Combating Cyber Crime and Cyber Terrorism

Posted in Other | 15-Dec-05 | Author: Jim Kouri

Jim Kouri, Vice-President of the US National Association of Chiefs of Police: "The cyber threat is rapidly increasing."
Jim Kouri, Vice-President of the US National Association of Chiefs of Police: "The cyber threat is rapidly increasing."
The cyber threat confronting the United States is rapidly increasing as the number of actors with the tools and abilities to use computers against the United States or its interests is rising. The country’s vulnerability is escalating as the US economy and critical infrastructures become increasingly reliant on interdependent computer networks and the World Wide Web. Large-scale computer attacks on US critical infrastructure and economy would have potentially devastating results.

Cyber threats fall into two distinct categories: threats affecting national security that emerged with Internet technology, such as cyber terrorism, foreign-based computer intrusions and cyber theft of sensitive data; and traditional criminal activity facilitated by computers and the Internet, such as theft of intellectual property, online sexual exploitation of children, and Internet fraud.

In both categories, cyber attacks, intrusions, illicit file sharing, and illegal use of cyber tools are the basic instruments used by perpetrators. Domestic and foreign terrorist organizations, foreign intelligence actors, and criminal enterprises are increasingly using encryption technology to secure their communications and to exercise command and control over operations and people without fear of surveillance. The Federal Bureau of Investigation must be able to identify and penetrate the command and control elements of these organizations and actors.

Recognizing the international aspects and national economic implications of cyber threats, the FBI created a Cyber Division at the headquarters level to manage and direct this developing program. The rapid evolution of computer technology, coupled with the creative techniques used by foreign intelligence actors, terrorists, and criminals, requires investigators and computer security professionals to have highly specialized computer-based skills. The FBI Cyber Program uses a centralized, coordinated strategy to support crucial counterterrorism, counterintelligence, and criminal investigations whenever aggressive technical investigative assistance is required. The Cyber Program also targets major criminal violators with a cyber nexus.

The FBI must increase its capability to identify and neutralize enterprises and individuals who illegally access computer systems, spread malicious code, or support terrorist or state-sponsored computer operations. The Bureau must proactively investigate counterterrorism, counterintelligence, and criminal investigative cyber related threats having the highest probability of threatening national security. To do so requires the FBI to constantly upgrade its skills and technology to meet the evolving threat.

The Organized Crime Threat

Organized criminal enterprises using the Internet for fraudulent activities present a significant and increasing criminal threat in the cyber arena. Typically, one or more components of the Internet is used to present fraudulent solicitations to prospective victims, conduct fraudulent transactions, or transmit the proceeds of fraud to financial institutions or others connected with the scheme.

This crime problem is international and many schemes originate in the former communist countries of Eastern Europe. E-commerce is growing in all sectors of the U.S. economy, and while most is business-to-business, the dollars associated with e-commerce retail sales are growing exponentially. When Internet users — whether they are businesses or consumers — are crippled by Internet fraud schemes, the viability of e-commerce is compromised, adversely impacting the national economy. FBI officials state that they will focus their efforts on dismantling enterprises engaged in significant levels of fraudulent activity, especially those that are national and transnational.

Wide ranging and often complex financial frauds by international criminals are robbing Americans of billions of dollars annually. One of the most notorious fraud schemes is the advance fee fraud. Nigerian and other international criminals have sent thousands of unsolicited letters and faxes with fraudulent representations to individual Americans with the promise of great profits after paying up front cash fees. In 2003 alone, Americans were bilked of at least $100 million in Nigerian advance fee scams alone. The total loss is probably significantly greater, however, because fear and embarrassment keep many victims from reporting this crime. International criminals also victimize American businesses and financial institutions, resulting in lost opportunities, lost revenue and lost jobs.

Financial fraud crimes have become more prevalent in recent years as international criminals take advantage of the significantly greater personal and corporate financial information now available and readily exploitable through computer technology and access devices such as credit cards, debit cards and smart cards. As a result, financial losses to American businesses from insurance and credit card fraud are increasing. Major credit card issuers suffered fraud losses in excess of $2 billion in 1996, about one-third of which occurred because of international fraudulent activity. The Association of Certified Fraud Examiners estimates financial losses in the United States from fraud schemes by domestic and international criminals at more than $200 billion per year.

