- Jana Monroe
- Assistant Director, Cyber Division
- Federal Bureau of Investigation
- Before the Senate Committee on Commerce
- Washington DC
- May 20, 2004
Good morning Chairman McCain, and other members of the Committee. On behalf of the FBI, I would like to thank you for this opportunity to address the FBI's role in anti-spam initiatives.
Cyber crime, in its many forms, continues to receive priority attention from the FBI. A paramount objective of the Cyber Division has been to arm field investigators with the necessary resources to identify and combat evolving cyber crime matters. Over the past 18 months, the FBI has supported the establishment of more than 50 multi-jurisdictional task forces nationwide. Partnerships with federal, state, and local law enforcement are vital to the success of these teams, because cyber crime, by its nature, does not respect jurisdictional boundaries and we need to leverage existing resources to effectively and efficiently fight cybercrime.
In addition to law enforcement partnerships, another prime objective of the FBI's Cyber Division is to establish active partnerships with subject matter experts from the private sector. Such experts are often better equipped to identify cyber crimes at their earliest stages. Early identification of cyber crimes is an absolute must, and directly correlates to ultimate successes in investigating and prosecuting cyber criminals.
In keeping with this approach, and even before passage of the CAN-SPAM Act by Congress, the FBI had begun work in a Public/Private Alliance to specifically target the growing spam problem. The Internet Crime Complaint Center (IC3), working in coordination with industry, developed "SLAM-Spam," an initiative that began operation last fall. This initiative targets significant criminal spammers, as well as companies and individuals that use spammers and their techniques to market their products. It also investigates the techniques and tools used by spammers to expand their targeted audience, to circumvent filters and other countermeasures implemented by consumers and industry, and to defraud customers with misrepresented or non-existent products.
Enforcement Before and After the CAN-SPAM Act:
Before Congress passed the CAN-SPAM Act of 2003, some schemes perpetrated by spam could have been pursued as violations of statutes such as Title 18, United States Code, Section 1030 (fraud and related activity in connection with computers) Title 18, United States Code, Section 2319 (criminal Infringement of a copyright) or Title 18, United States Code, Section 1343 (wire fraud), as well as through several other existing criminal or civil statutes. No existing statute, however, directly addressed some typical behaviors of spammers, including: using widely-available "open proxies" to bounce e-mail traffic through intermediary computers with the intent to hide the true location of the sender, the abuse of free e-mail services to send out spam from accounts with false registration information, and the use of tools to forge the return address and other headers associated with the e-mail. Prior to the CAN-SPAM Act, law enforcement lacked the legal tools to address the spam problem directly. Because of this, many investigators and prosecutors viewed cases based primarily on the sending of spam as unlikely to result in successful investigations and prosecutions. As the economic impact attributable to spam, and the use of spam to send unwanted pornographic images have become known, however, law enforcement interest increased. Similarly, investigations of computer intrusions and viruses have uncovered that infecting computers with viruses is now often being done to facilitate spam. In the SoBig.F computer intrusion investigation, we learned that millions of computers were infected globally, primarily to convert those computers into spam relays.
The CAN SPAM Act now allows law enforcement to apply criminal leverage to spammers, who previously were viewed as "facilitators" of fraudulent schemes, but who would disclaim any knowledge of the fraudulent or pornographic nature of the products they were advertising. CAN-SPAM's provisions address the most significant fraudulent and sexually explicit spam, and provide both civil and criminal tools to combat them.
In response to the growing number of complaints it was receiving about fraudulent and pornographic spam, the Internet Crime Complaint Center began development of a project to address the spam problem. The Center has developed extensive experience in taking complaints relating to all types of crime occurring over the Internet, analyzing them for significant patterns, and then referring appropriate case leads out to the field for further investigation. The IC3 receives more than 17,000 complaints every month from consumers alone, and additionally receives a growing volume of referrals from key e-commerce stakeholders. The use of spam is a substantial component of these schemes, which includes reports of identity theft schemes, fraudulent pitches and "get rich quick" schemes, and unwanted pornography. Currently, over 25 percent of all complaints to the IC3 involve some use of spam electronic mail.
To develop the project, the IC3 coordinated with industry Subject Matter Experts and representatives of the Direct Marketing Association (DMA), which have provided essential expertise and resources to the project. The IC3 has also consulted with the Federal Trade Commission, which has several years of working with consumers on the spam problem. This project has also identified a significant list of the methods used by subjects to advance their individual schemes. I will describe some of the efforts and summarize the primary accomplishments of this project over the past six months, and project future accomplishments, consistent with the overall project plan. This include a national initiative in which suitable cases developed or advanced through this project, will be highlighted as part of our overall effort against those who have committed criminal and civil violations of the CAN-SPAM Act.
