The FBI is calling on the Senate to update the Computer Fraud and Abuse Act, a federal law against hacking that will empower FBI and its specialist in unspecified “strategic International locations” to bolster US cyberspace.
With cyber criminals threatening to crumble US economy, it is unsurprising the FBI is petitioning the US Senate for more powers through the amendment to US Cyber Fraud and Abuse Act. The Feds are also suggestion a new law that would encourage sharing of cyber threat intelligence with private sector and establish a uniform national standard for reporting data breaches.
While addressing the senate committee on Banking, Housing and Urban Affairs, FBI’s Cyber Division assistant director Joseph M. Demarest, stressed on the need of cooperation between Law enforcement agencies and private sector in the war against cyber crime. “I cannot make the following statement frequently enough,” said Demarest. “The private sector is an essential partner if we are to succeed in defeating the cyber threat our nation confronts.”
“The operational collaboration required to identify cyber threat indicators and to mitigate intrusions requires the exact type of sharing we seek in the first place. As such, the FBI supports legislation that would establish a clear framework for sharing and reduce risk in the process, in addition to providing strong and straightforward safeguards for the privacy and civil liberties of Americans,” read FBI’s Statement. “We in the law enforcement and intelligence communities must be as transparent as possible. We also want to ensure that all the relevant federal partners receive the information in real time.”
An FBI recap of the cyberattacks in 2014, reveals a changing threat landscape, with criminals getting more sophisticated and outwitting law enforcement agents in some instances. High profile attacks such as JPMorgan, eBay, Sony, Microsoft, paints a very scarily picture of the criminal landscape that freaks out even the Feds. In particular, Data breach at JPMorgan Chase, America’s largest bank, served as a wakeup call to the feds and private sector that no organization is large enough to fight cybercrime on its own.
More worrisome, is the growing threat to individuals’ card holders where skimmers are increasingly targeting POS terminals, such as gas stations and retail stores to seize users’ card data. Notably, the upsurge of Advanced Point of Sales malwares in 2014, calls for re-evaluation of anti-crime strategies. Cyberattack on Target retail stores is a good example of an Advanced POS RAM scrapper in action. The feds estimates that criminals stole over 40 million credit card and over 70 million customers’ during the raid on Target.
To underscore the need for tougher Laws and more corporation in information sharing, Demarest cited a few successful operation where the FBI has cooperated with the Department of Homeland Security and its cyber specialist in “strategic international locations” to nab cybercriminals. A good example is the Dark web take down that Sunk Silk Road 2.0, an illegal dark web online market. The operation also led to the capture of Blake Benthall, alias Defoc and the seizure of over 400 other illegal websites on the Tor network.
“Cyber criminals now operate far outside the traditional bounds that confined criminals in past decades .Whereas last century’s bank robbers used an automobile to steal from a handful of banks, today’s bank robbers can use the Internet to steal money from thousands of banks across the world in a few hours, all without ever leaving their basement,” noted Demarest adding that it was impossible to continue using Last decade’s laws to combat today sophisticated criminals.
Security experts have hailed the move by FBI to rally the Senate to update the Cyber Fraud and Abuse Act of 2008, in order to include emerging cyber threats. Colby DeRodeff, chief strategy officer of ThreatStream, supports more openness and collaboration in fighting cybercrime. Derodeff says criminals are showing unprecedented levels of cooperation is sharing intelligence and coordinating cyber-attacks. In such an environment where the aggressors are fighting together, the victims too have no option but to unite and front a common line of defense.
“The major challenge is the adversary has no obstacles when it comes to sharing and collaboration,” says DeRodeff . “Malware and attack methods, as well as credentials are available to even the most unsophisticated criminals with no legal teams or governing bodies restricting what can be done.”
In the past, the FBI has been relying on established federal units to facilitate information sharing on cyber threats. Such units include the Guardian Victim Analysis Unit, the Internet Crime Complaint Center (IC3), the Domestic Security Alliance Council, the National Cyber-Forensics and Training Alliance, the National Industry Partnership Unit, and the FBI Liaison Alert System (FLASH). However, with the changing cybercrime landscape, it is clear more need to be done to ensure a smooth flow of cyber threat Intel.
Top/Featured Image: By Fry1989 / Wikipedia (http://commons.wikimedia.org/wiki/File:Flag_of_the_United_States_Federal_Bureau_of_Investigation.svg)