Early
last year, hackers were discovered embedding malicious software in two
million computers, opening a virtual door for criminals to rifle through
users’ valuable personal and financial information. Last fall, an
overseas crime ring was shut down after infecting four million
computers, including half a million in the U.S. In recent months, some
of the biggest companies and organizations in the U.S. have been working
overtime to fend off continuous intrusion attacks aimed at their
networks.
The scope and enormity of the threat—not just to private industry but
also to the country’s heavily networked critical infrastructure—was
spelled out last month in Director Robert S. Mueller’s testimony to a
Senate homeland security panel: “Computer intrusions and network attacks
are the greatest cyber threat to our national security.”
To that end, the FBI over the past year has put in place an initiative
to uncover and investigate web-based intrusion attacks and develop a
cadre of specially trained computer scientists able to extract hackers’
digital signatures from mountains of malicious code. Agents are
cultivating cyber-oriented relationships with the technical leads at
financial, business, transportation, and other critical infrastructures
on their beats.
Today, investigators in the field can send their findings to specialists
in the FBI Cyber Division’s Cyber Watch command at Headquarters, who can
look for patterns or similarities in cases. The 24/7 post also shares
the information with partner intelligence and law enforcement
agencies—like the Departments of Defense and Homeland Security and the
National Security Agency—on the FBI-led National Cyber Investigative
Joint Task Force.
A key aim of the Next Generation Cyber Initiative has been to expand our
ability to quickly define “the attribution piece” of a cyber attack to
help determine an appropriate response, said Richard McFeely, executive
assistant director of the Bureau’s Criminal, Cyber, Response, and
Services Branch. “The attribution piece is: who is conducting the attack
or the exploitation and what is their motive,” McFeely explained. “In
order to get to that, we’ve got to do all the necessary analysis to
determine who is at the other end of the keyboard perpetrating these
actions.”
The Cyber Division’s main focus now is on cyber intrusions, working
closely with the Bureau’s Counterterrorism and Counterintelligence
Divisions.
“We
are obviously concerned with terrorists using the Internet to conduct
these types of attacks,” McFeely said. “As the lead domestic
intelligence agency within the United States, it’s our job to make sure
that businesses’ and the nation’s secrets don’t fall into the hands of
adversaries.”
In the Coreflood case in early 2011, hackers enlisted a botnet—a network
of infected computers—to do their dirty work. McFeely urged everyone
connected to the Internet to be vigilant against computer viruses and
malicious code, lest they become victims or unwitting pawns in a hacker
or web-savvy terrorist’s malevolent scheme.
“It’s important that everybody understands that if you have a computer
that is outward-facing—that it’s connected to the web—that your computer
is at some point going to be under attack,” he said. “You need to be
aware of the threat and you need to take it seriously.”
