The Cybersecurity 202: FBI Cyber Investigations Hit Hard By Shutdown
The partial government shutdown is hampering the FBI’s ability to investigate and prosecute cyber criminals and to combat digital national security threats, current and former agents said Tuesday.
With the shutdown now in its second month, the vast majority of FBI agents are still on the job and working without pay. But many of the resources they need for cyber investigations are missing in action, the agents said — including money to pay for wiretaps, subpoenas and other tools that form the bedrock of most digital investigations.
In one case, an FBI cyber agent didn’t have money to pay two confidential informants who provide intelligence about cyber assaults by U.S. adversaries, according to a report released yesterday by the FBI Agents Association. In another case, a cyber investigation was stymied because the agent in charge couldn’t coordinate with furloughed workers at another agency.
“These delays slow down our work to combat criminal activity on the [internet] and protect the American people,” that agent said, as quoted in the report. It featured testimonials from some of the 14,000 current and former agents the FBIAA represents about how the shutdown is affecting their operations and personal lives.
Many investigations into cybercriminal gangs, hacktivist groups and even nation state-backed hacking operations are probably on hold during the shutdown, edged out by investigations where lives might be more imminently at stake, Austin Berglas, a former top cyber official in the bureau’s New York office, told me.
“If the head of an office understands he’s got dwindling funds to support investigations, he’s going to devote resources to the top priorities of the bureau: terrorism and significant counterintelligence investigations,” Berglas told me. “A massive botnet attack or a massive breach of credit card data is going to take a back seat to that.”
The FBIAA report details hard times across the bureau, ranging from counterterrorism sources who have gone mum because there’s no money to pay them to agents who had to back out of assisting local police investigating violent street gangs.
The funding impasse probably is hitting cyber investigations harder, however, because they tend to be more expensive than other operations, Berglas told me.
That’s because they often rely on troves of court-ordered digital evidence held by multiple Internet service providers and other tech companies, and the FBI has to compensate the companies for retrieving all those records. That can be a lot costlier than an agent tailing a drug dealer, he said.
The cyber divisions problems won’t end when the shutdown does.
The bureau will also face significant difficulty resuming cyber operations after weeks in limbo, says Anthony Ferrante, former chief of staff for the FBI’s cyber division. After the October 2014 shutdown, Ferrante told me in an email, it took months before the bureau was processing cases at normal speed again.
“A longer shutdown could result in an even lengthier recovery time — and therefore greater exposure to threats at all levels of government,” Ferrante, who now leads the cybersecurity practice at FTI Consulting, told me.
That slowdown could be particularly damaging because the FBI is trying to meet an ambitious goal of “deterring, detecting, disrupting, and dismantling,” 8,400 computer crimes during the 2019 fiscal year. That’s about 1,000 more crimes than the bureau dealt with in 2018 — a year that didn’t include a weeks-long slowdown in operations.
The FBI declined to comment on whether the shutdown might affect that goal.
In the longer term, the shutdown could be a devastating blow to workforce morale and permanently impair the bureau’s ability to recruit top cyber talent. The Agents Association painted a bleak picture during a news conference of young agents unable to afford to feed their families and longer-serving agents delaying things including braces for children.
Berglas, an executive at the cybersecurity firm BlueVoyant, has fielded several recent calls from FBI cyber agents looking for private-sector jobs, he told me.
“Agents who are technically savvy and able to investigate very technical crimes are already wanted by the private sector at salaries that dwarf what they’re making at the bureau,” Berglas said. “Now, it’s been a month since the shutdown and they’ve already missed a paycheck and they’re often living paycheck to paycheck. That’s not just cruel, it’s a massive morale hit.”
PINGED, PATCHED, PWNED
PINGED: DHS issued an emergency directive to civilian agencies Tuesday requiring them to protect their data from being hijacked by hackers. The move came after attackers intercepted web and email traffic at “multiple executive branch agencies,” my colleague Ellen Nakashima reported.
It’s not clear how many agencies were infected, a senior official told Ellen, but no Defense Department or classified networks were affected.
The hacking campaign targets the “Domain Name System” (DNS), which translates Web or domain names into IP addresses. It was first spotted last fall by private-sector firms including Cisco and FireEye and was aimed then at government and industry targets in the Middle East.
