Early last year, hackers were discovered embedding malicious software in two million computers, opening a virtual door for criminals to rifle through users’ valuable personal and financial information. Last fall, an overseas crime ring was shut down after infecting four million computers, including half a million in the U.S. In recent months, some of the biggest companies and organizations in the U.S. have been working overtime to fend off continuous intrusion attacks aimed at their networks.
The scope and enormity of the threat—not just to private industry but also to the country’s heavily networked critical infrastructure—was spelled out last month in Director Robert S. Mueller’s testimony to a Senate homeland security panel: “Computer intrusions and network attacks are the greatest cyber threat to our national security.”
To that end, the FBI over the past year has put in place an initiative to uncover and investigate web-based intrusion attacks and develop a cadre of specially trained computer scientists able to extract hackers’ digital signatures from mountains of malicious code. Agents are cultivating cyber-oriented relationships with the technical leads at financial, business, transportation, and other critical infrastructures on their beats.
Today, investigators in the field can send their findings to specialists in the FBI Cyber Division’s Cyber Watch command at Headquarters, who can look for patterns or similarities in cases. The 24/7 post also shares the information with partner intelligence and law enforcement agencies—like the Departments of Defense and Homeland Security and the National Security Agency—on the FBI-led National Cyber Investigative Joint Task Force.
A key aim of the Next Generation Cyber Initiative has been to expand our ability to quickly define “the attribution piece” of a cyber attack to help determine an appropriate response, said Richard McFeely, executive assistant director of the Bureau’s Criminal, Cyber, Response, and Services Branch. “The attribution piece is: who is conducting the attack or the exploitation and what is their motive,” McFeely explained. “In order to get to that, we’ve got to do all the necessary analysis to determine who is at the other end of the keyboard perpetrating these actions.”
The Cyber Division’s main focus now is on cyber intrusions, working closely with the Bureau’s Counterterrorism and Counterintelligence Divisions.
Special Agent Richard McFeely
“We are obviously concerned with terrorists using the Internet to conduct these types of attacks,” McFeely said. “As the lead domestic intelligence agency within the United States, it’s our job to make sure that businesses’ and the nation’s secrets don’t fall into the hands of adversaries.”
In the Coreflood case in early 2011, hackers enlisted a botnet—a network of infected computers—to do their dirty work. McFeely urged everyone connected to the Internet to be vigilant against computer viruses and malicious code, lest they become victims or unwitting pawns in a hacker or web-savvy terrorist’s malevolent scheme.
“It’s important that everybody understands that if you have a computer that is outward-facing—that it’s connected to the web—that your computer is at some point going to be under attack,” he said. “You need to be aware of the threat and you need to take it seriously.”