Companies that work with law enforcement agencies on cybercrime can get valuable information, including lists of hostile IP addresses and information on new types of attacks, a U.S. Air Force cybercrime investigator said Thursday.
Wendi Whitmore, a special agent with the Air Force Office of Special Investigations, urged companies that are victims of cybercrime to report the problems to law enforcement agencies during a presentation at the 2006 InfraGard National Conference, focused on protecting U.S. critical infrastructure. Even though many cybercriminals don't get caught, the shared information between law enforcement and private businesses can help both groups develop better defenses, she said.
Some cybercriminals do get caught, and those arrests serve as a deterrent to others considering cyberscams, she said. "No criminal prosecution is ever going to be taken if the crime is never reported to law enforcement," Whitmore added. "Until we start developing longer lists of people who got five years, who got 10 years [in jail], who had to pay back hundreds of thousands of dollars, then you're not going to have a deterrent."
Some companies are concerned that law enforcement investigations are slow, but police often have a view of the larger picture than an individual company, she said. Another common fear is that a company that reports cybercrime will have that information leaked to the media, but rarely do the leaks come from law enforcement agencies, she said.
About three-quarters of the victims of distributed denial-of-service (DDoS) extortion scams don't report the crimes to law enforcement agencies, Whitmore said.
In extortion scams, criminals use networks of compromised computers called botnets to flood a company's network with traffic, then ask the company for money to make the DDoS attack stop. If the company refuses to pay, the attacker floods the company's network with more traffic, often from thousands of zombie computers, then demands more money, she said. Financial companies such as banks and offshore gambling Web sites are favorite targets for these botnet extortion scams, she added.
Botnets of compromised computers are responsible for sending an estimated 60% of all spam e-mail, as well as sending many viruses and worms and phishing scam e-mails, Whitmore said. In addition to DDoS attacks, compromised computers can send out the owner's personal information, and they can be used to store illegally copied music and movies or child pornography, she said.
Whitmore called on businesses to deploy a number of defenses against botnets, including running antivirus software, patching systems quickly, scanning network traffic and limiting employee computer access to only the systems they need. Companies also need to "train, train and retrain" their employees in safe Internet use, she said.
"The Internet is a war zone," she said. "If you haven't been attacked, at some point, you're going to be attacked."
She also recommended that companies develop relationships with local law enforcement investigators and their Internet service providers before a cyberattack. That way, the company will be able to get a quick response during a crisis, she said.