Wife bans FBI head from online banking

Robert Mueller

(Credit: James Martin/CNET)

SAN FRANCISCO--No one is immune from cyberthreats, not even the head of the FBI.

FBI Director Robert Mueller was banned by his wife from doing online banking after he nearly fell for a phishing scam, he said on Wednesday during a talk at the Commonwealth Club of California.

He received an e-mail purporting to be from his bank that looked "perfectly legitimate" and which prompted him to verify some information. He started to follow the instructions but then realized that that "might not be such a good idea," he said.

"Just a few clicks away from falling into a classic Internet phishing scam," Mueller "barely caught himself in time" and admitted he "definitely should have known better."

He said he changed his passwords and tried to pass the incident off to his wife as a "teachable moment," but she was having none of it and told him, "It is our money. No more Internet banking for you!"

(He would have benefited from reading Larry Magid's tips for avoiding phishing scams.)

Earlier on Wednesday, the FBI in Los Angeles announced indictments of 100 people in the U.S. and Egypt, and the arrest of 33 people in California, Nevada, and North Carolina as part of "Operation Phish Phry"--the largest cybercrime investigation to date in the U.S.

Egyptian hackers are accused of targeting two U.S. financial institutions in phishing attacks and using the stolen bank account information to get unauthorized access to the accounts, coordinating with associates in the U.S. to transfer the money out of the accounts, the FBI alleges.

The U.S. defendants allegedly recruited "runners" to set up bank accounts where the funds from the compromised accounts could be transferred and withdrawn. There were hundreds or thousands of bank customer victims, the FBI estimated.

"It's the largest international phishing case ever conducted," Mueller said.

Many of the scams come from people in Eastern Europe, he said. To support investigations in Romania, the FBI has agents embedded in the police agencies there and managed to arrest more than 100 people in that country and in the U.S. in the last year, he said.

During a question-and-answer session, Mueller was asked how vulnerable the U.S. is to attacks on its critical infrastructure. The U.S. is "well ahead of just about any country (in) walling off access to outsiders to our most sensitive" systems, he said. Officials have seen instances of cyberattacks by terrorists, but "they have not yet been of the magnitude that would cause us substantial concern," Mueller said.

Meanwhile, terrorists are using things like Google Earth as tools in their mission, he said.

One audience member submitted a comment card that the fear of the FBI reading citizen e-mail was greater than the fear of teenage hackers. The FBI does not intercept communications without a court order of some kind, Mueller said. "I would worry about that teenage hacker more than you should worry about us," he added.

"I'm comfortable with the stances we've taken," on balancing civil liberties and national security, he said, adding that he supports the Patriot Act because it "broke down the walls between the intelligence community and law enforcement." He warned people against revealing too much of their lives online, on sites like Facebook.

The personal moments shared with friends as a youth may later "come back to haunt you" during a job search, he said, despite the use of passwords and the supposed anonymity of screen names. "To the extent that you are going to rely on that forever, it's very, very weak security," Mueller said.

"I do not have a Facebook profile," he later added.

Young hackers also shouldn't expect to parlay their computer skills into a legitimate career if they get arrested for breaking into systems and serve time, he warned.

"You hack, you get caught," he said. "You are going to jail... You are not going to get a good job afterward. You are going to be identified as a person who has broken the law."

Asked what keeps him awake at night, Mueller responded: "The threat of a weapon of mass destruction in the hands of a terrorist... One person with access to a biological or chemical agent can cause massive harm."

Related podcast: Symantec Internet safety adviser Marian Merritt discusses how to avoid being a phishing victim.

FBI Director Robert Mueller talks about how the agency fights cybercrime.

(Credit: James Martin/CNET News)

[cm999]

Teachable Moment? This is the head of the FBI! If he came that close to falling for a phishing scheme, I don't have much confidence in his ability to run the FBI.

Yikes!

[jshindl]

agreed! also, how does he explain kevin mitnick? Computer hacker turned security expert.

[Been_there_Saw_it_before]

I had a related experience several years ago.

Many articles published by the San Jose Mercury News said to never give your credit card number so someone who calls you. Then gues what the Mercury News does, they call me and ask for my credit card to renew my subscription. Go figure. I responded with a tongue lashing and then sent an email to their editor and business editor but never got an answer.

[myles taylor]

"I don't have much confidence in his ability to run the FBI. "

While it's easy to take this view, you have to realize being good at one thing doesn't make you vigilant and aware in all areas. Running the FBI is probably a lot of politics and administrative stuff which he may be very good at. I work in tech support but do really idiotic things medically sometimes that my doctor scolds me about. I still have to call tech support for help with my dish or verizon although usually it's something that needs to be fixed on their part. I get "smart" people who spent years in school and are great at their jobs asking me what to me seems like the stupidest questions. That doesn't mean they aren't good at their job.

