“We’re going to take our lessons learned from terrorism and apply them to cyber,” Mueller said during a Thursday keynote at RSA Conference 2012. “Our agents specializing in cyber will have the highest skill sets.”
Mueller referenced the work of the National Cyber Investigative Task Force and recent successes it has had in shutting down the CoreFlood botnet, responsible for $100M in fraud, and Operation GhostClick, which took down a $14M click fraud operation. He said the task force will soon have more resources and capabilities, including a structure where its agents will work in a virtual environment to counter the latest threats to financial institutions, manufacturers and the defense industrial base.
“The end result of these developments is that we are losing data, losing money, ideas and innovation. And as citizens, we’re increasingly vulnerable to losing our personal information,” Mueller said. “We must find a way to stop the bleeding.”
Mueller, who was U.S. Attorney for the Northern District of California from 1998-2001, has seen cybercrime evolve from the denial-of-service (DoS) attacks perpetrated by Mafiaboy in 2000 to the rampant loss of payment data and intellectual property today.
“When we caught Mafiaboy, the 15-year-old was at a sleepover, eating junk food and watching Goodfellas. Those seem like the good ol’ days,” Mueller said. “Today terrorists use the Internet as a recruiting tool, a money maker and a town square. We’ve also seen the rise of hacktivists, organized crime syndicates, hostile nation states and mercenaries willing to hack for the right price. It’s imperative we work together to protect our intellectual property, critical infrastructure and economy.”
Mueller repeated a familiar refrain from his previous talks at RSA – he was last here in 2010 – calling for improved information sharing between the public and private sector.
“Real-time information sharing is essential and it must be shared with the private sector. You must have the means and motivation to work with us,” he said. “The need for a collective approach, true collaboration and timely information sharing has never been more pressing.”
The bureau is embedded worldwide; Mueller said there are 63 legal attaché offices globally sharing information and coordinating investigations into cybersecurity threats such as Operation Ghost Click, which was executed in Estonia, as well as New York and Chicago. And China continues to be a spectre against U.S. interest; the Chinese are habitually implicated in espionage (.pdf) schemes carried out online, such as those against RSA SecurID and the Operation Aurora attacks.
“Hostile foreign nations seek our intellectual property and trade secrets for military and competitive advantage,” Mueller said. “State-sponsored hackers are patient, calculating and have the time, money and resources to burrow in and wait.”
Mueller said systems must be designed with some offensive capabilities, which would include the ability to trace attacks.
“We cannot minimize vulnerabilities and deal with the consequences,” he said. “Systems have to be designed to catch threat actors, not just withstand them.”
View all of our RSA 2012 Conference coverage.