October is National Cyber Security Awareness Month, administered by the Department of Homeland Security. This is the perfect time of year for individuals, businesses, and other organizations to reflect on the universe of cyber threats and to do their part to protect their networks, their devices, and their data from those threats.
Recent Cyber Successes
In May 2015, the owner and operator of the original Silk Road website—an online black market designed to enable its users to buy and sell illegal drugs and other unlawful goods and services anonymously—was sentenced to life in prison. The Silk Road site had previously been taken down by law enforcement in November 2013. In November 2014, the owner and operator of a resurrected Silk Road—Silk Road 2.0—was arrested and charged, and law enforcement took down that site as well, along with dozens of other so-called “dark market” websites. The investigation involved the cooperative efforts of the FBI and numerous local, state, federal, and international partners.
In April 2015, a multi-national law enforcement effort was responsible for taking down a cyber criminal forum that served as a one-stop, high-volume shopping venue for some of the world’s most prolific cyber criminals. Darkode was an underground password-protected meeting place for those interested in buying, selling, and trading malware, botnets, stolen personally identifiable information, credit card information, hacked server credentials, and other pieces of data and software. The FBI was able to infiltrate the forum at the highest levels and collect evidence and intelligence on Darkode members. During the takedown, charges, arrests, and searches involved 70 members and associates around the world.
In April 2015, a coordinated international law enforcement and private sector cyber effort resulted in the takedown of a botnet known as Beebone—a “downloader” that allowed other forms of malware to be installed on victims’ computers without their knowledge or consent. The secondary infections installed by Beebone included software that steals banking logins and passwords as well as fraudulent anti-virus software and ransomware.
- The use of malware by online criminals continues unabated, and of the available intrusion devices, the “bot” is particularly pervasive, allowing attackers to take control remotely of compromised computers. Once in place, these “botnets” can be used in distributed denial-of-service attacks, proxy and spam services, additional malware distribution, and other organized criminal activity.
- Cyber criminals perpetrate a wide variety of crimes online, including theft of intellectual property, Internet fraud, identity fraud, and any number of financial fraud schemes.
- Sexual predators use the Internet and social media to target the youngest and most vulnerable victims.
- And many criminals use the so-called “dark web” or “dark market” websites that offer a range of illegal goods and services for sale on a network designed to conceal the true IP addresses of the computers on it.
The FBI—working in conjunction with its many partners at the local, state, federal, and international levels, as well as with industry—takes its own role in cyber security very seriously. That role involves operational efforts—including investigating and disrupting cyber-related national security threats and cyber crimes and collecting, analyzing, and disseminating cyber threat intelligence. It also involves outreach efforts to industry.
Here are just a few examples of how we’re doing all of that:
- The FBI-led National Cyber Joint Investigative Task Force serves as the national focal point for coordinating cyber threat investigations. The work of the NCJITF includes a national public/private initiative to mitigate the use of botnets and malware by criminals, which has emerged as a global cyber security threat.
- Cyber task forces in all 56 field offices coordinate domestic cyber threat investigations in local communities through information sharing, incident response, and joint enforcement and intelligence actions.
- InfraGard—an information-sharing and analysis effort with private sector partners who own, operate, and hold key positions within some 85 percent of the nation’s critical infrastructure—equips its members to identify and mitigate vulnerabilities, develop incident response plans, and enact security best practices.
- The Internet Crime Complaint Center (IC3) accepts online submissions for Internet-related crime complaints, often involving fraudulent claims to consumers. These complaints can not only lead to culprits getting caught, but also help identify regional, national, or international trends to educate the public about constantly evolving cyber threats and scams.
- The FBI’s Safe Online Surfing website, an online program that promotes cyber citizenship by educating young students in the essentials of online security in an effort to help protect them from child predators, cyber bullies, malware, a multitude of schemes, and other dangers on the Internet.
The Bureau will continue to work jointly with our national security and law enforcement partners to address threats to the nation’s cyber security from nation-states, terrorist organizations, transnational criminal enterprises, and child predators. But government can’t do it alone—assistance and vigilance from the public is vital.
Stay tuned to this website during the month of October—we’ll be providing you with tips that will help keep your families and your businesses safe from cyber criminals.
– More on National Cyber Security Awareness Month
– Department of Justice’s Best Practices for Victim Response and Reporting of Cyber Instances (pdf)
– Department of Homeland Security’s cyber security tips
– U.S. Computer Emergency Readiness Team
– FBI Cyber’s Most Wanted
– More on FBI cyber crime efforts