The Internet has thrown wide the windows of the world, allowing us to learn and communicate and conduct business in ways that were unimaginable 20 years ago. This is the upside of globalization, as author Tom Friedman has noted in best-sellers such as The World is Flat. The downside of our increasingly flat world is that the Internet is not just a conduit for commerce, but also a conduit for crime.
The Internet has created virtual doors into our lives, our finances, our businesses, and our national security. Criminals, spies, and terrorists are testing our doorknobs every day, looking for a way in.
Cyber crime is a nebulous concept. It is difficult to grasp intangible threats, and easy to dismiss them as unlikely to happen to you. So far, too little attention has been paid to cyber threats—and their consequences.
Have you ever though of strangers walking through your offices, homes, and dorm rooms? What if they were opening drawers, reading your files, accessing your bank accounts, or stealing your company’s research and development?
Friends, this is happening at this very moment! Intruders are reading our mail and hacking into our networks every day, looking for valuable information,. Unfortunately, they are finding all of this because many of us are not aware of the threat these people pose to our privacy, our economic stability, and even our national security.
Most of us, including myself, assume that we will not be targets of cyber crime. We, as a result, are not as careful as we know we should be. The Director of the Federal Bureau of Investigation, Robert S. Mueller,III tells this true story; Not long ago, the head of one of our nation’s domestic agencies received an e-mail purporting to be from his bank. It looked perfectly legitimate, and asked him to verify some information. He started to follow the instructions, but realized this might not be such a good idea. It turned out that he was just a few clicks away from falling into a classic Internet “phishing” scam. This is someone who spends a good deal of his professional life warning others about the perils of cyber crime! He, however, barely caught himself in time. Director Mueller knows this is a true story as this person!
In July of 2008, a California oil and gas company called Pacific Energy Resources contacted the FBI and the Long Beach Police Department to report a computer attack. Six computer servers had been rendered inoperable, disabling the critical leak-detection systems of three off-shore oil platforms. This was the last in a series of network attacks which cost the company over $100,000 in losses.’’ An investigation led the FBI to a former IT contractor. After he had been dismissed from his job, he retaliated by remotely accessing the computer system. His actions could potentially have resulted in significant environmental damage. He pled guilty to a federal computer intrusion charge and faces up to 10 years in prison.
This past April, someone hacked into the database of the Virginia Department of Health Professionals. The intruder blocked over 8 million patient records—records that hospitals, doctors, and pharmacies depend on in order to accurately prescribe and dispense medication. Those records are no longer blocked and the FBI continues to investigate.
In the book, The Cuckoo’s Egg, the author chronicles the electronic adventure of Cliff Stoll, a systems manager at a Berkeley laboratory. In the mid-1980s, he noticed an accounting disparity of 75 cents. This was before the Internet as we know it today. He tracked it to an unauthorized user who had repeatedly broken into the system and then used the lab’s computers to tap into military networks. He eventually traced the attacks to a German hacker who was part of an espionage ring. The book was prescient. Twenty years later the entire world is online. Because the web offers near-total anonymity it is much more difficult to discern the identity, motives, and location of an intruder.
In an early stage investigation it is not known if the problem is the dealing with a spy, a company insider, or an organized criminal group. Something that looks like an ordinary phishing scam may be an attempt by a terrorist group to raise funding for an operation. An intrusion into a corporate network could be the work of a high school hacker across the street or it could be a hostile foreign power across the globe.
Cyber threats present a unique challenge to law enforcement because so little is known and, equally, there is a tendency for investigators to compartmentalize an early investigation. Criminal cases are usually separate from espionage cases, which in turn are separate from counterterrorism cases. When it come to cyber threats, however, there is almost always some overlap.
It is the job of the FBI to serve both as a law enforcement and national security agency. This is critical because what may start as a criminal investigation may lead to a national security threat.
Part 2 of this series continues tomorrow. (CRP wishes to recognize the research efforts of the FBI in making this article possible)