FBI targets rise in cybercrime from U.S. and abroad

WASHINGTON--The threat of cybersecurity attacks are on the rise from organized crime, terrorists, and foreign governments, an FBI official warned on Wednesday.

There are a "couple dozen" countries interested in breaching U.S. networks, said Shawn Henry, assistant director of the FBI cyber division, though he declined to list any specific countries.

The attempted attacks on U.S. networks are "increasingly sophisticated" and "the amount of information that has been stolen is significant," Henry said.

In particular, the use of botnets continues to increase, he said, while companies have lost tens of millions of dollars from "pump and dump" schemes in which criminals buy and sell stocks with other people's account information harvested online.

"A lot of the financial loss we see (due to) organized (crime) has increased because of the greater sense of money to be made, the awareness of the access to a greater rewards," Henry said.

There is also the perception that the prosecutorial risks for cybercrime are relatively minimal, he said.

Just five years ago, "in terms of judicial action, this was seen to be almost juvenile and more disruptive" than as a serious problem, Henry said. However, he said judges, law enforcement, and Congress have all come to recognize cybersecurity as a priority in recent years.

President Bush in January established the Comprehensive National Cyber Security Initiative, of which the Homeland Security Department has taken the lead, though it is up to the FBI to investigate any discovered cyberattacks.

The DHS has received a good deal of criticism for its leadership--or lack thereof--over cybersecurity matters, but Henry said his experience with the DHS has been positive so far.

Henry said the FBI has made significant progress in the past couple of years developing partnerships with foreign law enforcement to crack down on cybercrime, including partnerships with the U.K., Turkey, Russia, Canada, and Romania. The FBI made more than 90 arrests this year, Henry said, after stationing cybersecurity agents in Romania to crack down on cybercrime against financial institutions and retail networks.

"We've been able to convey that we're in a global economy and more often than not there's a victim in their country as well," he said.

The FBI was recently revealed to be operating an online forum called DarkMarket, as part of a sting operation against criminals buying and selling stolen identities and credit card information online.

Henry said infiltrations and electronic surveillance of illegal activity are preferred over taking reactive action against cybercrime because it creates the "opportunity to ultimately dismantle the organization" at fault.

[n3td3v]

metasploit may also be a sting operation, they don't have a privacy policy on their web site.

http://metasploit.com/

[Lerianis]

Nah, Metasploit is legit. It's run by some of the biggest names in the security community.

[Harrison912]

Thanks, Stephanie, for bringing this to our attention. As a web site owner of safety and security products, I try to stay on top of the latest security issues. I enjoy helping catch the bad guys!