To Catch a Cybercrook
The FBI's number three national priority today (after terrorism and counterintelligence) is cybercrime. In one of the FBI's sixteen U.S. cybercrime squads, located in a nondescript office building in Somerset, New Jersey, members spend their workdays tracking down crimes ranging from Web site defacement to network break-ins to DDoS attacks to child pornography to the online sale of pirated software, music, or videos.
Other types of cybercrime are more common than zombie PC attacks, sometimes called botnet attacks. But because armies of zombie PCs are often massive and have the potential to inflict severe damage on victims, some law enforcement officials say that thwarting botnet infections and attacks have become their number one priority.
"The number of cases we see, like the Singh [Cheema] case, are becoming far more frequent," Nestor says.
According the FBI, most of the PCs Cheema hijacked were located on college campuses in Massachusetts and Pennsylvania. He directed those PCs to go after a handful of sites, probably without realizing that his attacks would have such widespread consequences. The ripple effect from the attacks launched by Cheema's so-called botnet army of PCs ultimately reached 120 online companies, including major retailers, banks, and pharmaceutical businesses as far away as Europe, according to the FBI.
"If one teenager can jeopardize over a hundred Web sites from his parent's house, imagine what groups of seasoned cybergangs can do," Nestor says.
Some botnets consist of phalanxes of from 15,000 to 50,000 zombie PCs that are controlled by groups of people dispersed around the world, says Christopher Painter, deputy chief of the Computer Crime section of the U.S. Department of Justice. Most perpetrators are adults who execute extremely sophisticated assaults. "They don't brag, and they cover their tracks very well," Painter says.
One notorious cybergang, called Shadowcrew, reportedly had 4000 members scattered across the United States, Brazil, Spain, and Russia.
To catch cybercrooks, FBI uses specialized cyberagents who rely on such old-fashioned crime-fighting methods as infiltrating hacker groups, monitoring underground networks, and following promising leads.
Money is these cybergangs' primary motivation, says Larry Johnson, special agent in charge of the Criminal Investigative Division of the U.S. Secret Service. The asking price for temporary use of an army of 20,000 zombie PCs today is $2000 to $3000, according to a June posting on SpecialHam.com, an electronic forum for hackers.
Marshaling their armies of zombie PCs, online extortionists may threaten to crash a company's Web site unless they are paid off. "Hackers are not shy about asking for $20,000 to $30,000 from companies. The [companies] know it's far cheaper to pay the hackers than to get knocked offline and lose hundreds of thousands of dollars in lost business," Johnson says.
Many of these extortionists may go unreported because businesses are unwilling to volunteer evidence of their coercion to law enforcement officials, Johnson says. Commonly, corporations don't want to admit to their customers, stockholders, and business partners their networks were ever vulnerable to an attack.
According to a 2004 survey conducted by the Computer Security Institute, a membership association and education provider that serves the information security community, only about 20 percent of computer intrusions are ever reported to law enforcement agencies. The Secret Service, Johnson says, receives between 10 and 15 inquiries per week from businesses owners who believe they may be the target of a cyberattack.