US Better At Finding Cyber Attackers but a Growing Area of Concern is Africa
The evidence of the improving investigations is the increase in cyber-related arrests. According to the FBI, there were 202 arrests on cyber cases in 2010, compared to 159 the previous year. And a number of those were high-profile, multimillion-dollar breaches involving investigations that spanned several countries and foreign enforcement agencies. The bureau has specialized agents focused on cyber issues posted in five countries – the Netherlands, Estonia, Ukraine, Romania and Colombia – where they work with local law enforcement authorities. And the FBI is hoping to double that number to 10 counties over the next 18 months.
A growing area of concern, he said, is Africa.
“We see that as an emerging threat,” Shawn Henry, the FBI’s executive assistant director id, noting that as Internet capabilities there expand, the U.S. needs to work with the governments to help them identify and deal with the threats.
The government has made significant strides in figuring out who is responsible for complex cyber attacks, a fundamental but elusive first step to determine whether the U.S. should strike back, whom to strike, and how hard, say U.S. military and law enforcement officials. The escalating cyber security threat has triggered a greater government-wide emphasis on collecting intelligence related to computer crimes.
To date, most cyber attacks aimed at the Pentagon have involved espionage – efforts to steal data rather than attempts to take down the network or manipulate data or communications.
“As recently as two to three years ago, there was this general perception in the cyber underground that you could attack the U.S. and get away with it,” said Henry. “It was very lucrative, and the chances of getting caught were pretty slim.”
Now, with a number of high-profile cyber busts under its belt, the FBI is seeing a deterrent effect.
“We’ve seen a lot of international criminals, have been able to reach out and touch them, and that message has gotten out,” said Henry, who oversees the bureau’s criminal and cyber enforcement activities
It took a serious breach of the military’s computer network in 2008 to change the Pentagon’s mindset and make cyber a greater priority. As an example of the improving attribution efforts, military officials now believe they know that a foreign government was responsible for the malicious computer worm blamed for that breach, but they won’t say which government. Other experts have suggested it was probably China or Russia.
In contrast, officials say the U.S. government still is not sure who pulled off the widespread denial of service attack against federal agency websites on July 4 weekend in 2009. Suspicion has revolved around North Korea, but U.S. officials and experts cast doubt on that conclusion last year.
The message from the 2008 breach, said Gen. Kevin Chilton, who is retiring after four years at the helm of U.S. Strategic Command, was that computers are no longer just an efficient office machine; they are a critical tool on the high-tech field of battle.
The startup of Cyber Command has raised questions from inside and outside government, largely centering on how the Pentagon would define a cyber attack, and when and how to respond.
A cyber security strategy is being finalized and is expected to be released in the next month or two. Officials say it will broadly answer some of those questions, although probably not in detail.