Addressing The Cyber Threat: FBI Director Discusses FBI Approach At Cybersecurity Conference

The FBI released the below information:

With cyber threats to the United States and across globe reaching unprecedented levels, the FBI uses a full spectrum of expertise, technology, and partnerships to root out cyber criminals, FBI Director Christopher Wray said at the annual RSA Conference in San Francisco yesterday.

“Today’s cyber threat is bigger than any one government agency—frankly, bigger than government itself,” Wray said in an on-stage interview at the cybersecurity conference. “But I think no agency brings the same combination of scope and scale, experience, tools, and relationships that the FBI has.”

You can read the rest of the piece and watch a video clip via the below link:

https://www.fbi.gov/news/stories/director-wray-speaks-at-rsa-cybersecurity-conference-030619?utm_campaign=email-Daily&utm_medium=email&utm_source=fbi-top-stories&utm_content=%5B719215%5D-%2Fnews%2Fstories%2Fdirector-wray-speaks-at-rsa-cybersecurity-conference-030619 

National Cybersecurity Awareness Month: The U.S. Navy Says The Cyber Threat Is Real

The Office of the Deputy Chief of Naval Operations for Information Warfare released the below information:

WASHINGTON (NNS) -- Throughout National Cybersecurity Awareness Month this October, and in subsequent articles, the Office of the Deputy Chief of Naval Operations for Information Warfare (N2N6) will describe the things you can do, at home and at work, to protect yourself and the Navy from cyber threats.

Few people today need to be convinced that our networks, computers and smart phones are at risk of compromise. We've grown accustomed to the news of computer hacks.

The confidential information of 143 million Americans was potentially compromised in the recent Equifax breech. In May 2017, the WannaCry ransomware attack infected 150,000-plus computers in over 150 countries within the first 24 hours.

If you keep up with the news, you know of Russia's election-focused data thefts and disclosures. More distant high profile attacks, such as the 2015 Office of Personnel Management hack that resulted in the theft of 21.5 million personnel records, are memorable because they affected many of us in the Navy.

From these example hacks, you can safely assume anything connected to the internet is at risk.

In fact, any electronic device for storing and processing data - a computer - is at risk, regardless of whether it's connected to the internet or whether it looks like the desktop or laptop computers we use at home and at work.

Disconnected systems are also vulnerable as attackers have employed innovative tactics to reach systems not connected to the internet. For example, thumb drives loaded with damaging software were picked up by unsuspecting technicians and used to spread the Stuxnet virus to centrifuges in an underground Iranian nuclear research facility.

Although the compromise of Iran's nuclear facility was well publicized, less well known are other news reports that also demonstrate physical systems controlled by computers (control systems) are at risk.

In 2016, hackers who were thought to be from Russia compromised a Ukrainian power company, knocking out power to part of Kiev for over an hour. A 2015 breech of a Ukrainian energy company, which resulted in a power outage to 80,000 customers, may have been related to the 2016 attack. Closer to home, in 2016 "...the Justice Department claimed Iran had attacked U.S. infrastructure online, by infiltrating the computerized controls of a small dam 25 miles north of New York City."

The control systems that manage the Navy's critical infrastructure and other services at Navy bases and facilities are commercial products that have known weaknesses. Like the Ukrainian control systems and the systems controlling the New York dam, Navy control systems and networks used by operational forces could also be at risk of compromise.

During June 2017, a commercial ship off the Russian coast discovered its GPS navigation system erroneously located the ship at an airport 32 kilometers inland. At least 20 other ships in the area had similar problems with their Automatic Identification System, which U.S. Navy ships also use. "Experts think this is the first documented use of GPS misdirection - a spoofing attack that has long been warned of but never seen in the wild."

Chief of Naval Operations (CNO) Admiral John Richardson sums up the current cyber threat environment, "The threats reach well beyond what you would consider a traditional computer or information technology network into the control systems and indeed almost every aspect of our lives and of our Navy mission."

These cyber threats can come from nations with highly sophisticated cyber programs, countries with lesser technical capabilities but possibly more disruptive intent, ideologically motivated hackers or extremists and/or insiders within our organizations, with a variety of motivations. Even cyber criminals threaten the Navy because they sell malicious software to state and non-state actors, thereby increasing the number of potential threat actors.

