- Steven M. Martinez
- Assistant Deputy Director, Cyber Division
- Federal Bureau of Investigation
- House Committee on Small Business Regulatory Reform and Oversight Subcommittee
- Washington, DC
- March 16, 2006
Good afternoon Chairman Akin, ranking member Bordallo, and members of the committee. I want to thank you for this opportunity to testify before you today about small-business cyber-security issues.
As retail business moves to the world of e-commerce, cyber crime will follow. In 2000 e-commerce accounted for 1 percent of all retail sales. Today it accounts for 2.4 percent of all sales. This upward trend will undoubtedly continue. Adding to this the revenue generated by non-retail Internet businesses, such as media and entertainment; e-commerce will soon dominate all commercial activity worldwide. The FBI is committed to investigating threats at all levels against this major force in our economy.
Small business forms a vital link in the overall security of the Internet. First, small business accounts for a significant portion of the retail business occurring on the Internet. Many online businesses and e-retailers are small businesses, many small businesses are customers of online businesses, and still other small businesses support the IT and Internet operations of large businesses and the government. Second, the integrity of Internet-connected small-business systems has an impact on the security of the Internet as a whole.
The FBI has recognized that the best way to combat the growing threat of cyber crime is to form a partnership with businesses and industries that rely on the Internet for their success. By teaming up with the private sector the FBI is able to find out what issues affect business and what problems are causing the most harm. This has allowed us to focus our efforts on the major problems affecting the Internet.
Further, through our outreach and information-sharing initiatives, we are able to share our experiences with members of the business community so that they can better protect and defend themselves against new and evolving cyber threats. The education of small businesses about the scope and nature of cyber threats is an important first step in protecting those businesses.
The FBI has two initiatives focused on building a partnership with business: the National Cyber-Forensics and Training Alliance (NCFTA) and InfraGard.
The NCFTA is a first-of-its-kind public-private alliance located in Pittsburgh, Pennsylvania. At the NCFTA members of law enforcement work side-by-side with representatives from business on addressing the latest and most significant cyber threats. Through this collaboration the FBI has been able to identify and prosecute some of the most serious cyber criminals, including those who distribute computer viruses, operate large networks of compromised computers (known as botnets), and perpetrate fraud schemes such as phishing scams.
The NCFTA is strategically located near Carnegie Mellon University's Computer Emergency and Response Team/Coordination Center and is also within driving distance of the FBI's Internet Crime Complaint Center (IC3).
As an example on how we address cyber complaints, the NCFTA was recently contacted by a small bank in New Jersey. The bank was the victim of a phishing attack. In this type of attack the criminal creates a fake website that is identical to the real bank site and uses the fake site to steal credit card and other identity information from the bank's customers. With the victim bank to help them, the NCFTA traced the attack to its source and identified what measures they could take to mitigate the effects of this attack. With the help of the NCFTA, the bank was able to send “cease and desist” letters to the Internet service providers hosting the fake sites in order to have the sites shut down.
InfraGard is an alliance between the FBI and the public whose mission is to prevent attacks, both physical and electronic, against critical infrastructure including, but not limited to banks, hospitals, telecommunications systems and the Internet. InfraGard has over 14,800 private sector members spread across 84 local chapters throughout the United States.
These private sector partners represent the full spectrum of infrastructure experts in their local communities. FBI agents assigned to each chapter bring meaningful news and information to the table such as threat alerts and warnings, vulnerabilities, investigative updates, overall threat assessments and case studies. The FBI’s private sector partners, who own and operate some 85 percent of the nation’s critical infrastructures, share expertise, strategies, and, most importantly, information and leads that help the FBI track down criminals and terrorists.
The IC3 is a joint initiative between the FBI and the National White Collar Crime Center. Located in West Virginia, a short distance from the NCFTA facility in Pittsburgh, the IC3 serves as a clearing house for cyber crime incidents reported by both individuals and business. The IC3 receives, on average, 25,000 reports of cyber crime incidents each month. By analyzing these complaints for commonalities and trends the IC3 is able to develop cases that have a national impact. These cases are then referred to local, state, or federal law enforcement agencies for investigation.
As with the NCFTA, the IC3 also focuses on partnerships with business as the most efficient and effective way to combat cyber crime. In 2002 the IC3 began an initiative to help online retailers combat fraud from re-shipping scams. The initiative known as REtailers and Law Enforcement Against Fraud (RELEAF) brought together teams of analysts at the IC3 and e-commerce businesses to identify fraudulent online purchase which were being shipped by domestic re-shippers to destinations overseas. In one 30-day period, the RELEAF initiative resulted in 17 arrests, 14 controlled deliveries, the recovery of $340,000 in stolen merchandise, and the recovery of over $115,000 in counterfeit cashier's checks.
An important issue in combating cyber crime is education and awareness. This is even more important for small businesses that may not have the personnel or financial resources to secure their online systems to the same level as larger businesses and organizations. The NCFTA and InfraGard initiatives all have a significant awareness/education component to their collaborative efforts with business.
In 2005 the FBI and United States Postal Inspection Service teamed up with several industry groups such as monster.com, Target, the Merchants Risk Council, and the Spamhaus Project, to create the LooksTooGoodToBeTrue.com web site. This website contains information for the lay person regarding various types of cyber crimes and means of online protection. The LooksTooGoodToBeTrue.com web site received over 3.1 million hits during its first week of operation alone.
In closing, the FBI is committed to investigate threats at all levels on the Internet. Director Robert S. Mueller’s vision in creating the Cyber Division, in fact, demonstrates this commitment. The aggressive and creative strategy the FBI has employed by partnering with business and academia will create an environment focused on information sharing that will allow us to develop actionable intelligence in order to better address the ever growing small-businesses cyber-security issues.