Risk
7/18/2011
11:37 AM
Connect Directly
RSS
E-Mail
50%
50%

Cyber Strategies: National Security Versus Child Pornography

Among the interesting findings of an audit of the FBI's cyber crime capabilities: how Congress budgets the bureau, as well as the extent to which all cyber crime is local.

Does the FBI have its cyber priorities and investigative strategies straight?

That's one of the questions raised by an audit of the FBI's computer intrusion investigation capabilities, released earlier this year, which painted an unflattering picture of the bureau's ability to investigate cyber crime, especially cases involving national security. Notably, the audit, conducted by the Department of Justice's Office of the Inspector General (OIG), suggested that the FBI was failing to properly train and support its cyber investigators.

After the audit was released, the FBI fired back, alleging that the OIG's report was outdated and skewed by the opinions of a handful of agents who were training in a program that has changed numerous times over the past few years in response to the rapidly evolving nature of attacks and crimes perpetrated online.

"The FBI capacity that exists today is much greater than the capacity that existed two years ago, because we created a cyber career path specifically because we realized that all of the agents would not be at the [required] level," Steven Chabinsky, deputy assistant director of the FBI's cyber division, told me in a telephone interview earlier this year. "This is not something where we're coming to the table, seeing the OIG's report, and saying, we should have thought of this. Just the opposite."

In fact, the OIG's audit presented 10 actions that were necessary to resolve or close out the audit. By April 2011, the bureau had met all of those requirements. In addition, the bureau has been earning accolades from security experts for its cyber investigation capabilities, and it has chalked up some notable successes in recent months, including shutting down the Coreflood botnet and coordinating the international bust of two scareware rings.

But the audit raises at least one question that still needs answering. The auditors found that the bureau spends almost as many man-hours investigating child pornography as cyber crime. According to the report, in 2009 the FBI "used 19% of its cyber agents on national security intrusion investigations, 31% to address criminal-based intrusions, and 41% to investigate online child pornography matters."

In this era of targeted attacks--exploits involving everyone from RSA and Lockheed Martin to Sony and the U.S. Senate--is the FBI focusing on the right areas? To some extent, the bureau's hands are tied by funding, which is determined by Congress, "in different allocations," said Chabinsky. Notably, national security investigations are funded from different sources than child protection or investigating intellectual property crimes.

Furthermore, according to a different report from the OIG, "FBI Personnel Resource Management and Casework," released in 2010, the resources used by the bureau appear to be in line with what it has been told to pursue.

Another interesting question raised by the OIG's audit is whether the FBI should centralize more of its cybercrime operations. The FBI does have some regional hubs, for example, for digital forensic investigations. But in an age of distributed managed services, cloud computing, and virtual infrastructure, might it make more sense to further centralize the bureau's overstretched cyber resources?

While the FBI is exploring the creation of some additional regional hubs, Chabinsky ruled out any large-scale centralization of its cyber activities. "At the end of the day, we still have real victims who have real locations, and if you were to centralize, it would be difficult to have a private relationship with the owners and operators who are responsible for the networks," he said. That's why the FBI has cyber specialists in every field office.

Interestingly, the FBI also liaises with the country's top cyber targets based on the bureau's own field office locations. This structure gives FBI personnel direct responsibility for understanding which critical infrastructure exists in their territory, and for fostering relationships with the organizations that own that infrastructure. The FBI also uses its public-private partnership program, InfraGard, to reinforce these local relationships.

"There is a very local component to national security and law enforcement," even when it involves computer-related crime, Chabinsky said. In fact, information frequently flows in both directions. "It's often the case now that the FBI is informing people that they've been victimized, rather than victims coming to the FBI," he said.

Finally, keeping agents local means they don't have to hop on a plane to follow every lead or launch an investigation. In fact, "remote investigating" is often not an option, he said, as "some of our cases have information that you couldn't even approach on a telephone."

Security concerns give many companies pause as they consider migrating portions of their IT operations to cloud-based services. But you can stay safe in the cloud. In this Dark Reading Tech Center report, we explain the risks and guide you in setting appropriate cloud security policies, processes and controls. Read our report now. (Free registration required.)

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
In a digital world inundated with advanced security threats, Intel Security seeks to transform how we live and work to keep our information secure. Through hardware and software development, Intel Security delivers robust solutions that integrate security into every layer of every digital device. In combining the security expertise of McAfee with the innovation, performance, and trust of Intel, this vision becomes a reality.

As we rely on technology to enhance our everyday and business life, we must too consider the security of the intellectual property and confidential data that is housed on these devices. As we increase the number of devices we use, we increase the number of gateways and opportunity for security threats. Intel Security takes the “security connected” approach to ensure that every device is secure, and that all security solutions are seamlessly integrated.
Featured Writers
White Papers
Cartoon
Current Issue
Dark Reading's October Tech Digest
Fast data analysis can stymie attacks and strengthen enterprise security. Does your team have the data smarts?
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-7298
Published: 2014-10-24
adsetgroups in Centrify Server Suite 2008 through 2014.1 and Centrify DirectControl 3.x through 4.2.0 on Linux and UNIX allows local users to read arbitrary files with root privileges by leveraging improperly protected setuid functionality.

CVE-2014-8346
Published: 2014-10-24
The Remote Controls feature on Samsung mobile devices does not validate the source of lock-code data received over a network, which makes it easier for remote attackers to cause a denial of service (screen locking with an arbitrary code) by triggering unexpected Find My Mobile network traffic.

CVE-2014-0619
Published: 2014-10-23
Untrusted search path vulnerability in Hamster Free ZIP Archiver 2.0.1.7 allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the current working directory.

CVE-2014-2230
Published: 2014-10-23
Open redirect vulnerability in the header function in adclick.php in OpenX 2.8.10 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the (1) dest parameter to adclick.php or (2) _maxdest parameter to ck.php.

CVE-2014-7281
Published: 2014-10-23
Cross-site request forgery (CSRF) vulnerability in Shenzhen Tenda Technology Tenda A32 Router with firmware 5.07.53_CN allows remote attackers to hijack the authentication of administrators for requests that reboot the device via a request to goform/SysToolReboot.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Follow Dark Reading editors into the field as they talk with noted experts from the security world.