Vigilance and ensuring a robust defense-in-depth framework that incorporates people, processes and technology to assure our networks are safe is key.

The threat will continue to increase as adversaries look for potential vulnerabilities and increase their level of sophistication for cyber-attacks. In Congressional testimony, former Director of National Intelligence James Clapper described the threat saying, "Cyber threats to US national and economic security are increasing in frequency, scale, sophistication and severity of impact. The ranges of cyber threat actors, methods of attack, targeted systems and victims are also expanding."

But you can make a difference.

By adhering to cybersecurity policies, directives and best practices you can help keep the Navy secure and also protect yourself and your families while online, outside of work. It's an all hands effort, like damage control on a ship.

Knowing adversaries are actively seeking to penetrate our systems, steal our data and disrupt operations should help you understand the CNO's perspective: "Wherever you are, whatever system you're operating, every time you log in, you are in the cyber battlespace."

Be vigilant. Be safe.

Note: You can click on the above illustration to enlarge.  

ISIL-Linked Kosovo Hacker Sentenced To 20 Years in Prison

The U.S. Justice Department released the below information:

WASHINGTON – Ardit Ferizi, aka Th3Dir3ctorY, 20, a citizen of Kosovo, was sentenced today to 20 years in prison for providing material support to the Islamic State of Iraq and the Levant (ISIL), a designated foreign terrorist organization, and accessing a protected computer without authorization and obtaining information in order to provide material support to ISIL.

Assistant Attorney General for National Security John P. Carlin, U.S. Attorney Dana J. Boente for the Eastern District of Virginia, Assistant Director in Charge Paul M. Abbate of the FBI’s Washington Field Office and Special Agent in Charge Charles P. Spencer of the FBI’s Jacksonville Field Office made the announcement after the defendant was sentenced by U.S. District Judge Leonie M. Brinkema.

"This case represents the first time we have seen the very real and dangerous national security cyber threat that results from the combination of terrorism and hacking,” said Assistant Attorney General Carlin. “This was a wake-up call not only to those of us in law enforcement, but also to those in private industry. This successful prosecution also sends a message to those around the world that, if you provide material support to designated foreign terrorist organizations and assist them with their deadly attack planning, you will have nowhere to hide.  As this case shows, we will reach half-way around the world if necessary to hold accountable those who engage in this type of activity. I want to thank the corporation that worked with law enforcement to solve this crime, and the agents, analysts and prosecutors who worked on this groundbreaking case."

Ferizi, who was detained by Malaysian authorities on a provisional arrest warrant on behalf of the U.S., was charged by criminal complaint on Oct. 6, 2015. The criminal complaint was unsealed on Oct. 15, 2015. Ferizi subsequently consented to extradition.

Ferizi pleaded guilty on June 15. According to court documents, Ferizi admitted that on or about June 13, 2015, he gained system administrator-level access to a server that hosted the website of a U.S. victim company. The website contained databases with personally identifiable information (PII) belonging to tens of thousands of the victim company’s customers, including members of the military and other government personnel. Ferizi subsequently culled the PII belonging to U.S. military members and other government personnel, which totaled approximately 1,300 individuals. That same day, on June 13, Ferizi provided the PII belonging to the 1,300 U.S. military members and government personnel to Junaid Hussain, a now-deceased ISIL recruiter and attack facilitator. Ferizi and Hussain discussed publishing the PII of those 1,300 victims in a hit list.

According to court documents, on Aug. 11, 2015, in the name of the Islamic State Hacking Division (ISHD), Hussain posted a tweet that contained a document with the PII of the approximately 1,300 U.S. military and other government personnel that Ferizi had taken from the victim company and provided to Hussain. The document stated, in part, that “we are in your emails and computer systems, watching and recording your every move, we have your names and addresses, we are in your emails and social media accounts, we are extracting confidential data and passing on your personal information to the soldiers of the khilafah, who soon with the permission of Allah will strike at your necks in your own lands!” Ferizi admitted that he provided the PII to ISIL with the understanding that ISIL would use the PII to “hit them hard.”

