SAN FRANCISCO -- Sharing information with law enforcement after a breach is critical to successfully battling increasingly sophisticated and organized cybercriminals, security experts said during a panel discussion at the RSA Conference.
The biggest challenge for law enforcement is trying to work with domestic companies victimized by breaches, said Kimberly Kiefer Peretti, senior counsel with the Department of Justice's Computer Crime Section.
"The only way we can fight this is to get good support. We're not there as your enemy but your friend," she said. Law enforcement does its best to respect a company's needs and won't interrupt business during an investigation, she added.
John Woods, a partner focused on internal investigations at Hunton & Williams LLP, a Washington, D.C.-based firm, said giving information to law enforcement hasn't hurt his clients and has actually helped to reduce their exposure and protect their brand. The information sharing also helped to catch the criminals more quickly, he added.
Panelists said criminals are increasingly adept at breaking into companies, rooting around for valuable data in corporate networks unnoticed for months and even years, and monetizing the data in a very organized fashion.
Peretti discussed the indictment of Albert Gonzalez, a Miami-based hacker who pleaded guilty late last year to orchestrating a series of attacks on multiple companies. In some cases, the victim companies called her office; in others, her office contacted the victims. "In every case where we had a successful prosecution, it was due to close collaboration with the victim," she said.
Gonzalez and his co-conspirators infiltrated corporate networks with malware that wasn't detected by antivirus, allowing them to remain undetected for two years, she said. "The thing that was difficult was [the cybercriminals] had unlimited time to do network reconnaissance … and look for stored data or data in transit."
Cybercriminals committing financial crimes are also motivated by "ego, challenge and greed," Peretti said.
Some online criminals may not even be interested in money, she added, but they often have formed strong bonds with friends they made as teenage hackers and continue to work with them. Investigators see their online chats where they talk about recreational drugs, dating and discos. "Not the most mature criminal mindset," she said.
Still, cybercriminals are very organized with separate teams to carry out different parts of an attack, panelists said. Also, Woods said there are nation states trying to steal intellectual property and other sensitive data from U.S. businesses.
"The attacks to steal credit cards are significant, but the real threat is to intellectual property," said David Burg, principal at Greensboro, N.C.-based PricewaterhouseCoopers.
He said the recent indictment of four East Europeans, who allegedly hacked into payment processor RBS WorldPay Inc. and helped steal more than $9 million from thousands of ATMs in a highly coordinated attack, involved a lot of international cooperation. He also praised Google for raising awareness about cybercrime by exposing the details of the attack the company recently experienced.
"If we do better information sharing, we can do a better job of understanding the threat," Burg said.