- Grant D. Ashley
- Executive Assistant Director
- Federal Bureau of Investigation
- Merchant Risk Council
- Las Vegas, Nevada
- March 09, 2005
Good morning. My thanks to the Merchant Risk Council for inviting me to Las Vegas. It’s nice to be here. My congratulations to Dale Miskell for being named “Law Enforcement Officer of the Year.” You picked the right guy, as you already know. Dale is an outstanding Agent, and it’s nice to see his excellent work on cyber crime and re-shipping get recognized.
I am pleased to be here today and to get the chance to share with you the FBI’s perspective in combating crimes committed through the Internet.
Technology has driven business, communications, and the nations’ critical infrastructures to take full advantage of the capabilities of the Internet. Criminal activity has followed, and now scammers and con artists continually seek new and insidious ways of exploiting the Internet and breaking the law.
Existing resources from public and private sectors, which are often applied in a fragmented way, cannot meet the current need and will continue to be outpaced by the evolving threat.
Given the global nature of today’s economy, the need for expert analysis and intelligent, proactive responses to rapidly evolving cyber crimes will continue to grow.
So how do we keep up when today’s environment presents a kaleidoscope of cyber crime issues? To be perfectly honest, it’s not easy. The ever-changing nature of criminal conduct that has moved on-line regularly confronts both law enforcement and the private sector with new and evolving challenges.
From 419 advanced fee scams to on-line Russian mail order brides; from bank fraud to economic espionage; from computer intrusions to international re-shipper schemes. The challenges we both face are the same.
The solution will require a collaborative law enforcement/private sector approach, focusing on the most significant threats, and targeting them with our most effective methods.
Cyber crime is the FBI’s third priority, and it continues to receive our full attention. Our goal is to provide investigators with the resources they need to identify and combat cyber crime, even as it continues to evolve. We also leverage our criminal investigative resources against this threat.
One way we do this is through partnerships. It was actually many decades ago that the FBI recognized the need to strengthen its partnerships within the broader law enforcement community. That understanding led to the establishment of the FBI’s National Academy, where training is conducted with individuals from law enforcement agencies throughout the United States and around the world. It expanded to violent crime and organized crime task forces in the 80's and 90's, telemarketing efforts with our law enforcement and private sector partners in the 90's and of course counterterrorism joint efforts in every city.
This effort has greatly assisted us in building critical bridges with our key partners in the law enforcement community. Now, cyber threats must be addressed. Over the past two years the FBI has supported the establishment of more than 75 multi-jurisdictional, Cyber Crime Task Forces nationwide.
In addition to improving our partnerships with law enforcement, the FBI has also sought to establish active partnerships with private industry. Unfortunately, in today’s economic and criminal environment, the missing members of the team, more often than not, have been representatives from private industry. Forging new business partnerships, and enhancing the partnerships that already exist, is a top priority for the FBI. We need to be creative and look for reasons, law, and regulations that encourage, rather than impede, such efforts.
Law enforcement alone does not generally employ the necessary subject-matter experts. As a result, computer experts from the private sector often collaborate with us to solve crimes. These people are often better equipped than we are to identify cyber crimes and their constantly changing, constantly evolving characteristics.
Since the events of September 11, 2001, we in the FBI have dramatically changed our approach to crime and terrorism. We have heard the call to break down the barriers to information sharing and to establish public/private partnerships with enhanced intelligence and resource sharing capabilities. The FBI has listened and is reaching out to many of you to do just that. We have requested and received legislation to help us do just that.
I want to thank the Merchant Risk Council, as well as the members of law enforcement and other private sector organizations, for your patience and perseverance in taking this idea of partnerships from rhetoric to reality. You have joined us in making these partnerships truly “personal.” We have gained a lasting trust as well as a better understanding of each others’ strengths, resources, and capabilities. This, in turn, has given us a stronger foundation to build upon in the future.
You have also helped us recognize that effective partnerships require two-way communication. You have worked with us to develop initiatives that encourage dialogue and the exchange of information. You have conveyed to us the importance of the realities of both industry’s “bottom line” and its “return on investment.” A better understanding has helped both sides of this partnership to justify and to bring to the table additional resources.
Partnerships and information sharing are vital because cyber crime, by its nature, does not respect jurisdictional boundaries. Historically, cyber criminals abroad have perceived themselves as beyond the reach of U.S. authorities and, in some instances, untouchable by even their own country’s law enforcement.
This was the case in the West African countries of Ghana and Nigeria. However, our combined efforts, law enforcement and the private sector working together, have led to noteworthy international successes.
One example, which Dale was a key part of, was the investigation called Operation Releaf, a joint initiative developed to target West African and Russian re-shipper schemes. This investigation was the first effort to employ industry analysts and investigators as an extension of our law enforcement task forces.
