FBI Chief Calls Cyberthreats Public Enemy No. 1
Mar 2, 2012 12:00 PM PT
In the near future, cyberthreats will be the leading threat to the United States, FBI Director Robert Mueller warned in a speech on Thursday at the RSA Conference in San Francisco.
Traditional crime, from mortgage and healthcare fraud to child exploitation, have moved online, while terrorists have become increasingly cyber-savvy, Mueller said.
Meanwhile, law enforcement is also confronting hacktivists, organized crime, hostile foreign nations spying on the U.S. and online and mercenary hackers.
Law enforcement needs to take lessons learned from fighting terrorism and apply them to cybercrime, he stated.
While the FBI has built up substantial expertise to deal with cyberthreats, it needs help from the private sector, Mueller said, repeating his often-made call for companies to be forthright about reporting data breaches.
"With cyberterrorism, there are fewer high-impact targets that likely have sophisticated defenses," Tim Keanini, chief technology officer at nCircle, told TechNewsWorld. "Cybercrime, on the other hand, has become an actual business model with countless targets."
Cybercrime "has had magnitudes more bite than cyberterrorism for a long time now," mused Randy Abrams, an independent security consultant.
The Rise of the Terrorist in Cyberspace
Terrorist organizations are using the Internet to grow and connect with each other, and they are doing so openly, Mueller said.
For example, Al Qaeda in the Arabian Peninsula produces a full-color English-language online magazine through which it not only shares ideas but solicits information and recruits. The Al Qaeda affiliate in Somalia, Al Shabaab, has its own Twitter account which it uses to taunt its enemies in English, and to encourage terrorist activity, Mueller said.
Terrorists are also using cyberspace to conduct operations, Mueller pointed out. For example, the people who planned the attempted bombing of Times Square in May 2010 tapped into public cameras linking to the Internet to conduct reconnaissance. They used file-sharing sites to share operational information, deployed remote conferencing software to communicate, used a proxy server to avoid detection, and claimed responsibility for the attempt on YouTube.
Cybercrime and Punishment
State-sponsored hackers spy on the United States and steal intellectual property and trade secrets from the U.S., Mueller remarked.
Meanwhile criminal hackers who seek to profit from their acts are banding together through the Internet to form syndicates. Trusted insiders who may be lured into selling secrets are another source of concern for the FBI.
The FBI has cybersquads in each of its 56 field offices and more than 1,000 specially trained agents, analysts and forensic specialists. It also has 63 legal attache offices worldwide and special agents embedded with some police departments overseas to share information and coordinate investigations.
Come Together Right Now
However, that's not enough, Mueller said. As he has done over the years, he reiterated that the FBI needs help from the private sector.
Real-time information-sharing is essential, with the information going both ways, Mueller stated. Private-sector security vendors are often the first to see new threats coming down the road, and they know what data is important and what's at risk.
As he has done before, Mueller urged private sector companies to shed their reluctance to report security breaches. He pledged that the FBI will minimize disruption to their businesses and safeguard the privacy of victims of breaches who come forward.
"Private industry has to be involved," Abrams told TechNewsWorld. "The government, from necessity, uses the private sector for goods and services. If the private sector is porous, which it is, you can't seal up the government."
"It sounds like Mr. Mueller has the right strategy," nCircle's Keanini said.
Terrorists Are Criminals Too
Mueller's speech doesn't necessarily indicate that the FBI's going to focus more on cybercrime than on terrorism, FBI spokesperson Jenny Shearer told TechNewsWorld.
"Cybercrime generically can include cyberterrorism, it can encompass computer intrusions, sexual exploitation against children ... so I think maybe the term 'cybercrime' was used in a broader context than it was in the past," Shearer explained.