Cyber Terrorism and Cyber Crimes12/04/2009
Mr. Schiff: Hello I’m Neal Schiff and welcome to Inside the FBI, a weekly podcast about news, cases, and operations. If you are hearing this, you are or were on the Internet. Most people are at one time or another. The Internet is a fun, interesting, and educational place to be. But there can be a dark side. Shawn Henry is the assistant director of the FBI’s Cyber Division.
Mr. Henry: “You know a lot of crime that we've seen historically has migrated to the network because the business of the world is now done on the Internet. So people's personal information, corporate secrets, corporate strategies, government information related to research and development, those sorts of things, are all vulnerable to being pilfered or altered by adversaries who have intent on doing damage.”
Mr. Schiff: Can terrorists take down the entire Internet?
Mr. Henry: “You know the Internet is really made up of hundreds of thousands of interconnected networks. So while terrorists can impact parts of the Internet, individual networks etc., to take down the Internet and make the Internet cease to exist, that's a bit of a stretch.”
Mr. Schiff: What are some of the various types of crimes that we have seen since the Internet became a large part of everyone's lives?
Mr. Henry: “You know we've seen traditional crime migrate to the Internet. So the type of crime that people have been committing for dozens of years, including fraud and extortion and those sorts of things, those things have just moved to the Internet. So where people might have taken photos of you in a compromising position before and extorted you, now they'll steal your information and extort you by offering to release that information unless they're paid, or by destroying that information unless they're paid. So it's the same types of crime, they've just changed because of how the Internet has changed the way we do our business.”
Mr. Schiff: Is there any estimate of how much economic impact cyber crime has caused in, say, the last five years?
Mr. Henry: “You know there are consultancies that have estimated the annual cost of crime on the Internet in terms of pilfered data and lost business opportunities and the cost to remediate networks after they've been damaged in the hundreds of billions of dollars annually. I can't quantify that personally, but I can tell you that in just some of the cases that I've actually been involved in personally, we've seen banks, for example, that have lost tens of millions of dollars over the course of a multi-month period, probably aggregately in the hundreds of millions of dollars on an annual basis.”
Mr. Schiff: Say you were at home or on the Internet. What is the worst thing that can happen to us? How can it happen, and how can we prevent being a victim of a cyber crime or cyber attack?
Mr. Henry: “Individual users can have their home computers taken over by an adversary where they send an e-mail with an attachment that contains malware and that malware, once it’s deployed, can capture all of the data located on that computer. So you could lose all of your personally identifiable information (PII), like your bank account information, your user name and password to certain accounts, tax records, and those sorts of things, and once that information is stolen by an adversary they can use it to personally ingratiate themselves to turn that PII into cash. And there's cost to consumers because the cost of our banking, the costs of our retailers, etc., are passed on to individual consumers. So there's certainly a cost. The other issue is when your computer is taken over, you can be an unwitting co-conspirator in a cyber attack, because adversaries, once they take over your computer, oftentimes use your computer, unbeknownst to you, to attack other computers and to steal information from other computers, so you're actually part of a large-scale attack and you don't even know about it.”
Mr. Schiff: What's that called?
Mr. Henry: “That's where your computer becomes part of a botnet. So, a botnet is a robot network, it's a short term for robot network. And your computer, and in many cases tens of thousands of computers simultaneously under the control of one person or small group of people, and that robot network, or botnet, is used to attack other computers or to steal data via distribution of millions of pieces of spam e-mail.”
Mr. Schiff: Let’s talk about a company: what's the worst thing that can happen to a large corporation and how can these firms—large, small—protect themselves and their client data?
Mr. Henry: “Companies can, again, lose information related to their research and development. We've seen companies that have lost their intellectual property, information, or data that's taken years and millions and millions of dollars to develop, and it's lost overnight. We've seen companies that are working on products, including military cases, people, companies that have been building next generation warfare equipment, those sorts of things, that have lost the intellectual property. All the work they've put into developing that has been pilfered. Companies can lose their reputation if it's determined that they were not, did not adequately protect the network and it's a major problem because all the information of your business is done on the network. Companies can put up firewalls, they can ensure that they're reviewing their network on a regular basis, looking for signs of an attack. They can, there are certain protocols that they can put in place that are industry standards that will better protect them against different adversaries who are interested in infiltrating their network and exfiltrating their data.”
