Cyber Awareness Month
October 9, 2009
To promote Cyber Awareness Month the FBI Director Mueller describes the mission of Internet Crime Complaint Center, known as IC3, and how it supports the public.
Mr. Schiff: Hello I’m Neal Schiff and welcome to Inside the FBI, a weekly podcast about news, cases, and operations. One of the greatest inventions can be one of the most dangerous. The Internet. Not to scare you, but while there are so many wonderful opportunities in cyberspace, there is a dark side and you need to careful.
Director Mueller: “The Internet has created virtual doors into our lives, into our finances, our businesses, and our national security. Criminals, spies, and terrorists are testing our doorknobs every day and looking for a way in.”
Mr. Schiff: That is FBI Director Robert Mueller. He was the main speaker recently at the Commonwealth Club in San Francisco. He said most of us think we will not become a victim of a crime on the Internet.
Director Mueller: “But what if I told you that as you sit here today, strangers were walking through your offices, homes, and dorm rooms? What if they were opening your drawers, reading your files, accessing your financial information, or stealing your company’s research and development?
Well, that is happening, right now, in homes, offices and schools around the world. Intruders are reaching into our networks every day, looking for valuable information. Unfortunately, they are finding it. They’re finding it because many of us are unaware of the threat these persons pose to our privacy, to our economic stability, and ultimately even our national security.
Most of us assume we will not be targets of cyber crime. We are not as careful as we know we should be.”
Mr. Schiff: Director Mueller gave an example.
Director Mueller: “Not long ago, the head one of our nation’s domestic agencies received an e-mail purporting to be from his bank. It looked perfectly legitimate, and asked him to verify some information. He started to follow the instructions, but then realized this might not be such a good idea.
It turned out that he was just a few clicks away from falling into a classic Internet ‘phishing’ scam—‘phishing’ with a “P-H.” This is someone who spends a good deal of his professional life warning others about the perils of cyber crime. And yet he barely caught himself in time.
He definitely should have known better. I can say this with some degree of certainty, because that person was me.
After changing our passwords, I tried to pass the incident off to my wife, who sits in front of me, as a “teachable moment.” To which she replied: “It is not my teachable moment. However, it is our money. No more Internet banking for you!”
Mr. Schiff: The FBI Director then went on to tell the audience about threats in cyberspace, the FBI’s role in the cyber battle and how the public and law enforcement, working together, can help. He offered a couple of examples.
Director Mueller: “In July 2008, a California oil and gas company called Pacific Energy Resources contacted the FBI and the Long Beach Police to report a computer attack. Six computer servers had been rendered inoperable, disabling the critical leak-detection systems on three off-shore oil platforms. This was the last in a series of network attacks, which cost the company over $100,000.
The investigation led us to a former computer contractor. After he had been let go, he retaliated by remotely accessing the system. His actions could potentially have resulted in significant environmental damage. He pled guilty last month to a federal computer intrusion charge, and faces up to 10 years in prison.
And this past April, someone hacked into the database of the Virginia Department of Health Professionals. The intruder blocked over 8 million patient records—records that hospitals, doctors, and pharmacies depend upon in order to accurately prescribe and dispense medication. Thankfully, those records are no longer blocked, and our investigation continues.
As you can see, cyber cases can have costly—and potentially deadly—consequences.
Again, most of us assume our systems have nothing that would interest a hacker or spy. But we never know exactly what information might have value to a criminal. Information, after, is power. Whenever an intruder opens a door to our networks, there is a clear risk to individual privacy and intellectual property—not to mention economic and national security.
Mr. Schiff: FBI Director Mueller told the Commonwealth Club gathering that when a cyber investigation begins, no one knows what they’re dealing with. It could be a spy, someone inside a company or even an organized criminal group.
Director Mueller: “Something that looks like an ordinary phishing scam may be an attempt by a terrorist group to raise funding for an operation. An intrusion into a corporate network could be the work of a high school hacker across the street or a hostile foreign power across the ocean.
Cyber threats present a unique challenge to law enforcement because we have a tendency to compartmentalize our investigations. Criminal cases are usually separate from espionage cases, which in turn are separate from counterterrorism cases. But when it comes to cyber threats, there is almost always some overlap.
The FBI is both a law enforcement and a national security agency, which means we can and we must address every angle of a cyber case. This is critical because what may start as a criminal investigation may lead to a national security threat.
Take, for example, a next-generation bank robbery that occurred last fall. A group of cyber criminals orchestrated a highly sophisticated attack on a major financial institution. Hackers found their way into the network of this institution, and altered the data to allow them to increase the funds available for a number of accounts. They also stole account data and created duplicate ATM cards. And then, one day early last fall, they struck.
Within 24 hours, the thieves targeted more than 2,100 ATM machines in 280 cities around the world. They inserted their phony ATM cards, then walked away with more than $9 million. Arrests have been made internationally, and that investigation is an ongoing investigation.
To put it in perspective, imagine for a moment that these groups had simultaneously entered dozens of banks, armed with assault weapons, and emptied the vaults. It would have been one of the most notorious bank heists in history. But instead, this attack was planned and executed under the radar, using computers and fiber optic cables as weapons. They did it without a shot being fired, and then disappeared back into the ether.