A possible target.
A possible target.
Intellectual Property Theft

Theft of intellectual property affects US competitiveness and economic viability. US copyright industries and derivative businesses account for more than $433 billion, or nearly six percent of the nation’s economy. Similarly, theft of trade secrets presents a serious economic and security threat.

Trade secrets represent some of the most valuable assets within the nation’s corporate community, as much as 85 percent of a company’s value, the loss of which would do irreparable or fatal damage. Yet unlike buildings or products, the “mobility” of trade secrets makes them one of the country’s most vulnerable economic assets. Some intellectual property is so singular, or is so closely tied to national security research and development, that its loss to thieves or foreign intelligence services would cause incalculable harm.

FBI officials say they will primarily focus its intellectual property investigative efforts to protect those assets representing the greatest potential loss to the country. The Bureau will also focus on theft of other proprietary information, particularly computer software, to outpace those targeting this area of our country’s economic success.

When the Federal Bureau of Investigation implemented the second phase of their reorganization plan in 2003, phase two emphasized the need for allocating special agents to combating cyber crime perpetrated by terrorists, global organized crime syndicates, and cyber criminals. According to a Government Accounting Office study, this reallocation involved reassigning agents away from drug enforcement duties and into counterterrorism, counterintelligence and cyber crime.

Part of the FBI's counterintelligence strategy stresses the ability to gather complaints and reports and create a clearinghouse for local law enforcement officials assigned to white-collar crime investigation and cyber-crime investigation. In an effort to more accurately reflect the wide-ranging nature of online complaints being reported, the FBI and the National White Collar Crime Center (NW3C) recently announced that the Internet Fraud Complaint Center would now be called the Internet Crime Complaint Center, or “IC3.” The IC3, which began in May 2000, is a partnership between the FBI and the NW3C to serve as a vehicle to receive, develop, and refer criminal complaints regarding the rapidly expanding areas of cyber crimes.

The IC3 gives the victims of cyber crime a convenient and easy-to-use reporting mechanism for alerting authorities of suspected criminal or civil violations. Within the FBI, the IC3 is a component of the Cyber Division. The name change will not alter the course of business in that the IC3 will continue to emphasize serving the broader law enforcement community and all the key components of the 50 FBI-led Cyber Crime Task Forces throughout the country.

FBI Priorities

According to the FBI, among the top priorities at the IC3 is to establish effective alliances with private industry, which will enable us to leverage both intelligence and subject matter expertise. This approach is pivotal in identifying and crafting a proactive response to cyber crime. Through already strong but growing partnerships with NW3C, private sector and foreign and domestic law enforcement, we have built a solid foundation to address today’s cyber criminals no matter where they are or how complex their schemes may be.

State and local law enforcement participation is a cornerstone to the success of IC3. IC3 will continue to receive, database, and refer complaints to law enforcement agencies having jurisdiction.

Since its inception, the IC3 has received complaints across a wide array of cyber crime matters including on-line frauds in its many forms. Examples of complaints received involve identity theft, international money laundering, computer intrusions, on-line extortion, credit and debit card scams, intellectual property theft and a growing number of on-line schemes. Last year, the IC3 received and processed more than 120,000 complaints, many of which pass through multiple jurisdictions and overlap with other crimes, making cooperation on all fronts a necessity.

Once a complaint is filed with IC3, further analysis is conducted to identify and quantify crime patterns and provide statistics on current trends. The complaint is then expeditiously packaged and sent to appropriate law enforcement agencies for further investigative action. “Operation E-Con” and more recently “Operation Cyber Sweep” represents successful investigative initiatives supported by IC3. In those initiatives, more than 200 such investigations were productively packaged, resulting in arrests and/or charges of more than 250 individuals for engaging in a variety of cyber crimes.

The IC3, located in Fairmont, West Virginia, is comprised of agents, analysts, and IT specialists from the FBI as well as supervisors, analysts and IT specialists from the NW3C. Because of the unprecedented increase in identity theft and other cyber crimes, including terrorist’s use of the Internet in achieving their goals, the FBI places cyber crimefighting on its list of priorities, which includes counterterrorism and counterintelligence.

