there has been on Internet fraud and thefts facilitated by
    the Internet. We'll be looking at intellectual property violations,
    economic espionage, theft of trade secrets, and also
    technology-related crimes, such as counterfeiting of software. As we
    gear up operations and gain more expertise in the future, we'll be
    able to do a better job in providing service to the U.S. public.
    How important is industry input, both in preventing crime and solving
    The relationship with the private sector in the technology arena is
    critical for us as an agency. It's very difficult for us--because of
    expenses and other issues--to stay up with the technology. We need to
    link arms and join forces with private industry, so we can use their
    expertise and capability for the benefit of the American public, if we
    Can you talk about your progress in realizing that plan?
    We're in the process of creating cybercrime squads throughout the U.S.  
    in FBI field offices. In this calendar year, we'd like to create 20 of
    these squads and concurrently, form cyber task forces, modeled after
    terrorism task forces, where we join forces with local law enforcement
    agencies, private industry and occasionally academia, to attack
    cybercrime. We're allowed to leverage our capabilities and, at the
    same time, more efficiently spend training money.
    These will be permanent task forces assigned to different regions
    throughout the country to focus on cyber-related criminal activity as
    well as terrorism. If we have evidence of a national security issue,
    these squads that we're trying to form will assist other FBI entities
    in mitigating and preventing those types of attacks. In the area of
    criminal activity, what we hope to do is provide enhanced prosecution
    and work closer with different U.S. attorneys' offices across the
    In the past, many companies have been reluctant to come forward when
    they were hacked. Has that attitude changed? How do you persuade
    people to bring things out in the open?
    We have a system in place. Today, the National Infrastructure
    Protection Center has responsibility inside the FBI for handling all
    the computer-intrusion cases. It's part of the Cyber Division. We've
    created internal safeguards to protect companies. Let's say a company
    comes forward and they have sensitive data they want to share, but
    they don't want to seek prosecution; they can do that. All the
    protocols created at NIPC will stay in the Cyber Division.
    The White House has proposed moving the NIPC to the new Department of
    Homeland Security.
    We're working with the administration to make an orderly transfer of
    the NIPC to the new agency. If Congress creates enabling legislation,
    we will make sure NIPC info is efficiently transferred to the new
    agency, and the FBI will provide people on a detail basis. NIPC
    handles only intrusion cases. As for other cybercrime, the new agency
    will not have any other impact.
    Can you give some examples of how technology helps you fight crime?
    Certainly, analytical tools allow us to conduct the analysis and
    intelligence far better than we have before...In the area of technical
    tools, for example, we're looking at undercover operations the FBI has
    been operating for years wherein individuals preying on children
    (online) can be identified. We're looking at techniques to identify
    them at an early stage.
    How much of a priority is cracking down on criminal copyright
    violations? What areas are the most likely targets--music, movies,
    That's a challenging and complicated issue, but the fundamental fact
    is that intellectual property rights will be a high priority. The U.S.  
    business community needs that information to compete worldwide. If you
    have technology stolen or pirated and a competitor or criminal can
    replicate software, for instance, at very little charge, the American
    public and U.S. companies deserve the protection.
    One of the things we're doing is enhancing our participation with
    customers at the (intellectual property rights) center as a focal
    point to receive complaints regarding those types of violations. We're
    going to look at doing more aggressive undercover operations in the
    area of counterfeiting software. We can improve our capability to
    prosecute criminals. Unfortunately, many are overseas. So one thing
    we'll do is work very closely with certain federal governments and
    develop ongoing relationships with certain foreign police agencies.
    What about software counterfeiting?
    Clearly, illegal counterfeiting of software is a problem.  
    (Organizations that do that are) not only negatively affecting the
    marketplace. Even though the public may get products at a lower price,
    the reliability is suspect, and the warranty is suspect. We think we
    can help protect the public by joining forces with other agencies,
    like Customs, and working to help avoid counterfeiting of software.
    What about piracy of music and movies?
    We need to look at that. There are a lot of challenges based on the
    fact that (technology) is creating completely new concepts in the
    legal field. We're working with the Justice Department at the U.S.  
    attorneys' offices across country.
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Thu Jun 20 2002 - 08:19:24 PDT