Such techniques make global deterrence a challenge, to put it mildly. The perpetrators can be anyplace in the world. And so can the victims. And, for that matter, the evidence you need to prosecute.
At a minimum, piecing together a case requires close collaboration with our counterparts in other countries. But actually prosecuting one requires harmonizing different criminal justice systems, all of which work according to the laws of their own lands.
The global scale and scope of such attacks puts law enforcement at a definite disadvantage. And occasionally the investigative challenges may seem almost insurmountable.
But we do have a significant advantage: and that advantage is partnerships. Partnerships with law enforcement and intelligence communities across the world. Partnerships with universities, corporations, and small businesses. Partnerships with citizens such as yourselves.”
Mr. Schiff: Then the FBI Director talked about changes that immediately began at the FBI on the morning of September 11th, 2001.
Director Mueller: “After the September 11th terrorist attacks, the FBI’s mindset and mission changed fundamentally. We could no longer focus our efforts on investigating terrorist attacks after the fact; we had to prevent them from happening in the first place. The only way to do that is to gather and analyze intelligence, and to share that intelligence with those who need it.
The same mindset is true for our cyber responsibilities. The FBI can bridge both criminal and national security cases. So we are uniquely positioned to facilitate joint investigations that cross both local and international jurisdictions.
Within the government, we have established the National Cyber Investigative Joint Task Force. This task force brings together law enforcement, intelligence, and defense agencies to focus on high-priority cyber threats.
But cyber threats take us well beyond partnerships with government alone. The FBI runs a program called InfraGard, which is one of our most important links to the private sector. We exchange information with partners from a host of industries, from computer software companies to chemical corporations. They are the experts on our critical infrastructure, our energy grids, our bridges, our public utilities, the majority of which rely on computer networks. We have 32,000 members and counting, and those relationships have helped us to prevent risk from becoming reality.
And our partnerships stretch beyond our borders. For example, a substantial amount of cyber crime originates in Eastern Europe . And so we have embedded FBI agents in several police agencies there, to assist full-time on cyber investigations. Our relationship with the Romanian National Police is an example of the results that we have attained working with our counterparts overseas. In the past year alone, we have dismantled organized criminal groups and arrested over 100 individuals, both here and in Romania.”
Mr. Schiff: Director Mueller even had breaking news to announce during his speech.
Director Mueller: “And just today, this morning, we announced a major takedown in an international cyber investigation. A group of criminals in the United States and Egypt was engaged in a wide-ranging ‘phishing’ scam. They targeted American financial institutions, and also approximately 5,000 American citizens here in the United States. The FBI, the Secret Service, and state and local law enforcement cooperated closely with our Egyptian counterparts. As a result, earlier today we began arresting over 50 individuals in the United States and Egypt.
This is the first joint cyber effort between the United States and Egypt . It is the largest international ‘phishing’ case ever conducted. And it shows the power of our global partnerships in the face of global cyber criminal networks.
Those are just a small sampling of our many partnerships. And yet we are still outnumbered by cyber criminals. And that is where you come in.
Just as the police cannot come by every home or business, every night, to make sure the doors are locked, we must all take ownership of cyber security.
Cyber crime might not seem real until it hits you. But every personal, academic, corporate, and government network plays a role in national security. And given the extent of the damage cyber attacks can cause, it is important for all of us to protect ourselves, and each other.
If you are a basic user, then make sure to enable basic protections for your network—firewalls, anti-virus software, strong passwords, and security patches. And if you are part of a large corporate or academic network, start thinking of cyber security as a mission-critical component, and not an afterthought.
Investing in cyber security is akin to buying hazard insurance for a house. You invest relatively little to guard against losing everything.
And finally, finally, talk to us. The more information we have, the more effective we can be at preventing you from becoming a victim of cyber crime. Whenever companies or institutions inform us of a potential breach, we have the chance to gather, to analyze, and to share critical intelligence. You never know when a single scrap of information may lead to the takedown of a global ring of cyber criminals, or even a terrorist cell. Remember the example of Cliff Stoll: a 75-cent billing disparity was no mere accounting error. It was the key to uncovering an international espionage ring.”
Mr. Schiff: The Director also said that technology is here to stay and that more and more we’ll be going to the social network sites such as Facebook and Twitter. He added that it’s like “both sides are competing to stay ahead of the other.”
Director Mueller: “I will leave you with just one more warning. Many of you may be familiar with the Nigerian e-mail scam, which offers the recipient the “opportunity” to make millions—if they could just help the author with a few illegal money transfers.
If you ever receive a similar e-mail purporting to be from me—as has happened all too often in the past—delete it! Especially if it asks you for money. Take it from me—having to memorize all those new passwords is no picnic.”
Mr. Schiff: You can help keep cyberspace a safe place for our children and everyone else. Head over to www.IC3.gov to report anything that appears to be of criminal or terrorism nature. That’s the FBI’s Internet Crime Complaint Center , IC3. And of course at www.fbi.gov there’s a lot of material about the FBI’s Cyber Division. Important information and safety tips for children and adults. That’s our show for this week. Thanks for listening. I’m Neal Schiff of the FBI’s Office of Public Affairs.