“In the past, the FBI wanted to operate in the shadows, but today’s Bureau is very different” said Jay F. Kramer, Supervisory Special Agent, Federal Bureau of Investigation, Cyber Division, New York Office. In an effort to make the FBI more approachable, Kramer recently provided an overview of the cybersecurity activities of the FBI at an event before hundreds of attorneys.
How does the FBI operate?
The Bureau investigates violations of federal law and significant threats to national security, making it uniquely situated to deal with today’s cybersecurity issues. In addition to being a law enforcement agency, the FBI is also a member of the US intelligence community. FBI’s mission is primarily domestic with 56 field offices across the United States, but it also has offices in 87 countries and shares intelligence and threats coming from overseas by distilling it down and packaging it at the lowest level classification possible to push it out to victims. These overseas relationships enable the Bureau to quickly respond to cyber threats by gaining access to servers, logs and data to help unravel some of these complicated cyber matters from around the world. “When it comes to cybersecurity, you’re never very far from an FBI office and from an actual person that can speak to you about issues that you’re having” Kramer said.
Here are some of the cybersecurity issues that the FBI is seeing:
- Hacktivists use computers, beyond lawful means, to make political statements. These statements are typically about business practices they disapprove of. For example, “Anonymous”, a well-known hacktivist group, can shut down websites and social media accounts of targeted firms and individuals.
- The US and businesses are systematically attacked by hackers sponsored by foreign governments for terrorism or to gain a competitive advantage.
- Criminal enterprises use cyber to perpetuate old schemes, such as extortion. In the old days, organized crime would threaten the business owner directly, “Hey, listen, you’re either going to pay me or something’s going to happen here. There’s going to be a fire, brick going through your window. You’re going to be hurt personally”. With the advent of encryption technology, criminals can now gain a compromising foothold to lock down your systems. “The bad guy holds the private key to unlock it” said Kramer. Nowadays, the business owner gets an email that says “If you don’t give me 100 bitcoin, I’m going to delete your data.” The FBI doesn’t take a position on whether to pay the money or not, although it’s unlikely that the business will be able to defeat the encryption. So, the choice is to either pay or rely on back up data.
- There are fraudsters who want to steal your personally identifiable information (PII) to empty out your bank account. More and more however, data has a value all of its own. Bad actors will infiltrate databases of client data with email addresses, home addresses, and phone numbers of your clients, and use that data to fuel billion dollar criminal enterprises such as spam campaigns, such as pop-up ads for bogus Viagra or heart medication or stock manipulation, such as pump and dump campaigns. There’s a whole underground economy of promoters and bad actors, who work in tandem and who need PII as the fuel for those fraudulent campaigns.
- Industrial espionage for competitive advantage such as stealing product information that requires years of research. “You’d be horrified if you saw how much data is leaving the US every day from scientific firms, research firms, industrial firms, government contractors” said Kramer.
In summary, Kramer provided 7 tips to prepare your firm for a cyber-attack:
- Understand what your network looks like, even after all the mergers, acquisitions, and consolidations. Create a map of your networks and prepare a list of devices on the network and users on the network.
- Back up your data routinely and store it offsite.
- Know where your most important data is being held. Think about where it should be held and the protocols to gain access to that information.
- Develop policies for cybersecurity. What policies govern the use of data and networks by employees? Train your employees on use polices. Define where your logs and data are being held. List applications running on the network, including applications developed in house.
- Be aware that bad actors could be already be in your system right now and have been for a long time. Make sure your IT departments are aware of updates and are patching vulnerabilities in your systems.
- Develop a response plan in the event of an attack. Have a plan to work with your attorneys, PR firm, your Board of Directors. Have a team of forensic experts and outside firms available.
- And finally, establish a relationship with your local FBI office today, before there’s a cyber-attack