FBI calls for hacker help

LAS VEGAS--The FBI needs help from hackers to fight cybercrime, an agency official said Wednesday.

"We need your expertise and input as we develop strategies to battle cybercrime in the 21st century," Daniel Larkin, a unit chief in the FBI's cybercrime division, said in his opening address at the annual Black Hat security conference here.

As cybercrime has continued to become more sophisticated and organized, federal agencies have increasingly sought to partner with the private sector. Earlier this year, FBI Director Robert Mueller used the RSA Conference to send out a similar message.

"The people we're going after are not just the script kiddies anymore. These people are making a lot of money," Larkin told the Black Hat audience of hackers and security professionals. "I am a recovering technophobe; I used to be really afraid of you all. But I realize that you all are really important."

Black Hat draws an increasing number of attendees from law enforcement agencies. This year, Larkin estimated, one in 10 attendees might represent federal agencies, he said. "Be nice to them. They are here to help you; they are here to team up," he said.

Although the government is trying to be nimble, others might know about potential threats before federal agents do, he said. "Critical information on terrorism and cybercrimes could be in your hands and might be in your hands before they reach ours," he said.

The FBI's call for help confirms that it is not equipped to deal with cybercrime, said Tom Thomas, a security consultant from California who is attending Black Hat.

"It is not reassuring," Thomas said. "It confirms what we already suspect. There is great technical inadequacy, if not downright ineptness, at the FBI. Therefore they are, perhaps desperately, seeking help from almost anyone."

To make cooperating with law enforcement worthwhile, the FBI is offering to share information in exchange for help. The FBI has been criticized in the past for going completely silent after a report was filed. "We realize that we need to give back information," Larkin said.

As examples of information sharing, Larkin said that the FBI is working on identity theft with Internet service providers and with merchants on shipping fraud. That way, all players get a better picture of the actual threat, and the FBI can cross-reference data and build better case data, he said.

[ReVeLaTeD]

I would do it...for a price.

I know of a minor "hack" that can potentially cost companies thousands of dollars. In effect it's stealing. It's really easy too...I'm sure many people have figured it out. It's a flaw in check and checking account processing - BIG flaw. What's worse, it's difficult to trace the origin. Difficult, but not impossible.

I'd be glad to not only tell the FBI how to do it, but also how to track people that are doing it down to their address.

In exchange I'd want:

- Blanket lifetime immunity
- A one-time payment no less than $250,000, tax-exempt
- A contract of indemnity (stating that I'm not held responsible for what they find, I'm only a messenger)
- All of the above in writing and signed by the head director.

Seriously. I would do it in a heartbeat if I got the above :)

[stacksmasher]

I Agree

I could not agree more.

Cha Ching!

[jeromatron]

FBI Agent profile

I applied to the FBI a few years ago thinking that there would be
some way to be a techno-like agent. Apparently, all FBI agents,
including those who have specializations in languages or
technology, have to be an agent first and a specialization
second. So there I would be, gun toting, bad guy apprehending
agent and in my spare time I'd be a computer geek. I asked if
there was a place for a 100% computer geek as an FBI agent, the
answer was no. So, I've started grad school in CS and worked as
a consultant in the private sector. If they're looking to beef up
their technology staff, maybe they should consider diversifying
their employment opportunities.

[cryptome]

You want 'Professional Staff,' not 'Special Agent'

There's a huge difference in hiring practice between being a
"Special Agent" and a "Professional Staffer." If you want to be the
guy with the gun and badge who busts down the door and arrests
the kiddie-pornographer, that's a "Special Agent," and requires
going through Quantico bootcamp, etc. If you want to be the guy
with the tech toys and tools to identify and prosecute the kiddie-
pornographer, and you're willing to settle for a plastic ID card
rather than a shiny badge, that's a completely different hiring deal.
Go to WWW.FBIJOBS.GOV and hit the link for "Professional Staff."

[Arctific]

It is hard sometimes to tell when the FBI is serious

The invitation is blunt. I say that is a good thing. At least at the idea level, the FBI is serious.

So, that leaves the devil in the details. How does the FBI propose to allow skill advancement in "Computer Security Risk Demonstration" to grow in push the frontier while at work for the FBI?

FBI, what is your plan?

Don Turnblade, CISSP
602-881-3348

[jkarolak]

Yes Spoke alot of people (my friends) on facebook This woman have been using my facebook as telling everyone as a threat lately Her name is Raquel Critelli shes from Lorain Ohio and Bloomfield Kentucky I dont know whats to do and I ve been trying to block it (problem) can u please give us a call 440 323 1523 Im Deaf once u call me Ill return ur call back with my Phone Video as communucation etc thank you