Become a Patron!
True Information is the most valuable resource and we ask you to give back.
The FBI is the lead federal agency for investigating cyber attacks by criminals, overseas adversaries, and terrorists. The threat is incredibly seriousโand growing. Cyber intrusions are becoming more commonplace, more dangerous, and more sophisticated. Our nationโs critical infrastructure, including both private and public sector networks, are targeted by adversaries. American companies are targeted for trade secrets and other sensitive corporate data, and universities for their cutting-edge research and development. Citizens are targeted by fraudsters and identity thieves, and children are targeted by online predators. Just as the FBI transformed itself to better address the terrorist threat after the 9/11 attacks, it is undertaking a similar transformation to address the pervasive and evolving cyber threat. This means enhancing the Cyber Divisionโs investigative capacity to sharpen its focus on intrusions into government and private computer networks.
For more information on the FBI’s cyber security efforts, read ourย “Addressing Threats to the Nationโs Cybersecurity”ย brochure.
Computer and Network Intrusions
The collective impact is staggering. Billions of dollars are lost every year repairing systems hit by such attacks. Some take down vital systems, disrupting and sometimes disabling the work of hospitals, banks, and 9-1-1 services around the country.
Who is behind such attacks? It runs the gamutโfrom computer geeks looking for bragging rightsโฆto businesses trying to gain an upper hand in the marketplace by hacking competitor websites, from rings of criminals wanting to steal your personal information and sell it on black marketsโฆto spies and terrorists looking to rob our nation of vital information or launch cyber strikes.
Today, these computer intrusion casesโcounterterrorism, counterintelligence, and criminalโare the paramount priorities of our cyber program because of their potential relationship to national security.
Combating the threat. In recent years, weโve built a whole new set of technological and investigative capabilities and partnershipsโso weโre as comfortable chasing outlaws in cyberspace as we are down back alleys and across continents. That includes:
- A Cyber Division at FBI Headquarters โto address cyber crime in a coordinated and cohesive mannerโ;
- Specially trained cyber squads at FBI headquarters and in each of our 56 field offices, staffed with โagents and analysts who protect against investigate computer intrusions, theft of intellectual property and personal information, child pornography and exploitation, and online fraudโ;
- New Cyber Action Teams that โtravel around the world on a momentโs notice to assist in computer intrusion casesโ and that โgather vital intelligence that helps us identify the cyber crimes that are most dangerous to our national security and to our economy;โ
- Our Computer Crimes Task Forces nationwide that combine state-of-the-art technology and the resources of our federal, state, and local counterparts;
- A growing partnership with other federal agenciesโincluding the Department of Defense, the Department of Homeland Security, and othersโwhich share similar concerns and resolve in combating cyber crime.
Ransomware
Hospitals, school districts, state and local governments, law enforcement agencies, small businesses, large businessesโthese are just some of the entities impacted by ransomware, an insidious type of malware that encrypts, or locks, valuable digital files and demands a ransom to release them.
The inability to access the important data these kinds of organizations keep can be catastrophic in terms of the loss of sensitive or proprietary information, the disruption to regular operations, financial losses incurred to restore systems and files, and the potential harm to an organizationโs reputation. Home computers are just as susceptible to ransomware and the loss of access to personal and often irreplaceable itemsโ including family photos, videos, and other dataโcan be devastating for individuals as well.
In a ransomware attack, victimsโupon seeing an e-mail addressed to themโwill open it and may click on an attachment that appears legitimate, like an invoice or an electronic fax, but which actually contains the malicious ransomware code. Or the e-mail might contain a legitimate-looking URL, but when a victim clicks on it, they are directed to a website that infects their computer with malicious software.
One the infection is present, the malware begins encrypting files and folders on local drives, any attached drives, backup drives, and potentially other computers on the same network that the victim computer is attached to. Users and organizations are generally not aware they have been infected until they can no longer access their data or until they begin to see computer messages advising them of the attack and demands for a ransom payment in exchange for a decryption key. These messages include instructions on how to pay the ransom, usually with bitcoins because of the anonymity this virtual currency provides.
Ransomware attacks are not only proliferating, theyโre becoming more sophisticated. Several years ago, ransomware was normally delivered through spam e-mails, but because e-mail systems got better at filtering out spam, cyber criminals turned to spear phishing e-mails targeting specific individuals. And in newer instances of ransomware, some cyber criminals arenโt using e-mails at allโthey can bypass the need for an individual to click on a link by seeding legitimate websites with malicious code, taking advantage of unpatched software on end-user computers.
The FBI doesnโt support paying a ransom in response to a ransomware attack. Paying a ransom doesnโt guarantee an organization that it will get its data backโthere have been cases where organizations never got a decryption key after having paid the ransom. Paying a ransom not only emboldens current cyber criminals to target more organizations, it also offers an incentive for other criminals to get involved in this type of illegal activity. And by paying a ransom, an organization might inadvertently be funding other illicit activity associated with criminals.
