2009 RSA Conference
The RSA Conference
An After Action Report
Thousands of cyber security pros were there—from every industry and from across the world—networking…sharing the latest technologies and best practices…and soaking up expertise on such infinitely complex issues as botnets, cryptography, cyber warfare, hacking, cloud computing, data privacy, and insider and critical infrastructure threats.
It was the latest annual RSA Conference, held in San Francisco in late April—traditionally the largest gathering of computer security professionals anywhere.
The anonymity of the web is a beautiful thing if you’re a cyber criminal. Or an FBI agent working undercover. One case in point: FBI Agent J. Keith Mularski’s two-year undercover investigation into a massive online credit card trading forum called “Dark Market.” During the sting, Mularski played a cyber criminal online so convincingly he was able to help the FBI and its law enforcement partners shut down the forum, make 60 arrests worldwide, and prevent some $70 million in potential economic losses.
The Dark Market website was “a supermarket of criminal activity” where, according to Mularski, criminals could buy and sell virtually any sort of stolen financial information (credit card numbers, PINs, passwords, etc.) as well as the hardware and software needed to manufacture fake cards and documents.
Claiming expertise in spamming and hosting, Mularski eventually became a trusted member of the forum. After it was attacked by rival forums, he even offered to host Dark Market on his own servers so they’d be safer. His invitation was accepted and the forum was moved…to FBI servers, of course! That was the beginning of the end for Dark Market. The intelligence we collected began to pay off, and operators of the illegal online venture were soon put out of business.
The FBI’s role is two-fold, he said: gathering, making sense of, and freely sharing intelligence on the universe of cyber threats and emerging trends (boosted by our understanding of all the major national security issues)…and rolling out targeted operations (often undercover, see inset) that take down these threats.
For us, the question of the conference—and beyond—is how far we are all willing to go collectively to protect our burgeoning computer networks. For all the power and possibilities it brings into our lives, the Internet and everything connected to it opens the door to our most sensitive financial, defense, commercial, and personal information. By putting our most important systems and data online, we couldn’t have created a better feeding ground for terrorists, spies, and criminals of all kinds.
It boils down to this: we are building our lives around our cyber networks. Are we ready to work together to defend them?
The FBI certainly is. For our part, we’re committed to:
Continuing to work through such channels as InfraGard and its 30,000 members to exchange threat information;
Sharing intelligence on a targeted basis in response to a specific threat to a particular sector (i.e., banks), even if it might impact our investigations (“We’ll get the bad guy later,” says Henry);
Reaching out to more CEOs and other business execs to make sure they fully understand the threat and that they allocate resources and enact policies that help provide their networks with day-to-day protection;
Building relationships with our counterparts overseas, where most of our investigations start or end; and
Working with the Department of Homeland Security and other agencies to defend critical infrastructure.
At the same time, we need lots of support and advice from businesses, academia, and government:
Most importantly, we need intelligence from cyber experts like those at the conference—details on possible suspects and victims and the tools, tactics, and procedures used in attacks.
We need companies to report incidents, even when it’s not convenient to do so. Henry said, “I know trust is an important aspect of this sharing, and I hope you continue to trust that I will maintain your confidentiality, use the information you give me wisely, and actually have an impact on the threat.”
As was echoed throughout the conference, trust and cooperation are our best weapons for protecting cyberspace—today and in the future.