Another undeclared war.
Another undeclared war.
Computer Security

Protecting the computer systems that support our critical operations and infrastructures has never been more important because of the concern about attacks from individuals and groups with malicious intent, including terrorism. These concerns are well founded for a number of reasons, including the dramatic increases in reported computer security incidents, the ease of obtaining and using hacking tools, the steady advance in the sophistication and effectiveness of attack technology, and the dire warnings of new and more destructive attacks.

As with other large organizations, federal agencies rely extensively on computerized systems and electronic data to support their missions. Accordingly, the security of these systems and data is essential to avoiding disruptions in critical operations, as well as to helping prevent data tampering, fraud, and inappropriate disclosure of sensitive information. Protecting the computer systems that support our nation's critical operations and infrastructures has never been more important.

Telecommunications, power distribution, water supply, public health services, national defense (including the military's war-fighting capability), law enforcement, government services, and emergency services all depend on the security of their computer operations. Yet with this dependency comes an increasing concern about attacks from individuals and groups with malicious intent, such as crime, terrorism, foreign intelligence gathering, and acts of war. Such concerns are well founded for a number of reasons, including the dramatic increases in reported computer security incidents, the ease of obtaining and using hacking tools, the steady advance in the sophistication and effectiveness of attack technology, and the dire warnings of new and more destructive attacks.

Dramatic increases in computer interconnectivity, especially in the use of the Internet, continue to revolutionize the way our government, our nation, and much of the world communicate and conduct business. The benefits have been enormous. Vast amounts of information are now literally at our fingertips, facilitating research on virtually every topic imaginable; financial and other business transactions can be executed almost instantaneously, often 24 hours a day; and electronic mail, Internet Web sites, and computer bulletin boards allow us to communicate quickly and easily with a virtually unlimited number of individuals and groups.

In addition to such benefits, however, this widespread interconnectivity poses significant risks to the government's and our nation's computer systems and, more important, to the critical operations and infrastructures they support. For example, telecommunications, power distribution, water supply, public health services, and national defense (including the military's war-fighting capability), law enforcement, government services, and emergency services all depend on the security of their computer operations. The speed and accessibility that create the enormous benefits of the computer age likewise, if not properly controlled, allow individuals and organizations to inexpensively eavesdrop on or interfere with these operations from remote locations for mischievous or malicious purposes, including fraud or sabotage. Government officials are increasingly concerned about attacks from individuals and groups with malicious intent, such as crime, terrorism, foreign intelligence gathering, and acts of war.

According to the Federal Bureau of Investigation, terrorists, transnational criminals, and intelligence services are quickly becoming aware of and using information exploitation tools such as computer viruses, Trojan horses, worms, logic bombs, and eavesdropping sniffers that can destroy, intercept, degrade the integrity of, or deny access to data. In addition, the disgruntled organization insider is a significant threat, since such individuals often have knowledge that allows them to gain unrestricted access and inflict damage or steal assets without possessing a great deal of knowledge about computer intrusions.

As greater amounts of money are transferred through computer systems, as more sensitive economic and commercial information is exchanged electronically, and as the nation's defense and intelligence communities increasingly rely on commercially available information technology, the likelihood increases that information attacks will threaten vital national interests.

International criminals have the resources and funding to utilize cutting edge technologies very effectively. Emerging new electronic payment systems -- known collectively as cybercurrency -- are particularly vulnerable to criminal penetration and theft because of the speed and anonymity of these transactions and the fact that, so far, they have been largely unregulated.

Cybercurrency transactions also can be conducted via the Internet, often without leaving an audit trail. The implications for the international financial system could be severe if criminals acquire the capability to hack into global financial computer networks. For example, in 1994, individuals in St. Petersburg, Russia broke into a U.S. bank's electronic money transfer system. Once inside, they attempted to steal more than $10 million by making approximately 40 wire transfers to accounts around the world. Members of the gang have since been arrested in several countries, and most of the stolen funds have been recovered.

To make matters worse, hundreds of information system vulnerabilities are discovered every day. Most of those vulnerabilities are subsequently posted publicly, usually appearing first on the Internet. World Wide Web mailing lists routinely distribute vulnerability information and software that can be used to exploit vulnerabilities. More publicity usually follows through a succession of books, magazine and newspaper articles, electronic bulletin board messages, and a growing list of Web sites that are targeted at informing a global network of hackers, crackers, "phreakers," and potentially, members of terrorist organizations and foreign intelligence services about the latest methodology for staging cyberattacks.