This case is being prosecuted by Special Assistant U.S. Attorney Brandon Van Grack of the Eastern District of Virginia and Trial Attorney Gregory Gonzalez of the National Security Division’s Counterterrorism Section. The Malaysian authorities and the Justice Department’s Office of International Affairs also provided significant assistance.

FBI Most Wanted: FBI Seeking Tech Experts to Become Cyber Special Agents

The FBI web site offers a piece on their seeking cyber tech experts.

Since its earliest days, the FBI has looked for recruits with specialized skills to fill its special agent ranks: lawyers, accountants, scientists, and engineers, to name a few. Today, however, the most sought-after candidates possess a uniquely 21st century quality: cyber expertise.

Investigating cyber crimes—such as website hacks, intrusions, data theft, botnets, and denial of service attacks—is a top priority for the FBI. To keep pace with the evolving threat, the Bureau is appealing to experienced and certified cyber experts to consider joining the FBI to apply their well-honed tradecraft as cyber special agents.

“The FBI seeks highly talented, technically trained individuals who are motivated by the FBI’s mission to protect our nation and the American people from the rapidly evolving cyber threat,” said Robert Anderson, Jr., executive assistant director for the Bureau’s Criminal, Cyber, Response, and Services Branch. “What we want are people who are going to come and be part of a team that is working different very complex types of investigations and to utilize their skillsets in that team environment.”

The Bureau recently launched a campaign to bring aboard more technical talent, including computer scientists, IT specialists, and engineers. In a job posting—open until January 20—the FBI says no other organization will apply the expertise of successful candidates like the FBI.

You can read the rest of the piece and watch a video via the below link:

http://www.fbi.gov/news/stories/2014/december/fbi-seeking-tech-experts-to-become-cyber-special-agents/fbi-seeking-tech-experts-to-become-cyber-special-agents?utm_campaign=email-Daily&utm_medium=email&utm_source=fbi-top-stories&utm_content=388550

"The Director," A Sobering Tale Of Cyberterrorism

Veteran journalist and author Joseph C. Goulden reviewed David Ignatius' The Director for the Washington Times.

About halfway through a first draft of this review, a sobering thought brought me up short: My criticisms of the underworld of online hackers and data thieves were apt to cost me retaliatory computer grief for years to come. So I shall take the coward’s way out. If you are among that band of technological bandits, and do not care for the way you are depicted, go after David Ignatius, who wrote the book, and not the guy reviewing it.

In a sense, “The Director” is even more frightening that the usual intelligence fare of Cold War nuclear sword-rattling or terrorism plots out of the Middle East. Those who are regular readers of Mr. Ignatius' commentary realize that he is perhaps the best-informed journalist writing today about intelligence and national security. Thus, when he sounds a klaxon alarm about the dangers of cyberterrorism, he is not making things up. He is describing a clear and present danger.

Mr. Ignatius is a rare columnist who does hard reporting rather sitting in an office and sucking his thumb. He devotes the same energy and skills to his fiction, and several of his nine novels were based on actual events.

To set the stage for “The Director,” in a prologue, Mr. Ignatius walks us through an annual hackers’ convention, DEF CON, held in a Las Vegas casino. This event really exists, and as Mr. Ignatius writes, “It was a school for mischief.” The multipage program lists lectures: “Hacking Bluetooth connections on phone,” “Hacking RFID tags on cargo containers,” “Controlling automobiles remotely through their electronic systems” and so on.

At the center of the chilling novel at hand is an idealistic high-tech businessman named Graham Weber, who is tapped to bring the Central Intelligence Agency out of slothful years of scandal and official misconduct.

However, on his very first day on the job, Weber is confronted with a more immediate problem. A young German man with a shaved head and scruffy clothes, ears adorned with metal studs — “a normal adult’s bad dream” — comes to the U.S. Consulate in Hamburg with a warning: Hackers have broken into CIA’s communications system. “Your messages can be read,” he tells a CIA officer. “They are not secret.” He gives her proof of the intrusion.

