State-sponsored cyberattacks, disinformation campaigns, and world-wide botnets spreading ransomware far and wide have one thing in common.
According to FBI Director Christopher Wray, they can best be defeated through cooperation between law enforcement agencies, academia, and the private sector. In a speech on Jan. 28, Wray shared with an audience of roughly 1,900 attendees an example less than 36 hours old: the disruption of the Emotet criminal botnet, which was carried out with the European Union Agency for Law Enforcement Cooperation.
“Emotet has for years enabled criminals to push additional malware onto victim networks in critical sectors, like health care, e-commerce, technology, and government. Emotet is one of the longest-running and most pervasive denial-of-delivery services out there,” he said.
The operation was successful, he said, because cybersecurity experts on both continents had applied lessons learned from previous disruptions of botnets, which are networks of internet-connected devices that can be used to perform Distributed Denial-of-Service (DDoS) attacks, steal data, send spam, and allow the attacker to access the device and its connection.
“It’s the kind of disruption that demands cooperation,” he said.
Wray made the announcement during a talk titled “The FBI’s Strategy for Tackling Cyber Threats in 2021 and Beyond,” part of a virtual speaker series sponsored by the International Conference on Cyber Security (ICCS), which is jointly presented by the FBI and Fordham. In-person ICCS events, such as those scheduled for July, have been postponed until public health authorities advise that they’re safe.
In addition to Emotet, Wray cited examples such as the bureau’s success in the September prosecution of the Chinese hacking group Apt41, which was targeting private companies, as well as a partnership with the NSA that lead to last year’s discovery of a sophisticated type of malware developed by the Russian military.
Wray answered audience questions that were presented by Joseph M. McShane, S.J., president of Fordham, who served as moderator. Questions ranged from how the bureau retains talent that might otherwise work in the private sector (their attrition rate is very low) to the ways they go about identifying cybercrimes in general. Asked how private industry can help the justice department defeat domestic threats, Wray advocated a preemptive approach.
“There’s a saying that the best time to patch the roof is when the sun is shining. It’s the same concept here. We want people to start to build those relationships with their local FBI field office before they have a major intrusion,” he said.
On the challenge of misinformation campaigns and social media, Wray made it clear that the bureau is concerned with the threat, not the content.
“We’re not the truth police of the internet. What we focus on is the actor,” he said.
He noted that when the bureau learned that Internet Research Agency, the Russian troll farm that was active during the 2016 presidential election, was actively planning to spread disinformation and distrust in 2020, the FBI tipped off Facebook and Twitter in September to its presence on their networks.
“It’s a situation where we, rather than bringing an enforcement action, we’re feeding tips to the social media companies, which were able to take very quick actions themselves using their own terms of service,” he said.
“Because activity that might not readily lend itself to a criminal case or national security action often very readily violates their terms of service.”
It was another example of the private sector and law enforcement working together to defeat a shared enemy, he said.
“The way we do business today, and so many of the changes we’ve made to our strategy are a product of our work with [the private industry]. We’ve been working with your concerns and suggestions and we’ve taken them to heart. We’ve shifted the way we think and the way we operate so we can have a more significant effect on our adversaries.”
Wray’s talk was followed by a discussion with Ed Stroz, GABELLI ’79, the founder of a firm formerly called Stroz Friedberg and now known as Aon Cyber Solutions, and Matt Gorham, assistant director of the FBI’s Cyber Division. Stroz, a former FBI agent himself, focused on the nuts and bolts of how a private company actually works with the bureau.
Gorham echoed Wray’s suggestion to make a connection before an intrusion, as that will establish a baseline level of trust. This will be important because in the near future, he predicted there will be an increase in ransomware and malware-for-hire services. And, he said, people should feel confident that when they call the FBI for help, the bureau knows that they were the victim.
“And we know how to work with a victim,” he said.
“A lot of times this comes down to a level of comfort that we’re not out there to look at your content; what we’re really looking for are those artifacts of intrusion,” he added, noting that people develop trust in the bureau after working with them once.
“It’s been my experience that there may be a hesitancy to call the FBI the first time; it’s a very quick call the second time.”