FC: Aschroft warns of online anonymity, tells firms to report attacks

From: Declan McCullagh (declanat_private)
Date: Wed May 23 2001 - 07:49:32 PDT

  • Next message: Declan McCullagh: "FC: Harvard plans to hold Internet law program from July 2-6"

    [This is very similar to what Janet Reno used to say. About the only
    thing missing is a complaint about encryption
    (http://www.politechbot.com/p-00517.html). --Declan]
    
    
    http://www.usdoj.gov/criminal/cybercrime/AGCPPSI.htm
                                          
                     REMARKS OF ATTORNEY GENERAL JOHN ASHCROFT
                                          
             FIRST ANNUAL COMPUTER PRIVACY, POLICY & SECURITY INSTITUTE
         
                                    May 22, 2001
         _________________________________________________________________
                                          
       Good afternoon. It is a pleasure for me to speak with you, and I am
       grateful to Senator Conrad Burns and to Rocky Mountain College for
       their kind invitation.
       The concerns that bring you to this Institute - computer security and
       threats to information assets - are of central importance to us all. A
       few years ago, these conferences were quite rare. "Worms" and
       "viruses" were described in biology textbooks, not police reports.
       Today terms like these bring to mind crashed networks, massive
       disruptions in communications and infrastructure systems, and billions
       of dollars in damages.
       Like revolutionary technologies before it, the Internet carries
       enormous potential both for advancement and for abuse.
       Attacks on networks, frauds, software piracy, corporate espionage, and
       trafficking in child pornography are just some of the crimes
       facilitated by the Internet. The Department of Justice is committed to
       fighting these crimes, and I am here to ask for your partnership.
       Without your leadership, without your help, and without our collective
       efforts, the Department's mission - to make our country a safer and
       more secure place for all Americans - can not be fulfilled.
       Although there are no exact figures on the costs of cybercrime in
       America, estimates run into the billions of dollars each year. And
       unlike more traditional crimes, cybercrime is especially difficult to
       investigate.
       First, the Internet can provide anonymity. On the Internet, it is easy
       for a criminal to create a fictitious identity to perpetrate frauds,
       extortions, and other crimes. Since many computer crimes - such as
       trading pirated software or child pornography - can be committed
       entirely on-line, this anonymity can significantly complicate an
       investigation.
       Second, compounding these difficulties is the Internet's borderless
       nature. A criminal anywhere in the world armed with nothing more than
       a personal computer connected to a modem can victimize individuals and
       businesses worldwide.
       Third, the tremendous power of today's computers makes it possible for
       a single cybercriminal to do a staggering amount of damage - damage
       far beyond what a single person could typically do in the traditional
       criminal world. For example, a sophisticated cybercriminal can release
       a virus or launch a denial of service attack affecting hundreds of
       thousands of computer users or critical infrastructures like power
       grids.
       But we are not just faced with technical challenges. Even if we could
       master all the technology, the human dimension of cybercrime presents
       its own unique challenges. Sadly, there is a common misperception
       among many - especially many young people - that crimes committed
       on-line are not as serious as more traditional crimes.
       The Department of Justice is doing everything it can to address these
       challenges.
       First, we have dramatically increased our training of prosecutors and
       agents in this area. The Department has a specific section of the
       criminal division - the Computer Crime and Intellectual Property
       Section - devoted to combating cybercrime.
       
         In addition, the FBI has created Computer Crime Squads in 16
         metropolitan areas around the country specifically to investigate
         cybercrime.
         In Washington, the FBI's National Infrastructure Protection center
         acts as a clearinghouse for information and expertise relating to
         cybercrime. And each federal judicial district - including the
         District of Montana - has at least one Assistant United States
         Attorney, a Computer and Telecommunications Crime Coordinator, who
         has received special training in how to investigate and prosecute
         cybercrime.
         Second, we have worked with our partners in foreign law enforcement
         to address the internationalization of cybercrime. Partnerships
         such as the Group of Eight industrial nations and the Council of
         Europe have provided us with the means for discussing and
         developing better ways to investigate cybercrime which crosses
         borders.
         Third, through the FBI, we have sponsored the InfraGard program, a
         unique partnership between the Department of Justice, businesses,
         academic institutions, and state and local law enforcement
         agencies, dedicated to increasing the security of the United
         States' critical infrastructures.
         
         Fourth, the Department of Justice also reaches out to young people
         through programs like the Cybercitizen Partnership, our partnership
         with the Information Technology Assocation of America Foundation to
         teach young people the right ways to use the Internet.
         Last and perhaps most directly, we are putting cybercriminals in
         jail. The arrest and guilty plea of both the author of the Melissa
         virus in the United States and "MafiaBoy" in Canada demonstrate our
         ability to solve cybercrime - even when it occurs on a massive
         scale or comes from outside our borders.
         No matter how hard we work in the Department of Justice, we cannot
         solve this problem alone. For all our success in prosecuting the
         cybercrime we know about, we know that much more goes totally
         unreported. And this is where we need your help.
         Our experience tells us that when a bank is robbed, bank officials
         call the police. But when valuable commercial information is stolen
         from computers, only rarely do the victims report this to law
         enforcement. Why? It could be for a number of reasons. We know from
         speaking with business managers that they are often embarrassed.
         Their computers - which they thought were secure - were not so
         secure after all. They fear customer mistrust and competitive
         disadvantage. And they are afraid that an investigation will
         disrupt their business.
         We know that a company that does not report cybercrime to law
         enforcement may find itself in a far worse position than it ever
         imagined. A company that does not report crime leaves the criminal
         free to strike again. If a computer hacker has broken into your
         network and has stolen credit card numbers from your databases or
         has stolen valuable intellectual property, he may also have created
         a new backdoor to your network to use if you bar his original path.
         Not reporting the cyber crime also creates incentives for repeat
         attacks against you. Cybercriminals talk to each other and when you
         don't report, you are viewed by this community as an easy victim. I
         would urge you to recognize that when you report incidents of
         cybercrime, you are not just doing the right thing for the
         community - you are also doing something clearly in your own
         interest.
         
         Our experience with good corporate citizens that do report crime
         has been excellent. As a result of cooperation with industry, we
         recently arrested suspects in extortion and computer intrusions
         directed against Michael Bloomberg and his company by individuals
         in Kazakhstan; damage to GTE's computers caused by a disgruntled
         employee; and a shill bidding art fraud run on e-Bay. In large
         measure, these success stories depended on the timely reporting of
         the events by the victims.
         As we work to make the remarkable technology of the Internet a
         positive force for all Americans, and as we enter a new era in law
         enforcement, the future success stories belong to you. I urge you
         to be leaders in this field, and I look forward to working with
         you.
         Thank you.
    
    ###
    
    
    
    -------------------------------------------------------------------------
    POLITECH -- Declan McCullagh's politics and technology mailing list
    You may redistribute this message freely if it remains intact.
    To subscribe, visit http://www.politechbot.com/info/subscribe.html
    This message is archived at http://www.politechbot.com/
    -------------------------------------------------------------------------
    



    This archive was generated by hypermail 2b30 : Wed May 23 2001 - 08:02:24 PDT