FBI as cyber crime sleuth: Is it any match for computer bad guys?
The FBI's evolution into a cyber-crime-fighting agency, a decade in the works, has made the bureau 'one of the best in the world' at cracking computer crime. Cyber threats are poised to rival terrorism as the primary danger to US, says FBI's director.
FBI Director James Comey testifies before the Senate Homeland Security Committee on Capitol Hill in Washington in this file photo. He has concerns over new Apple and Google cellphones.
Yuri Gripas/Reuters/File
The Federal Bureau of Investigation, which after 9/11 shifted focus almost overnight from fighting organized crime to combating terrorism, is scrambling to again remake itself to be positioned to counter a rising threat: cyber attackers.
Its evolution into a cybercrime-fighting agency isn't as sudden or as dramatic, but over time the change will be just as profound, experts say. Indeed, the transformation is already well under way, with聽1,000 cyber specialists 鈥 specially trained agents, analysts, and digital forensic examiners who run complex undercover operations and gather digital evidence 鈥 deployed to all 56 of the FBI鈥檚 field offices nationwide.
The urgency of the shift was underscored last week by FBI Director James Comey, who told a congressional committee that聽cyber threats are expected soon to rival terrorism as the primary danger facing the United States.
鈥淲e anticipate that in the future, resources devoted to cyber-based threats will equal or even eclipse the resources devoted to non-cyber-based terrorist threats,鈥 Mr. Comey said at a Senate Homeland Security Committee hearing, echoing comments by his predecessor, Robert Mueller.
The FBI launched its New York-based Cyber Division in 2002.聽Since then, its investigations into "computer intrusions" 鈥 break-ins by hackers (state-sponsored, criminal, or individuals) to exploit vulnerabilities in US-based computer networks and software 鈥撀爃ave jumped 84 percent.
鈥淲hen I first got in, there wasn鈥檛 even a cyber program, and now it鈥檚 a full division, which is pretty amazing,鈥 says a former FBI cyber investigator who spent more than a decade with the bureau, who asked for anonymity because he still works with law enforcement. 鈥淏ut really, Comey is right. There鈥檚 now so much going on in cyber that it is going to overtake terrorism and counterintelligence work. I don鈥檛 think we鈥檙e seeing a shift as massive as the one right after 9/11 from organized crime to terrorism. Terrorism is still going to be very much on everyone鈥檚 mind. But now it鈥檚 cyberterrorism.鈥
Among the FBI's adversaries are cyberspies from nations trying to obtain US intellectual property; organized crime gangs stealing people's identities, credit-card data, and money; and terrorists aspiring to attack the US power grid, water supply, and other critical infrastructure. Hacktivist groups trying to make a political statement by wrecking websites or hacking company networks also qualify.
The bureau also leads the National Cyber Investigative Joint Tax Force, a group of 19 intelligence, military, and law-enforcement agencies that share information to target current threats and prevent future attacks. The FBI鈥檚 Next Generation Cyber Initiative, launched last year, will focus on penetrating the bad guys' computers and networks, as opposed to primarily identifying and dismantling cybercriminal operations.聽
Though the FBI cyber capability has been building for a decade, experts say the bureau has only in recent years hit its stride as a world-class cyber investigative agency that poses a serious threat to cyber bad guys.
鈥淭hey weren鈥檛 that good to begin with, and I was pretty critical of them,鈥 says James Lewis, a cyber conflict expert at the Center for Strategic and International Studies (CSIS) in Washington. 鈥淭oday, I think the FBI is one of the best in the world in investigating cybercrime. They鈥檝e really improved in just the last five to six years.鈥
Beside developing strong in-house cyber capabilities, he says, the bureau also has a close partnership with the National Security Agency 鈥 something that did not exist before 9/11 regarding information-sharing on threats and investigations.
鈥淚t鈥檚 been a natural progression for the FBI to move into this field,鈥 says Shawn Henry, president of CrowdStrike Services, who recently retired as FBI executive assistant director responsible for cyber programs and investigations worldwide.
鈥淐yber is really a tool being used by more people to commit their criminal activity, their espionage, and their attacks,鈥 he says. 鈥淚t鈥檚 a technology that makes them able to do a lot more damage in a much broader way. At the same time, we鈥檙e seeing more and more companies using technology, pushing everything they own to the network 鈥 their corporate strategy, intellectual property. The value of the information there is really immeasurable 鈥 and the adversaries know it.鈥
As for terrorists, they 鈥渢rying to disrupt the power grid, trying to have same impact on the Western world as they did on 9/11, wanting to wreak havoc and calling for electronic jihad,鈥 Mr. Henry notes.聽Although terrorists' own cyber skills have not been shown to be terribly sophisticated, 鈥渢he reality of it is that this capability can be purchased, it can be rented,鈥 he says. 鈥淵ou can go to an underground chat room and find someone willing to sell their skills.鈥
Recent successes show the bureau is gaining some ground on cybercriminals, he and others say. In 2011, for instance, the FBI took down Rove Digital, a company founded by a ring of Estonian and Russian hackers to commit massive fraud over the Internet. By infecting more than 4 million computers in at least 100 countries with malware that secretly altered those computers' settings, the Rove hackers were able to digitally hijack Internet searches, rerouting those computers to certain websites and ads. The company received fees when users clicked on those websites or ads 鈥 some $14 million in fraudulent income, the FBI reported.
Botnets are networks of thousands, even millions, of personal computers enslaved by malicious software and used for criminal purposes such as distributed denial of service (DDoS) attacks. Such attacks can damage online businesses by clogging access to their websites and other key online services.
From October 2012 to March 2013, the FBI and the Department of Homeland Security gave to law-enforcement partners in 129 countries almost 130,000 computer addresses that had been infected with DDoS malware. Such action has helped to curb the effectiveness of botnet DDoS attacks, former FBI chief Mueller testified in March.
In September, the FBI announced that it and other federal agencies had taken down the underground Silk Road website, which had been a global online marketplace for drug trafficking and money laundering, producing millions in dirty profits, the bureau reported.
A decade ago, investigations that led the FBI to a foreign country usually meant that's as far as those probes could go. Since then, the bureau has placed cyberspecialists in key nations 鈥撀爄ncluding Estonia, Ukraine, the Netherlands, Romania, and Latvia聽鈥 to facilitate investigation of cybercrimes against the US.聽
But the pursuit of cybercriminals abroad is still problematic. 鈥淭he problem is that they can only enforce the law in places that agree to enforce the law,鈥 ays the CSIS's Mr. Lewis. 鈥淚f you鈥檙e in the US, they鈥檒l catch you. In Russia and China, they don鈥檛 have a chance. What they need is for the Russians to cooperate 鈥 and the Russians won鈥檛 do that.鈥
The cyber ramp-up that the FBI's Comey says is coming makes sense, say many analysts. Just as bank robber Willie Sutton was reputed to say he robbed banks 鈥渂ecause that鈥檚 where the money is,鈥 so, too, the FBI must follow criminals into their cyber lairs.
鈥淭o a large degree, the FBI is simply doing what it has to do 鈥 because criminal activity is merging with cyber activity,鈥 says the former FBI cyber investigator. 鈥淎ll these criminals are shifting gears and going cyber 鈥 so the bureau has to do that that, too.鈥