Cybercrime targets companies' valuable information

April 12, 2011 4:56:15 PM PDT
There is a new and dangerous trend in what is called "cybercrime": the use of the internet to steal valuable information.

Federal authorities say international criminal groups are moving away from identity theft.

Computer-based thieves are still stealing credit card numbers and personal information, but top federal investigators tonight say there is a new and devastating cybersecurity threat facing the United States: the theft of company secrets and corporate sabotage.

The dismal prognosis was delivered Tuesday on Capitol Hill to members of the Senate Judiciary Committee considering new legislation to deal with growing computer crime.

"This adversary is fast. This adversary works faster than we do," said Phyllis Schneck of McAfee Security. "They build relationships, they build trust. As was mentioned in the last hearing, the cyber underground, they know how to share information; they have no intellectual property boundaries, no legal boundaries, [and are] very often funded fully by their governments."

"These threats pose significant risk to U.S. public health and safety via counterfeit pharmaceuticals, electrical components, aircraft parts and automobile parts," said Gordon Snow of the FBI.

Cybersecurity agents at FBI Headquarters in Chicago have investigated several hundred-million-dollar corporate theft cases the past two years, many of them resulting in local arrests.

However, as hackers become more sophisticated and are many times backed by hostile governments, top Justice Department officials say they are electronically outgunned and never find out who hacked into corporate computers.

"We still don't know to this day who the attacker is, what state we can attribute it to, or who that person behind the keyboard was," said Snow.

"It is often literally impossible to identify, arrest and prosecute the offenders or obtain critical evidence we need to prosecute the offenders without the assistance of foreign law enforcement," said Deputy Assistant Attorney General Jason Weinstein.

"Law enforcement is, in my view, almost entirely helpless at this point," said cybersecurity attorney Stewart Baker.

American corporations are also helpless in defending against corporate sabotage from foreign or domestic-terrorists, according to expert testimony Tuesday.

"Increasingly it is possible to essentially infect the world and then ask your software, your malware, to run in the background until you do something that the crooks think is interesting, like log onto a particular account with a private equity fund, which indicates you have enough money to be worth stealing from," said Baker.

The chilling account of cyber-threats that exist today and where law enforcement and big business are in trying to stop them is currently the focus of at least seven committees on Capitol Hill, and congress is waiting for a White House legislative package that leaders of both parties say is long overdue.