[Infowarrior] - An introduction to the FBI's anti-cyber crime network

[Richard Forno]

An introduction to the FBI's anti-cyber crime network
The FBI explained how its anti-cyber crime task force works at a  
Congressional hearing this week, and outlined the Bureau's latest  
accomplishments, which include catching the masterminds of a  
coordinated raid on over 1,000 ATM machines. But nobody thinks the  
United States is prepared to stop a really bad attack through  
cyberspace on our financial or physical networks.

By Matthew Lasar | Last updated November 19, 200

http://arstechnica.com/web/news/2009/11/an-introduction-to-the-fbis-anti-cybercrime-network.ars?utm_source=rss&utm_medium=rss&utm_campaign=rss

The Federal Bureau of Investigation told Congress this week that when  
it comes to cyber crime, terrorist groups like Al Qaeda aren't the  
sharpest pencils in the cup, but they're not out of the game either.  
"It is always worth remaining mindful that terrorists do not require  
long term, persistent network access to accomplish some or all of  
their goals," Steven R. Chabinsky, one of the Bureau's Cyber Division  
directors, explained to a Senate Judiciary Subcommittee. "Rather, a  
compelling act of terror in cyberspace could take advantage of a  
limited window of opportunity to access and then destroy portions of  
our networked infrastructure."
And there are lots of such windows, Chabinsky added, since, "we, as a  
nation, continue to deploy new technologies without having in place  
sufficient hardware or software assurance schemes, or sufficient  
security processes that extend through the entire lifecycle of our  
networks."

Thus the FBI has set up its own network to respond to whatever comes  
down the pike. Time will tell, and probably soon, how effective it is,  
but Chabinsky laid it out all the parts at the hearing. They include a  
division within the bureau, an inter-federal task force, an alliance  
with state, local, and industry enforcers, and a consumer complaint  
center.

Big news
Before unpacking these components, it should be noted that cyber crime  
is big news these days, with top officials repeatedly warning that the  
United States is not prepared for a major attack through the net on  
its financial or physical structures. "The architecture of the  
Nation’s digital infrastructure, based largely upon the Internet, is  
not secure or resilient," the White House concluded in its recent  
Cyberspace Policy Review.

Millions of Americans got a sense of the global situation on a recent  
60 Minutes feature, which noted that a cyber attack probably took out  
the power in several cities in Brazil between 2005 and 2007. Then they  
learned about our "electronic Pearl Harbor," described by Jim Lewis of  
the Center for Strategic and International Studies:

"Some unknown foreign power, and honestly, we don't know who it is,"  
Lewis explained to 60 Minutes' Steve Kroft, "broke into the Department  
of Defense, to the Department of State, the Department of Commerce,  
probably the Department of Energy, probably NASA. They broke into all  
of the high tech agencies, all of the military agencies, and  
downloaded terabytes of information." And last November some sleuths,  
possibly just by leaving thumbnail drives around, managed to get into  
the U.S. Central Command network (CENTCOM). Thumbnail drives are now  
banned from use at the agency.

That is why the White House cyberspace assessment concluded that the  
Federal government "is not organized to address this growing problem  
effectively now or in the future." And that's why we're seeing Capitol  
Hill hearings on the extant structure and how to improve it. Here's  
how the FBI is fitted to deal with the problem at this point.

Phish fries
The FBI's first line of defense against cyber crime is its Cyber  
Division. It has about 2,000 special agents who have received some  
kind of instruction in this field, and another 1,000 with more  
advanced training.

The Cyber Division's most noted recent accomplishment was a raid  
completed in October dubbed "Operation Phish Fry." The 100 people  
caught in this sting are accused of stealing about $1.5 million from  
U.S. bank account holders via phony email solicitations—complete with  
links to bogus bank websites. About half the defendants are Egyptian  
citizens who sent out the phishing messages and broke into the bank  
accounts. The other half hail from Nevada, California, and North  
Carolina. They're accused of transferring the ill-gotten money to US  
bank accounts, then siphoning it out of the country.