In working with the Merchant Risk Council members, the FBI enhanced its case development and intelligence flow process, which resulted in significant cyber crime cases being developed and quickly referred to law enforcement for action -- both domestically and abroad.
In advancing Operation Releaf, members of the Merchant Risk Council assisted in developing and delivering training to regional task force members at a variety of industry and law enforcement sponsored events. Merchant Risk Council members also assisted in providing training to cyber crime Supervisory Special Agents at the FBI academy.
To further the Operation Releaf initiative, FBI supervisors from the Cyber Division’s Internet Crime Complaint Center and International Unit traveled to West Africa on several occasions to develop a better international law enforcement response. Cyber Division supervisors conducted training in Ghana and Nigeria, and deployed agents to Nigeria for extended temporary duty assignments to actively work with Nigerian law enforcement regarding top targets identified in Operation Releaf.
As a direct result of the FBI’s accelerated efforts to engage, train and equip law enforcement in these countries, we -- through the Internet Crime Complaint Center -- identified more than 19,000 fraudulent re-shipper transactions this year alone, involving more the $11 million dollars in losses.
In West Africa FBI, Agents assisted Ghanaian and Nigerian law enforcement in conducting numerous controlled deliveries, which led to 31 individuals being arrested, 34 seizures conducted, and the recovery of approximately $1 million dollars in merchandise.
Many of you are aware of periodic exploits or viruses that have been identified over the past few years. A growing number of these are not only problems designed to effect computer efficiency, or on-line downloading capabilities. They are intended to make our computers part of a larger compromised network of resources that can be turned on and directed to support a variety of cyber crime activities.
In the “Sobig.f” computer intrusion investigation, we learned that millions of computers were infected globally, primarily to convert those computers into spam relays. They could, in turn, be used for denial of service attacks against the critical or e-commerce infrastructure, or to rapidly expand the scope of a new credit card, advanced fee or identity theft scheme.
Identity theft activities are also growing, particularly on-line. Some studies show that more than 10 million Americans were victimized by identity theft last year alone, with estimated losses exceeding $50 billion dollars. The potential impact on U.S. citizens and businesses is significant. As a result, the targeting of identity theft and related cyber crime activity will remain a priority of the FBI.
In targeting on-line identity theft, the definition of what is, or is not, identity theft can be confusing. Even if a narrower definition of identity theft were adopted by law enforcement, it is important to note that the general public bases their definition on what is portrayed through the media, which has been very broad.
In recognition of that fact, and the overriding need to gather the most complete and accurate intelligence as quickly as possible, the FBI, and its law enforcement and industry partners, established the Digital Phishnet Project.
Many of the schemes identified through this project use spam and spoofed websites to lure unsuspecting consumers to another site, or to open attachments that will ultimately compromise their computer-and personal information. That information may later be used in ongoing identity theft, credit card, or re-shipper schemes.
The Digital Phishnet Project continues to grow through input from private sector partners like you. It will continue to focus on schemes that may start out as one crime and evolve into several others -- all with the ultimate goal of stealing someone’s personal financial information.
The FBI coordinates national investigative initiatives, together with our federal, state, and local partners. Such initiatives highlight escalating areas of cyber crime, and other crime problems, and show decisive action by law enforcement to combat those problems.
These events also alert the public to new and evolving crime schemes, such as criminal spam, phishing, identity theft, and the use of expansive global Internet resources such as bot-nets. Four such initiatives have been carried out over the last two-and-a-half years, including Operation Cyber Loss, Operation E-con, Operation Cyber Sweep, and most recently Operation Web-snare. These initiatives involved more than 400 separate investigations, investigating more than $350 million in losses, and resulted in more than 300 arrests. Members of the Merchant Risk Council and other key private industry partners assisted in more than 250 of these investigations.
Private industry partners, some of whom are here today, also helped after the recent tsunami disaster in Asia and India. They aided the FBI’s Internet Crime Complaint Center to identify approximately 850 web sites or on-line schemes related to fraudulent tsunami relief fund-raising efforts. A new low in fraud.
As part of an aggressive, proactive intelligence development effort, the reported incidents were reviewed, triaged, and rapidly referred to law enforcement for follow up -- more than 55 investigative packages on this matter alone. Many of these investigations are ongoing.
The success of working with the private sector, sharing information and investigating cyber crimes, speaks for itself. The FBI will continue to emphasize strong and productive partnerships with both law enforcement and private industry. Together, we can confront crimes committed through the Internet. Together, we will continue our progress -- both protecting the consumer and ensuring our nation’s future economic strength. Alone, we do not have the resources to succeed. All of us know how to proceed. Together, we cannot and we will not fail.