In October 2007, in the middle of the World Series, the Colorado Rockies suffered a denial of service attack—minutes after tickets went on sale for games against the Boston Red Sox. Fans were unable to buy tickets. This case highlights our dependence on technology and the seriousness of cyber threats to our national security and what the Federal Bureau of Investigation (FBI) is doing to meet them.
Cyber criminals seek to harm our economy, infrastructure, and way of life. We cannot give them free reign to do so. Our success rests upon partnerships with other law enforcement agencies and with partners in academia and the private sector.
The fog of cyberspace
The Internet, much like Carl Sandburg's fog—in the poem of the same
name—came into our lives on cat feet…unannounced, too subtle to be
noticed at first, and then, seemingly overnight, impossible to ignore.
But unlike Sandburg's fog, the fog of cyberspace is by no means silent.
I recently watched a YouTube video about the impact of the Internet. According to this video, "Did You Know," the average 21-year-old has sent and received more than 250,000 emails and instant messages. More than 70 percent of 4-year-olds in the United States have used a computer. And Internet users query Google nearly 3 billion times each month.
The Internet has changed the way we communicate, learn, and work and become the primary means by which we conduct business, store data, and connect systems—from air-traffic control to power grids. But that widespread use has left us vulnerable to attack.
Cyber blockade
Not only is the Internet the means by which attacks may be planned and
executed, it is a target itself. In April 2007, Estonia suffered a
"cyber blockade." Wave after wave of data requests from computers
around the world shut down banks, stores, newspapers, and TV
stations—even the prime minister's office.
Though the source of this attack has not been confirmed, the effect was real, and left us aware of the risk we face. And computer intrusions are becoming more common. Studies show computers in the United States are attacked at a rate 10 times that of other countries.
The Internet has become the means by which we store data and connect systems — from air-traffic control to power grids. But that widespread use has left us vulnerable to attack.
Today, botnets—so-called "robot networks" of hacker-controlled computers—are the weapon of choice. Botnets are the Swiss Army knives of cyber crime. You name it, they do it—from attacking networks, sending spam, and collecting data to infecting computers and injecting spyware.
Botnets do not require highly technical skills, yet their security implications are broad. A botnet could shut down a power grid, flood an emergency call center with millions of spam, or disable a military post. Odds are your computers may be part of a botnet.
‘Invisible man’ in the room
Espionage once pitted spy vs. spy. Today, adversaries sit on
fiber-optic and WiFi networks—undetected. Hackers use sophisticated
techniques to steal intelligence, research, and communications data.
They are difficult to identify and track because they move in and out
of systems at will. Our cyber team describes it as having an “invisible
man” in the room, standing over your shoulder, seeing and hearing
everything, watching every word you type. And you may never know he is
there, whom he represents, or how much damage he has done.
We are concerned not only with loss of data, but also with corruption of data—from false information to altered code. Such manipulation can cause devices to fail and networks to freeze. It can alter environments in labs and shut down nuclear power stations.
There are also those who seek to block access to our own information. If we lose the Internet, we do not simply lose email or Web surfing. We lose access to our data. We lose our connectivity. We lose our intellectual property. We lose our security. What happens when the invisible man locks us out of our own information?
On the economic front, hackers are stealing vast amounts of information. Cyber thieves target data at the research and development stage before it becomes classified, when it is easier to access. The threat is not limited to outside hackers. Insiders present a significant problem.
Contractors may take appropriate security measures. But what about those with whom they subcontract? And what of those who may take advantage of open access to research facilities on college campuses?
Underscoring the threat
One case underscores this threat. In November 2001, a man named Li Sun
told FBI agents in Palo Alto, Calif., that he believed his business
partners had stolen trade secrets from their previous employers. One
week later, his partners, Fei Ye and Ming Zhong, were arrested at the
San Francisco airport, moments before they would have boarded a flight
for Shanghai. From their possession, FBI officials seized thousands of
proprietary documents and electronic media from two major semiconductor
companies.
In the following months, investigators examined several hard drives. They reviewed nearly 9,000 pages from companies including Sun Microsystems and NEC. They searched more than 25,000 pages of emails.
These two had planned to start a semiconductor company using this information. They had received more than $2 million in funding. In December 2006, these two pled guilty to economic espionage. Each faces up to 30 years in prison.
Meshing tech expertise with investigative experience
These threats paint a troubling picture, but one that the FBI must
confront. The FBI has the authority to handle these threats from start
to finish. We have 56 cyber squads of agents, analysts, and computer
experts that mesh tech expertise with investigative experience.
Agents and IT specialists in our computer labs examine digital evidence from email and cell phone data to hard drives. They run undercover operations to catch hackers. They investigate threats to companies and consumers. And they teach their counterparts how to work cyber investigations.
Our capabilities are strong, but they rely on partnerships with other agencies, industry, and academia. Together, we continue to break ground in the investigation and prosecution of cyber criminals.
But we cannot limit our operations to the United States. Increasingly, cyber threats originate outside our borders. And as more people gain access to technology, new dangers will surface. For this reason, global cooperation is vital.
Pursuing cyber criminals around the world
We have 60 offices around the world. We are working with partners in
Russia, Poland, Hungary, and other places to investigate cyber threats.
For example, in 2005, FBI agents worked to find those responsible for
creating the Mytob and Zotob worms. Together with partners overseas,
FBI agents arrested the originators in Turkey and Morocco just weeks
after the attack.
And we must continue to work with the private sector and the academic community. In June 2007, we initiated Operation Bot Roast. Together with the CERT Coordination Center at Carnegie Mellon, private companies, and Internet service providers, we identified more than 1 million infected computers and shut down several bot-herders.
Collaboration begins at the FBI Cyber Fusion Center—a hub with spokes that range from federal agencies, software companies, and ISPs to merchants and the financial sector. Experts from companies such as Bank of America and Target sit with the FBI, the Federal Trade Commission, and others, sharing information. We have a neutral space where cyber experts, who might not otherwise collaborate, can talk about cyber threats and security breaches.
The FBI InfraGard program is a localized example of our private-sector partnerships. Members from a host of industries—from computer security to the chemical sector—share information about threats to their companies. There are nearly 21,000 members of InfraGard, from Fortune 500 companies to small businesses. That amounts to 21,000 partners to protect America.
Enemies at the gates
In the Roman Empire, roads radiated out from the capital city, spanning
more than 52,000 miles. The Romans built these roads to access the
areas they had conquered. These roads led to Rome's downfall, for they
allowed invaders to march up to the city gates. The Internet has opened
up thousands of roads for us—new ideas and information, new sights and
sounds, new people and places. But the invaders—those whose intent is
not enlightenment, but exploitation—are marching down those roads to
attack us.
The enemies are at the gates. We must rely on our agility, resourcefulness, and resolve to stop them, together. We stand a greater chance of staying safe if we stand together. We must continue to safeguard our systems and data. We must continue to share intelligence. Most importantly, we must stay connected.
Based on: Penn State Forum Speaker Series, Robert S. Mueller, III, United States Federal Bureau of Investigation, State College, Penn., United States, Nov. 6, 2007.