What was significant about Phish Fry was that it involved an  
unprecedented partnership with Egyptian police. Catching up with these  
kind of assaults isn't easy. It took about a year for the Cyber  
Division to collar the Eastern European masterminds of a massive  
simultaneous heist of 2,100 ATMs in 280 cities in the US, Canada,  
Japan, the Ukraine, and Hong Kong. The Great ATM Robbery was quite an  
operation, which involved penetrating a credit/debit card processing  
company, identifying PIN numbers, then coordinating a global network  
of baddies who strolled over to ATMs and collectively helped  
themselves to $9 million in cash.

But the ultimate goal is stopping these virtual raiders before they  
strike. The FBI's Operation Dark Market seems to be the closest step  
towards that Holy Grail. The agency claims the so-named online network  
was a kind of exclusive stock exchange for crooks, where they bought  
and sold stolen financial data. Dark Market had 2,500 registered  
members. An FBI operative managed to talk his way into a job as a  
systems administrator for the cabal. The end result was 56 collars  
around the world.

Infragard
Then there's Infragard. Coordinated by the FBI, it's is a fellowship  
of federal, state, local, industry, and academic cybercrook catchers  
and watchers. Infragard has about 33,000 participants in almost 90  
cities around the country, and you can apply to become a member  
yourself. The point is to build an accessible community for the FBI to  
contact on any given cyber-crime problem, especially in the private  
sector, where IT managers and policy folk are understandably touchy  
about this stuff. "No governmental entity should be involved in  
monitoring private communications networks as part of a cybersecurity  
initiative," warned Gregory T. Nojeim of the Center for Democracy and  
Technology, speaking before that Senate hearing.

Mindful of these concerns, Infragard hangs out around the margins  
between government and the private sector, "to promote ongoing timely  
dialogue," in the FBI's own words. Its chapters work with FBI Field  
Offices in the same geographic area. Infragardians conference on the  
latest technology and hold hacking contests.

Here's the deal, as far as we can tell. You join Infraguard and become  
part of the FBI's information cohort. In exchange, you get the  
following cool stuff:

	• "Network with other companies that help maintain our national  
infrastructure. Quick Fact: 350 of our nation's Fortune 500 have a  
representative in InfraGard.
	• Gain access to an FBI secure communication network complete with  
VPN encrypted website, webmail, listservs, message boards and much more.
	• Learn time-sensitive, infrastructure related security information  
from government sources such as Department of Homeland Security and  
the FBI."
Needless to say, this makes people nervous. The Progressive magazine  
ran an exposé about Infragard in 2008 titled "The FBI Deputizes  
Business." The piece suggested that the organization may have given  
its members authority to "shoot to kill" in national emergencies. The  
FBI strongly denies this. "Patently false," FBI Cyber Division  
director Shawn Henry called the assertion. But it's likely that civil- 
liberties-minded observers will continue to squint at Infragard for  
the foreseeable future.

Complain complain complain
Then there's the Internet Crime Complaint Center, a collaboration  
between the FBI, the National White Collar Crime Center, and the  
Bureau of Justice Assistance (BJA). The point of IC3, as it's called,  
is to provide a place for victims of online theft to make complaints,  
a centralized system for the government to take them, and a means to  
learn what the bad guys are up to this week.

IC3 received almost 280,000 complaints last year and did something  
about over 70,000 of them. In many instances it referred them to state  
and local law enforcement agencies. IC3 also issues regular advisories  
on the latest mischief. These include alerts on the latest social  
networking fraud techniques, tips for SQL programmers on protecting  
their sites from hackers, and even warnings about e-mails pretending  
to be FBI warnings about Al Qaeda.

The FBI, it should be noted, is just one component of the National  
Cyber Investigative Joint Task Force, which it leads, and which  
consists of representatives from 19 government agencies that struggle  
with cyber crime. But it's unclear to what extent that coalition is  
going to have any obvious impact on the ground war against large scale  
roguery on the Internet. The spotlight will more likely continue to  
shine on the Bureau and Department of Justice's efforts in this regard— 
success measured by results to some, or judged by others by their  
impact on the nation's civil liberties.