Saturday, January 29, 2011

Officials: US better at finding cyber attackers

WASHINGTON - U.S. military and law enforcement officials say the government has made significant strides in figuring out who is responsible for complex cyber attacks, a fundamental but elusive first step to determine whether the U.S. should strike back, whom to strike, and how hard.

U.S. authorities are using a mix of high-tech forensics and a greater emphasis on spying within the online world, although officials won't reveal exactly how they are ferreting out cyber criminals in the vast, often anonymous Internet universe.

Officials familiar with the issue say the escalating cyber security threat has triggered a greater government-wide emphasis on collecting intelligence related to computer crimes. The officials spoke on condition of anonymity to discuss intelligence gathering.

The broader approach includes spycraft methods from electronic surveillance and satellites to international cooperation and the everyday tactics and techniques that undercover agents use.

To date, most cyber attacks aimed at the Pentagon have involved espionage - efforts to steal data rather than attempts to take down the network or manipulate data or communications.

"Attribution is a difficult thing to do, but we're working very hard on it," said Gen. Kevin Chilton, who is retiring after four years at the helm of U.S. Strategic Command. He oversaw the creation of the military's new Cyber Command, which is housed with the secretive National Security Agency at Fort Meade, Md.

"We're getting better," Chilton asserted, and that helps military leaders decide how to respond to individual incidents or attacks.

Whodunit has been the key for both the civilian and military probes.

"As recently as two to three years ago, there was this general perception in the cyber underground that you could attack the U.S. and get away with it," said Shawn Henry, the FBI's executive assistant director. "It was very lucrative, and the chances of getting caught were pretty slim."

Now, with a number of high-profile cyber busts under its belt, the FBI is seeing a deterrent effect.

"We've seen a lot of international criminals, have been able to reach out and touch them, and that message has gotten out," said Henry, who oversees the bureau's criminal and cyber enforcement activities

It took a serious breach of the military's computer network in 2008 to change the Pentagon's mindset and make cyber a greater priority. As an example of the improving attribution efforts, military officials now believe they know that a foreign government was responsible for the malicious computer worm blamed for that breach, but they won't say which government. Other experts have suggested it was probably China or Russia.

In contrast, officials say the U.S. government still is not sure who pulled off the widespread denial of service attack against federal agency websites on July 4 weekend in 2009. Suspicion has revolved around North Korea, but U.S. officials and experts cast doubt on that conclusion last year.

The message from the 2008 breach, said Chilton, was that computers are no longer just an efficient office machine; they are a critical tool on the high-tech field of battle.

The startup of Cyber Command has raised questions from inside and outside government, largely centering on how the Pentagon would define a cyber attack, and when and how to respond.

A cyber security strategy is being finalized and is expected to be released in the next month or two. Officials say it will broadly answer some of those questions, although probably not in detail.

Further evidence of the improving investigations is the increase in cyber-related arrests.

According to the FBI, there were 202 arrests on cyber cases in 2010, compared to 159 the previous year. And a number of those were high-profile, multimillion-dollar breaches involving investigations that spanned several countries and foreign enforcement agencies.

Henry said the bureau has specialized agents focused on cyber issues posted in five countries - the Netherlands, Estonia, Ukraine, Romania and Colombia - where they work with local law enforcement authorities. And the FBI is hoping to double that number to 10 counties over the next 18 months, Henry said.

A growing area of concern, he said, is Africa.

"We see that as an emerging threat," Henry said, noting that as Internet capabilities there expand, the U.S. needs to work with the governments to help them identify and deal with the threats.

Associated press

 
News Update Users