The U.S. government response to the hacking campaign will be affected by furoughs of information technology staff due to the ongoing government shutdown. Here’s a take from Alex Stamos, former chief information security officer at Facebook, who’s now teaching at Stanford:
PATCHED: The 2019 National Intelligence Strategy released Tuesday by Director of National Intelligence Daniel Coats warned that U.S. adversaries are increasingly taking advantage of technological progress to pose “new and evolving threats” in cyberspace, computing and other areas. “Cyber threats are already challenging public confidence in our global institutions, governance, and norms, while imposing numerous economic costs domestically and globally,” according to the document, which provides strategic guidance to the U.S. intelligence community for the next four years. “As the cyber capabilities of our adversaries grow, they will pose increasing threats to U.S. security, including critical infrastructure, public health and safety, economic prosperity, and stability.”
The document also said that the U.S. intelligence community plans to improve its understanding of adversaries’ cyber operations, increase the production of cyberthreat intelligence and seek to prevent and counter malicious cyber activities via diplomatic, military, economic tools and other means. The intelligence community “must continue to grow its intelligence capabilities to meet these evolving cyber threats as a part of a comprehensive cyber posture positioning the Nation for strategic and tactical response,” according to the document.
“The intelligence strategy is not a direct rebuke of the president’s policies,” according to The Washington Post’s Shane Harris. “But it is the latest expression of intelligence leaders’ intention to pivot away from a focus on combating terrorism, which has been their central concern since 2001, toward countries that threaten the United States on a geopolitical scale, chief among them Russia, China, North Korea and Iran.”
PWNED: A former top DHS cybersecurity official says it is “likely” as the shutdown drags on that the federal government is not working with state and local officials to boost the security of upcoming elections. Suzanne Spaulding, a former undersecretary at DHS in the Obama administration, wrote in a post published by the Center for Strategic and International Studies that the government is not as equipped to collaborate with operators of critical infrastructure to patch vulnerabilities or perform other important cybersecurity tasks. “With a cyber workforce that is understaffed in the best of times, we are losing ground against our adversaries every day that we operate at less than full strength,” said Spaulding, now a senior adviser for homeland security at CSIS.
— The House Judiciary Committee plans to ask acting attorney general Matthew G. Whitaker when he appears before the panel next month whether he has ever been briefed about special counsel Robert S. Mueller III’s investigation into Russian interference in the past U.S. presidential election, Ellen reported. If Whitaker has indeed been briefed on the probe, the committee also plans to ask whether he shared information with President Trump or his lawyers.
“The committee sent a list of questions in advance to Whitaker on Tuesday,” Ellen wrote. “Its chairman, Rep. Jerrold Nadler (D-N.Y.), noted in his letter that the questions ‘relate to whether there has been interference with the special counsel’s work. They do not relate to the underlying substance’ of Mueller’s investigation, he wrote.”
— More cybersecurity news from the public sector:
— The top five industries that were targeted by cyberattacks last year were the computer and electronics industry, health care, business services, the Internet and software sector and manufacturing, according to a report released today by the cybersecurity company Carbon Black. The company also said in its Global Threat Report that by the end of 2018, “China and Russia were responsible for nearly half of all cyberattacks.”
— Tech giants such as IBM, Intel and Microsoft as well start-ups are researching a way to encrypt data while it is in use, according to CyberScoop’s Jeff Stone. “This kind of security, known as homomorphic encryption, would mark a significant upgrade over current forms of encryption, which secure data while it’s stored or while it’s moving through a connection,” Stone reported. “Homomorphic encryption would better protect users who are using internet searches and accessing stored credit numbers as well as businesses that are sharing proprietary data as part of information sharing programs.”
— More cybersecurity news from the private sector:
— Many automatic license plate recognition (ALPR) cameras — which are mostly controlled by police and government agencies — have weak security protections and some of those devices are leaking sensitive information about vehicles and drivers, according to TechCrunch’s Zack Whittaker. “In the course of a week, TechCrunch found more than 150 ALPR devices from several manufacturers connected to and searchable on the internet,” Whittaker reported. “Many ALPR cameras were entirely exposed or would have been easily accessible with little effort. Of the ALPR cameras we identified, the majority had a default password documented in its support guides.”
THE NEW WILD WEST
— Cybersecurity news from abroad:
- Data Connectors’ Houston Cybersecurity Conferencein Houston tomorrow.
- The Atlantic Council hosts an event titled “Cyber Risk Wednesday: Operationalizing Cyber Strategies” on Jan. 30.
FBI says ongoing shutdown hinders drug and gang crime operations:
President Trump spins asylum restrictions as humanitarian relief | Fact Checker:
Ice disk forms in Maine river: