Companies still not reporting attacks, FBI director says

By Marcia Savage, Features Editor 15 Feb 2006 | SearchSecurity.com

Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

Fighting cybercrime requires cooperation between law enforcement and private industry, FBI Director Robert Mueller told attendees at the RSA Conference Wednesday. "Together we must work to stop these attacks," he said at a town hall meeting sponsored by the Business Software Alliance.

Most companies that experience network intrusions don't report the incidents to law enforcement out of privacy and other concerns, Mueller said. He urged the audience of infosecurity professionals attending the RSA Security Conference to share cybercrime data, promising that his agency will take steps to ensure their privacy.

"We certainly do not want you to feel victimized a second time by our investigation… We won't release confidential data. We'll take steps to protect intellectual property," he said. Mueller added that "maintaining a code of silence" won't benefit a company in the long-run.

"No person, no agency, no company, no country can prevent crime and terrorism alone….While challenges are growing each day, together we won't be defeated," he said.

The FBI has had success in investigating cybercrimes with help from the private sector, Mueller said. Among the cases he cited included collaborating with Microsoft and officials overseas to track down the suspects involved with the Mytob and Zotob worms. The agency also worked with the Red Cross, eBay and others to investigate fraudulent Web sites that exploited the Hurricane Katrina disaster.

"We are sharing information and working with our domestic and international partners in law enforcement… Yet there is much more work to be done."

We'll never have all the resources in house that we need, so we rely on you. You'll see the threats before we do. Steven Martinez deputy asst. director, FBI Cyber Division

Other top law enforcement officials echoed Mueller's remarks in a panel discussion held after his keynote.

"The most important people in fighting cybercrime are those of you here today," said Arif Alikhan, senior counsel at the U.S. Department of Justice, where he oversees the Computer Hacking and Intellectual Property Program. "You are the victims… and have the evidence and expertise…Without your help, we cannot do our jobs."

Steven Martinez, deputy assistant director for the FBI's cyber division, said the agency's partnerships with the academic community and private sector are key.

"We'll never have all the resources in house that we need, so we rely on you. You'll see the threats before we do," he said, encouraging attendees to share cybercrime information and promising that the agency will handle it discreetly.

Also on the panel was Danny de Temmerman, European Commission administrator and member of the G8 Subgroup on High-Tech Crime, who said there has been an increased amount of law enforcement attention on cybercrime in Europe over the past 18 months. "We all face the same problem," he said.

Cybercriminals are much more sophisticated and organized today, Alikhan said. It's no longer a case of just one script kiddie out for malicious purposes but rather groups of people "going after the money," he added.

"We're seeing a convergence of the hacker community and cyber fraudsters," Martinez said. "It's all come together and it's all for profit."

Due to the international aspects of cybercrime, the FBI has become more experienced working in countries it had not previously, such as Estonia and Romania, he added.

During a brief question and answer period after the panel, Todd Davis, CEO of security supplier LifeLock, told officials that his company has tracked down cybercrime culprits but can't find law enforcement officials to take the cases.

"We have proof of who did it," he said. "We can't find anyone to take the onus [of the case]…Who do we go to?" Alikhan responded that federal officials try to take cases that will have the maximum deterrent effect. He advised David to contact local police and to continue reporting incidents.

Tags: Security Awareness Training and Internal Threats,  Hacker Tools and Techniques: Underground Sites and Hacking Groups,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Security Awareness Training and Internal Threats Health Net breach failure of security policy, technology Health Net healthcare data breach affects1.5 million Massive T-Mobile UK security breach involves insiders Secure your remote users in 2010 Layoffs prompt insider threat fears, cybersecurity survey finds How to use Internet security threat reports Creating a HIPAA employee training program Successful rogue antivirus hinges on social engineering External attacks start with unintentional mistakes, survey finds Security technologies fail to address insider threat management Hacker Tools and Techniques: Underground Sites and Hacking Groups Russian cybercriminals target H1N1 Swine Flu fears Metasploit Project acquisition ups ante for penetration testing market Successful rogue antivirus hinges on social engineering DEFCON survey suggests hacker community on vacation DoD urges less network anonymity, more PKI use New hacker skills optimize revenue Maturing cybercriminal economy buoyed by business savvy hackers Juniper pulls ATM hacking presentation from Black Hat Botnet platform helps cybercriminals bid for zombie PCs Man pleads guilty in online banking hacking scam

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary dumpster diving  (SearchSecurity.com) Honeynet Project  (SearchSecurity.com) insider threat  (SearchSecurity.com) National Computer Security Center  (SearchSecurity.com) pretexting  (SearchCIO.com) shoulder surfing  (SearchSecurity.com) single-factor authentication (SFA)  (SearchSecurity.com) social engineering  (SearchSecurity.com) Total Information Awareness  (SearchSecurity.com) trusted computing  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary