The FBI is working hard to track down cybercriminals, but the bureau needs help from the private sector, FBI Director Robert Mueller told attendees Thursday at the RSA Conference in San Francisco.
Mueller said the National Cyber Investigative Joint Task Force, which has 17 law enforcement and intelligence agencies, aims to "predict and prevent what is on the horizon." The task force has separate teams focused on specific threats, including one that investigates botnets.
"We are reverse-engineering those botnets with an eye toward disrupting them," he said, citing this week's takedown of the Mariposa botnet, malware which infected an estimated 12.7 million computers in more than 190 countries, as an example of the group's work and the need for global cooperation.
The FBI has more than 60 offices around the world and special agents embedded with police in Romania and elsewhere, he said. Last fall, agents worked with Egyptian authorities to dismantle an intrusion and money-laundering scam. The FBI also worked with other international partners to dismantle DarkMarket, an online market of stolen financial data, he said.
Mueller also referred to the investigation of a major breach of a financial firm -- presumably RBS WorldPay -- in which the attackers broke through an encrypted system to steal account numbers and PIN codes. The crime ring created fake ATM cards, recruited money mules around the world and in 24 hours stole more than $9 million from thousands of ATMs.
He called the attack "revolutionary," but said that the victim company greatly helped the investigation by coming forward. The FBI dispatched mobile "cyberaction teams" and worked closely with their counterparts overseas to investigate and ultimately apprehend the top three hackers behind the attack, Mueller said.
"If this company had not come forward, we would not have been able to stop these individuals from hitting the next victim," Mueller said.
"We do not want you to feel victimized a second time by an investigation," he said, adding that the FBI will minimize disruption to a business during an investigation, work to maintain business confidentiality, and share attack information as soon as possible.
"No one country, company, or agency can stop cybercrime ... we must find those responsible. The only way to do that is by standing together," Mueller said.
After Mueller's speech, one conference attendee making his exit said that he was disappointed the FBI director didn't mention the role of InfraGard, which is an information-sharing partnership between the FBI and the private sector. "We're supposed to be the eyes and the ears [of the FBI]," said the attendee, who is involved in a local InfraGard chapter.