FBI calls for hacker help

LAS VEGAS--The FBI needs help from hackers to fight cybercrime, an agency official said Wednesday.

"We need your expertise and input as we develop strategies to battle cybercrime in the 21st century," Daniel Larkin, a unit chief in the FBI's cybercrime division, said in his opening address at the annual Black Hat security conference here.

As cybercrime has continued to become more sophisticated and organized, federal agencies have increasingly sought to partner with the private sector. Earlier this year, FBI Director Robert Mueller used the RSA Conference to send out a similar message.

"The people we're going after are not just the script kiddies anymore. These people are making a lot of money," Larkin told the Black Hat audience of hackers and security professionals. "I am a recovering technophobe; I used to be really afraid of you all. But I realize that you all are really important."

Black Hat draws an increasing number of attendees from law enforcement agencies. This year, Larkin estimated, one in 10 attendees might represent federal agencies, he said. "Be nice to them. They are here to help you; they are here to team up," he said.

Although the government is trying to be nimble, others might know about potential threats before federal agents do, he said. "Critical information on terrorism and cybercrimes could be in your hands and might be in your hands before they reach ours," he said.

The FBI's call for help confirms that it is not equipped to deal with cybercrime, said Tom Thomas, a security consultant from California who is attending Black Hat.

"It is not reassuring," Thomas said. "It confirms what we already suspect. There is great technical inadequacy, if not downright ineptness, at the FBI. Therefore they are, perhaps desperately, seeking help from almost anyone."

To make cooperating with law enforcement worthwhile, the FBI is offering to share information in exchange for help. The FBI has been criticized in the past for going completely silent after a report was filed. "We realize that we need to give back information," Larkin said.

As examples of information sharing, Larkin said that the FBI is working on identity theft with Internet service providers and with merchants on shipping fraud. That way, all players get a better picture of the actual threat, and the FBI can cross-reference data and build better case data, he said.

[n3td3v]

Hackers helping the U.S government? You're kidding

If they hadn't bombed
Iraq
Afghanistan
&
Sent laser guided bombs to Israel, so they could bomb Lebanon civilians

Apart from that, yeah U.S hackers might help you, but you cannot fight cybercrime with U.S hacckers alone.

U.S kind of shot themselves in the foot

Its too late, people outside of U.S helping U.S government do anything? C,mon lets be realistic here.

The way U.S government has acted with their "war on terror" on the world stage, you guys sure advertise yourselves as people anyone would want to help.

It is a shame, U.S used to have a good reputation. People liked U.S for their kind hospitality, their theme parks, movies, famous landmarks... now thats all been thrown out the window with U.S's gun hoe/misguided opinion on how to fight terrorism.

Stop killing civilians, and maybe in 10 years time people might just start to forgive the U.S for the civilian deaths you guys are responsible for.

Blood on your hands.

[schlice]

You call for realism, so let's be realistic.

"C,mon lets be realistic here. The way U.S government has acted with their "war on terror" on the world stage, you guys sure [don't] advertise yourselves as people anyone would want to help."

Besides the fact that I don't believe your assertion that you can't fight cybercrime with U.S. hackers alone, if we're going to be realistic, let's be completely realistic. No one asked hackers from outside the United States to help the United States. Just because they addressed Black Hat did not mean that they were making an appeal to all the world's hackers to come to their defense. And if you don't like their policies, maybe you could lend your services to the terrorists who are actually trying to hack into U.S. systems. Or you could do nothing, and sit back and laugh and prove yourself right by watching "misguided U.S. policies" land them in the midst of a hacker crisis.

I have a bit more faith in the U.S. hacker community than you. So please, if you feel this way, don't help.

[d0od0o]

Uhmm, you're from.......

our 51st state, the U.K., which BTW, has blood on its hands too. But I never hear you criticizing your
country. Why is that?

"people outside of U.S helping U.S government do anything?" Hellllooooo, you're country does nothing but!!!

[cryptome]

So you wouldn't help stop phishers, right?

Man, are you off topic. This is about stoping phishers from
taking your mom's social security money out of her bank
account, not Afghanistan. Get off your soapbox and renew your
Ritalin prescription.

So, why can't the technological savvy grass roots rise to help the
technologically challenged defend themselves aginst techno
terrorists.

Ummm, so if I help stop a phisher, is the world going to forgive
the death of a foreign civilian from a US-made smartbomb
dropped by one foreign country on another foreign country...
no, but your mom will like me better than you.

[ReVeLaTeD]

I would do it...for a price.

I know of a minor "hack" that can potentially cost companies thousands of dollars. In effect it's stealing. It's really easy too...I'm sure many people have figured it out. It's a flaw in check and checking account processing - BIG flaw. What's worse, it's difficult to trace the origin. Difficult, but not impossible.

I'd be glad to not only tell the FBI how to do it, but also how to track people that are doing it down to their address.

In exchange I'd want:

- Blanket lifetime immunity
- A one-time payment no less than $250,000, tax-exempt
- A contract of indemnity (stating that I'm not held responsible for what they find, I'm only a messenger)
- All of the above in writing and signed by the head director.

Seriously. I would do it in a heartbeat if I got the above :)

[stacksmasher]

I Agree

I could not agree more.

Cha Ching!

[jeromatron]

FBI Agent profile

I applied to the FBI a few years ago thinking that there would be
some way to be a techno-like agent. Apparently, all FBI agents,
including those who have specializations in languages or
technology, have to be an agent first and a specialization
second. So there I would be, gun toting, bad guy apprehending
agent and in my spare time I'd be a computer geek. I asked if
there was a place for a 100% computer geek as an FBI agent, the
answer was no. So, I've started grad school in CS and worked as
a consultant in the private sector. If they're looking to beef up
their technology staff, maybe they should consider diversifying
their employment opportunities.

[cryptome]

You want 'Professional Staff,' not 'Special Agent'

There's a huge difference in hiring practice between being a
"Special Agent" and a "Professional Staffer." If you want to be the
guy with the gun and badge who busts down the door and arrests
the kiddie-pornographer, that's a "Special Agent," and requires
going through Quantico bootcamp, etc. If you want to be the guy
with the tech toys and tools to identify and prosecute the kiddie-
pornographer, and you're willing to settle for a plastic ID card
rather than a shiny badge, that's a completely different hiring deal.
Go to WWW.FBIJOBS.GOV and hit the link for "Professional Staff."

[Arctific]

It is hard sometimes to tell when the FBI is serious

The invitation is blunt. I say that is a good thing. At least at the idea level, the FBI is serious.

So, that leaves the devil in the details. How does the FBI propose to allow skill advancement in "Computer Security Risk Demonstration" to grow in push the frontier while at work for the FBI?

FBI, what is your plan?

Don Turnblade, CISSP
602-881-3348