Good
morning. My thanks to the Merchant Risk Council
for inviting me to Las Vegas. It’s nice
to be here. My congratulations to Dale Miskell
for being named “Law Enforcement Officer
of the Year.” You picked the right guy,
as you already know. Dale is an outstanding
Agent, and it’s nice to see his excellent
work on cyber crime and re-shipping get recognized.
I am pleased to be here today and to get the
chance to share with you the FBI’s perspective
in combating crimes committed through the Internet.
Technology has driven business, communications,
and the nations’ critical infrastructures
to take full advantage of the capabilities of
the Internet. Criminal activity has followed,
and now scammers and con artists continually
seek new and insidious ways of exploiting the
Internet and breaking the law.
Existing resources from public and private sectors,
which are often applied in a fragmented way,
cannot meet the current need and will continue
to be outpaced by the evolving threat.
Given the global nature of today’s economy,
the need for expert analysis and intelligent,
proactive responses to rapidly evolving cyber
crimes will continue to grow.
So how do we keep up when today’s environment
presents a kaleidoscope of cyber crime issues?
To be perfectly honest, it’s not easy.
The ever-changing nature of criminal conduct
that has moved on-line regularly confronts both
law enforcement and the private sector with
new and evolving challenges.
From 419 advanced fee scams to on-line Russian
mail order brides; from bank fraud to economic
espionage; from computer intrusions to international
re-shipper schemes. The challenges we both face
are the same.
The solution will require a collaborative law
enforcement/private sector approach, focusing
on the most significant threats, and targeting
them with our most effective methods.
Cyber crime is the FBI’s third priority,
and it continues to receive our full attention.
Our goal is to provide investigators with the
resources they need to identify and combat cyber
crime, even as it continues to evolve. We also
leverage our criminal investigative resources
against this threat.
One way we do this is through partnerships.
It was actually many decades ago that the FBI
recognized the need to strengthen its partnerships
within the broader law enforcement community.
That understanding led to the establishment
of the FBI’s National Academy, where training
is conducted with individuals from law enforcement
agencies throughout the United States and around
the world. It expanded to violent crime and
organized crime task forces in the 80's and
90's, telemarketing efforts with our law enforcement
and private sector partners in the 90's and
of course counterterrorism joint efforts in
every city.
This effort has greatly assisted us in building
critical bridges with our key partners in the
law enforcement community. Now, cyber threats
must be addressed. Over the past two years the
FBI has supported the establishment of more
than 75 multi-jurisdictional, Cyber Crime Task
Forces nationwide.
In addition to improving our partnerships with
law enforcement, the FBI has also sought to
establish active partnerships with private industry.
Unfortunately, in today’s economic and
criminal environment, the missing members of
the team, more often than not, have been representatives
from private industry. Forging new business
partnerships, and enhancing the partnerships
that already exist, is a top priority for the
FBI. We need to be creative and look for reasons,
law, and regulations that encourage, rather
than impede, such efforts.
Law enforcement alone does not generally employ
the necessary subject-matter experts. As a result,
computer experts from the private sector often
collaborate with us to solve crimes. These people
are often better equipped than we are to identify
cyber crimes and their constantly changing,
constantly evolving characteristics.
Since the events of September 11, 2001, we in
the FBI have dramatically changed our approach
to crime and terrorism. We have heard the call
to break down the barriers to information sharing
and to establish public/private partnerships
with enhanced intelligence and resource sharing
capabilities. The FBI has listened and is reaching
out to many of you to do just that. We have
requested and received legislation to help us
do just that.
I want to thank the Merchant Risk Council, as
well as the members of law enforcement and other
private sector organizations, for your patience
and perseverance in taking this idea of partnerships
from rhetoric to reality. You have joined us
in making these partnerships truly “personal.”
We have gained a lasting trust as well as a
better understanding of each others’ strengths,
resources, and capabilities. This, in turn,
has given us a stronger foundation to build
upon in the future.
You have also helped us recognize that effective
partnerships require two-way communication.
You have worked with us to develop initiatives
that encourage dialogue and the exchange of
information. You have conveyed to us the importance
of the realities of both industry’s “bottom
line” and its “return on investment.”
A better understanding has helped both sides
of this partnership to justify and to bring
to the table additional resources.
Partnerships and information sharing are vital
because cyber crime, by its nature, does not
respect jurisdictional boundaries. Historically,
cyber criminals abroad have perceived themselves
as beyond the reach of U.S. authorities and,
in some instances, untouchable by even their
own country’s law enforcement.
This was the case in the West African countries
of Ghana and Nigeria. However, our combined
efforts, law enforcement and the private sector
working together, have led to noteworthy international
successes.
One example, which Dale was a key part of, was
the investigation called Operation Releaf, a
joint initiative developed to target West African
and Russian re-shipper schemes. This investigation
was the first effort to employ industry analysts
and investigators as an extension of our law
enforcement task forces.
