The Federal Bureau of Investigation, which after 9/11 shifted focus almost overnight from fighting organized crime to combating terrorism, is scrambling to again remake itself to be positioned to counter a rising threat: cyber attackers.
Its evolution into a cybercrime-fighting agency isn't as sudden or as dramatic, but over time the change will be just as profound, experts say. Indeed, the transformation is already well under way, with 1,000 cyber specialists – specially trained agents, analysts, and digital forensic examiners who run complex undercover operations and gather digital evidence – deployed to all 56 of the FBI’s field offices nationwide.
The urgency of the shift was underscored last week by FBI Director James Comey, who told a congressional committee that cyber threats are expected soon to rival terrorism as the primary danger facing the United States.
“We anticipate that in the future, resources devoted to cyber-based threats will equal or even eclipse the resources devoted to non-cyber-based terrorist threats,” Mr. Comey said at a Senate Homeland Security Committee hearing, echoing comments by his predecessor, Robert Mueller.
The FBI launched its New York-based Cyber Division in 2002. Since then, its investigations into "computer intrusions" – break-ins by hackers (state-sponsored, criminal, or individuals) to exploit vulnerabilities in US-based computer networks and software – have jumped 84 percent.
“When I first got in, there wasn’t even a cyber program, and now it’s a full division, which is pretty amazing,” says a former FBI cyber investigator who spent more than a decade with the bureau, who asked for anonymity because he still works with law enforcement. “But really, Comey is right. There’s now so much going on in cyber that it is going to overtake terrorism and counterintelligence work. I don’t think we’re seeing a shift as massive as the one right after 9/11 from organized crime to terrorism. Terrorism is still going to be very much on everyone’s mind. But now it’s cyberterrorism.”
Among the FBI's adversaries are cyberspies from nations trying to obtain US intellectual property; organized crime gangs stealing people's identities, credit-card data, and money; and terrorists aspiring to attack the US power grid, water supply, and other critical infrastructure. Hacktivist groups trying to make a political statement by wrecking websites or hacking company networks also qualify.
The bureau also leads the National Cyber Investigative Joint Tax Force, a group of 19 intelligence, military, and law-enforcement agencies that share information to target current threats and prevent future attacks. The FBI’s Next Generation Cyber Initiative, launched last year, will focus on penetrating the bad guys' computers and networks, as opposed to primarily identifying and dismantling cybercriminal operations.
Though the FBI cyber capability has been building for a decade, experts say the bureau has only in recent years hit its stride as a world-class cyber investigative agency that poses a serious threat to cyber bad guys.
“They weren’t that good to begin with, and I was pretty critical of them,” says James Lewis, a cyber conflict expert at the Center for Strategic and International Studies (CSIS) in Washington. “Today, I think the FBI is one of the best in the world in investigating cybercrime. They’ve really improved in just the last five to six years.”
Beside developing strong in-house cyber capabilities, he says, the bureau also has a close partnership with the National Security Agency – something that did not exist before 9/11 regarding information-sharing on threats and investigations.
“It’s been a natural progression for the FBI to move into this field,” says Shawn Henry, president of CrowdStrike Services, who recently retired as FBI executive assistant director responsible for cyber programs and investigations worldwide.
“Cyber is really a tool being used by more people to commit their criminal activity, their espionage, and their attacks,” he says. “It’s a technology that makes them able to do a lot more damage in a much broader way. At the same time, we’re seeing more and more companies using technology, pushing everything they own to the network – their corporate strategy, intellectual property. The value of the information there is really immeasurable – and the adversaries know it.”
As for terrorists, they “trying to disrupt the power grid, trying to have same impact on the Western world as they did on 9/11, wanting to wreak havoc and calling for electronic jihad,” Mr. Henry notes. Although terrorists' own cyber skills have not been shown to be terribly sophisticated, “the reality of it is that this capability can be purchased, it can be rented,” he says. “You can go to an underground chat room and find someone willing to sell their skills.”
Recent successes show the bureau is gaining some ground on cybercriminals, he and others say. In 2011, for instance, the FBI took down Rove Digital, a company founded by a ring of Estonian and Russian hackers to commit massive fraud over the Internet. By infecting more than 4 million computers in at least 100 countries with malware that secretly altered those computers' settings, the Rove hackers were able to digitally hijack Internet searches, rerouting those computers to certain websites and ads. The company received fees when users clicked on those websites or ads – some $14 million in fraudulent income, the FBI reported.
Botnets are networks of thousands, even millions, of personal computers enslaved by malicious software and used for criminal purposes such as distributed denial of service (DDoS) attacks. Such attacks can damage online businesses by clogging access to their websites and other key online services.
From October 2012 to March 2013, the FBI and the Department of Homeland Security gave to law-enforcement partners in 129 countries almost 130,000 computer addresses that had been infected with DDoS malware. Such action has helped to curb the effectiveness of botnet DDoS attacks, former FBI chief Mueller testified in March.
In September, the FBI announced that it and other federal agencies had taken down the underground Silk Road website, which had been a global online marketplace for drug trafficking and money laundering, producing millions in dirty profits, the bureau reported.
A decade ago, investigations that led the FBI to a foreign country usually meant that's as far as those probes could go. Since then, the bureau has placed cyberspecialists in key nations – including Estonia, Ukraine, the Netherlands, Romania, and Latvia – to facilitate investigation of cybercrimes against the US.
But the pursuit of cybercriminals abroad is still problematic. “The problem is that they can only enforce the law in places that agree to enforce the law,” ays the CSIS's Mr. Lewis. “If you’re in the US, they’ll catch you. In Russia and China, they don’t have a chance. What they need is for the Russians to cooperate – and the Russians won’t do that.”
The cyber ramp-up that the FBI's Comey says is coming makes sense, say many analysts. Just as bank robber Willie Sutton was reputed to say he robbed banks “because that’s where the money is,” so, too, the FBI must follow criminals into their cyber lairs.
“To a large degree, the FBI is simply doing what it has to do – because criminal activity is merging with cyber activity,” says the former FBI cyber investigator. “All these criminals are shifting gears and going cyber – so the bureau has to do that that, too.”