[PeaceMaker101]

sorry to say. but im stil waiting for responses that my message got out. the main hacker that created this smartbot made it in my machines. i been fighting since aug of 2008 and it still runs untouched by anyone at full force to this day. i am still infecting 2 thousand machines an hour 24/7 that started in febuary. i wrote emails to a lot of people and still get no responses. i found info leading to my emails and calls being intercepted.
i wrote info on whats really going on at www.deepandcrazy.com
the conficter worms were decoys and the hackers succeeded in their evil plan to install an undetectable backdoor.

twitter is showing the strongest target by what their going through now of what i went through when it all started. it got where my DNS disconnects happened every 30 minutes for months on end. and my computers where very very laggy. they alter the Kernel/Bios and Firmware in hardware in your machines. the worm is cut in sections that keep each layer alive. besides Kernel/Bios/firmware of dvd/cd drive/ audio device ect., it also affect memory, hardrives, Burned CDs or DVDs, USB drives and Ports, Parsings and Bindings. and frequencys and phones..

i tried my hardest to not let it go outside my system, but no one came, and i was alone on this situation. and the only person i knew was infected was my own mother through a usb drive. i can give details to go deeper into the worm. example: the data the creates the worm is so spread out so avoid detection. i found sourcecodes in deleted files that showed the hacker looking for unused data throughout every system. when he breaks into servies, the dates change to eather year 2004 or 2 years prior to the current date. if anyone else got to see the incoming packets from sites controled by the worm, it may appear that they use random ports to connect to.
whats really going on is that the port numbers are commands that you can link using programs that show parsings and match them to the ports of incomings. each pieces of data of the worm has multiple uses.

when the worm starts off, it starts by using port 53 for dns lookup data. what ya dont know is i found 4 or 5 ways the hacker connects. one way is that port 53 always ends up with a ICMP packet that has data in it that consist of the hacker's IP that is scrambled. when i sent put up the info about the icmp consisting of the IP address of the hacker, i watched the source that he cant change yet that shows any attempts of alterations. he took out the source of his IP where the icmp packet returned Blank. it said ICMP type 3

when he did this, the worm could not find a specific IP that refered to a Yahoo IP.
i wrote it down and stored it. but there is a better way to get his IP address anytime..
i cant put it here due to the hacker watching me in the irc server room...
i need someones help to get this info out to the proper people that can use it that is way over due. it will definalty help microsoft. and i got info that will help you gain leads to the REAL hackers.
the worm has a psychological angle to it. it has many traps, and the fbi/wife/bank situation should be a warning to the others that want to point fingers at china or russia. any confusion or battles are another layer of camaflaugh redirecting you away from the hackers. by whats going on, i can assume that after i put fear in the hackers, they may given info on the worm to kid hacker wannabes so the hackers you catch may also be the victoms. the real hacker has gone to great lenghts to hide his identity. i have info that may lead to a name.

im hoping i get a respons from anyone that will help me which also will help everyone else possibly globally. thanks and peace...

also if you want to see one way the hackers are using the backdoors which also will show how they are stealing passwords. i was redirecting microsoft and others to see the software that connect to the servers of each service to get the passwords directly from their database. but now the site was altered to look innocent.
there is a program they ask for 300.00 that when ran, you chose the service, such as yahoo, msn, hotmail, gmail, aim, and a lot others, and click start, and it comes up with the password..
its not removed, so hopefully someone took notice..

[AppleSuxLeo]

Though I use multiple browsers , I got a phishing email while using IE8 and Windows Live Mail blocked it and indicated a warning.
I honestly trust Windows Live Mail more than Gmail...and Gmail has so much spam and so many outages.

[Josh BSN]

That is great news about windows live mail. I use gmail and have gotten less spam in my inbox than years I have used it. I have heard of outages but have never encountered one.

[cp256]

I have been using gmail for years now and I find that it catches more than 99.5% of the spam that comes in and I have never had a phishing email make it to my inbox. In the past year I have only been unable to access my email twice for short periods of time. I'm quite satisfied with it.

[Dalkorian]

Didn't the recently pass a law that paid for endorsements had to be acknowledged?
;-)

[sagiraju]

Gmail sucks. Yahoo and Live are any day better. Google brand is selling that's all I think.
I have experienced outages regularly.
Yahoo has been around too long and too many spams. But they interface was good until they updated recently without pagination.

[pentest]

So if Live didn't tell you it was a scam you would have fallen for it? If you need software to protect you from yourself you shouldn't be using a computer.

[sundance808]

phishing is really about getting duped... it preys on our individual human frailties. Because its easy to move launching pads for these types of scams, authorities can only really do something after the fact. This can be minimized if companies set their domains to have SPF (Sender Policy Framework) -- SPF allows domain owners to specify the IP addresses of their legitimate email servers -- AND ISPs mail servers to verify incoming emails for SPF (among other checks) and validate the source IP from the SPF information of the domain. I work for an ISP and looking at the logs we can see that majority of the domains dont have any SPF set.

