Risk
6/9/2011
04:18 PM
Connect Directly
RSS
E-Mail
50%
50%

FBI Ramping Up Cyber-Attack Defense

FBI Director Robert Mueller told Congress that high-profile hacks into Google and Sony highlight increased threats and make cybersecurity a key priority.

Inside DHS' Classified Cyber-Coordination Headquarters
(click image for larger view)
Slideshow: Inside DHS' Classified Cyber-Coordination Headquarters
An increase in high-profile and sophisticated cyber attacks in the United States is pushing the FBI to bolster its ability to fight cybercrime and foster stronger cybersecurity, its director told Congress this week.

The FBI has been called to investigate cyber attacks at Google and Sony in the past week, incidents that shed light on "the ever-present danger from sophisticated Internet attack," FBI Director Robert Mueller said in testimony Wednesday before the Senate Judiciary Committee.

"Along with countless other cyber incidents, these attacks threaten to undermine the integrity of the Internet and to victimize the businesses and people who rely on it," he said.

The hearing, a video of which is available online, was focused on President Obama's request to extend Mueller's term as director until 2013. The director gave an opening statement on threats facing the intelligence organization and how it's working to combat them, and then fielded questions from the committee.

Mueller cited cyber attacks as one of the FBI's top challenges in the next 10 years, and said the agency needs to step up efforts to combat them, something it's currently working on.

"The increase of cyber as a mechanism for conducting all sorts of crimes--and also it being a highway to extracting our most sensitive secrets or extracting IP from our commerce" is a key concern, he said. "We as an organization need to continue to grow the capability of addressing that arena in the future."

In addition to addressing growing cybersecurity needs, Mueller cited other technology-focused priorities of the organization during his testimony. One is the use of the Internet for terrorist cells to communicate, organize, and radicalize new terrorists, something the FBI is aimed at stifling, he said.

"In the age of the Internet, these radicalizing figures no longer need to meet or speak personally with those they seek to influence," Mueller said. "Instead, they conduct their media campaigns from remote regions of the world, intent on fostering terrorism by lone actors here in the United States."

Another concern Mueller said he will continue to work on is his quest for the intelligence agency to expand its wiretapping capability to avoid a problem known as "going dark." The term refers to situations in which the agency has legal authorization to obtain Internet communications but cannot do so in a timely fashion due to a company's lack of technology to get the information quickly and efficiently.

In the new, all-digital issue of InformationWeek Government: More than half of federal agencies will use cloud computing within 12 months, our new survey finds. Security, ROI, and management challenges await them. Download it now. (Free registration required.)

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-0103
Published: 2014-07-29
WebAccess in Zarafa before 7.1.10 and WebApp before 1.6 stores credentials in cleartext, which allows local Apache users to obtain sensitive information by reading the PHP session files.

CVE-2014-0475
Published: 2014-07-29
Multiple directory traversal vulnerabilities in GNU C Library (aka glibc or libc6) before 2.20 allow context-dependent attackers to bypass ForceCommand restrictions and possibly have other unspecified impact via a .. (dot dot) in a (1) LC_*, (2) LANG, or other locale environment variable.

CVE-2014-0889
Published: 2014-07-29
Multiple cross-site scripting (XSS) vulnerabilities in IBM Atlas Suite (aka Atlas Policy Suite), as used in Atlas eDiscovery Process Management through 6.0.3, Disposal and Governance Management for IT through 6.0.3, and Global Retention Policy and Schedule Management through 6.0.3, allow remote atta...

CVE-2014-2226
Published: 2014-07-29
Ubiquiti UniFi Controller before 3.2.1 logs the administrative password hash in syslog messages, which allows man-in-the-middle attackers to obtains sensitive information via unspecified vectors.

CVE-2014-3020
Published: 2014-07-29
install.sh in the Embedded WebSphere Application Server (eWAS) 7.0 before FP33 in IBM Tivoli Integrated Portal (TIP) 2.1 and 2.2 sets world-writable permissions for the installRoot directory tree, which allows local users to gain privileges via a Trojan horse program.

Best of the Web
Dark Reading Radio