Good afternoon.
I am indeed honored to be here today.
Two weeks
ago, in the middle of the World Series, the Colorado Rockies
suffered a denial of service attackjust minutes after
tickets went on sale for the Rockies' home games against the
Red Sox. Thousands of fans were unable to buy ticketsfans
who were ultimately spared the spectacle of witnessing a clean
sweep.
I reference
this case because it highlights our dependence on computer
technology and the seriousness of the cyber threat. But it
also gives me one more excuse to remind everyone that the
Red Sox won the World Series
again.
Today,
I want to talk about cyber threats to our national security
and what we in the FBI are doing to meet these diverse dangers.
A cyber attack could impact our national security as much
as other terrorist acts have in the past. Indeed, the intersection
between cyber crime and terrorism is becoming increasingly
evident.
Cyber
criminals and terrorists seek to harm our economy, our infrastructure,
and our way of life. We cannot give them free reign to do
so. Our success rests upon our partnerships with other law
enforcement and intelligence agencies and with our partners
in academia and in the private sector-indeed, many of you
here today.
It has
been said that the Internet, much like Carl Sandburg's fog,
in the poem of the same name, came into our lives on little
cat feet
unannounced, too subtle to be noticed at first,
and then, seemingly overnight, impossible to ignore.
But unlike
Sandburg's fog, which sat silently over the city before moving
on, the fog of cyber space has nearly enveloped us. And it
is by no means sitting silently.
I recently
watched a video on YouTube about the impact of the Internet.
And before we go any further, I will answer the question of
everyone under the age of 25. Yes, those of us over a certain
age are allowed to access YouTube.
As I
understand it, many older people actually contribute to sites
such as YouTube and MySpace. It only proves that senior citizens,
such as myself, though slow and potentially dangerous behind
the wheel, can still serve a purpose.
According
to this video, entitled "Did You Know," the average
21-year-old has sent and received more than 250,000 e-mails
and instant messages. More than 70 percent of 4-year-olds
in the United States have used a computer at least once. And
Internet users query Google nearly 3 billion times each month.
The Internet
has changed the way we communicate, learn, and work. It has
also become the primary means by which we conduct business,
store data, and connect operating systems, from air traffic
control to power grids. But that widespread use has also left
us vulnerable to attack from hostile foreign powers, hackers,
and even terrorists.
I want
to start with cyber terrorism, because protecting America
from terrorist attack is the FBI's highest priority. To date,
terrorists have not used the Internet to launch cyber attacks.
But there are thousands of extremist websites, comprising
everything from propaganda to blogs.
In the
past six years, al Qaeda's online presence has become pervasive.
For terrorists, the Internet has become a marketing tool,
a moneymaker, a training ground, and a virtual town square,
all in one.
In July
of this year, three men in Britain were the first to be sentenced
to prison for using the Internet to incite terrorism. One
of these men, Younis Tsouli, went by the moniker "Irhabi
007"which translates in Arabic to "Terrorist
007." He was a loner in a London basement apartment,
with no previous connection to al Qaeda, yet he became a key
part of its propaganda campaign.
Tsouli
posted thousands of files online, from videos of beheadings
to detailed instructions for building car bombs. He hacked
into servers around the world to gain additional bandwidth.
But he
did more than merely act as an al Qaeda webmaster. He was
a hub of communication between terrorist plotters in Canada,
Denmark, Bosnia, and the United States. He and his colleagues
stole thousands of credit card accounts through phishing schemes.
They ran up charges of more than $3 million for items they
thought fellow extremists might need, from night vision goggles
to GPS devices. And they laundered money through more than
a dozen Internet gambling sites.
According
to British authorities, just before his arrest, Tsouli set
up a website that he hoped would become the YouTube for terrorists.
He called the site "You bomb it."
At the
time of his arrest, he was just a 22-year-old student. Today,
he is a guest of Belmarsh Prison in the U.K. But he is hardly
the end of the line; many more cyber-savvy extremists hope
to carry on where he left off.
The Internet
is not only the means by which attacks may be planned and
executed, it is a target in and of itself. Last April, Estonia
suffered what has been called a "cyber blockade."
Wave after wave of data requests from computers around the
world shut down banks and emergency phone lines, gas stations
and grocery stores, newspapers and television stations, even
the prime minister's office.