So if you're reading this and you or your company owns a domain, talk to our system administrator or ISP and ask them how you can enable SPF for your domain.

For more information on SPF check out http://www.openspf.org/

[sundance808]

sorry I meant "your system administrator"

[sundance808]

..caveat: "minimize" only since phishers dont use the real domain names/email addresses of the bank anyway =)

[AppleSuxLeo]

Agreed..it uses what Kevin Mitnick refers to as "social engineering".

[SactoGuy018]

This is why I have Norton Internet Security running on my system. NIS 2010 constantly updates its database to flag phishing emails in Outlook, Outlook Express and Microsoft Mail, and any attempt to go to known phishing websites will trigger a NIS 2010 warning that site is a known phishing aite and will block any attempt to go to the site. :)

[globalist_agenda]

Meanwhile, banks want their customers to do all their business over the Internet so that they can fire all the tellers. Bank of America doesn't want me to even set foot in their bank. They hide the deposit slips to "encourage" me to use the ATMs. When their technology gets hacked I am sure they will generously offer me a year's worth of identity monitoring.

[SactoGuy018]

This is why I only use one site to do online banking: https://www.bankofamerica.com. I KNOW that site for Bank of America is legitimate, and with the help Norton Internet Security 2010, it keeps me out of known phishing sites.

[cp256]

For years now, HSBC in my area has gone to great lengths to prevent anyone from being able to get a phone number for any local branch. I have had to deal with them twice in the past 20 years and both times were extremely unpleasant experiences because of their policy of making it so hard to reach a human.

[pentest]

"This is why I only use one site to do online banking: https://www.bankofamerica.com. I KNOW that site for Bank of America is legitimate, and with the help Norton Internet Security 2010, it keeps me out of known phishing sites."

Until their DNS entry gets hijacked anyway,

[therealgeeves]

humans still the weakest link...

[pooyan69]

Seems hi Wife should be running the FBI and not him LOL

[rayzoredge]

Somebody ban ebuyings. Second thread that's full of his crap, and I can't report the post because of an "error, e-mail not sent."

I find it funny that this article turned from "bad FBI, no Internet!" to hackers to WMDs. Apparently terrorism wins.

[umbrae]

This is why we need our civil liberties back. If the FBI can be so stupid there is no way they can protect us anyway.

[CaptAdventure]

Um, what civil liberties do you "want back" ?
How often each day does the FBI jump in and steal your freedom?

Hyperbole much?

[pentest]

I guess the good captain never read or heard of the treasonous "patriot" act.

[Altotus]

Look the agencies of the governments in America do not set the agenda. The people responsible are well known you cant say you don't know who your Representatives and Senators are. The FBI is just the political pawn of real power which does not reside in the congress or president however the congress and president these are the people responsible for the passage of the Patriot act and the people responsible for naming a anti American valued document a "patriot" act. No patriot will think it worthy to name it such as it is a slander on patriotism to lack the values of America.

[rayzoredge]

Everyone is fallible. The last line of defense is YOU. Think about that.

[shootfirst]

The guy is just human. This whole story might be a farce just to let people know that they can't be too cocky on the internet. Email phishing is related to hacking and phishing is terrorism because it makes you not want to use electronic means to do banking or other things. You know why banks are ultimately going to electronic is that they are never open when people need to use the stupid bank. Seriously only being open for the work day and an extra hour is utter BS, especially when you hear about how much money bank CEOs make and things like that.

[weegg]

Simple solution that banks should be mandated to provide is, SecurID. Even if the hacker knew your account name and password it would do them no good.

Why haven't banks gone over to use this like eTrade.

[cdwilliams1]

Even WoW has a SecurID authenticator available as a physical hard token or iPhone app :-)

[pentest]

Yeah, because SecurID is impervious to attacks.

[pawdog1961]

Wait a minute didn't the story say he almost fell for it. This is a non story.If he had gone through with it it would have been a story. He caught himself and stopped himself. No Story. Slow news day I suppose.

[mikedrud]

The head of the FBI is just a successful executive/bureaucrat. He's not a cybercrime expert in any way.

The fact that he's around 60 doesn't help either.

It's the agents in the trenches who are battling the criminals and understand how the game's played. Also, even though it's kind of a humorous name in a different context, they need to either use "cracker" or something else to describe hackers who engage in illegal activity. Hacking in and of itself is what any programmer does.

Why does our leadership suck so bad these days?

Our computer systems are designed a-s-backwards. We expect our users to be experts, installing the correct updates, avoiding phishing and other scams, and understanding settings. But most of the users are barely computer literate - they are dopey teenagers, welfare mothers, and doddering grandparents. The result is huge numbers of computers that are sitting ducks for fraud and abuse. Why? Because geeks and IT professionals want to easily customize their own gear.

