The FBI's cybercrime battle

The FBI was able to nail John Dillinger, but how well would it stack up against uber-hacker Kevin Mitnick?

Probably not well. Sharply criticized for its lack of technical know-how, the FBI has taken a pounding after recent reports disclosed that glitches in the agency's Carnivore online surveillance technology may have hindered investigations into terrorism threats.

Agents have increasingly complained that the Bureau's outdated technology has hampered their ability to analyze other threats. But with the nation's law enforcement agencies turning their attention to the so-called war on terrorism, the FBI is getting an upgrade.

A recent reorganization placed fighting cybercrime at the top of the Bureau's priorities. The job of meeting that challenge falls to Assistant Director Larry Mefford, who heads the Bureau's new Cyber Division. Mefford, who previously worked in counterterrorism security planning at the Los Angeles, Atlanta and Salt Lake City Olympics, served as the Bureau's special agent in charge of the San Francisco office, where he oversaw all operations, including terrorism and cybercrime programs.

CNET News.com recently talked with Mefford about his division's role in the new FBI structure, cybercrime, and the wider war against terror.

Q: Let's talk about your new role. What is the Cyber Division's mission? What areas is it taking on?
A: The director (FBI chief Robert Mueller) created the Cyber Division in order to consolidate a historically fragmented approach to cybercrime. It brings together all of the FBI's responsibilities to conduct investigations of criminal activity that occur over the Internet or involve computers or networks. It's the full gamut of what we refer to as cybercrimes--everything from hacking and (denial-of-service attacks) to Internet fraud, theft of identity, and theft of intellectual property. What we're really looking at are those crimes where computers or networks are either the tools or the targets of activity.

How big is the department?
A lot depends on homeland security. We're still in the process of defining everything, but we're looking at a figure of hundreds at the start-up stage. We'll grow from there.

How will it be managed?

"We're in the process of creating this division from scratch."

Most of these criminal investigations will be operated out of field offices around the country. Major intrusion cases are likely to be managed directly from headquarters. That's a big change for us. Historically, field offices have run cases. This is similar to the concept (being put in place for) terrorism cases. We'll have a similar approach on major cyberattacks. If we have another (denial-of-service attack), that's likely to be directed from headquarters. But intellectual property, fraud, child porn cases will still be managed at FBI offices around the country. Our role at the Cyber Division will be to provide support and make sure they're successful. We'll be helping them connect the dots, as they say now.

Your division and appointment were announced back in April. Last month, the Bureau announced a major overhaul, and cybersecurity was listed as the No. 3 priority. How does that affect what you're doing? Clearly, being prioritized to that degree affects us significantly. We're in the process of creating this division from scratch. Historically, the responsibilities to address some of the activity we're talking about were fragmented among many different management units. It was difficult for the community and the private sector to interface with us as an organization (because you) had to go to various points. Clearly, 9/11 had an impact on our reorganization, and one area was an initiative to improve the efficiency of operations.

We also have a function to provide protection against counterintelligence and terrorism threats against the U.S. If there were a foreign government attack or a terrorist attack against computer networks, the Cyber Division would have a role in investigating or supporting other FBI entities that have a primary role in (investigating those crimes). We would help the terrorism guys and the people doing counterintelligence or espionage.

And how is that working out in terms of your focus?
The vast majority of our effort is focused on illegal criminal activity. In the past, it was very difficult to find any quantifiable data on the extent of the activity. As part of the Cyber Division, we've incorporated the FBI's Internet Fraud Complaint Center (part of the National White Collar Crime Center), which serves as a conduit to solicit complaints regarding Internet crime. It started (looking at) fraud, and we're going to expand to other types of crime. That data will be analyzed and distributed to the FBI and to local authorities.

The focus there has been on Internet fraud and thefts facilitated by the Internet. We'll be looking at intellectual property violations, economic espionage, theft of trade secrets, and also technology-related crimes, such as counterfeiting of software. As we gear up operations and gain more expertise in the future, we'll be able to do a better job in providing service to the U.S. public.

How important is industry input, both in preventing crime and solving crime?
The relationship with the private sector in the technology arena is critical for us as an agency. It's very difficult for us--because of expenses and other issues--to stay up with the technology. We need to link arms and join forces with private industry, so we can use their expertise and capability for the benefit of the American public, if we can.

Can you talk about your progress in realizing that plan?

"We need to link arms and join forces with private industry, so we can use their expertise and capability for the benefit of the American public."

We're in the process of creating cybercrime squads throughout the U.S. in FBI field offices. In this calendar year, we'd like to create 20 of these squads and concurrently, form cyber task forces, modeled after terrorism task forces, where we join forces with local law enforcement agencies, private industry and occasionally academia, to attack cybercrime. We're allowed to leverage our capabilities and, at the same time, more efficiently spend training money.

These will be permanent task forces assigned to different regions throughout the country to focus on cyber-related criminal activity as well as terrorism. If we have evidence of a national security issue, these squads that we're trying to form will assist other FBI entities in mitigating and preventing those types of attacks. In the area of criminal activity, what we hope to do is provide enhanced prosecution and work closer with different U.S. attorneys' offices across the country.

In the past, many companies have been reluctant to come forward when they were hacked. Has that attitude changed? How do you persuade people to bring things out in the open?
We have a system in place. Today, the National Infrastructure Protection Center has responsibility inside the FBI for handling all the computer-intrusion cases. It's part of the Cyber Division. We've created internal safeguards to protect companies. Let's say a company comes forward and they have sensitive data they want to share, but they don't want to seek prosecution; they can do that. All the protocols created at NIPC will stay in the Cyber Division.

The White House has proposed moving the NIPC to the new Department of Homeland Security.
We're working with the administration to make an orderly transfer of the NIPC to the new agency. If Congress creates enabling legislation, we will make sure NIPC info is efficiently transferred to the new agency, and the FBI will provide people on a detail basis. NIPC handles only intrusion cases. As for other cybercrime, the new agency will not have any other impact.

Can you give some examples of how technology helps you fight crime?
Certainly, analytical tools allow us to conduct the analysis and intelligence far better than we have before...In the area of technical tools, for example, we're looking at undercover operations the FBI has been operating for years wherein individuals preying on children (online) can be identified. We're looking at techniques to identify them at an early stage.

How much of a priority is cracking down on criminal copyright violations? What areas are the most likely targets--music, movies, books?
That's a challenging and complicated issue, but the fundamental fact is that intellectual property rights will be a high priority. The U.S. business community needs that information to compete worldwide. If you have technology stolen or pirated and a competitor or criminal can replicate software, for instance, at very little charge, the American public and U.S. companies deserve the protection.

One of the things we're doing is enhancing our participation with customers at the (intellectual property rights) center as a focal point to receive complaints regarding those types of violations. We're going to look at doing more aggressive undercover operations in the area of counterfeiting software. We can improve our capability to prosecute criminals. Unfortunately, many are overseas. So one thing we'll do is work very closely with certain federal governments and develop ongoing relationships with certain foreign police agencies.

What about software counterfeiting?
Clearly, illegal counterfeiting of software is a problem. (Organizations that do that are) not only negatively affecting the marketplace. Even though the public may get products at a lower price, the reliability is suspect, and the warranty is suspect. We think we can help protect the public by joining forces with other agencies, like Customs, and working to help avoid counterfeiting of software.

What about piracy of music and movies?
We need to look at that. There are a lot of challenges based on the fact that (technology) is creating completely new concepts in the legal field. We're working with the Justice Department at the U.S. attorneys' offices across country.