Although
the source of this attack has not been confirmed, the effect
was real, and left all of us aware of the potential risk we
face. How long before others around the world begin to employ
similar tactics?
Of course,
terrorists are not the only ones using the Internet for criminal
purposes. Far from it. Computer intrusion cases are becoming
more commonplace. And studies show that computers in the United
States are attacked at a rate 10 times that of other countries.
Today,
botnetsso-called "robot networks" of computers
that are controlled by hackersare the weapon of choice.
Botnets are considered the Swiss Army knives of cyber crime.
You name it, they can do it, from attacking networks, sending
spam, and collecting data, to infecting computers and injecting
spyware.
Botnets
do not require highly technical skills, yet the national security
implications are broad. A botnet could shut down a power grid,
flood an emergency call center with millions of spam messages,
or disable a military command post.
Odds
are there are more than a few of you here today whose computers
may be part of a botnet, unbeknownst to you. The possibilities
are endless, and that is what is so daunting.
I want
to turn for a moment to counterintelligence intrusions and
economic espionage. There is no shortage of countries that
seek our information technology, our innovation, and our intelligenceinformation
we have spent years and billions of dollars developing.
The simple
truth is we do not protect cyber space to the same degree
we protect our physical space. We have in large part left
the doors open to our business practices, our sensitive data,
and our intellectual property.
The espionage
game once pitted spy versus spy, country against country.
Today, our adversaries sit on fiber optic cables and wi-fi
networks, invisible and undetected. Hackers are using sophisticated
techniques to steal sensitive intelligence, scientific research,
and communications data. They are difficult to identify and
track because they move in and out of international systems
at will, and they do not leave broken glass behind.
A member
of our cyber team describes it as having an invisible man
in the room, standing over your shoulder, seeing and hearing
everything you do, watching every word you type. And you may
never know he is there
who he represents
or how
much damage he has done.
We are
concerned not only with loss of data, but with corruption
of data, from false information to altered code. Such manipulation
can cause electronic devices to fail and networks to freeze.
It can alter physical environments in laboratories and shut
down safety systems in nuclear power stations.
There
are also those who seek to block access to our own information,
for political, financial, or ideological gain. If we lose
the Internet, we do not simply lose the ability to e-mail
or to surf the web. We lose access to our data. We lose our
connectivity. We lose our intellectual property. We lose our
security. What happens when the so-called "Invisible
Man" locks us out of our own homes, our offices, and
our information?
On the
economic front, hackers are stealing vast amounts of information
from American companies. Cyber thieves are targeting data
at the research and development stage before it becomes classified,
when it is easier to access.
And the
threat is not limited to hackers on the outside. Insiders
present a significant problem. Contractors may take the appropriate
security measures, but what about those with whom they subcontract
and their subs? And what of those who may take advantage of
open access to research and development facilities on campuses
such as this?
One recent
case underscores this threat. In November 2001, a man named
Li Sun told FBI agents in Palo Alto that he believed his business
partner had stolen trade secrets from his employers.
One week
later, Fei Ye and Ming Zhong were arrested at the San Francisco
airport, just moments before boarding a flight bound for Shanghai.
FBI agents and Customs officials seized thousands of proprietary
documents and electronic media from two major semiconductor
companies.
In the
following months, investigators examined several hard drives.
They reviewed nearly 9,000 pages of documents from several
companies, including Sun Microsystems, Transmeta, NEC, and
Trident. They searched more than 25,000 pages of e-mails on
five separate Yahoo accounts.
These
two men had planned to start a semiconductor company in China,
using this proprietary information. They had requested funding
from a Chinese government program dedicated to acquiring and
developing science and technology. They had received more
than $2 million in start-up funding from city and provincial
Chinese government agencies.
In December
2006, these two pled guilty to economic espionagethe
first such convictions in this country. Each faces up to 30
years in prison.
Collectively,
these threats paint a troubling picture, but one we in the
FBI must confront.
The FBI
has the authority to handle these threats from start to finish.
We have cyber squads in each of our 56 field offices across
the country. These agents, intelligence analysts, and computer
experts mesh technological expertise with investigative experience.
