Companies that work with law enforcement agencies on cybercrime
can get valuable information, including lists of hostile IP (Internet Protocol) addresses and
information on new types of attacks, a U.S. Air Force cybercrime
investigator said Thursday.
Wendi Whitmore, a special agent with the Air Force Office of
Special Investigations, urged companies that are victims of cybercrime to report the problems to law
enforcement agencies during a presentation at the 2006 InfraGard National Conference, focused on
protecting U.S. critical infrastructure. Even though many
cybercriminals don't get caught, the shared
information between law enforcement and private businesses can help
both groups develop better defenses, she said.
Some cybercriminals do get caught, and those arrests serve as a
deterrent to others considering cyberscams, she said. "No criminal
prosecution is ever going to be taken if the crime is never
reported to law enforcement," Whitmore added. "Until we start
developing longer lists of people who got five years, who got 10
years [in jail], who had to pay back hundreds of thousands of
dollars, then you're not going to have a deterrent."
Some companies are concerned that law enforcement investigations
are slow, but police often have a view of the larger picture than
an individual company, she said. Another common fear is that a
company that reports cybercrime will have that information leaked
to the media, but rarely do the leaks come from law enforcement
agencies, she said.
About three-quarters of the victims of DDOS (distributed
denial-of-service) extortion scams don't report the crimes to law
enforcement agencies, Whitmore said.
In extortion scams, criminals use networks of compromised
computers called botnets to flood a company's network with traffic,
then ask the company for money to make the DDOS attack stop. If the
company refuses to pay, the attacker floods the company's network
with more traffic, often from thousands of zombie computers, then
demands more money, she said. Financial companies such as banks and
offshore gambling Web sites are favorite targets for these botnet
extortion scams, she added.
Botnets of compromised computers are responsible for sending an
estimated 60 percent of all spam e-mail, as well as sending many
viruses and worms and phishing scam e-mails, Whitmore said. In
addition to DDOS attacks, compromised computers can send out the
owner's personal information, and they can be used to store
illegally copied music and movies or child pornography, she
said.
Whitmore called on businesses to deploy a number of defenses
against botnets, including running antivirus software, patching
systems quickly, scanning network traffic and limiting employee
computer access to only the systems they need. Companies also need
to "train, train and retrain" their employees in safe Internet use,
she said.
"The Internet is a war zone," she said. "If you haven't been
attacked, at some point, you're going to be attacked."
She also recommended that companies develop relationships with
local law enforcement investigators and their Internet service
providers before a cyberattack. That way, the company will be able
to get a quick response during a crisis, she said.
icon.
