Fighting cybercrime requires cooperation between law enforcement and private industry, FBI Director Robert Mueller told attendees at the RSA Conference Wednesday. "Together we must work to stop these attacks," he said at a town hall meeting sponsored by the Business Software Alliance.
Most companies that experience network intrusions don't report the incidents to law enforcement out of privacy and other concerns, Mueller said. He urged the audience of infosecurity professionals attending the RSA Security Conference to share cybercrime data, promising that his agency will take steps to ensure their privacy.
"We certainly do not want you to feel victimized a second time by our investigation… We won't release confidential data. We'll take steps to protect intellectual property," he said. Mueller added that "maintaining a code of silence" won't benefit a company in the long-run.
"No person, no agency, no company, no country can prevent crime and terrorism alone….While challenges are growing each day, together we won't be defeated," he said.
The FBI has had success in investigating cybercrimes with help from the private sector, Mueller said. Among the cases he cited included collaborating with Microsoft and officials overseas to track down the suspects involved with the Mytob and Zotob worms. The agency also worked with the Red Cross, eBay and others to investigate fraudulent Web sites that exploited the Hurricane Katrina disaster.
"We are sharing information and working with our domestic and international partners in law enforcement… Yet there is much more work to be done."
Other top law enforcement officials echoed Mueller's remarks in a panel discussion held after his keynote.
"The most important people in fighting cybercrime are those of you here today," said Arif Alikhan, senior counsel at the U.S. Department of Justice, where he oversees the Computer Hacking and Intellectual Property Program. "You are the victims… and have the evidence and expertise…Without your help, we cannot do our jobs."
Steven Martinez, deputy assistant director for the FBI's cyber division, said the agency's partnerships with the academic community and private sector are key.
"We'll never have all the resources in house that we need, so we rely on you. You'll see the threats before we do," he said, encouraging attendees to share cybercrime information and promising that the agency will handle it discreetly.
Also on the panel was Danny de Temmerman, European Commission administrator and member of the G8 Subgroup on High-Tech Crime, who said there has been an increased amount of law enforcement attention on cybercrime in Europe over the past 18 months. "We all face the same problem," he said.
Cybercriminals are much more sophisticated and organized today, Alikhan said. It's no longer a case of just one script kiddie out for malicious purposes but rather groups of people "going after the money," he added.
"We're seeing a convergence of the hacker community and cyber fraudsters," Martinez said. "It's all come together and it's all for profit."
Due to the international aspects of cybercrime, the FBI has become more experienced working in countries it had not previously, such as Estonia and Romania, he added.
During a brief question and answer period after the panel, Todd Davis, CEO of security supplier LifeLock, told officials that his company has tracked down cybercrime culprits but can't find law enforcement officials to take the cases.
"We have proof of who did it," he said. "We can't find anyone to take the onus [of the case]…Who do we go to?" Alikhan responded that federal officials try to take cases that will have the maximum deterrent effect. He advised David to contact local police and to continue reporting incidents.