NEW YORK — While cyber criminals continue to innovate, the Feds say they are catching up. That’s the message from the Symantec Norton Cyber Crime day here, where two agents spoke.
“The government is closing the gap. We used to be six months behind; now we’re a couple of days behind,” said Austin Berglas, cyber crimes coordinator at the FBI’s New York office.
“We will never win if you define ‘winning’ as stopping all crime, but I think we are winning and we are getting more people to pay attention to their own security,” said Michael Stawasz, senior counsel for the Department of Justice (DoJ) Computer Crime and Intellectual Property Section (CCIPS).
While the structure of the Internet helps criminals, it also helps law enforcement. Networks are dispersed but can be infiltrated.
“People may never meet but may come together on the Internet to carry out one particular crime,” said Stawas.
“The Internet gives an opportunity for investigators to get into the criminal network,” he added. “Investigations take time but are successful in part because of the anonymity of the Internet. We can either create a new person or impersonate someone they trust.”
This often requires offline detective work, Berglas explained. “We’re flipping the individuals we’ve arrested,” he said. “They’re now working for Team America and we take their online persona.”
Fighting cyber crime with the help of the KGB
Many online crimes don’t originate in the U.S. “We have good success in international co-operation,” said the FBI’s Berglas. “We see Eastern Europe as the heartland of … financial cyber crimes.”
He added that the FBI has worked with Russia’s FSB (formerly the KGB) and with law enforcement in Estonia and Romania. “This level of international cooperation is a recent development,” he said. “A few years ago it was unheard of for the FBI and FSB to make joint arrests … with FBI agents standing side by side with FSB agents.”
The DoJ’s Stawas showed his legal background by pointing out that, in some cases, the government is simply helping other nations make cyber crime a prosecutable offence. “We’re helping countries put the legal infrastructure in place,” he said. “We’re helping them with the laws they need to investigate online crime.”
The agents said that President Obama’s Cyber Czar will make the
government more efficient.
“The Cyber Czar will allocate responsibility and divvy up the workload,”
said Berglas. “We have people stepping on each others’ toes.”
Asked by InternetNews.com whom an enterprise should contact if it is the target of a focused and sophisticated attack, the agents said that the enterprise should contact “everyone” but added that the Cyber Czar should provide some clarity on this in the future.
Educating the end user
The agents said they regularly see victims of fraud. The best defense, they said, is to educate yourself.
“A few weeks ago a woman came into our office,” said the FBI’s Berglas.
“She’d flown cross-country from California. She had lost $800,000 to a company overseas. She thought she had a Bank of America routing number and could trace the cash, but the number was fraudulent. She thought she had a letter from the FBI saying it was OK to send the cash.”
“Skepticism is your best defense,” said Stawas.
As for enterprises, they may be secure but their customers may not be.
“Companies and financial institutions know how to protect themselves.
They’re safe and secure,” said Berglas. “But you need to educate your customers.”