FC: Aschroft warns of online anonymity, tells firms to report attacks

[Declan McCullagh <declan () well com>]

[This is very similar to what Janet Reno used to say. About the only
thing missing is a complaint about encryption
(http://www.politechbot.com/p-00517.html). --Declan]


http://www.usdoj.gov/criminal/cybercrime/AGCPPSI.htm
                                      
                 REMARKS OF ATTORNEY GENERAL JOHN ASHCROFT
                                      
         FIRST ANNUAL COMPUTER PRIVACY, POLICY & SECURITY INSTITUTE
     
                                May 22, 2001
     _________________________________________________________________
                                      
   Good afternoon. It is a pleasure for me to speak with you, and I am
   grateful to Senator Conrad Burns and to Rocky Mountain College for
   their kind invitation.
   The concerns that bring you to this Institute - computer security and
   threats to information assets - are of central importance to us all. A
   few years ago, these conferences were quite rare. "Worms" and
   "viruses" were described in biology textbooks, not police reports.
   Today terms like these bring to mind crashed networks, massive
   disruptions in communications and infrastructure systems, and billions
   of dollars in damages.
   Like revolutionary technologies before it, the Internet carries
   enormous potential both for advancement and for abuse.
   Attacks on networks, frauds, software piracy, corporate espionage, and
   trafficking in child pornography are just some of the crimes
   facilitated by the Internet. The Department of Justice is committed to
   fighting these crimes, and I am here to ask for your partnership.
   Without your leadership, without your help, and without our collective
   efforts, the Department's mission - to make our country a safer and
   more secure place for all Americans - can not be fulfilled.
   Although there are no exact figures on the costs of cybercrime in
   America, estimates run into the billions of dollars each year. And
   unlike more traditional crimes, cybercrime is especially difficult to
   investigate.
   First, the Internet can provide anonymity. On the Internet, it is easy
   for a criminal to create a fictitious identity to perpetrate frauds,
   extortions, and other crimes. Since many computer crimes - such as
   trading pirated software or child pornography - can be committed
   entirely on-line, this anonymity can significantly complicate an
   investigation.
   Second, compounding these difficulties is the Internet's borderless
   nature. A criminal anywhere in the world armed with nothing more than
   a personal computer connected to a modem can victimize individuals and
   businesses worldwide.
   Third, the tremendous power of today's computers makes it possible for
   a single cybercriminal to do a staggering amount of damage - damage
   far beyond what a single person could typically do in the traditional
   criminal world. For example, a sophisticated cybercriminal can release
   a virus or launch a denial of service attack affecting hundreds of
   thousands of computer users or critical infrastructures like power
   grids.
   But we are not just faced with technical challenges. Even if we could
   master all the technology, the human dimension of cybercrime presents
   its own unique challenges. Sadly, there is a common misperception
   among many - especially many young people - that crimes committed
   on-line are not as serious as more traditional crimes.
   The Department of Justice is doing everything it can to address these
   challenges.
   First, we have dramatically increased our training of prosecutors and
   agents in this area. The Department has a specific section of the
   criminal division - the Computer Crime and Intellectual Property
   Section - devoted to combating cybercrime.
   
     In addition, the FBI has created Computer Crime Squads in 16
     metropolitan areas around the country specifically to investigate
     cybercrime.
     In Washington, the FBI's National Infrastructure Protection center
     acts as a clearinghouse for information and expertise relating to
     cybercrime. And each federal judicial district - including the
     District of Montana - has at least one Assistant United States
     Attorney, a Computer and Telecommunications Crime Coordinator, who
     has received special training in how to investigate and prosecute
     cybercrime.
     Second, we have worked with our partners in foreign law enforcement
     to address the internationalization of cybercrime. Partnerships
     such as the Group of Eight industrial nations and the Council of
     Europe have provided us with the means for discussing and
     developing better ways to investigate cybercrime which crosses
     borders.
     Third, through the FBI, we have sponsored the InfraGard program, a
     unique partnership between the Department of Justice, businesses,
     academic institutions, and state and local law enforcement
     agencies, dedicated to increasing the security of the United
     States' critical infrastructures.
     
     Fourth, the Department of Justice also reaches out to young people
     through programs like the Cybercitizen Partnership, our partnership
     with the Information Technology Assocation of America Foundation to
     teach young people the right ways to use the Internet.
     Last and perhaps most directly, we are putting cybercriminals in
     jail. The arrest and guilty plea of both the author of the Melissa
     virus in the United States and "MafiaBoy" in Canada demonstrate our
     ability to solve cybercrime - even when it occurs on a massive
     scale or comes from outside our borders.
     No matter how hard we work in the Department of Justice, we cannot
     solve this problem alone. For all our success in prosecuting the
     cybercrime we know about, we know that much more goes totally
     unreported. And this is where we need your help.
     Our experience tells us that when a bank is robbed, bank officials
     call the police. But when valuable commercial information is stolen
     from computers, only rarely do the victims report this to law
     enforcement. Why? It could be for a number of reasons. We know from
     speaking with business managers that they are often embarrassed.
     Their computers - which they thought were secure - were not so
     secure after all. They fear customer mistrust and competitive
     disadvantage. And they are afraid that an investigation will
     disrupt their business.
     We know that a company that does not report cybercrime to law
     enforcement may find itself in a far worse position than it ever
     imagined. A company that does not report crime leaves the criminal
     free to strike again. If a computer hacker has broken into your
     network and has stolen credit card numbers from your databases or
     has stolen valuable intellectual property, he may also have created
     a new backdoor to your network to use if you bar his original path.
     Not reporting the cyber crime also creates incentives for repeat
     attacks against you. Cybercriminals talk to each other and when you
     don't report, you are viewed by this community as an easy victim. I
     would urge you to recognize that when you report incidents of
     cybercrime, you are not just doing the right thing for the
     community - you are also doing something clearly in your own
     interest.
     
     Our experience with good corporate citizens that do report crime
     has been excellent. As a result of cooperation with industry, we
     recently arrested suspects in extortion and computer intrusions
     directed against Michael Bloomberg and his company by individuals
     in Kazakhstan; damage to GTE's computers caused by a disgruntled
     employee; and a shill bidding art fraud run on e-Bay. In large
     measure, these success stories depended on the timely reporting of
     the events by the victims.
     As we work to make the remarkable technology of the Internet a
     positive force for all Americans, and as we enter a new era in law
     enforcement, the future success stories belong to you. I urge you
     to be leaders in this field, and I look forward to working with
     you.
     Thank you.

###



-------------------------------------------------------------------------
POLITECH -- Declan McCullagh's politics and technology mailing list
You may redistribute this message freely if it remains intact.
To subscribe, visit http://www.politechbot.com/info/subscribe.html
This message is archived at http://www.politechbot.com/
-------------------------------------------------------------------------