The first several months of the project focused on building support structures to support the initiative. The IC3 identified and consulted with Subject Matter Experts from Internet Service Providers, anti-spam organizations, and other groups. They defined responsibilities of participants, and began weekly strategy meetings to ensure that progress and priorities were consistent and clear. Experts developed communications channels and databases to exchange information quickly and robustly among the experts in the alliance. Finally, a list of potential subjects was developed by analysts from the Internet Crime Complaint Center (IC3), and compared against existing IC3 referrals to determine if law enforcement had already initiated investigations of subjects, and if those investigations were making progress.
After the effective date of the CAN-SPAM Act, the IC3 helped organize and participated in three regional training conferences on a number of subjects relating to cybercrime. At these conferences, representatives of the FBI and Department of Justice gave presentations designed to familiarize agents specializing in cyber crime with the SLAM-Spam initiative, the techniques used by spammers to falsify their identity, and the additional criminal prohibitions in the CAN-SPAM Act.
Identifying the most significant subjects involved in criminal spam scenarios is a prime objective of the SLAM-Spam initiative. Equally significant has been developing those cases so that they can be further investigated and prosecuted by field offices, cyber task forces, and United States Attorneys' Offices around the United States. Accordingly, while a growing number of Internet crime schemes use spam to target larger pools of victims, the Cyber Division's task force capabilities have increased as well. Cyber Crime squads in our field divisions are trained in quickly investigating computer intrusions and virus attacks. When they are available, these resources can also be used to investigate the source of unwanted fraudulent and pornographic spam.
Project SLAM-Spam is on course and on schedule to achieve substantial results against individuals and organizations that are complicit in criminal (and potentially civil) schemes where spam is used. As a result of these activities, more than 20 Cyber Task Forces are actively pursuing criminal and in some cases joint civil proceedings against subjects identified to date. We expect that this number will continue to rise, as successful actions are brought under this act.
We are also improving our cooperation with the FTC, State Attorneys General, and industry partners, because we understand that criminal enforcement is only one aspect of the fight against spam. While we cannot share every detail of ongoing criminal investigations, we can and will share our knowledge about tools and techniques used by spammers, their current primary targets of opportunity, and the types of schemes they are favoring.
Notable Early Accomplishments of SLAM-Spam:
The SLAM-Spam initiative has now moved beyond the planning stages, and has begun identifying and packaging investigations from the field. Within the last few months, the Initiative has:
Identified over 100 significant spammers
Targeted 50 Spammers so identified as points of focus for the SLAM-Spam project.
Developed ten primary subject packets developed and for referral to Law Enforcement
Linked three groups of subjects into potential organized criminal enterprises
Referred five significant ongoing investigations linked to spammers.
Over 350 compromised and misconfigured resources identified, including 50 government sites.
Engaged military criminal investigators to help identify criminal acts associated with compromised Government sites.
Identified common denominators relating to spam both domestically and internationally.
- Catalogued numerous exploits and techniques being used by spammers, including e-mail harvesting, use of viruses, and turn-key tools to bypass filters. [A sample of these exploits and techniques is attached to the end of this testimony.]
The FBI, via the IC3, periodically coordinates National Investigative Initiatives, together with our Federal, State, and Local partners. Such initiatives are designed to highlight escalating areas of cyber crime, and demonstrate decisive action taken by law enforcement to combat it. These events also serve to alert the public to new and evolving cyber crime schemes, such as criminal spam. Three such initiatives have been carried out over the last 2 ½ years, including Operation Cyber Loss, Operation E-Con, and most recently Operation Cyber Sweep. A succeeding initiative is being projected for later this year in which it is anticipated that criminal and civil actions under the CAN-SPAM Act of 2003 will be included.
We have begun preliminary notification to our field offices of our newest initiative, underscoring our emphasis on cases involving criminal uses of spam. Such cases may be investigated and prosecuted as computer intrusion matters, or as on-line cyber frauds which may lend themselves to a variety of existing state and/or federal statutes, including the recently passed CAN-SPAM Act. Similar notifications have been or will be made through appropriate channels to the U.S. Secret Service, U.S Postal Inspection Service, the FTC, the Department of Justice, and in the state and local agencies that are members of the National White Collar Crime Center. We are already planning meetings to ensure that this initiative is on track, and to further define the scope and packaging of this activity are being planned. We will be happy to brief you on the results of this initiative when it has been completed.
Once again, I appreciate the opportunity to come before you today and share the work that the Cyber Division has undertaken to begin to address the problem of spam. Our work in this area will continue, and we will continue to keep Congress informed about our progress in overcoming the challenges in this area.