No country, agency or business can single-handedly combat cyber crime, Robert S. Mueller III, director of the FBI told a standing-room-only crowd of security officials on Aug. 5.
Mueller spoke at Fordham’s Lincoln Center campus on the last day of International Conference on Cyber Security (ICCS), a four-day event co-sponsored by the FBI. He used his address to illustrate the new challenges that the country faces in an increasingly inter-connected world. He also fielded audience questions posed by moderator Michael M. Martin, Interim Dean of Fordham Law.
“A cyber attack could have the same impact as a well-placed bomb. Though terrorists have not used the Internet to launch a full-scale cyber attack, they have executed numerous denial-of-service attacks and defaced numerous websites,” he said.
“In the past decade, Al Qaeda’s online presence has become almost as potent as its physical presence. Extremists are not limiting their use of the Internet for recruitment or radicalization; they are using it to incite terrorism.”
Mueller pointed to the denial-of-service attacks that afflicted Estonia in 2007 and the Democratic Republic of Georgia in 2008 as examples of how cyber attacks can be used to shut down banks, phone lines, gas stations, grocery stores and government institutions.
The FBI considers the threat big enough that is has “cyber squads” at each of its 56 field offices around the country, with more than 1,000 specially trained agents, analysts and digital forensic examiners. Even that is not enough, though, as the National Cyber Investigative Joint Task Force, of which the FBI is a partner, includes 18 law enforcement and intelligence organizations.
The public has a role to play, too, and Mueller praised the work of the Mariposa Working Group, a group of volunteers who helped the FBI shut down and dismantle the Mariposa botnet, a network of 12 million infected computers that stole credit cards and online banking credentials. Spanish police arrested three users of the botnet in March, and two weeks ago, the Slovenian police arrested the botnet’s creator.
“This individual had sold the original virus to hundreds of criminals worldwide and developed customized versions to meet their needs,” Mueller said. “This takedown sends the message to cyber criminals that we’re going after both the cyber equivalent of the house burglar and the person who gives him the crowbar, the map and the locations of the best houses in the neighborhood.”
Cooperation from private industry will be essential to the fight, too. Mueller said the bureau understands company concerns about privacy and trade secrets, and works diligently not to compound problems caused by hackers.
“We cannot act if we are not aware of the problem. Maintaining a code of silence will not help you or your clients in the long run,” he said. “It calls to mind a joke about two hikers who come across a bear in the woods. The first hiker says to the other, ‘We just need to outrun him.’ The second replies, ‘I don’t need to outrun him; I just need to outrun you.’”
“You may well outrun one attack, but you aren’t likely to avoid the second or the third. Our safety lies not only in protecting our own interests but our critical infrastructure as a whole.”
Mueller compared this line of thinking to France’s decision in the 1930s to fortify its borders in such a way that would entice the German army to attack Belgium instead. The Germans did that, but still outflanked the French and took over the country during World War II.
“A bar-the-windows and bolt-the-doors mentality will not ensure our collective safety,” he said. “Fortresses will not hold forever; walls will one day fall down. We must start at the source, and we must find those responsible. The only way to do that is by standing together.”