Thus, Mr. Ignatius plunges into a high-tech thriller that is essentially a cram course in how to foul up a communications system (although I trust that some of the details are fuzzed enough to deter readers from creating chaos on their own). The crowning moment is the hacking of the Bank of International Settlement in Basel, Switzerland, which serves as a clearinghouse for the world banking system — and which is viewed by many moon-howlers as “a compendium of all the mistakes and conspiracies of the twentieth century,” as one hacker muses.

You can read the rest of the review via the below link:

http://www.washingtontimes.com/news/2014/jul/18/book-review-sobering-tale-of-cyberterrorism/

Changes Coming to Intelligence Communities, Undersecretary of Defense For Intelligence Says

  

Claudette Roulo at the American Forces Press Service offers the below link:

 

WASHINGTON, June 3, 2014 - A tremendous change has taken place in U.S. intelligence capabilities over the past decade, and even bigger changes are underway, Undersecretary of Defense for Intelligence Michael G. Vickers (seen in the above photo) said today.

 

Speaking at a Center for Strategic and International Studies forum, Vickers said the nation faces an assortment of national security challenges, including several permutations of al-Qaida and its affiliates, homegrown violent extremists, unrest in the Middle East and North Africa, Russian revanchism, cyber threats and the proliferation of weapons of mass destruction.

 

"While we've had a lot of success in severely degrading the al-Qaida core in the Pakistan-Afghanistan border region, they continue to pose a threat, in particular a [constitutional] threat down the road," Vickers said.

"But the three biggest threats are al-Qaida in the Arabian Peninsula -- centered in Yemen -- and the growing al-Qaida threat in Syria and al-Qaida's affiliates, ... who are spread elsewhere and who are taking advantage of what we call metastasization ... across the Middle East and North Africa. ... And so this really remains job one for the intelligence community and our special operations forces," he told the audience.

 

The Syrian civil war is a particularly vexing national security challenge, Vickers said.

 

"It's a horrific civil war, with 150,000 dead," he said. "It's a humanitarian crisis of mind-boggling proportions, with some 9 million internally displaced [persons] or refugees who have fled the country. ... And, of course, it's giving rise to a significant terrorism threat."

 

President Barack Obama has stressed that the United States is committed to supporting the Syrian opposition in their fight against Syrian President Bashar Assad, the undersecretary said. "We'll work with the Congress to ramp up our support for the opposition," he added.

The most concerning aspect of Russia's taking of the Crimean Peninsula and involvement in Ukrainian politics is the destabilizing effect these actions are having on the region, Vickers said. "While Russian forces have pulled back their troops from the border region, they have not ceased their support for pro-Russian separatists in eastern Ukraine, and that threat remains to the government of Ukraine and its territory," he explained.

Cyber threats range from the theft of intellectual property to destructive attacks, the undersecretary said. "Over the past couple of years, we've had destructive attacks against South Korea, against Saudi Arabia, and denial-of-service attacks against the U.S. financial sector," he said, adding that the probability is high that there will be more destructive attacks in the future.

These challenges are broad and enduring, Vickers said. "Taken together, these are highly asymmetric challenges," he said, and solving them will require a series of "offset" strategies -- oblique approaches designed to address a specific aspect of each challenge.

"Also critical to dealing with this set of enduring challenges is the continued economic and technical leadership of the United States, which ... is a national security imperative," he said.

Intelligence is the first line of defense in national security, Vickers said. It informs national security policy, enables intelligence-driven precision operations, provides commanders and the commander in chief with options, and it prevents strategic surprise.

"Intelligence is a significant source of advantage for the United States. ... It's an advantage that's very important to us, but it's also one that has to be used aggressively, but also prudently, to make sure we're helping our leaders solve problems and not adding to their problems," Vickers said.

The United States is making a number of investments to sustain its intelligence advantage well into the future, the undersecretary told the audience.

"There are big changes ahead in the way we use our overhead space architecture -- some of the biggest changes that we've seen in several decades," he said. "It will be possible ... to have persistence we've never had before."

Through the Defense Clandestine Service, the Defense Department will strengthen its human intelligence and cryptanalytic capabilities, the undersecretary said.

The Predator and Reaper unmanned aerial vehicles have become the "signature weapon" of counterterrorism operations over the past decade, Vickers said.

