Companies that work with law enforcement agencies on cybercrimecan get valuable information, including lists of hostile IP (Internet Protocol) addresses andinformation on new types of attacks, a U.S. Air Force cybercrimeinvestigator said Thursday.
Wendi Whitmore, a special agent with the Air Force Office ofSpecial Investigations, urged companies that are victims of cybercrime to report the problems to lawenforcement agencies during a presentation at the 2006 InfraGard National Conference, focused onprotecting U.S. critical infrastructure. Even though manycybercriminals don't get caught, the sharedinformation between law enforcement and private businesses can helpboth groups develop better defenses, she said.
Some cybercriminals do get caught, and those arrests serve as adeterrent to others considering cyberscams, she said. "No criminalprosecution is ever going to be taken if the crime is neverreported to law enforcement," Whitmore added. "Until we startdeveloping longer lists of people who got five years, who got 10years [in jail], who had to pay back hundreds of thousands ofdollars, then you're not going to have a deterrent."
Some companies are concerned that law enforcement investigationsare slow, but police often have a view of the larger picture thanan individual company, she said. Another common fear is that acompany that reports cybercrime will have that information leakedto the media, but rarely do the leaks come from law enforcementagencies, she said.
About three-quarters of the victims of DDOS (distributeddenial-of-service) extortion scams don't report the crimes to lawenforcement agencies, Whitmore said.
In extortion scams, criminals use networks of compromisedcomputers called botnets to flood a company's network with traffic,then ask the company for money to make the DDOS attack stop. If thecompany refuses to pay, the attacker floods the company's networkwith more traffic, often from thousands of zombie computers, thendemands more money, she said. Financial companies such as banks andoffshore gambling Web sites are favorite targets for these botnetextortion scams, she added.
Botnets of compromised computers are responsible for sending anestimated 60 percent of all spam e-mail, as well as sending manyviruses and worms and phishing scam e-mails, Whitmore said. Inaddition to DDOS attacks, compromised computers can send out theowner's personal information, and they can be used to storeillegally copied music and movies or child pornography, shesaid.
Whitmore called on businesses to deploy a number of defensesagainst botnets, including running antivirus software, patchingsystems quickly, scanning network traffic and limiting employeecomputer access to only the systems they need. Companies also needto "train, train and retrain" their employees in safe Internet use,she said.
"The Internet is a war zone," she said. "If you haven't beenattacked, at some point, you're going to be attacked."
She also recommended that companies develop relationships withlocal law enforcement investigators and their Internet serviceproviders before a cyberattack. That way, the company will be ableto get a quick response during a crisis, she said.