Mr. Schiff: Can you give us an example or two of a huge cyber breach cyber crime?
Mr. Henry: “We had a case about a year ago where there was a breach into the Royal Bank of Scotland. There were adversaries who had actually breached the network and done some reconnaissance and they stole account information, they were able to decrypt PIN information, and they manufactured fake ATM cards, or debit cards, and they were able to actually withdraw over 10 million dollars over the course of a day or so. Actually, just under 10 million dollars. In that particular case the company came forward, they worked with the FBI, they reported the incident, and they helped us in collecting evidence that allowed us to actually get on to who the attackers were. And in close collaboration with foreign law enforcement agencies, we were able to actually track down that network of cyber criminals. But in this particular case, it was very well organized. They were able to withdraw just under 10 million dollars in about 24 hours throughout 49 cities located around the, around the world. So very well organized, but through the help and cooperation of the victim, we were able to get onto the bad guys and actually lock them up.”
Mr. Schiff: What about in the United States?
Mr. Henry: “We've had cases within the United States where co-conspirators in an attack are residing here in the States. We had a case not too long ago where somebody had left a company and they were disgruntled and they remotely accessed the network, they deleted files from the operating system, and were able to shut down the entire network, causing great pain and discomfort to the company and to their customers, because they were not able to access data that resided on their network.”
Mr. Schiff: And that hurts economically for the company; a lot of money probably down the drain.
Mr. Henry: “Sure. There are so many components of a cyber attack when you talk about the losses. There’s the actual losses that are caused by data being sold, or stolen and sold, stolen and used. There's the cost of remediating the network, reloading the operating system, changing out hardware, changing out people's passwords. There is a lost opportunity cost in terms of not being able to conduct sales or to conduct your business. And there are certainly, oftentimes, there's a perception by the public that the company shouldn't be used or they might not want to do business with that particular company because they didn't adequately protect the network. One thing that I'd say in that regard is it's really important for companies to report their victimization, to report the fact that they've been breached, because it really is our best opportunity to get onto the adversary and to take them out of the game, either through an arrest or execution of search warrants or those sorts of things. It's really, really important for us to be able to coordinate and cooperate collaboratively with the victims.”
Mr. Schiff: What about our infrastructure here in the United States—how it can be compromised? Electricity, water, what have you, terrorists can actually do that, can't they?
Mr. Henry: “Any network that touches the Internet is potentially susceptible to an attack. We know that there are terrorist groups who have an interest impacting this country, the same way they impacted us by flying planes into buildings eight years ago. And if they can do that same or have that same type of impact on the United States, on the American psyche, on the American people, by attacking networks and disrupting those networks, they’re certainly going to do that.”
Mr. Schiff: If you have one thing to say to people not only in the United States but around the world, how can we make everything slash Internet safer?
Mr. Henry: “Well, it really is a collaborative effort. There's no one person, one agency, one organization, one country that's responsible for protecting the network. It really is a global asset and it really requires close coordination and participation by everybody. It's both the users, its governments, law enforcement, etc., the private sector, it's so important that everybody recognize that the Internet's a wonderful thing. It's provided us access to information we've never had before; it's provided us speed and efficiency like we've never known; it probably is the most important invention in my lifetime. But it also poses some risks, and if we can all remember that there are dangers that are associated with it, and we all play our part in helping to protect the network and to work securely on the network, we'll be a much better place.”
Mr. Schiff: Did you ever think that the Internet would become what it is when it was invented years ago?
Mr. Henry: “When I first got involved in computers was in the early 80s, well before the Internet, or the commercial Internet, and just in the in the mid-90s when I saw it start to grow, I never really recognized how it was going to grow and change our lives. And, quite frankly, I think we probably still haven't even seen the full abilities of the network. Now as we move to wireless devices, iPhones and PDAs, BlackBerries, handheld devices, computers, they're processing power keeps getting bigger and better—bigger in terms of capability, smaller in terms of actual size—it's become much more affordable, it's much more accessible to people, and I really think that we've not yet seen the pinnacle of the Internet. I think there's a long way for it to go and it will constantly evolve throughout our lifetime.”
Mr. Schiff: So much more to learn about the Internet and how the FBI is working 24/7 to keep it safe for you. Check out www.fbi.gov. That’s our show for this week. Thanks for listening. I’m Neal Schiff of the FBI’s Office of Public Affairs.