The FBI says it is now making a push to not just stop cybercrime but to identify the attackers behind the phishing, credit card fraud and other campaigns that cost consumers and enterprises billions of dollars each year. The bureau is the lead agency charged with addressing cybercrime in the U.S. and has a large division dedicated to the problem, but it mostly has been concerned with stopping ongoing attacks rather than tracking down the criminals themselves. That appears to be changing.
Identifying the people or groups behind specific attacks has been a problem for decades and it can sometimes take months or even years to nail down exactly who is responsible for a given operation. That process is made even more difficult with the easy access attackers have to open proxies, anonymity services and other tools that help them hide their tracks and deflect blame. Even with its vast resources, the FBI has run into the same obstacles smaller law enforcement agencies have, but the bureau now says it’s making a more concerted effort to find attackers.
“To that end, the FBI over the past year has put in place an initiative to uncover and investigate web-based intrusion attacks and develop a cadre of specially trained computer scientists able to extract hackers’ digital signatures from mountains of malicious code,” the bureau said in a blog post.
One of the main criticisms leveled at the bureau in the last few years in regard to cybercrime investigations is its relative lack of specially trained investigators who have the skills and experience to conduct major computer-crime investigations. The FBI has been hiring cybercrime specialists as quickly as possible in recent years, but there is a shortage of trained people willing to take government jobs when they can make more money in the private sector.
People familiar with the inner workings of the FBI’s cyber division say that the bureau has been working on identifying attackers and cybercriminals since its inception nearly 10 years ago, but that a couple of things have changed in recent months. One of those is that the bureau has begun hiring computer scientists to work in its field offices alongside special agents and help develop strategies for technical investigations and other tasks not well-suited to the special agents’ skill set. The idea is to set up a new caareer track for specialists who aren’t sworn agents but can contribute significantly to invesitgations. many FBI special agents, even those trained in a specialty such cybersecurity investigations, change locations and jobs often and so their skills can be put on a shelf if they’re moved to a different division or subject matter.
The bureau also has moved all of the non-technical invesitgations, such intellectual rights theft and child exploitation, out of the cyber division. Now, the FBI Cyber Division is solely focused on intrusions, simplifying its mission and allocating more resources to cybersecurity investigations.
There is a special Cyber Watch desk at the FBI headquarters in Washington, D.C., that’s set up to handle new information on attacks around the clock and that group also shares data with counterparts at DHS, the NSA and other agencies.
But that often isn’t enough to pin down the person or people behind a specific attack. That takes more than just a few pieces of data.
“The attribution piece is: who is conducting the attack or the exploitation and what is their motive,” FBI Special Agent Richard McFeely said. “In order to get to that, we’ve got to do all the necessary analysis to determine who is at the other end of the keyboard perpetrating these actions.”
The FBI has been involved in a number of high-profile cybercrime investigations in the last few years, including a series of anti-botnet operations and arrests of people involved in phishing and carding rings and often works with security vendors and law enforcement agencies in other countries.
This story was updated on Oct. 29 to add more background on the FBI Cyber Division.