So what does the FBI recommend? As ransomware techniques and malware continue to evolveโand because itโs difficult to detect a ransomware compromise before itโs too lateโorganizations in particular should focus on two main areas:
- Prevention effortsโboth in both in terms of awareness training for employees and robust technical prevention controls; and
- The creation of a solid business continuity plan in the event of a ransomware attack.
Here are some tips for dealing with ransomware (primarily aimed at organizations and their employees, but some are also applicable to individual users):
- Make sure employees are aware of ransomware and of their critical roles in protecting the organizationโs data.
- Patch operating system, software, and firmware on digital devices (which may be made easier through a centralized patch management system).
- Ensure antivirus and anti-malware solutions are set to automatically update and conduct regular scans.
- Manage the use of privileged accountsโno users should be assigned administrative access unless absolutely needed, and only use administrator accounts when necessary.
- Configure access controls, including file, directory, and network share permissions appropriately. If users only need read specific information, they donโt need write-access to those files or directories.
- Disable macro scripts from office files transmitted over e-mail.
- Implement software restriction policies or other controls to prevent programs from executing from common ransomware locations (e.g., temporary folders supporting popular Internet browsers, compression/decompression programs).
- Back up data regularly and verify the integrity of those backups regularly.
- Secure your backups. Make sure they arenโt connected to the computers and networks they are backing up.
Going Dark
Law enforcement at all levels has the legal authority to intercept and access communications and information pursuant to court orders, but often lacks the technical ability to carry out those orders because of a fundamental shift in communications services and technologies. This scenario is often called โGoing Darkโ and can hinder access to valuable information that may help identity and save victims, reveal evidence to convict perpetrators, or exonerate the innocent.
Read more about the FBIโs response to theย Going Dark problem.
Identity Theft
Identity theftโincreasingly being facilitated by the Internetโoccurs when someone unlawfully obtains anotherโs personal information and uses it to commit theft or fraud. The FBI uses both its cyber and criminal resourcesโalong with its intelligence capabilitiesโto identify and stop crime groups in their early stages and to root out the many types of perpetrators, which span the Bureau’s investigative priorities.
More on the FBI’s efforts to combatย identity theft.
Online Predators
The FBI’s online predators and child sexual exploitation investigations are managed under our Violent Crimes Against Children Program, Criminal Investigative Division. These investigations involve all areas of the Internet and online services, including social networking venues, websites that post child pornography, Internet news groups, Internet Relay Chat channels, online groups and organizations, peer-to-peer file-sharing programs, bulletin board systems, and other online forums.
Read more about ourย Violent Crimes Against Children Program.
The Internet Crime Complaint Center
The mission of the Internet Crime Complaint Center (IC3) is to provide the public with a reliable and convenient reporting mechanism to submit information to the FBI concerning suspected Internet-facilitated fraud schemes and to develop effective alliances with law enforcement and industry partners. Information is analyzed and disseminated for investigative and intelligence purposes to law enforcement and for public awareness.
Visit theย IC3’s websiteย for more information, includingย IC3 annual reports.
Cyber Action Team
It can be a companyโs worst nightmareโthe discovery that hackers have infiltrated their computer networks and made off with trade secrets, customersโ personal information, and other critical data. Todayโs hackers have become so sophisticated that they can overcome even the best network security measures. When such intrusions happenโand unfortunately, they occur frequentlyโthe FBI can respond with a range of investigative assets, including the little-known Cyber Action Team (CAT). This rapid deployment group of cyber experts can be on the scene just about anywhere in the world within 48 hours, providing investigative support and helping to answer critical questions that can quickly move a case forward.
Established by the FBIโs Cyber Division in 2006 to provide rapid incident response on major computer intrusions and cyber-related emergencies, the team has approximately 50 members located in field offices around the country. They are either special agents or computer scientists, and all possess advanced training in computer languages, forensic investigations, and malware analysis. And since the team’s inception, the Bureau has investigated hundreds of cyber crimes, and a number of those cases were deemed of such significance that the rapid response and specialized skills of the Cyber Action Team were required. Some of those cases affected U.S. interests abroad, and the team deployed overseas, working through our legal attachรฉ offices and with our international partners.
Members of the team make an initial assessment, and then call in additional experts as needed. Using cutting-edge tools, the team lookโs for a hackerโs signature. In the cyber world, such signatures are called TTPsโtools, techniques, and procedures. The TTPs usually point to a specific group or person. The hackers may represent a criminal enterprise looking for financial gain or state-sponsored entities seeking a strategic advantage over the U.S.
