Hacker hunters need to develop new techniques to take on the latest generation of cyber criminals. That's according to FBI Director Robert Mueller, who told attendees of the RSA Conference 2006 that the FBI increasingly had to deal with organised groups of criminals, operating across international borders.
"Increasingly our cyberthreats originate outside of the United States," he said. "The once-clear divisions of jurisdiction and responsibility between agencies [and nations] have been rendered obsolete by the fluid and far-reaching nature of today's threats."
Mueller also expressed concern that companies were reluctant to report online criminal acts. He said that the FBI's relationships with corporations and consumers, the most common victims of cyber criminals, are also key to many of the FBI's investigations. "Information sharing is a two-way street," he said. "We recognise that in certain areas we lack the expertise that you possess," he added.
Over the past few years, the FBI has taken steps to better coordinate cyber crime investigations within the U.S. Four years ago, it created its own Cyber Division, and the law enforcement agency has set up specially trained cyber squads in each of its 56 field offices across the US, Mueller said.
The FBI now has more flexibility to work with international law enforcement and is working to build relationships with those foreign agencies by putting operatives "on the ground" in countries that may be hotbeds for cyber crime. These countries include places such as Estonia and Romania, said Steven Martinez, the deputy assistant director for the FBI's Cyber Division.
One example of this type of information sharing occurred shortly after Hurricane Katrina hit the Gulf Coast in the U.S. last year. Within days, fraudsters had set up bogus websites soliciting money under the guise of providing disaster relief. The FBI worked with organizations such as the Red Cross, eBay and MasterCard International to help shut down the phony sites, and ultimately it referred 100 such cases to local authorities, according to Mueller.
Mueller also cited an FBI-backed initiative called IntraGuard, where 3,000 members - from Fortune 500 companies to small family-owned businesses - can share information with law enforcement on the latest cyber threats.
Additionally, the FBI has helped establish an Internet Crime Complaint Center where about 18,000 "Internet-related consumer complaints" are logged each month, he said.
Still, most law enforcement experts agree that the vast majority of cybercrimes go unreported to law enforcement, with fears of reprisals or adverse publicity creating what Mueller called a "code of silence."
"You may believe that notifying authorities may adversely impact your position in the marketplace," he told the RSA Conference audience of computer security experts and vendors. But companies need to take a wider view of the situation, he said.
"Maintaining a code of silence will not benefit you or your company in the long run," Mueller said. "Our safely lies not only in protecting our own interest, but our critical infrastructure as a whole."