FBI seeks help vs. cybercrime
FBI director calls on companies to report cyberattacks to help combat cybercriminals
The FBI has dramatically stepped up its efforts to battle cybercrime, but it is not getting the help it needs from companies that are the cybercrime victims, FBI Director Robert Mueller told technology business executives Oct. 31.
"We probably get one third of the reports we would like to get" from companies that have suffered cyberattacks, Mueller said. "You're not enabling us to do the job."
In the year that Mueller has been director, the FBI has made fighting cybercrime a high priority, topped only by counterterrorism and counterintelligence.
The FBI's recent efforts include:
* Hiring computer specialists.
* Created a new cyber division in April.
* Assembling computer forensics laboratories.
* Increasing the number of computer hacking and intellectual property units.
But the FBI has so far failed to win the confidence of many businesses that suffer from cybercrime.
Mueller said he understands why.
"The mere calling of us in an investigation can have an adverse impact on the image of your company," he said. "If we put on raid jackets and come in, the publicity" will hurt the company and the investigation.
Companies' officials also worry that the investigation of a cybercrime may require them to disclose intellectual property, which could undermine them competitively and harm them financially, Mueller said.
Greater cooperation from corporate cybercrime victims would yield multiple benefits to the FBI.
"We lack expertise in particular areas and we need your help," Mueller said. The people most able to stop denial-of-service attacks and hacking attacks and to neutralize worms and viruses work for private companies, not law enforcement agencies, he said.
Greater cooperation also would help the FBI compile a database that would enable it to begin predictive analysis that could lead to cybercrime prevention, Mueller said.
What's in it for companies that cooperate?
"You want attacks stopped, you want hackers stopped." Only law enforcement agencies can make arrests, Mueller said.
If companies opt to deal with attacks by themselves, they may succeed in plugging holes in their own systems, but cybercriminals will simply move on to the next company. "That's not good for the industry, and it's not good for your friends and peers down the road. There has to be a sanction, and the sanction is locking up these people," Mueller said.
Cooperating with the FBI also will enable companies be more effective against international cybercrime, he said. The FBI has 44 foreign offices that it can employ in an investigation and prosecution.
In addition to Internet crimes, such as denial-of-service attacks, viruses and worms, Mueller predicted that more "traditional crime" is likely to move online. That includes fraud, identity theft, copyright violations, child pornography and child exploitation.
The rise in cybercrime could undermine consumer confidence in the Internet and damage e-commerce, he said.
Mueller was speaking to members of the Information Technology Association of America who were gathered for a forum on combating cybercrime.
NEXT STORY: NIST details certification process