"It has enabled the most precise counterterrorism campaign in the history of warfare, and it is our most effective instrument," he added. "We are very healthy in this area, but we are looking to make advancements in some advanced sensors as well as extending the range of our second-generation platform considerably."

The Defense Department is making significant progress as it seeks to develop a cyber force and its associated support structures, the undersecretary said. "The key to making that cyber force effective ... has really been our partnerships with industry, ... particularly in the area of information sharing," he said.

Separately, the sharing of information within and between agencies has vastly improved in the years since 9/11, Vickers said. "Our intelligence agencies work much closer together," he added. "It's hard to find a case where a single intelligence agency has been responsible for a significant intelligence breakthrough or operation."

Vickers said he and Director of National Intelligence James Clapper have made it their top priority to ensure that the national and defense intelligence apparatuses are integrated and transparent to one another.

In addition, the national security strategy depends on enabling partners, he said. "To make the national security apparatus effective across the interagency -- both domestic and foreign -- also requires a high degree of intelligence sharing," he added.

In that vein, Vickers said, DOD and the intelligence community are modernizing their information technology systems to strike a balance between the need to protect information while also distributing it.

Cyber Criminal Pleads Guilty To Developing And Distributing Notorious Spyeye Malware

The U.S. Justice Department released the below information:

Aleksandr Andreevich Panin, a Russian national also known as “Gribodemon” and “Harderman,” has pleaded guilty to conspiracy to commit wire and bank fraud for his role as the primary developer and distributor of the malicious software known as “SpyEye,” which, according to industry estimates, has infected over 1.4 million computers in the United States and abroad.

Acting Assistant Attorney General Mythili Raman of the Department of Justice’s Criminal Division, U.S. Attorney Sally Quillian Yates of the Northern District of Georgia and Acting Special Agent in Charge Ricky Maxwell of the FBI’s Atlanta Field Office made the announcement.

“Given the recent revelations of massive thefts of financial information from large retail stores across the country, Americans do not need to be reminded how devastating it is when cyber criminals surreptitiously install malicious codes on computer networks and then siphon away private information from unsuspecting consumers,” said Acting Assistant Attorney General Raman.  “Today, thanks to the tireless work of prosecutors and law enforcement agents, Aleksandr Panin has admitted to his orchestration of this criminal scheme to use ‘SpyEye’ to invade the privacy of Americans by infecting their computers through a dangerous botnet.  As this prosecution shows, cyber criminals – even when they sit on the other side of the world and attempt to hide behind online aliases – are never outside the reach of U.S. law enforcement.”

“As several recent and widely reported data breaches have shown, cyber-attacks pose a critical threat to our nation’s economic security,” said U.S. Attorney Yates. “Today’s plea is a great leap forward in our campaign against those attacks.   Panin was the architect of a pernicious malware known as ‘SpyEye’ that infected computers worldwide.   He commercialized the wholesale theft of financial and personal information.   And now he is being held to account for his actions.   Cyber criminals be forewarned: you cannot hide in the shadows of the Internet.   We will find you and bring you to justice.”

“This investigation highlights the importance of the FBI’s focus on the top echelon of cyber criminals,” said Acting FBI SAC Maxwell.   “The apprehension of Mr. Panin means that one of the world’s top developers of malicious software is no longer in a position to create computer programs that can victimize people around the world.   Botnets such as SpyEye represent one of the most dangerous types of malicious software on the Internet today, which can steal people’s identities and money from their bank accounts without their knowledge.   The FBI will continue working with partners domestically and internationally to combat cyber-crime.”

According to the charges and other information presented in court, SpyEye is a sophisticated malicious computer code that is designed to automate the theft of confidential personal and financial information, such as online banking credentials, credit card information, usernames, passwords, PINs, and other personally identifying information.   The SpyEye virus facilitates this theft of information by secretly infecting victims’ computers, enabling cyber criminals to remotely control the infected computers through command and control (C2) servers.   Once a computer is infected and under their control, cyber criminals can remotely access the infected computers, without authorization, and steal victims’ personal and financial information through a variety of techniques, including “web injects,” “keystroke loggers,” and “credit card grabbers.”   The victims’ stolen personal and financial data is then surreptitiously transmitted to the C2 servers, where it is used to steal money from the victims’ financial accounts.