How about making the geeks jump through the hoops to customize, while automatically updating and securing all of the regular (dumb) users' computers and internet access.

If the car industry worked the way that these high-tech computer systems are currently working, we'd all have to have repair shops in our garages.

Wouldn't we all save hundreds of hours and dollars if a little bit more was done automatically?

[gutterballframe]

"You hack, you get caught," he said. "You are going to jail... You are not going to get a good job afterward. You are going to be identified as a person who has broken the law." -Mueller

This is not really going to stop all the unemployed hackers around the world. The FBI needs to start promoting people with actual technical expertise, and not just guys with law degrees from the right schools who "look like leaders" and suck up to the right politicians.

Most corporations will look for the cheapest solution because they are not punished when their systems are hacked... if their systems are compromised they just pay newspapers for a press release, say "oops", and pay for a year of identity monitoring.

[tjrst]

FBI Sued In The Madonna Case

http://www.judiciaryreport.com/fbi.htm

[Altotus]

If the FBI can fall for a phish you know now that its used because it works and no matter how hard we try to educate users it still works please everyone just get a clue I have to consider "legitimate" collection of information as not much better off than a phish anyway. Remember data mining and if you don't remember get a clue as to what is really going on its will show that privacy hasn't existed for many years. Thats is telling.

[nauj_solrac]

Allah Akbar!!!!!! LOL

[PeaceMaker101]

sorry to say. but im stil waiting for responses that my message got out. the main hacker that created this smartbot made it in my machines. i been fighting since aug of 2008 and it still runs untouched by anyone at full force to this day. i am still infecting 2 thousand machines an hour 24/7 that started in febuary. i wrote emails to a lot of people and still get no responses. i found info leading to my emails and calls being intercepted.
i wrote info on whats really going on at www.deepandcrazy.com
the conficter worms were decoys and the hackers succeeded in their evil plan to install an undetectable backdoor.

twitter is showing the strongest target by what their going through now of what i went through when it all started. it got where my DNS disconnects happened every 30 minutes for months on end. and my computers where very very laggy. they alter the Kernel/Bios and Firmware in hardware in your machines. the worm is cut in sections that keep each layer alive. besides Kernel/Bios/firmware of dvd/cd drive/ audio device ect., it also affect memory, hardrives, Burned CDs or DVDs, USB drives and Ports, Parsings and Bindings. and frequencys and phones..

i tried my hardest to not let it go outside my system, but no one came, and i was alone on this situation. and the only person i knew was infected was my own mother through a usb drive. i can give details to go deeper into the worm. example: the data the creates the worm is so spread out so avoid detection. i found sourcecodes in deleted files that showed the hacker looking for unused data throughout every system. when he breaks into servies, the dates change to eather year 2004 or 2 years prior to the current date. if anyone else got to see the incoming packets from sites controled by the worm, it may appear that they use random ports to connect to.
whats really going on is that the port numbers are commands that you can link using programs that show parsings and match them to the ports of incomings. each pieces of data of the worm has multiple uses.

when the worm starts off, it starts by using port 53 for dns lookup data. what ya dont know is i found 4 or 5 ways the hacker connects. one way is that port 53 always ends up with a ICMP packet that has data in it that consist of the hacker's IP that is scrambled. when i sent put up the info about the icmp consisting of the IP address of the hacker, i watched the source that he cant change yet that shows any attempts of alterations. he took out the source of his IP where the icmp packet returned Blank. it said ICMP type 3

when he did this, the worm could not find a specific IP that refered to a Yahoo IP.
i wrote it down and stored it. but there is a better way to get his IP address anytime..
i cant put it here due to the hacker watching me in the irc server room...
i need someones help to get this info out to the proper people that can use it that is way over due. it will definalty help microsoft. and i got info that will help you gain leads to the REAL hackers.
the worm has a psychological angle to it. it has many traps, and the fbi/wife/bank situation should be a warning to the others that want to point fingers at china or russia. any confusion or battles are another layer of camaflaugh redirecting you away from the hackers. by whats going on, i can assume that after i put fear in the hackers, they may given info on the worm to kid hacker wannabes so the hackers you catch may also be the victoms. the real hacker has gone to great lenghts to hide his identity. i have info that may lead to a name.

im hoping i get a respons from anyone that will help me which also will help everyone else possibly globally. thanks and peace...

also if you want to see one way the hackers are using the backdoors which also will show how they are stealing passwords. i was redirecting microsoft and others to see the software that connect to the servers of each service to get the passwords directly from their database. but now the site was altered to look innocent.
there is a program they ask for 300.00 that when ran, you chose the service, such as yahoo, msn, hotmail, gmail, aim, and a lot others, and click start, and it comes up with the password..
its not removed, so hopefully someone took notice..