Although broad dissemination of vulnerabilities permits system owners and operators to identify and counter them, the heavy reliance of modern infrastructure systems on information technology nevertheless makes them critical assets highly vulnerable to cyberattacks, and even more vulnerable to cyberattacks accompanied by physical attacks on infrastructure systems.

The attacker.
The attacker.
Cyber Attack Simulation Lab

Iowa State University launched a US Department of Justice funded test lab designed to simulate, investigate and recreate cyber attacks over the Internet. Dubbed ISEAGE, for Internet-Simulation Event and Attack Generation Environment, the lab is the brainchild of Dr. Doug Jacobson, a professor of computer engineering at Iowa State University and co-founder and CTO of Palisade Systems, a provider of content security appliances. ISEAGE's seed funding came from a $500,000 grant from the US Department of Justice.

ISEAGE is the first research lab to fully and accurately recreate any cyber attack at any point on the Internet by simulating the complexity of an attack in the context of its total environment. Before ISEAGE, government and private sector security professionals used outdated testing environments that oversimplified the threat, because they were unable to recreate the true breadth of the Internet, and all the network activities occurring during a cyber attack. The increased accuracy of ISEAGE will improve understanding of attack characteristics and provide a better assessment of how security systems handle attacks.

As cyber attacks have become more sophisticated, traditional methods for testing and understanding the attacks haven't kept pace. Until now, researchers were unable to model the true complexities of real world Internet attacks. ISEAGE recreates Internet traffic and everything involved in a large or small-scale attack. The simulations will generate valuable data and best practice recommendations that will allow computer security professionals, law enforcement officials and the computer security industry to develop and deploy more robust cyber defenses.

Palisade Systems has donated several PacketSure appliances, which will be used to monitor and understand what protocols and applications are being employed during an Internet attack. PacketSure provides a real time picture of network activity usage while an attack is in progress. PacketSure's granular reporting and forensic tools allow ISEAGE researchers to study specific hacking exploits against computers on a network.

According to officials at the lab, the more the government and private sectors understand about the effects a cyber attack has on their networks, the better prepared they'll be to defend against a future attack.


1. Review legal systems to determine if they appropriately criminalize the intentional abuse of telecommunications and computer systems and promote the investigation of cyber crimes.

2. Consider issues raised by high-tech crimes, where relevant, when negotiating mutual assistance agreements or arrangements.

3. Continue to examine and develop workable solutions regarding: the preservation of evidence prior to the execution of a request for assistance; transborder searches; and computer searches of data where the location of that data is unknown.

4. Develop protocols for obtaining traffic data from all communications carriers in the chain of a communication and to study ways to expedite the passing of this data internationally.

5. Appropriate government agencies should work jointly with industry to ensure that new technologies facilitate the effort to combat high-tech crime by preserving and collecting critical evidence.

6. Elements for any workable solution should include the:

ensuring the protection of individuals freedoms and private life;

preserving governments' ability to fight high tech crime;

facilitating appropriate training for all involved;

defining a clear and transparent framework for addressing cybercriminality;

ensuring free and fair activities, the sound development of industry, and supporting effective industry initiated voluntary codes of conduct and standards;

assessing effectiveness and consequences.

Jim Kouri, CPP is currently fifth vice-president of the National Association of Chiefs of Police. He's former chief at a New York City housing project in Washington Heights nicknamed "Crack City" by reporters covering the drug war in the 1980s. In addition, he served as director of public safety at a New Jersey university and director of security for several major organizations. He's also served on the National Drug Task Force and trained police and security officers throughout the country. He writes for many police and security magazines including Chief of Police, Police Times, The Narc Officer and others. He's a staff writer for New Media Alliance (, and he's a columnist for TheConservativeVoice.Com, AmericanDaily.Com, MensNewsDaily.Com, MichNews.Com, and he's syndicated by AXcessNews.Com. He's appeared as on-air commentator for over 100 TV and radio news and talk shows including Oprah, McLaughlin Report, CNN Headline News, MTV, Fox News, etc. His book Assume The Position is available at Amazon.Com,, and can be ordered at local bookstores. If you wish to sign up for his intelligence reports, write to Kouri's own website is located at