Some 300 international experts on cyber security gathered at Fordham University Tuesday, Jan. 6 for a three-day conference on the emerging global threat of cyber crime and cyber terrorism.
The conference, which attracted representatives from 37 nations, runs through Thursday and is sponsored jointly by the Federal Bureau of Investigation’s New York Division and Fordham’s Department of Computer and Information Sciences.
“We live in a world of instant connectivity . . . where we have no geographic boundaries, are not limited by time zones nor foreign languages,” said John Tognino, chairman of Fordham’s Board of Trustees, who joined Joseph M. McShane, S.J., president of Fordham, in welcoming conference participants to the Lincoln Center campus. “It is also true that almost anyone today has the ability, despite increasingly sophisticated firewalls, to bring down an entire computer operation.
“How then, do we protect our nation, or local communities and even our very own identities?”
In little more than a decade, the growth of the Internet has activated the creation of cyber crimes that range from individual identity theft to corporate financial and intellectual property fraud to state-sanctioned terrorism through virtual terrorist cells. According to an FBI survey released in 2006, U.S. companies spend about $67 billion annually to combat viruses, data-theft and other computer-related crimes.
Christopher M.E. Painter, deputy assistant director of the FBI’s Cyber Division and a leader in the investigation and prosecution of cyber crime, said that cyber criminals have morphed in the last decade from an insular group of hackers and fraudsters motivated by “bragging rights” to members of a networked industry that causes billions in financial losses.
Painter was involved in the prosecution of computer hacker Kevin Mitnick, who infiltrated the systems of several corporations in the 1990s on his own and stole company software. He contrasted Mitnick’s relatively unsophisticated escapades with a group of contemporary Hack, Pump and Dump cyber thieves, based in Thailand and India, who have infiltrated several financial brokerage firms and stolen millions through online stock manipulations. Today, Painter said, it is impossible to know just how much financial damage is being caused globally by cyber crime.
What is critical, Painter said, is that nations of the world act collectively to deter such crimes. Often nations vary in the severity of laws against Internet criminals, he said.
“Smart criminals are organized all over the world,” Painter said. “You are almost never going to find a case where the trail of a cyber crime starts and ends in the same place. If all countries would sign on to strong laws against cyber crime, it would go a long way to deterring these criminals.”
Painter also stressed the need for cooperation between the private and public sectors, and between investigators and prosecutors if such criminals are to be made examples of.
“Cyber security is not just locking [online]doors and windows,” he said. “It is making sure that when someone breaks those doors and windows, they are punished for it.”
Shawn Henry, assistant director of the FBI’s Cyber Division, added that it was necessary to take a proactive approach toward fighting the increasingly sophisticated, invisible criminals. The FBI, he said, is dedicated to fighting cyber crime in the same way as it fought organized crime in the 1980s—through infiltration and evidence-gathering by virtual undercover agents.
“We will be able to use informants to get inside these organizations while the crimes are occurring, not merely reacting six months after the attack and trying to piece it together,” he said. “And we will disrupt and dismantle the organizations.”
One such example was the case called Operation Darkmarket, an FBI sting that shut down a Web-based black market clearinghouse for cyber criminals who deal in stolen credit card information.
The site, which resembled a typical Internet message board, offered tips for thieves and products from illicit vendors. Such merchandise included stolen data such as bank logins and credit card information, new spyware and malware products, and hardware such as magnetic strip writers for those who wanted to imprint stolen credit information on high-quality counterfeit cards.
Special agent J. Keith Mularski infiltrated Darkmarket by posing as a spammer, sometimes spending as many as 18 hours per day communicating with the criminals online. The subsequent sting led to 59 arrests, including the leaders of Darkmarket and some competing criminal forums; more than 100,000 compromised credit cards recovered; and six malware packages confiscated before they could do harm.
This is the first conference in which the FBI and a University have collaborated on global solutions to cyber crime with participants from law enforcement, academia and industry.
See the ICCS Web page for more details: www.iccs.fordham.edu