Panin was the primary developer and distributor of the SpyEye virus.   Operating from Russia from 2009 to 2011, Panin conspired with others, including codefendant Hamza Bendelladj, an Algerian national also known as “Bx1,” to develop, market and sell various versions of the SpyEye virus and component parts on the Internet.   Panin allowed cyber criminals to customize their purchases to include tailor-made methods of obtaining victims’ personal and financial information, as well as marketed versions that specifically targeted designated financial institutions.   Panin advertised the SpyEye virus on online, invitation-only criminal forums.   He sold versions of the SpyEye virus for prices ranging from $1,000 to $8,500.   Panin is believed to have sold the SpyEye virus to at least 150 “clients,” who, in turn, used them to set up their own C2 servers.   One of Panin’s clients, “Soldier,” is reported to have made more than $3.2 million in a six-month period using the SpyEye virus.

According to industry estimates, the SpyEye virus has infected more than 1.4 million computers in the United States and abroad, and it was the preeminent malware toolkit used from approximately 2009 to 2011.   Based on information received from the financial services industry, over 10,000 bank accounts have been compromised by SpyEye infections since 2013 alone.   Some cyber criminals continue to use SpyEye today, although its effectiveness has been limited since software makers have added SpyEye to malicious software removal programs.

In February 2011, pursuant to a federal search warrant, the FBI searched and seized a SpyEye C2 server allegedly operated by Bendelladj in the Northern District of Georgia.   That C2 server controlled over 200 computers infected with the SpyEye virus and contained information from numerous financial institutions.

In June and July 2011, FBI covert sources communicated directly with Panin, who was using his online nicknames “Gribodemon” and “Harderman,” about the SpyEye virus.   FBI sources then purchased a version of SpyEye from Panin that contained features designed to steal confidential financial information, initiate fraudulent online banking transactions, install keystroke loggers, and initiate distributed denial of service (DDoS) attacks from computers infected with the malware.

On Dec. 20, 2011, a Northern District of Georgia grand jury returned a 23-count indictment against Panin, who had yet to be fully identified, and Bendelladj.   The indictment charged one count of conspiracy to commit wire and bank fraud, 10 counts of wire fraud, one count of conspiracy to commit computer fraud, and 11 counts of computer fraud. A superseding indictment was subsequently returned identifying Panin by his true name.

Bendelladj was apprehended at Suvarnabhumi Airport in Bangkok, Thailand, on Jan. 5, 2013 and was extradited from Thailand to the United States on May 2, 2013.   His charges are currently pending in the Northern District of Georgia.

Panin was arrested by U.S. authorities on July 1, 2013, when he flew through Hartsfield-Jackson Atlanta International Airport.

The investigation also has led to the arrest of four of Panin’s SpyEye clients and associates in the United Kingdom and Bulgaria.

On Jan. 28, 2014, Panin pleaded guilty to conspiring to commit wire and bank fraud.   Sentencing for Panin is scheduled for April 29, 2014, before United States District Judge Amy Totenberg of the Northern District of Georgia.

The case is being investigated by the FBI.   Assistant United States Attorney Scott Ferber of the Northern District of Georgia, Trial Attorney Ethan Arenson of the Criminal Division’s Computer Crime and Intellectual Property Section and Senior Litigation Counsel Carol Sipperly of the Criminal Division’s Fraud Section are prosecuting the case.   Former Assistant United States Attorney Nicholas Oldham also participated in the prosecution while with the Criminal Division.

Valuable assistance was provided by the Criminal Division’s Office of International Affairs and the following international law enforcement agencies:   The United Kingdom’s National Crime Agency, the Royal Thai Police-Immigration Bureau, the National Police of the Netherlands - National High Tech Crime Unit (NHTCU), Dominican Republic’s Departamento Nacional de Investigaciones (DNI), the Cybercrime Department at the State Agency for National Security-Bulgaria and the Australian Federal Police (AFP).

Valuable assistance also was provided by the following private sector partners: Trend Micro’s Forward-looking Threat Research (FTR) Team, Microsoft’s Digital Crimes Unit, Mandiant, Dell SecureWorks, Trusteer and the Norwegian Security Research Team known as “Underworld.no”.

