News

FBI Teams With International Agencies To Target Cyber Crime

The FBI is working closely with international law enforcement agencies to fight cyber criminals on their own turf, said Shawn Henry, executive assistant director of the FBI's Cyber Response and Services Branch, at the recent Cybersecurity Conference and Exposition in Washington D.C.

Henry said cyber crime is a global issue that tops the lists of many other nations' threats, which is why the bureau is embedding agents in law enforcement organizations around the world. There are currently FBI personnel working in Estonia, Ukraine and the Netherlands, he added.

This overseas cooperation has netted some major victories. One example is Operation Trident Breach, in which the FBI worked with international law enforcement agencies to arrest a gang of hackers targeting international financial transactions. After an investigation conducted with the United Kingdom and the Ukraine, Henry said, more than 90 people were arrested in connection with the hacking scheme.

Another FBI action was Operation Core Flood, where the bureau worked with the private sector to disable a botnet that infected more than 2 million computers worldwide. The FBI was able to gather the address and domain names of the infected computers and rerouted command messages to effectively put the network to sleep, he said.

The FBI worked with the Estonian police to arrest six individuals involved in the Ghost Click scam, which was generating illicit fees from bogus online advertising.

Partnership with industry and the broad private sector is vital to stopping cyber crime, Henry said. For example, the FBI has worked with the financial sector to look for weaknesses in the industry's computer networks. Based on this data, the bureau released a joint document to alert the industry to threats, he said.

But despite the bureau's efforts, there continue to be major challenges in cyberspace. The FBI is redoubling its efforts to educate both industry and the public about cyber crime. "This is a human issue, and human beings are the solution," Henry said. 

Companies must evaluate how they transmit data. Henry said lax security must not be tolerated, adding that many firms have good security policies but do not implement them properly. "If it's not conducted by the leadership of the company, then shame on them," he said.

Firms must also be open with law enforcement when there are illicit intrusions on their networks. Many firms delay when they report an incident out of fear of angering their shareholders. But if companies are timely in their reports, it will put them in better standing with regulators. "Most everyone will be breached at some time or another," he said.

Even if a company is unaware of an intrusion, the FBI will often find out before the company does. This usually happens during the course of an investigation when seized data leads back to companies that had been unknowingly breached. The bureau's first priority in these situations is to alert the victims, he said.

The primary responsibility of the FBI with regard to cybersecurity is to work with private industry to protect commercial networks, Henry said. There are many challenges, including security flaws dating from the birth of the Internet that favor criminals. He challenged industry to develop alternate technology environments with built-in authentication and other defenses because new steps are necessary to counter cyber crime.

"They want our money, property, information, and some even want to physically harm us," he said.

 

About the Author

Henry Kenyon is a staff reporter covering enterprise applications.

Featured

  • OneDrive Users To Get Storage Options, Plus New Personal Vault

    Microsoft announced a few OneDrive enhancements, including storage-option additions, plus a new "Personal Vault" feature for added security assurance.

  • Cloud Services Starting To Overtake On-Prem Database Management Systems

    Database management system (DBMS) growth is happening more on the cloud services side than on the traditional "on-premises" side, according to a report by Gartner Inc.

  • How To Replace an Aging Domain Controller

    If the hardware behind your domain controllers has become outdated, here's a step-by-step guide to performing a hardware refresh.

  • Azure Backup for SQL Server 2008 Available at Preview Stage

    Microsoft added the option of using the Azure Backup service to provide recovery support for SQL Server 2008 and SQL Server 2008 R2 when those workloads are hosted on Azure virtual machines.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.