- Jana D. Monroe
- Assistant Director, Cyber Division, FBI
- Federal Bureau of Investigation
- Before House Judiciary Committee, Subcommittee on Courts, the Internet and Intellectual Property
- Washington DC
- July 17, 2003
Good morning. I would like to thank Chairman Smith, Ranking Member Berman, and members of the Subcommittee for the opportunity to testify today. We welcome your Subcommittee's leadership in dealing with the serious issues associated with the theft of intellectual property. Your Subcommittee's bill, the "Piracy Deterrence and Education Act of 2003," is a positive step toward making Americans aware of the security, privacy and criminal issues related to trafficking in copyrighted works. My testimony today will address the activities of the FBI's Cyber Division in relation to the theft of intellectual property, including music and movies.
A July 11th story in the Chicago Tribune relates only a small segment of crime on the Internet. The article discusses the thousands of computers that have been hijacked by purveyors of pornographic web sites. The hijackers use computers with high speed connections to host their pornographic sites, unknown to the people who own the computers. The hijackers could have found those computers through observation of peer to peer networks, where users can take advantage of high speed connections to rapidly download copyrighted music and videos. Hijacking someone's computer though, is just one of the secondary crimes resulting from theft of intellectual property.
Your Subcommittee's bill, the "Piracy Deterrence and Education Act of 2003," is an important bill because it focuses on several aspects of Internet theft. You correctly note that trafficking in copyrighted works has a great impact in many segments of our economy. When you point out that over two billion files are transferred each month, it is easy to see why so few believe there will be consequences for sharing copyrighted files. Few realize that their security and privacy are at risk when they share files. The vast majority of file sharing occurs over peer to peer networks.
P2P networks primarily serve as a "come and get it" resource on the Internet. In using such a utility, the user specifically searches for the item they want, e.g. music, images, or software. The most significant criminal activity involving P2P sharing centers largely on intellectual property rights (music and software piracy) matters, an area in which the FBI has been working closely with private industry. The FBI has also seen an increase in P2P sharing of child pornography files.
The FBI has seen an increasing number of instances where a victim has determined that a Trojan/back door was installed on their computer during a download from a P2P network. In some cases, the victim also learned that personal and financial information had also been removed from their computer via the back door.
In addition to traditional Trojans/back doors, the FBI has seen an increase in matters where certain "bots" (active Trojans) have been installed inadvertently via a P2P download. In these instances, the victim computer, via the bot, essentially reports to a designated Internet relay chat (IRC) site, awaiting further instructions from its creator. The creator of the bot will often use the compromised computers to launch coordinated denial of service attacks against a targeted site or sites. These bots could also be used to retrieve sensitive information from victim computers in furtherance of an identity theft scheme.
A person using P2P utilities for unauthorized or illegal purposes is not as likely to tell the FBI that an exploit (back door) was found on their system, or that as a result, certain personal or financial information may have been taken. The FBI has been made aware of instances where Trojans or bots have been found on computer systems where P2P programs are present, and where certain personal, financial or other sensitive information has been taken.
The "Piracy Deterrence and Education Act of 2003"
The "Piracy Deterrence and Education Act of 2003" is legislation that the FBI believes is the first step toward eliminating the illegal practice of sharing copyrighted material. The bill orders the FBI to develop a deterrence program and facilitate information sharing among law enforcement agencies, Internet service providers and copyright owners of information. We agree that the FBI must work together with the private sector, and we agree that education and deterrence are the first two moves in this war on intellectual property theft. We hope you will be pleased to know that the FBI has been working on this problem for quite some time. The FBI and the Recording Industry Association of America are now in the final stages of completing a Memorandum of Understanding regarding the FBI Intellectual Property Rights Warning Program. This MOU allows for the Recording Industry's use of the FBI seal in the same way that it has been used as a warning on videotapes, DVDs and movies for years.
We have also drafted a document titled: "An Open Letter Regarding Illegal Uses and Vulnerabilities Associated with Peer to Peer Networks." This document will serve as the first step in educating users and parents of users of peer to peer networks. We will distribute this document nationwide, and it will be posted on the FBI's website. The letter leave no doubt as to the illegality of sharing copyrighted works without authorization and distributing child pornography or obscene material over the internet. The letter also addresses the vulnerabilities exposed when using P2P networks.
Investigation of intellectual property rights violations is only a small part of what the Cyber Division is charged with accomplishing. The FBI is in a unique position to respond to cyber crimes, because it is the only Federal agency that has the statutory authority, expertise, and ability to combine the counterterrorism, counterintelligence, and criminal resources needed to effectively neutralize, mitigate, and disrupt illegal computer-supported operations.
The FBI's Cyber Division
The FBI's reorganization of the last two years included the goal of making our cyber investigative resources more effective. In July 2002, the reorganization resulted in the creation of the FBI's Cyber Division. In prioritizing Cyber Crime, the FBI recognizes that all types of on?line crime are on the rise.
