FBI Director Chris Wray FBI Director Touts Successful
Cybercrime Disruptions Born from Cooperation
State-sponsored cyberattacks, disinformation
campaigns, and world-wide botnets spreading ransomware far and wide have one
thing in common.
According to FBI Director Christopher Wray, they can best be defeated
through cooperation between law enforcement agencies, academia, and the
private sector. In a speech on Jan. 28, Wray shared with an audience of
roughly 1,900 attendees an example less than 36 hours old: the disruption of
the Emotet criminal botnet, which was carried out with the European Union
Agency for Law Enforcement Cooperation.
“Emotet has for years enabled criminals to push additional malware onto
victim networks in critical sectors, like health care, e-commerce,
technology, and government. Emotet is one of the longest-running and most
pervasive denial-of-delivery services out there,” he said.
The operation was successful, he said, because cybersecurity experts on
both continents had applied lessons learned from previous disruptions of
botnets, which are networks of internet-connected devices that can be used
to
perform Distributed Denial-of-Service (DDoS) attacks, steal data, send spam,
and allow the attacker to access the device and its connection.
“It’s the kind of disruption that demands cooperation,” he said.
Wray made the announcement during a talk titled “The FBI’s Strategy for
Tackling Cyber Threats in 2021 and Beyond,” part of a virtual speaker series
sponsored by the International Conference on Cyber Security (ICCS), which is
jointly presented by the FBI and Fordham. In-person ICCS events, such as
those scheduled for July, have been postponed until public health
authorities
advise that they’re safe.
In addition to Emotet, Wray cited examples such as the bureau’s success
in the September prosecution of the Chinese hacking group Apt41, which was
targeting private companies, as well as a partnership with the NSA that lead
to last year’s discovery of a sophisticated type of malware developed by the
Russian military.
Wray answered audience questions that were presented by Joseph M.
McShane, S.J., president of Fordham, who served as moderator. Questions
ranged from how the bureau retains talent that might otherwise work in the
private sector (their attrition rate is very low) to the ways they go about
identifying cybercrimes in general. Asked how private industry can help the
justice department defeat domestic threats, Wray advocated a preemptive
approach.
“There’s a saying that the best time to patch the roof is when the sun is
shining. It’s the same concept here. We want people to start to build those
relationships with their local FBI field office before they have a major
intrusion,” he said.
On the challenge of misinformation campaigns and social media, Wray made
it clear that the bureau is concerned with the threat, not the content.
“We’re not the truth police of the internet. What we focus on is the
actor,” he said.
He noted that when the bureau learned that Internet Research Agency, the
Russian troll farm that was active during the 2016 presidential election,
was
actively planning to spread disinformation and distrust in 2020, the FBI
tipped off Facebook and Twitter in September to its presence on their
networks.
“It’s a situation where we, rather than bringing an enforcement action,
we’re feeding tips to the social media companies, which were able to take
very quick actions themselves using their own terms of service,” he said.
“Because activity that might not readily lend itself to a criminal case
or national security action often very readily violates their terms of
service.”
It was another example of the private sector and law enforcement working
together to defeat a shared enemy, he said.
“The way we do business today, and so many of the changes we’ve made to
our strategy are a product of our work with [the private industry]. We’ve
been working with your concerns and suggestions and we’ve taken them to
heart. We’ve shifted the way we think and the way we operate so we can have
a
more significant effect on our adversaries.”
Wray’s talk was followed by a discussion with Ed Stroz, GABELLI ’79, the
founder of a firm formerly called Stroz Friedberg and now known as Aon Cyber
Solutions, and Matt Gorham, assistant director of the FBI’s Cyber Division.
Stroz, a former FBI agent himself, focused on the nuts and bolts of how a
private company actually works with the bureau.
Gorham echoed Wray’s suggestion to make a connection before an intrusion,
as that will establish a baseline level of trust. This will be important
because in the near future, he predicted there will be an increase in
ransomware and malware-for-hire services. And, he said, people should feel
confident that when they call the FBI for help, the bureau knows that they
were the victim.
“And we know how to work with a victim,” he said.
“A lot of times this comes down to a level of comfort that we’re not out
there to look at your content; what we’re really looking for are those
artifacts of intrusion,” he added, noting that people develop trust in the
bureau after working with them once.
“It’s been my experience that there may be a hesitancy to call the FBI
the first time; it’s a very quick call the second time.”
--