They
run complex undercover operations to catch computer hackers
and child predators the world over. They investigate threats
to both companies and consumers. And they teach their law
enforcement counterpartsat home and abroadhow
to work cyber investigations.
Our capabilities
are strong, but they rely on key partnerships with other federal
agencies, law enforcement, private industry, academia, and
citizens alike.
Officers,
agents, and IT specialists in our Regional Computer Forensic
Labs find and examine digital evidence from e-mail and cell
phone data to documents on hard drives. Together, we continue
to break new ground in the investigation and prosecution of
cyber criminals.
But we
cannot limit our operations to the United States. Increasingly,
cyber threats originate outside of our borders. And as more
people around the world gain access to computer technology,
new dangers will surface. For this reason, global cooperation
is vital.
We have
60 Legal Attaché offices around the world. We are working
with our partners in Romania, Russia, Poland, Hungary, Italy,
and Estonia, among others, to investigate international cyber
threats.
In 2005,
for example, FBI agents and analysts worked closely with Microsoft
to find those responsible for creating the Mytob and Zotob
worms. Together with our law enforcement partners overseas,
FBI agents arrested the originators in Turkey and Morocco
just two weeks after the attack.
We understand
that we must continue to work closely with all of youmembers
of the private sector and the academic community.
In June
of this year, we initiated Operation Bot Roast. Together with
the Department of Justice, the CERT Coordination Center at
Carnegie Mellon, private sector companies, and internet service
providers, we identified more than 1 million infected computers
and shut down several bot-herders. This operation is ongoing,
and we will continue to pursue these criminals for as long,
and as far away, as necessary.
Much
of our collaboration begins in Pittsburghat the FBI's
Cyber Fusion Center. Think of the fusion center as a hub,
with spokes that range from federal agencies, software companies,
and ISPs, to merchants and members of the financial sector.
Industry
experts from companies such as Cisco, Bank of America, and
Target sit side-by-side with the FBI, postal inspectors, the
Federal Trade Commission, and many others, sharing information
and ideas. Together, we have created a neutral space where
cyber experts and competitors, who might not otherwise collaborate,
can talk about cyber threats and security breaches.
The FBI's
InfraGard program is a more localized example of our private
sector partnerships. Members from a host of industries, from
computer security to the chemical sector, share information
about threats to their own companies, in their own communities,
through a secure computer server.
To date,
there are nearly 21,000 members of InfraGard, from Fortune
500 companies to small businesses. That amounts to 21,000
partners in our mission to protect America.
We are
also reaching out to academia. In 2005, we created the National
Security Higher Education Advisory Board. We asked your president,
Graham Spanier, to lead the group. We knew it wouldn't be
an easy sell, because of the perceived tension between law
enforcement and academia.
But once
we briefed President Spanier on the national security threats
that impact all of you here at Penn Stateand other academic
institutionsit became clear to all of us why this partnership
is so important.
The Advisory
Board provides a forum to discuss issues that affect not just
the academic culture, but the country, from campus security
and counterterrorism to cyber crime and espionage. Presidents
and chancellors from Carnegie Mellon, NYU, the University
of Washington, and Iowa State, among others, share their concerns
and their collective expertise.
We fully
understand that universities are the creators of knowledge,
not merely the disseminators. And it is not our intent to
interfere with the academic environment in any way. But we
must remain alert to the threats we all face, and we must
learn to balance openness with awareness.
There
is an old saying that all roads lead to Rome. In the days
of the Roman Empire, roads radiated out from the capital city,
spanning more than 52,000 miles.
The Romans
built these roads to access the vast areas they had conquered.
But, in the end, these same roads led to Rome's downfall,
for they allowed the invaders to march right up to the city
gates.
The Internet
has opened up thousands of new roads for each of usnew
ideas and information, new sights and sounds, new people and
places. But the invadersthose whose intent is not enlightenment,
but exploitation and extremismare marching right down
those same roads to attack us in multiple ways.
We stand
a much greater chance of staying safe if we stand together.
We must continue to safeguard our systems and our data. We
must continue to share intelligence. Most importantly, we
must continue to stay connected.
The enemies,
as they say, are at the gates, and we must rely on our agility,
our resourcefulness, and our resolve to stop them, together.
Thank
you and God bless.
# # # #
Executive Speeches
| Press Room Home |