FBI On Preparing For And Responding To The Cyber Threat

Richard A. McFeely, the FBI's Executive Assistant Director, Criminal, Cyber, Response, and Services Branch (seen in the above FBI official photo), testified before the Senate Appropriations Committee on cyber security on June 12, 2013.

Good afternoon Chairwoman Mikulski, Vice Chairman Shelby, and members of the committee. I appreciate the opportunity to appear before you today to discuss the cyber threat, how the FBI has responded to it, and how we are marshaling our resources and strengthening our partnerships to more effectively combat the increasingly sophisticated adversaries we face in cyberspace.

As the committee is well aware, the frequency and impact of cyber attacks on our nation’s private sector and government networks have increased dramatically in the past decade, and are expected to continue to grow. Since 2002, the FBI has seen an 84 percent increase in the number of computer intrusion investigations.

Our adversaries in the cyber realm include spies from nation-states who seek our secrets and intellectual property; organized criminals who want to steal our identities and money; terrorists who aspire to attack our power grid, water supply, or other infrastructure; and hacktivist groups who are trying to make a political or social statement. It is difficult to overstate the potential impact these threats pose to our economy, our national security, and the critical infrastructure upon which our country relies. The bottom line is we are losing data, money, ideas, and innovation to a wide range of cyber adversaries and much more is at stake.

Director Mueller has said he expects the cyber threat to surpass the terrorism threat to our nation in the years to come. That is why we are strengthening our cyber capabilities in the same way we enhanced our intelligence and national security capabilities in the wake of the September 11th attacks.

You can read the rest of his statement via the below link:

http://www.fbi.gov/news/testimony/cyber-security-preparing-for-and-responding-to-the-enduring-threat?utm_campaign=email-Daily&utm_medium=email&utm_source=congressional-testimony&utm_content=232918

FBI Responding To The Cyber Threat

 

John D. Memarest, the FBI's Assistant Director in charge of the Cyber Division, spoke before the Senate Judiciary Committee, Subcommittee on Crime and Terrorism, on May 8th.

 

The 21st century brings with it entirely new challenges, in which criminal and national security threats strike from afar through computer networks, with potentially devastating consequences. These intrusions into our corporate networks, personal computers, and government systems are occurring every single day by the thousands. Such attacks pose an urgent threat to the nation’s security and economy. The threat has reached the point that, given enough time, motivation, and funding, a determined adversary will likely be able to penetrate any system accessible from the Internet.
We see four primary malicious actors in the cyber world: foreign intelligence services, terrorist groups, organized criminal enterprises, and hacktivists.

Dozens of countries have sophisticated cyber espionage capabilities, and these foreign cyber spies have become increasingly adept at exploiting weaknesses in our computer networks. Once inside, they can exfiltrate government and military secrets, as well as valuable intellectual property—information that can improve the competitive advantage of state-owned entities and foreign companies.

Terrorist groups would like nothing better than to digitally sabotage our power grid or water supply. Although most such groups currently lack the capability to conduct sabotage operations over the Internet themselves, the tools and expertise to perpetrate a cyber attack with physical effects are readily available for purchase or hire.

Organized criminal groups, meanwhile, are increasingly migrating their traditional criminal activity from the physical world to the online world. They no longer need guns to rob a bank; they use a computer to breach corporate and financial institution networks to steal credentials, account numbers, and personal information they can use to make money.

These criminal syndicates, often made up of individuals living in disparate places around the world, have stolen billions of dollars from the financial services sector and its customers. Their crimes increase the cost of doing business, put companies at a competitive disadvantage, and create a significant drain on our economy.

Hacktivist groups are pioneering their own forms of digital anarchy, posing novel cybersecurity threats by repeatedly illegally accessing computers or networks for a variety of reasons, including politically or socially motivated goals.

With these diverse actors, we face significant challenges in our efforts to address and investigate cyber threats. While the FBI has already made great strides in developing its capability to address the cyber threat, we are currently prioritizing our immediate and long-term areas for strategic development in order to best position ourselves for the future. 

