FBI Director:Information Sharing Is Key to Battling Cyber-Crime

The FBI cannot fight cyber-crime on its own. The private sector has to work hand-in-hand with law enforcement, said FBI Director Robert Mueller at the 2012 RSA Conference.

SAN FRANCISCO €” The United States is taking the lessons it has learned from combating global terrorism and is starting to apply those to fighting cyber-crime, as well as a cyber-spying, said FBI Director Robert Mueller, who spoke at the 2012 RSA Conference. The key to all of this, Mueller added, is cooperation.

The private and public sectors need to work together to share information on the latest threats and defensive strategies, said Mueller during his March 1 keynote speech. Unless there is cooperation between government and business, cyber-criminals will continue stealing money and cyber-spies will continue walking away with "ideas and innovation," he said.

Terrorists have not yet used the Internet to launch a cyber-attack against the United States, but the FBI is not ruling out the possibility that they will someday.

"In the not too distant future, we anticipate that the cyber-threat will pose the No. 1 threat to our country," said Mueller.

Society has become increasingly reliant upon the electronic networks and devices that offer easy communication and access to data, and run everything from power lines to modes of transportation. If the systems society depends on are removed, the result would be chaos and anarchy, Mueller said.

"We can't turn back the clock," said Mueller. However, he quickly added that no one wants to stop innovation and progress when it comes to creating new technologies.

Instead, information about threats and ways to combat them needs to be shared. The FBI is planning some changes to how agents operate and will also work for changes within the government. All FBI special agents are receiving cyber-training, and specialists in the area will receive the best possible training, Mueller promised. Investigators will be able to compare notes and follow up on cases with each other in virtual meeting rooms, said Mueller.

The changes in how the agents are being trained are similar to how the FBI revamped itself after the Sept. 11, 2001, attacks to develop anti-terrorism skills. Each of the 56 field offices around the country now has a dedicated cyber-security squad, and there are 1,000 agents and analysts focused on cyber-threats.

The FBI sees three major groups as threats: organized crime, terrorists and state-sponsored cyber-espionage.

Information sharing is not just about the federal government sharing the latest threat information with organizations. Mueller would also like a standard national breach law that would require organizations to report all serious cyber-incidents to law enforcement. Businesses often investigate and mitigate breaches internally to avoid exposure or brand damage. Being compromised is increasingly becoming inevitable, and many businesses are being repeatedly attacked.

"Maintaining a code of silence will not serve us in the long run," said Mueller.

While the bulk of Mueller's speech painted a grim picture of the state of security in the country, he did highlight some of the successes the agency had in the past year. The FBI shut down the Coreflood botnet and made arrangements to clean up infected systems. The agency also arrested the group that masterminded the DNSChanger malware, which redirected users to malicious Websites by mucking with the computer's Domain Name System settings.

The FBI estimated DNSChanger had infected more than 4 million Microsoft Windows PCs and Apple Macs worldwide. About 1 million of those machines were based in the United States. After the arrests in November, a court order allowed the Internet Systems Consortium to set up servers that replaced the malicious remote control servers and continued communicating with the infected machines. The idea was to give the computer owners time to remove the malware without losing access to the Internet. The servers are slated to be shut down March 8, which may potentially cut off the 400,000 still infected machines from the net.

Law-enforcement authorities have filed a request with a New York federal court asking for an extension and keeping the servers operational until July 9. Mueller did not make any mention of what would happen with DNSChanger in his speech.