This message is in MIME format. The first part should be readable text,
while the remaining parts are likely unreadable without MIME-aware tools.
Content-Type: TEXT/PLAIN; charset=UTF-8
By William Jackson
LAS VEGAS - For a decade federal law enforcement officials have been
preaching the gospel of private-sector cooperation. The need for
cooperation has long been obvious, but an FBI official told a gathering of
computer security experts and hackers that the government is getting
serious about the effort.
"Critical information about terrorism and other cybercrimes we are working
on often resides with you folks, and will come to you first," Dan Larkin,
a unit chief of the FBI's Internet Crime Complaint Center, said Wednesday
at the opening of the Black Hat Briefings security conference.
But gaining the trust of the private sector has been difficult, and a good
part of that problem has been the government's failures to follow through
in using data it collects and to accommodate the private sector's needs.
An academic study on the use of the Internet to investigate organized
crime, commissioned by the FBI in 1999, identified two channels of funding
used by al-Qaeda in planning the Sept. 11, 2001, attacks on the United
States. When that was realized, a light went on in the bureau, according
"We need to go after these partnerships more aggressively," he said.
The stakes in this game of cat and mouse between law enforcement and
cybercriminals are getting higher.
"Spam and cybercrime are really about the money," Larkin said. "It's not
just the script kiddies any more. There are people making a lot of money
Security experts have been noting the commercialization of malicious code
for several years now as a sophisticated black market in malware has
changed the goal of hacking from bragging rights to financial gain.
Unreported vulnerabilities are auctioned off in this online marketplace
and exploits are packaged into retail toolkits that can be used to snare
potentially valuable information.
Finjan Inc. of Santa Clara, Calif., reported in a quarterly study of
threat trends that new exploits are focusing on active content used on Web
sites. These can perform stealthy attacks that maintain a steady leak of
data from unsuspecting victims.
Finjan's Malicious Code Research Center found vulnerabilities in
Microsoft's Internet Explorer and Vista operating system being offered to
the highest bidder through the Full Disclosure e-mailing list. The list is
hosted and sponsored by Secunia, a Danish security company that monitors
vulnerabilities and reverse engineers software.
According to the list's guidelines, "any information pertaining to
vulnerabilities is acceptable," including announcements of exploits, code
The center also found a Web Attacker toolkit offered on a Russian Web site
for about $300. The kit, which lets the user create a malicious Web site
that infects browsers with drive-by installations, even comes with an
update subscription for $20.
"Befitting a professional software product, the toolkit is provided with
detailed user guide and friendly user interface," and "also provides
well-designed reports" on the numbers of infections broken down by
exploit, the report said.
The result of these developments is an increasingly organized underground
economy in which malware is bought, sold and deployed for financial gain.
In the last three years, the FBI has responded with improved cooperation
with the private sector. Larkin now heads up the ICCC's Cyber Initiative
Resource Fusion Unit, which is coordinating a number of initiatives
targeting specific areas of crime.
Operation ReLEAF (Retail and Law Enforcement Against Fraud), started in
2003, helped gather private-sector data that could spot emerging fraud
schemes. The Slam Spam initiative has assembled two teams of analysts
funded by industry and staffed in part by law enforcement to respond to
spam problems, and is a model for the news Digital Phishnet that addresses
phishing expeditions=C2=97the use of legitimate-seeming e-mail to coax people
into revealing personal and financial information.
One thing the FBI has learned is that high-profile events spawn scams. In
the wake of Hurricane Katrina, more than 5,000 reports of fraudulent
schemes were received within weeks. Some of the Web sites used in the
fraud were being registered even before Katrina made landfall, Larking
Content-Type: text/plain; charset="us-ascii"
Attend the Black Hat Briefings and
Training, Las Vegas July 29 - August 3
2,500+ international security experts from 40 nations,
10 tracks, no vendor pitches.