The International Conference on Cyber Security (ICCS) 2014 recently took place at Fordham University in New York, January 5-8. The consortium came on heels of the funerals for the two NYPD officers—Officers Rafael Ramos and Wenjian Liu—who were shot and killed in an ambush days before.
The conference, too, picked up the city’s somber feel that week—with many speakers paying their respects before giving their presentations. It was a grim reminder that—as if flesh and bone danger weren’t real enough in this day in age, it didn’t matter—time marches ahead. And crime, even in an intangible sense, presents a perilous front that demands attention. James R. Clapper, 4th Director of National Intelligence in Washington, D.C.—recently back from a diplomatic mission to North Korea—pointed out “cyber bumped terrorism off the list of threats in 2011 and warned “Be prepared for a cyber-Pearl Harbor or cyber 9/11”.
The event drew cybercrime experts from all corners of government, academia and industry. George Venizelos, Assistant Director in Charge of the FBI’s New York offices called it “A high-powered sit-down to combat cybersecurity.” FBI and law enforcement can’t do it alone, he said. Private—and the international community—needs to help.
Indeed more than 50 countries were represented as speakers rehashed recent such events as the Sony hacks and Crypto Locker infections. Incidentally, the U.S. ranked number 1 in Crypto Locker infections, followed by Great Britain and Canada. It was a unique attack as perpetrators used bitcoin for payments and victims were high-profile—including police agencies. Operation Tovar, the law enforcement operation to seize dominance of Gameover Zeus, shut down Crypto Locker in June of last year. The takedown involved law enforcement from 13 nations, and private sectors and individuals participated to indict Evgeniy Mikhailovich Bogachev, 30, from Russia.
Spear fishing was another hot topic, with educators warning in this case hackers get to know an organization before attacking, and they will usually infiltrate a system via email.
Everyone knows cyber threats are large and complex; practical application of security measures can seem insurmountable to any level of government agency. One way to begin is simply by defining terms. Jeffrey Voas, a computer scientist with the National Institute of Standards and Technology (NIST) says a common vocabulary is needed to talk about the Internet of Things (IoT) or Network of Things (NoT)—that is, the fact that we are going from a software/hardware world to a data world. IoT It is a fast-growing reality as cars and appliances are increasingly connected by internet and are data-driven, thus creating distinct challenges for the security and investigative worlds.
Some were concerned, too, with private industries like Apple and Google who choose to ‘go dark’—meaning new software cannot be unencrypted, and therefore authorities will not be able to access data. Cyrus Vance, a Manhattan District Attorney asked, “What if you have a missing child? What’s our answer when the parent says to us, ‘What do you mean you can’t?’?” This will likely be an ongoing issue of privacy versus government accessibility.
Carsten Meywirth, Head of Cybercrime Subdivision German Federal Criminal Police Office (BKA) in Weisbaden, Germany talked about the ‘Cybercrime battlefield in Germany and EU’. Officials there recently took down a Botnet and informed victims of ID theft. “Almost every case of cybercrime has international relations; a territorial approach stands in contrast to cybercrime’s nature,” says Meywirth. Since 2011 his country has been working to create a ‘cyber definition strategy’.
The big moment of the conference came when 7th Director of the FBI James B. Comey arrived to deliver his keynote speech. In the 1920s, he said, the vector change in the FBI was the automobile and asphalt. A criminal could speed 50mph downhill and commit bank robberies at multiple locations. That’s when they realized a national force was needed and installed the FBI’s first director, J. Edgar). “This is that times one million,” says Comey. “Bonnie and Clyde now do one million robberies per day from Belarus.”
“All manner of crimes we (FBI) don’t have time for are appearing to local sheriff’s departments and state police (such as those emails from the Prince of Nigeria). We need to equip them to be digitally literate. Lots more needs to be done.”
He proposed the FBI will create more training opportunities for state and local law enforcement in the years to come, and pointed out current and emerging training opportunities such as: the Bureau of Justice Assistance’s free classes for state and local, NW3C’s new mobile training labs, and FBI online tools.
Many speakers emphasized the importance public and private partnerships. It is necessary for both parties to reach out, ask for help and develop relationships before something happens.
“[Going after cybercrime] without public/private sharing is “like a police officer patrolling a street with 50-foot walls,” says Comey.
When it comes to cybercrime, collaboration is not an option. Use your eyes and ears to see what’s out there.
