FBI New agent training. (Photo credit: Wikipedia)
When hackers act like spies
Spear phishing is an email fraud that targets a specific organization in order to gain confidential information. To make emails look legitimate, spear phishers find personal information about their target — job duties, photos, friends’ names — by hacking into the organization’s computers and by combing websites, blogs and social networking sites.
HOW SPEAR PHISHING WORKS
The ruse: Hackers pose as a highly placed person in the organization — say, a human resources official or a systems administrator.
The hook: They send emails that appear to targeted victims to be the real thing, giving sensible-sounding reasons for needing their personal data.
The kill: They ask victims to click on a link in the email that either contains malicious code to hijack the victims’ computers or takes victims to a fake but realistic-looking website where they are asked to provide user IDs, passwords, access codes and other sensitive data.
Sources: FBI, PC World
FBI agents stationed in Omaha got used to a certain kind of phone call during the cybercrimes investigation they ultimately dubbed "Operation Trident Breach."
They made the call a dozen times during a years-long investigation into $70 million of suspicious online bank transfers all over the country, said Weysan Dun, head of Omaha's FBI field office, speaking to a Creighton University audience Thursday afternoon.
An Omaha FBI agent would phone a company's chief financial officer and ask if he or she had moved $500,000 from an account the previous day, Dun said.
"No," the executive would answer. "Why?"
"We need to talk," the FBI agent would say.
The executives — unaware that they had just been robbed by a criminal network that stretched all the way to Ukraine — are emblematic of the United States' lack of understanding and often weak defense against cybercrime, Dun said.
Speaking as part of a Creighton lecture series, Dun delivered a sobering, hourlong address on the dangers in cyberspace.
U.S. companies and businesses around the world are losing unfathomable amounts of money and proprietary information, he said — a 2011 Norton Corp. report pegged the global cost of cybercrime at $400 billion annually.
Organized crime groups such as the Mafia are increasingly turning to cyberthievery, Dun said, largely because it's far easier to steal money or credit card information online than it is to physically rob a bank.
Foreign intelligence services, in China and to a lesser extent Russia, are focused on stealing information from U.S. defense contractors and government agencies, Dun said.
And terrorist groups — which haven't yet been known to carry out large-scale Internet attacks — may at some point try to exploit sensitive government information stored online, disrupt the water supply or shut down an electrical grid, Dun said.
"As 9/11 taught us, we can't assume that just because something hasn't been done before, that it's not a possible threat," Dun told the audience. He labeled the threat of a terrorist attack using the Internet "not that far-fetched."
Dun, a 30-year FBI veteran, told the crowd that not enough U.S. political action is being taken — and not enough American money is being spent — to combat the growing cyberthreat.
Operation Trident Breach eventually nabbed many of the criminals behind a years-long scheme to use malicious software to funnel nearly $70 million to bank accounts in Europe. But attacks similar to the one halted by the operation happen often, Dun thinks, and the criminal groups behind such attacks are growing increasingly specialized and sophisticated.
He urged members of the audience to think more about how to protect themselves online — scrubbing social networking sites of personal or financial information, for example — while talking more about what level of security they expect on the Internet.
The Internet is designed to allow users large amounts of freedom and anonymity, which makes companies and individuals more vulnerable to cybercrime, he said.
But "locking down" the Internet is highly controversial, he said, because of civil liberties concerns and also because Internet freedom and anonymity are highly prized by many users.
Dun said he favors "a separation of the Internet" in which some parts of cyberspace remain unchanged while other parts are put behind more secure walls to protect, for example, financial institutions.
He compared that approach to having public parks open all day but putting military installations behind blast walls and armed guards.
"The cyberworld is going to evolve to resemble the physical world in that way," he said.
"It's my belief that the current model (of the Internet) ... is in the long run an unsustainable model."
Contact the writer:
Published Friday March 30, 2012