You can read the rest of the statement via the below link:

http://www.fbi.gov/news/testimony/responding-to-the-cyber-threat?utm_campaign=email-Daily&utm_medium=email&utm_source=congressional-testimony&utm_content=222787

U.S. National Intelligence Director Places Cyber Threats At The Top Of Transnational Threat List

Jim Garamone at the American Forces Press Service offers the below piece:

WASHINGTON, March 12, 2013 - Ten years ago, the idea that cyber posed a leading threat against the United States would be laughed at. But no one is laughing any more.

James R. Clapper, the director of national intelligence, testified before the Senate Select Committee on Intelligence today, and cyber led off his presentation of transnational threats.

Threats are more diverse, interconnected and viral than at any time in American history, the director said.

"Attacks, which might involve cyber and financial weapons, can be deniable and unattributable," he said in his prepared testimony. "Destruction can be invisible, latent and progressive."

In such a world, the role of intelligence grows, and finding ways to increase the efficiency of the intelligence community becomes paramount, Clapper said. "In this threat environment, the importance and urgency of intelligence integration cannot be overstated," he added. "Our progress cannot stop. The intelligence community must continue to promote collaboration among experts in every field, from the political and social sciences to natural sciences, medicine, military issues and space."

Clapper explained that cyber threats are broken into two terms: cyberattacks and cyberespionage. Cyberattacks aim at creating physical effects or to manipulate, disrupt or delete data. "It might range from a denial-of-service operation that temporarily prevents access to a website to an attack on a power turbine that causes physical damage and an outage lasting for days," he said. Cyber espionage refers to stealing data from a variety of sources.

The threat is growing, Clapper said, but is not here just yet. "We judge that there is a remote chance of a major cyberattack against U.S. critical infrastructure systems during the next two years that would result in long-term, wide-scale disruption of services, such as a regional power outage," Clapper said.

State actors with the skills to do this, such as Russia and China, are unlikely to launch such an attack, he said, and other states or organizations do not have these skills.

"However, isolated state or nonstate actors might deploy less sophisticated cyberattacks as a form of retaliation or provocation," he added. "These less advanced but highly motivated actors could access some poorly protected U.S. networks that control core functions, such as power generation, during the next two years, although their ability to leverage that access to cause high-impact, systemic disruptions will probably be limited."

A number of attacks already have taken place, including numerous denial-of-service attacks against U.S. banks. In August, someone attacked the Saudi oil company Aramco, rendering 30,000 computers unusable.

A more insidious cyber threat comes from foreign intelligence and security services that have penetrated numerous computer networks of U.S. government, business, academic and private-sector entities, Clapper said. "Most detected activity has targeted unclassified networks connected to the Internet, but foreign cyber actors are also targeting classified networks," he said. "Importantly, much of the nation's critical proprietary data are on sensitive, but unclassified, networks -- and the same is true for most of our closest allies."

Cyber thieves and spies are targeting and collecting sensitive U.S. national security and economic data, almost certainly allowing adversaries to close the military technological gap, Clapper said.

"It is very difficult to quantify the value of proprietary technologies and sensitive business information and, therefore, the impact of economic cyber espionage activities," he acknowledged. "However, we assess that economic cyber espionage will probably allow the actors who take this information to reap unfair gains in some industries."

U.S, intelligence agencies track cyber developments among terrorist groups, activist hackers and cyber criminals, the intelligence director said. "We have seen indications that some terrorist organizations have heightened interest in developing offensive cyber capabilities," he added, "but they will probably be constrained by inherent resource and organizational limitations and competing priorities."

Activist hackers -- known as "hacktivists," -- target a wide range of companies and organizations in denial-of-service attacks, but intelligence professionals have not observed a significant change in their capabilities or intentions during the last year, Clapper said.

"Most hacktivists use short-term denial-of-service operations or expose personally identifiable information held by target companies, as forms of political protest," he said, adding that this could change.

Cyber criminals also threaten U.S. economic interests. "They are selling tools, via a growing black market, that might enable access to critical infrastructure systems or get into the hands of state and non-state actors," the director said. Some companies abet these groups, he told the panel, selling computer intrusion kits to all comers.