SAN FRANCISCO -- Sharing information with law enforcement after a breach is critical to successfully battling increasingly sophisticated and organized cybercriminals, security experts said during a panel discussion at the RSA Conference.
The biggest challenge for law enforcement is trying to work with domestic companies victimized by breaches, said Kimberly Kiefer Peretti, senior counsel with the Department of Justice's Computer Crime Section.
John Woods, a partner focused on internal investigations at Hunton & Williams LLP, a Washington, D.C.-based firm, said giving information to law enforcement hasn't hurt his clients and has actually helped to reduce their exposure and protect their brand. The information sharing also helped to catch the criminals more quickly, he added.
Panelists said criminals are increasingly adept at breaking into companies, rooting around for valuable data in corporate networks unnoticed for months and even years, and monetizing the data in a very organized fashion.
Peretti discussed the indictment of Albert Gonzalez, a Miami-based hacker who pleaded guilty late last year to orchestrating a series of attacks on multiple companies. In some cases, the victim companies called her office; in others, her office contacted the victims. "In every case where we had a successful prosecution, it was due to close collaboration with the victim," she said.
Gonzalez and his co-conspirators infiltrated corporate networks with malware that wasn't detected by antivirus, allowing them to remain undetected for two years, she said. "The thing that was difficult was [the cybercriminals] had unlimited time to do network reconnaissance … and look for stored data or data in transit."
Cybercriminals committing financial crimes are also motivated by "ego, challenge and greed," Peretti said.
Some online criminals may not even be interested in money, she added, but they often have formed strong bonds with friends they made as teenage hackers and continue to work with them. Investigators see their online chats where they talk about recreational drugs, dating and discos. "Not the most mature criminal mindset," she said.
Still, cybercriminals are very organized with separate teams to carry out different parts of an attack, panelists said. Also, Woods said there are nation states trying to steal intellectual property and other sensitive data from U.S. businesses.
"The attacks to steal credit cards are significant, but the real threat is to intellectual property," said David Burg, principal at Greensboro, N.C.-based PricewaterhouseCoopers.
"If we do better information sharing, we can do a better job of understanding the threat," Burg said.