Global Co-op Feeds FBI's Botnet Fight
The FBI claims that fighting cybercrime is a top priority,
right behind antiterrorism and counterintelligence,
and it is seeing better results thanks to worldwide cooperation
By Matt Hines
June 14, 2007

Officials with the FBI claim that global law enforcement partnerships are playing a significant role in its ongoing efforts to stomp out botnets and other computer-borne crimes.

Security researchers have long maintained that one of the most significant obstacles to shutting down botnets is the distributed global nature of the individuals responsible for operating the networks of zombie PCs.

Botnets are banks of computers infected by virus programs that allow them to be secretly used to carry out many forms of electronic attacks.

The conventional wisdom has been that U.S. law enforcement officials have struggled to find the budget and manpower necessary to track down cyber-criminals operating on their own turf, let alone find a way to identify and arrest people distributing malware code or operating botnets who are based in foreign nations.

However, hot on the heels of its announcement of a round of arrests of U.S.-based botnet herders and the identification of over one million machines infected by the programs, FBI officials said that international cooperation is playing an increasingly important role in helping it stomp out cyber-crime.

"We've been successful in building relationships with foreign law enforcement officials and have agents in 60 countries around the globe working full time on cyber-crime along with police departments and other agencies," said Shawn Henry, deputy assistant director of the Cyber Division at the FBI. "We've seen some significant developments over the last few years in that area."

While Henry admitted that the very nature of cutting-edge botnet herders can make them hard to find as perpetrators move from one bank of infected machines to another quickly to avoid detection, he said that partnerships with foreign governments in the name of fighting cyber-crime are playing a vital role in aiding the agency's ability to thwart the attacks.

"This type of crime can be committed by someone with minimal resources, sometimes using publicly available tools, which makes it a challenge to identify who is responsible, but international cooperation has allowed us to pursue these efforts in many countries, and we are also helping other nations fight operators located in the U.S. as this is a problem that goes both ways," Henry said.

Rounded up by the agency in its most recent botnet hunt were Robert Alan Soloway of Seattle, who has been tabbed as one of the nation's leading sources of botnet-driven spam e-mail, along with James C. Brewer of Arlington, Texas, who is alleged to have infected several Chicago-area hospitals with botnet programs, and Jason Michael Downey of Covington, Kentucky, who is charged with running botnets that were used to carry out so-called denial-of-service attacks.

Taking such individuals offline has become a task secondary only to fighting terrorists and spies, according to Henry, who said that the FBI's current leadership is very much focused on expanding its ability to battle cyber-criminals.

Whereas the perception within the IT security community has been that computer-based attacks are further down the agency's pecking order and that its efforts to stop such crimes lack the same financial backing as its other pursuits, Henry said that the FBI is taking the problem more seriously than ever before.

"Cyber crime is our number three priority behind anti-terrorism and counter-intelligence, we devote a lot of resources to it, and Director Mueller sees it as a significant criminal problem and is very supportive of our efforts," said Henry. "We also get ample support from the U.S. Department of Justice and have been successful with the legal tools that are being made available to us."

Despite making headway, Henry said that the battle against botnets and other forms of cyber-crime remains an "electronic cat and mouse game" as once law enforcement officials and the security community identify and block one technique being used by schemers, the perpetrators tend to move on to some newer modus operandi.

The FBI assistant director said that as part of the agency's effort to stop botnets and other attacks, it is hoping that businesses and consumers will become more vigilant and aggressive in lending a hand by keeping their computers protected with the latest anti-virus programs.

The agency is also advising potential victims of cyber-crime to pursue investigation of such activity by contacting their Internet service providers, and the FBI has said publicly that people should report any suspected illegal activity to such companies rather than communicating problems directly to itself or other law enforcement organizations.

Security industry experts lauded the FBI's work to identify and detain hackers as part of its Operation Bot Roast, which led to the arrests of Soloway, Brewer, and Downey, but at least one authority said that the agency may be creating false expectations of relief for businesses and consumers by telling them to fight crimes via their ISPs.

Web access providers, particularly those that cater to residential markets, have minimized help desk support to save overhead costs, and customers may find themselves with little recourse or being asked to pay for additional security services when they call their ISPs to complain, said Danny McPherson, chief research officer at security filtering specialists Arbor Networks. Arbor provides network behavior analysis tools to a number of well-known ISPs, including AT&T, British Telecom, EarthLink, and NTT.

Matt Hines is a senior writer at InfoWorld.