City at forefront of war on cybercrime

FBI forming task forces to fight crimes of Internet age

Wednesday, March 22, 2000

By Torsten Ove, Post-Gazette Staff Writer

With its aging population and Rust Belt image, Pittsburgh may hardly seem like the kind of town the federal government would choose as a base for its war on sophisticated cybercrime.

But yesterday, as local law enforcement officers stood stiffly for the cameras at FBI headquarters Downtown, authorities announced the creation of the nation's first task force specifically designed to combat computer intrusion, Web site vandalism, on-line espionage and other crimes of the rapidly evolving Internet age.

"This is the future, but it is also very much the present," said Michael Vatis, the FBI's top cybercop. "This is putting Pittsburgh at the cutting edge of cybercrime prevention."

The task force, comprised of federal, state and local agencies, is one of 16 planned nationwide in major cities.

Pittsburgh was chosen because of the prevalence of software development companies here and the presence of Carnegie Mellon University's Computer Emergency Response Team, the nation's leading cybercrime research facility.

In addition to focusing on complex computer and Internet crimes, FBI officials said the local task force will provide technical assistance to police departments in investigations of fraud, child pornography and identity theft that involve computers.

Vatis, director of the National Infrastructure Protection Center in Washington, D.C., said computers are changing the face of crime so quickly that law enforcement agencies have to work together to keep up.

In addition to working to combat large-scale attacks such as the one that disabled Yahoo!, eBay and other e-commerce Web sites last month, federal authorities have been scrambling to head off all manner of computer crimes, from organized hacking of government computers by suspected foreign agents to amateur vandalism such as that committed by the teen-ager who vandalized an anti-drug Web site with pictures of Beavis and Butthead.

Locally, FBI Special Agent John P. Joyce said his agency is investigating 30 to 40 cases of computer intrusion and similar crimes, although he wouldn't reveal details of any of them. Because of their technical nature, each investigation requires much more expertise than the traditional capers tackled by FBI agents of old. The new breed of federal crime fighter is more likely to be an agent sitting at a computer all day than a suit-and-tie swashbuckler with a gun kicking down doors.

"These cases are a lot more complicated than physical crime," said Vatis, "and they take a longer time to solve."

Richard D. Pethia of CMU's CERT warned that the "denial of service" attacks that knocked the Internet companies off-line in February are only the beginning of new waves of cyberspace assaults. In 1998, he said, his center examined 4,000 incidents. Last year, the number reached 8,000. This year, it could double again.

"This problem is real and it's here," he said. "The nasty thing about computer attacks is that they can be launched from anywhere on the planet."

And it can be nearly impossible to track down the culprits and then prove they are responsible for specific on-line exploits. The attacks on the e-commerce companies, for example, remain unsolved, although Vatis said the FBI is making progress in the case.

Not everyone is convinced the federal government, working with experts in the private sector, has what it takes to match wits with serious hackers bent on mayhem.

"If I were a cyber criminal with the FBI after me, I would sleep like a baby," said Jay Valentine, president of InfoGlide Corp., an Internet security company, in a recent Scripps Howard report about Internet security. "Even a blind squirrel finds a nut, but the FBI will only catch amateurish hackers. The best ones are a generation ahead of the FBI."

Other critics have blasted the FBI and the National Infrastructure Protection Center for reacting too slowly to the attacks on 30 university systems last year that laid the groundwork for the e-commerce shutdown last month.

In a USA Today report, experts -- many of them cybersleuths selling their services -- also said the government's efforts were hindered by inter-agency squabbling and the fact that some companies don't trust the FBI enough to share information with agents.

Vatis wouldn't address the USA Today report except to say that it was inaccurate.

Regarding the charge of slow government reaction, he said the protection center issued a warning about the denial-of-service threat in plenty of time.

The National Infrastructure Protection Center's Web site shows the warning went out on Dec. 30 and included detailed information about what defensive steps to take.

Still, Vatis acknowledged that government agencies are "still in the process of getting up to speed.

"http://www.post-gazette.com/regionstate/20000322cybercrime1.asp

-- Jen Bunker (jen@bunkergroup.com), March 22, 2000