The Cyber Division addresses cyber threats in a coordinated manner, allowing the FBI to stay technologically one step ahead of the cyber adversaries threatening the United States. The Cyber Division addresses all violations with a cyber nexus, which often have international facets and national economic implications. The Cyber Division also simultaneously supports FBI priorities across program lines, assisting counterterrorism, counterintelligence, and other criminal investigations when aggressive technological investigative assistance is required. The Cyber Division will ensure that agents with specialized technology skills are focused on cyber related matters.
At the Cyber Division we are taking a two-tracked approach to the problem. One avenue is identified as traditional criminal activity that has migrated to the Internet, such as Internet fraud, on-line identity theft, Internet child pornography, theft of trade secrets, intellectual property rights violations and other similar crimes. The other, non-traditional approach consists of Internet-facilitated activity that did not exist prior to the establishment of computers, networks, and the World Wide Web. This encompasses "cyber terrorism," terrorist threats, foreign intelligence operations, and criminal activity precipitated by illegal computer intrusions into U.S. computer networks, including the disruption of computer supported operations and the theft of sensitive data via the Internet. The FBI assesses the cyber-threat to the U.S. to be rapidly expanding, as the number of actors with the ability to utilize computers for illegal, harmful, and possibly devastating purposes is on the rise.
The mission of the Cyber Division is to: (1) coordinate, supervise and facilitate the FBI's investigation of those federal violations in which the Internet, computer systems, or networks are exploited as the principal instruments or targets of terrorist organizations, foreign government sponsored intelligence operations, or criminal activity and for which the use of such systems is essential to that activity; (2) form and maintain public/private alliances in conjunction with enhanced education and training to maximize counterterrorism, counterintelligence, and law enforcement cyber response capabilities, and (3) place the FBI at the forefront of cyber investigations through awareness and exploitation of emerging technology.
To support this mission we are dramatically increasing our cyber training program and international investigative efforts. Consequently, specialized units are now being created at FBI Headquarters to provide training not only to the 60 FBI cyber squads, but also to the other agencies participating in existing or new cyber-related task forces in which the FBI is a participant. This training will largely be provided to investigators in the field. A number of courses will be provided at the FBI Academy at Quantico.
The importance of partnerships like law enforcement cyber task forces and alliances with industry can not be overstated. Those partnerships help develop early awareness of, and a coordinated, proactive response to, the crime problem. The cyber crime problem is constantly changing, requiring law enforcement to develop a flexible and dynamically evolving approach as well. Critical infrastructures and e?commerce are truly on the "front lines" and most often better positioned to identify new trends in cyber crime. Similarly, because of the actual and potential economic impact of cyber criminals, private industry has a vested interest in working with law enforcement to effectively detect, deter and investigate such activity.
The Cyber Division is also embarking on a significant effort to improve our overseas investigative capabilities by sending FBI personnel to help investigate cyber crimes when invited or allowed into a host country. .We believe this high tech training and overseas investigations are justified by the increasing internationalization of on-line crime and terrorist threats.
Through the Internet Fraud Complaint Center (IFCC), established in 1999 in partnership with the National White Collar Crime Center (NW3C), the FBI has appropriately positioned itself at the gateway of incoming intelligence regarding cyber crime matters. The IFCC receives complaints regarding a vast array of cyber crime matters, including: computer intrusions, identity theft, intellectual property rights violations, economic espionage, credit card fraud, child pornography, on?line extortion and a growing list of internationally spawned Internet fraud matters. The IFCC received 75,000 complaints in 2002, and is now receiving more than 9000 complaints per month. We expect that number to increase significantly as the American and international communities become more aware of our mission and capabilities. Later this year, the IFCC will be renamed as the Internet Crime Complaint Center (IC3) to more accurately reflect its mission.
The FBI and the United States Customs Service (USCS) co-lead the National Intellectual Property Rights Center (IPR Center). The IPR Center strives to be the FBI and USCS hub for the international collection, analytical support and dissemination of intelligence involving IPR violations. These violations include theft of trade secrets, copyright infringement, trademark infringement and signal theft. Specifically, the IPR Center gathers IPR intelligence from a variety of sources, analyzes the intelligence, and provides a coordinated flow of information for use by the FBI and USCS field components.
Cyber crime continues to grow at an alarming rate, and intellectual property rights violations are a major part of the increase. Criminals are only beginning to explore the potential of crime via peer-to-peer networks while they continue to steal information by hacking, insider exploitation and social engineering. The FBI is grateful for the efforts of your Subcommittee and others dedicated to the safety and security of our Nation's families and businesses. The FBI will continue to work with your Committee and aggressively pursue cyber criminals as we strive to stay one step ahead of them in the cyber crime technology race.
I thank you for your invitation to speak to you today and on behalf of the FBI look forward to working with you on this very important topic.