National Cyber Forensics & Training Alliance
Long before cyber crime was acknowledged to be a significant criminal and national security threat, the FBI supported the establishment of a forward-looking organization to proactively address the issue. Called the National Cyber-Forensics & Training Alliance (NCFTA), this organizationโcreated in 1997 and based in Pittsburghโhas become an international model for bringing together law enforcement, private industry, and academia to build and share resources, strategic information, and threat intelligence to identify and stop emerging cyber threats and mitigate existing ones.
Since its establishment, the NCFTA has evolved to keep up with the ever-changing cyber crime landscape. Today, the organization deals with threats from transnational criminal groups including spam, botnets, stock manipulation schemes, intellectual property theft, pharmaceutical fraud, telecommunications scams, and other financial fraud schemes that result in billions of dollars in losses to companies and consumers.
The FBI Cyber Divisionโs Cyber Initiative and Resource Fusion Unit (CIRFU) works with the NCFTA, which draws its intelligence from the hundreds of private sector NCFTA members, NCFTA intelligence analysts, Carnegie Mellon Universityโs Computer Emergency Response Team (CERT), and the FBIโs Internet Crime Complaint Center. This extensive knowledge base has helped CIRFU play a key strategic role in some of the FBIโs most significant cyber cases in the past several years.
Violent Crimes Against Children/Online Predators
Even with its post-9/11 national security responsibilities, the FBI continues to play a key role in combating violent crime in big cities and local communities across the United Statesโฆ
Because of the global reach of cyber crime, no single organization, agency, or country can defend against it. Vital partnerships like the NCFTA are key to protecting cyberspace and ensuring a safer cyber future for our citizens and countries around the world.
For more information visit the National Cyber-Forensics & Training Alliance website.
iGuardian
With cyber threats continuing to emerge at the forefront of the FBIโs criminal and national security challenges, engaging public-private partners in information exchange alongside law enforcement and intelligence communitiesโฆ
National Cyber Investigative Joint Task Force
As a unique multi-agency cyber center, the National Cyber Investigative Joint Task Force (NCIJTF) has the primary responsibilityโฆ
Cyber Task Forces: Building Alliances to Improve the Nationโs Cybersecurity
Each Cyber Task Force synchronizes domestic cyber threat investigations in the local community through information sharing, incident responseโฆ
eGuardian
In 2007, eGuardian was developed to help meet the challenges of collecting and sharing terrorism-related activities amongst law enforcement agencies across various jurisdictions. The eGuardian system is a sensitive butโฆ
Protections
How to Protect Your Computer
Below are some key steps to protecting your computer from intrusion:
Keep Your Firewall Turned On:ย A firewall helps protect your computer from hackers who might try to gain access to crash it, delete information, or even steal passwords or other sensitive information. Software firewalls are widely recommended for single computers. The software is prepackaged on some operating systems or can be purchased for individual computers. For multiple networked computers, hardware routers typically provide firewall protection.
Install or Update Your Antivirus Software:ย Antivirus software is designed to prevent malicious software programs from embedding on your computer. If it detects malicious code, like a virus or a worm, it works to disarm or remove it. Viruses can infect computers without usersโ knowledge. Most types of antivirus software can be set up to update automatically.
Install or Update Your Antispyware Technology:ย Spyware is just what it sounds likeโsoftware that is surreptitiously installed on your computer to let others peer into your activities on the computer. Some spyware collects information about you without your consent or produces unwanted pop-up ads on your web browser. Some operating systems offer free spyware protection, and inexpensive software is readily available for download on the Internet or at your local computer store. Be wary of ads on the Internet offering downloadable antispywareโin some cases these products may be fake and may actually contain spyware or other malicious code. Itโs like buying groceriesโshop where you trust.
Keep Your Operating System Up to Date:ย Computer operating systems are periodically updated to stay in tune with technology requirements and to fix security holes. Be sure to install the updates to ensure your computer has the latest protection.
Be Careful What You Download:ย Carelessly downloading e-mail attachments can circumvent even the most vigilant anti-virus software. Never open an e-mail attachment from someone you donโt know, and be wary of forwarded attachments from people you do know. They may have unwittingly advanced malicious code.
Turn Off Your Computer:ย With the growth of high-speed Internet connections, many opt to leave their computers on and ready for action. The downside is that being โalways onโ renders computers more susceptible. Beyond firewall protection, which is designed to fend off unwanted attacks, turning the computer off effectively severs an attackerโs connectionโbe it spyware or a botnet that employs your computerโs resources to reach out to other unwitting users.
Safe Online Surfing
The FBI Safe Online Surfing (FBI-SOS) program is a nationwide initiative designed to educate children in grades 3 to 8 about the dangers they face on the Internet and to help prevent crimes against children.
It promotes cyber citizenship among students by engaging them in a fun, age-appropriate, competitive online program where they learn how to safely and responsibly use the Internet.
The program emphasizes the importance of cyber safety topics such as password security, smart surfing habits, and the safeguarding of personal information.
๐ BERND PULCH ARCHIVE | SECURE MIRROR 