In working with the Merchant Risk Council members,
the FBI enhanced its case development and intelligence
flow process, which resulted in significant
cyber crime cases being developed and quickly
referred to law enforcement for action -- both
domestically and abroad.
In advancing Operation Releaf, members of the
Merchant Risk Council assisted in developing
and delivering training to regional task force
members at a variety of industry and law enforcement
sponsored events. Merchant Risk Council members
also assisted in providing training to cyber
crime Supervisory Special Agents at the FBI
academy.
To further the Operation Releaf initiative,
FBI supervisors from the Cyber Division’s
Internet Crime Complaint Center and International
Unit traveled to West Africa on several occasions
to develop a better international law enforcement
response. Cyber Division supervisors conducted
training in Ghana and Nigeria, and deployed
agents to Nigeria for extended temporary duty
assignments to actively work with Nigerian law
enforcement regarding top targets identified
in Operation Releaf.
As a direct result of the FBI’s accelerated
efforts to engage, train and equip law enforcement
in these countries, we -- through the Internet
Crime Complaint Center -- identified more than
19,000 fraudulent re-shipper transactions this
year alone, involving more the $11 million dollars
in losses.
In West Africa FBI, Agents assisted Ghanaian
and Nigerian law enforcement in conducting numerous
controlled deliveries, which led to 31 individuals
being arrested, 34 seizures conducted, and the
recovery of approximately $1 million dollars
in merchandise.
Many of you are aware of periodic exploits or
viruses that have been identified over the past
few years. A growing number of these are not
only problems designed to effect computer efficiency,
or on-line downloading capabilities. They are
intended to make our computers part of a larger
compromised network of resources that can be
turned on and directed to support a variety
of cyber crime activities.
In the “Sobig.f” computer intrusion
investigation, we learned that millions of computers
were infected globally, primarily to convert
those computers into spam relays. They could,
in turn, be used for denial of service attacks
against the critical or e-commerce infrastructure,
or to rapidly expand the scope of a new credit
card, advanced fee or identity theft scheme.
Identity theft activities are also growing,
particularly on-line. Some studies show that
more than 10 million Americans were victimized
by identity theft last year alone, with estimated
losses exceeding $50 billion dollars. The potential
impact on U.S. citizens and businesses is significant.
As a result, the targeting of identity theft
and related cyber crime activity will remain
a priority of the FBI.
In targeting on-line identity theft, the definition
of what is, or is not, identity theft can be
confusing. Even if a narrower definition of
identity theft were adopted by law enforcement,
it is important to note that the general public
bases their definition on what is portrayed
through the media, which has been very broad.
In recognition of that fact, and the overriding
need to gather the most complete and accurate
intelligence as quickly as possible, the FBI,
and its law enforcement and industry partners,
established the Digital Phishnet Project.
Many of the schemes identified through this
project use spam and spoofed websites to lure
unsuspecting consumers to another site, or to
open attachments that will ultimately compromise
their computer-and personal information. That
information may later be used in ongoing identity
theft, credit card, or re-shipper schemes.
The Digital Phishnet Project continues to grow
through input from private sector partners like
you. It will continue to focus on schemes that
may start out as one crime and evolve into several
others -- all with the ultimate goal of stealing
someone’s personal financial information.
The FBI coordinates national investigative initiatives,
together with our federal, state, and local
partners. Such initiatives highlight escalating
areas of cyber crime, and other crime problems,
and show decisive action by law enforcement
to combat those problems.
These events also alert the public to new and
evolving crime schemes, such as criminal spam,
phishing, identity theft, and the use of expansive
global Internet resources such as bot-nets.
Four such initiatives have been carried out
over the last two-and-a-half years, including
Operation Cyber Loss, Operation E-con, Operation
Cyber Sweep, and most recently Operation Web-snare.
These initiatives involved more than 400 separate
investigations, investigating more than $350
million in losses, and resulted in more than
300 arrests. Members of the Merchant Risk Council
and other key private industry partners assisted
in more than 250 of these investigations.
Private industry partners, some of whom are
here today, also helped after the recent tsunami
disaster in Asia and India. They aided the FBI’s
Internet Crime Complaint Center to identify
approximately 850 web sites or on-line schemes
related to fraudulent tsunami relief fund-raising
efforts. A new low in fraud.
As part of an aggressive, proactive intelligence
development effort, the reported incidents were
reviewed, triaged, and rapidly referred to law
enforcement for follow up -- more than 55 investigative
packages on this matter alone. Many of these
investigations are ongoing.
The success of working with the private sector,
sharing information and investigating cyber
crimes, speaks for itself. The FBI will continue
to emphasize strong and productive partnerships
with both law enforcement and private industry.
Together, we can confront crimes committed through
the Internet. Together, we will continue our
progress -- both protecting the consumer and
ensuring our nation’s future economic
strength. Alone, we do not have the resources
to succeed. All of us know how to proceed. Together,
we cannot and we will not fail.
# # #