Feds take up arms as computer crime becomes multibillion-dollar problem
Source: Star Tribune
By Steve Alexander
Date: October 06, 2003
The rise of computer crime as a major threat to the world economy can be spelled out in a few numbers.
The first is $2 billion -- the estimated damage done during just eight days in August when the so-called Blaster worm blitzed personal computers and corporate networks worldwide.
The second number, more than $200 million, is the financial toll among a group of U.S. companies surveyed recently by the FBI and the Computer Security Institute, a San Francisco security trade association. Internet attacks were one of the largest contributors to that figure, which is considered to be a fraction of the U.S. total.
And then there is No. 3. That is the new priority assigned to combating technology crime by the FBI, trailing only the prevention of terrorism and espionage in the bureau's mission goals.
While law enforcement is devoting new attention and resources to the problem of Internet attacks, it's uncertain whether it can ever catch up to what has been a geometric explosion of the threats.
Some analysts see the only hope for a meaningful drop in cyber crime coming from the next generation of computers and software, advances not likely to hit the market for at least two years.
The FBI and Secret Service offices in Minneapolis scored a modest victory with the arrest of a Hopkins teenager, Jeffrey Lee Parson, in connection with the Internet attack by the Blaster worm in August. But it quickly became apparent that Parson was a small-time copycat who had merely created a variant of the Blaster worm. The creators of Blaster and its follow-up worm, Welchia, remain anonymous and free. Likewise, there were no government arrests when the SoBig.F computer virus overwhelmed e-mail in-boxes around the world in August or when the Slammer worm struck the world's computers last January.
Cyber task force
If agents are to catch bigger fish, it may be through the coordinated resources of several departments that will operate as the Minnesota Cyber Crimes Task Force, to be in operation by the end of the year. The task force will be the first office in the nation to combine the efforts of the FBI, Secret Service and the U.S. attorney's office. Officials say the effort is originating here because of personal relationships developed over several years. It's unclear whether the office will become a model for the rest of the nation.
Paul McCabe, a special agent in the Minneapolis FBI office, wouldn't discuss details of how the task force will operate, but said it will investigate crimes that include Internet attacks, online fraud, cyberspace theft of intellectual property, online child pornography and the use of the Internet as a communications medium for terrorists.
Paul Luehr, an assistant U.S. attorney who prosecutes many of the federal cyber crime cases in Minnesota, said the task force promises a new way of handling cyber crimes because in the past the two federal investigative agencies have tended to go their own way, with the Secret Service heading up cyber crime investigations in New York and San Francisco and the FBI running comparable investigations in Pittsburgh and San Diego.
For example, task force members can share the secure storage that is required for seized computers, a forensic lab needed to examine computer hard drives for evidence and the work stations that allow investigators to access federal crime databases.
No one will disclose the size of the task force's budget or staff. McCabe said the FBI will contribute 10 people, including seven investigators and three "computer forensic examiners" who examine seized computers for evidence and know their way around the Internet. Before the task force was envisioned, the FBI had six people in Minnesota working on cyber crimes, he said. Brian Snyder, special agent in charge of the Minneapolis Secret Service office, declined to disclose his agency's contribution to the task force.
Asked whether the task force will enhance the federal government's spotty record for arresting Internet attackers, Luehr wouldn't predict success.
"But there is little chance of catching very sophisticated cyber criminals unless we do combine our resources. A task force like this at least gives us a fighting chance," he said.
A daunting task
McCabe concedes that the task force faces a daunting task.
"Cyber crime investigations are difficult," he said. "But even in cyberspace fingerprints are left, so to speak. Traces are left behind that we can use to attempt to track down people."
But John Pescatore, a former Secret Service agent and vice president for Internet security at Connecticut research firm Gartner, counters that such a strategy is "a losing game."
"Most crimes are solved through informants, and law enforcement is not to the point of being able to infiltrate the groups of people who create viruses and launch them," Pescatore said. The result is that the cyber cops "only catch the stupid ones."
J. Michael Gibbons, managing director at Virginia-based consulting firm BearingPoint Inc. and a former computer investigations chief at the FBI's National Infrastructure Protection Center, said he's "amazed that they've caught anybody doing this, because cyberspace is a wonderful place to hide."
Pescatore thinks the solution probably lies more in new software rather than in law enforcement techniques.
"The attacks are coming faster and faster, and it's getting harder and harder to patch the vulnerabilities they exploit. So until software becomes more secure than it is now, things will get worse," he said.
The most promising development on the horizon is Microsoft's first security-oriented Windows operating system, due at the end of 2005, Pescatore said.
"Five years from now, we will have blocked the kinds of Internet attacks that are being made today, and will be focused more on problems such as identity theft."
Other analysts think a solution may be farther away.
"The problem is not going to get better for another 10 to 15 years, when we find a new ways to build computer systems," said Gibbons of BearingPoint. "We have to re-engineer everything."
The FBI has for seven years run a program called InfraGard, which enlists the help of local corporate information technology professionals to help solve cyber crimes. Now other federal agencies are becoming involved.
The Department of Homeland Security has taken over the FBI's existing National Infrastructure Protection Center and is seeking to offer improved warnings about Internet threats. Homeland Security in September formed a partnership with the 15-year-old CERT Coordination Center, operated with federal money by Carnegie Mellon University of Pittsburgh, which offers a similar Internet warning service. The partnership should help produce faster, more accurate analysis of online threats, said Jeffrey Carpenter, manager of the CERT Coordination Center.
Many corporations also are accelerating efforts to protect themselves after being hard-hit this summer by Blaster, Welchia and SoBig. Gartner projects that corporations worldwide will spend an average 5.4 percent of their corporate information technology budgets on security this year, up from 4.3 percent in 2002 and 3.4 percent in 2001. Worldwide purchases of hardware, software and services for security now total $15 billion a year, up from $12 billion two years ago, the firm said.
"Corporations are spending more on security because they have increased exposure to computer virus attacks and hackers," said Travis Finstad, president-elect of the Minnesota Chapter of the Information System Audit and Control Association, a trade association for those involved in the management and security of data. Expenditures include better Internet firewalls to stop intruders and improved employee education to prevent security lapses.
But Gartner's Pescatore said corporate spending on Internet security has been too erratic to be effective.
"When the Nimda and Code Red worms struck the Internet in 2001, corporations and consumers rushed to update their antivirus software, and corporations also paid for security audits," Pescatore said.
"By January 2002, when we had not had another attack, people started saying they would hold off on security spending," he said. "So we saw security spending tail down, which led to the corporate vulnerabilities exploited by the Slammer worm in January and the Blaster worm in August of this year. So I expect there will be a lot of corporate security spending in 2003, and that it will start to tail off in 2004."
But some reports suggest CEOs may have little choice but to keep their IT security spending high.
Symantec's threat report suggests that the problem of Internet attacks is likely to grow. The report said that 12 percent more vulnerabilities were found in Internet software in the first half of 2003 than in the comparable period last year, and 80 percent of those vulnerabilities could be exploited by remote attacks on the Internet. Symantec also reported a 10 percent increase in the number of easy targets on the Internet -- software that could be attacked by a person with little computer skill.
Another concern is that Internet attackers are moving against potential targets faster than ever before, said Oliver Friedrichs, senior manager of Symantec's security response operations.
"The Slammer worm took six months to show up" once the vulnerabilities in Microsoft's SQL Server software were discovered, Friedrichs said. "But the Blaster worm showed up 26 days after Microsoft disclosed the vulnerability in Windows."
^macro[showdigestcomments;^uri;Feds take up arms as computer crime becomes multibillion-dollar problem]