Speaking at Cloudsec London 2015 this morning, FBI supervisory special agent Timothy Wallach warned that tackling cybercrime would be an inevitability for all companies.
“There’s an assumption among companies that ‘it won’t happen to me’,” began Wallach, who manages the FBI Seattle Division’s Cyber Task Force.
But that attitude, he cautioned, waslong outdated, with the frequency and magnitude of data breaches across the world indicating that no company is safe.
And what we know about could just be the tip of the iceberg, with only disclosed breaches gaining public attention. In 2013, around 800 million personal records were stolen and leaked online, Wallach said, quoting commonly referenced statistics. That figure rose in 2014 to one billion.
The problem in mitigating this trend is that cybercrime is global, and hackers are indiscriminate in who they target.
Wallach explained that much of the challenges arise from the increasing sophistication of hackers over time: “They have moved from ego-hackers and script kiddies to sophisticated nation state actors.”
Across the spectrum, Wallach explained, are low-level attackers, who typically use techniques such as DDoS, often as part of ‘hacktivism’ campaigns or unsophisticated cyber-terrorism and defacement activities; and more sophisticated attackers, committing theft against personally identifiable information, stealing R&D, or targeting critical national infrastructure.
Much of the reason that cybercrime is a growing problem is attributable to the fact that the entry level to cybercrime is low.
“Cyber is based on a system of trust and hackers are exploiting that trust in any way they can,” said Wallach.
Most actors are overseas, he continued, which means reaching into other jurisdictions and collaborating with law enforcement there. The latter can be problematic if the priority of cybercrime in the law enforcement environment of a partner country is low – even if much of the crime is originating from that region.
Nonetheless, Wallach praised global collaboration between law enforcement groups in the bid to stem the tide of malicious online attacks.
He highlighted that partnerships with other law enforcement bodies and the private sector have yielded many successes in the global battle. Transnational partnerships have resulted in global takedowns, such as the botnet behind GameOver Zeus. He also highlighted the campaign against GameOver Zeus ringleader Evgeniy Bogachev, a Russia-based hacker for whom $3m reward is currently offered, as another success.
In addition, law enforcement is able to build a growing idea of the scale of the cybercrime problem, because, “Partnerships between government and industry has greatly increased the willingness of private sector to report cybercrime.”
However, the FBI faces challenges in resourcing, given the need for specialized training in recruits: “We have a difficult time identifying, recruiting and maintaining talent because there are so many more lucrative offering in the cyber world.”