With threat of cybercrime looming, FBI's Buffalo office takes aim

But as staggering as the numbers are, the true size of the threat is even worse.

The fact is: A business or person doesn't have to own a computer or use the Internet to become a victim of cybercrime, says Holly Hubert, cybercrime supervisory special agent in the FBI's Buffalo office.

Hubert, a 13-year veteran of the Bureau, directs the local office's 16-member Buffalo Cyber Task Force, a specially trained team that includes eight FBI agents and representatives of other local, state and federal law enforcement agencies. (Because of the sensitive nature of some of her work, the Bureau would not allow her photograph to be used in this article.) The task force was formed in 2002 to deal with the growing threat domestically and abroad of computer- and Internet-related crimes and security issues.

By definition, cybercrime is any violation of the law made possible by the Internet. The Buffalo team is one of 50 similar FBI task forces created to deal with a category of crime that didn't exist until the late 1990s when the proliferation of the Internet created a new playground for criminal activity.

The local team's first priority is dealing with computer break-ins, said Hubert, an organizer and one of the speakers at a Nov. 29 seminar on cybercrime sponsored by the FBI for Western New York business owners, CEOs and security officers.

Computer intrusion, or hacking, falls into two sub-categories: by foreign governments or terrorist organizations; and by professional or amateur criminals, who troll for proprietary information involving credit cards and financial data. Both are growing threats, Hubert said.

"Our second priority is cybercrime that basically involves a business's intellectual property rights such as trade secrets," she said.

The task force also deals with other priorities, such as online sexual exploitation of children, Internet fraud - which includes auction fraud - and identity theft, are blurred. The lines separating the categories are often blurred because, since the Internet is involved in all of them, one crime frequently involves another.

While cybercrime spares neither business nor private citizen, Hubert says individuals who use personal computers at home probably are more at risk.

"It's a tough question, but a substantial business is more apt to protect their data by keeping software and hardware firewalls up-to-date and use anti-spyware. At home, people aren't as likely to do that."

Reports and incidents of cybercrime are increasingly on the rise in the United States, and Western New York mirrors the trend, Hubert said.

"That is absolutely true. But as for actual numbers, we don't have any yet. Businesses often hesitate to report (computer break-ins) to law enforcement. Sometimes, I think they are apprehensive about how their reputations could be affected by the poor press they might get and don't want it to be tarnished," she said.

The most common type of cybercrime reported to the Buffalo FBI office is "identity theft and auction fraud," Hubert said. "And for businesses in this region that are victims, there's no questions that intellectual property rights and computer intrusions relating to them are the most common."

Because the task force is only two years old - formed as it was from the Buffalo FBI office's less structured investigative unit that existed previously - it is laying some groundwork for the future war on a cybercrime.

Among key elements of the strategy:

- Creation of a Western New York Regional Computer Forensic Laboratory now being built and nearing completion on North Division Street near Oak Street in downtown Buffalo. Within Hubert's jurisdiction, the full-service forensic laboratory will concentrate on digital evidence recovery such as raising seemingly deleted data from computer hard drives or other electronic devices that hold data such as Palm pilots and cellphones.

- The new lab, which will open in mid-January 2005, replaces a smaller three-year-old facility near the airport in Cheektowaga. Though owned by the FBI, the forensic laboratory will be jointly operated by the bureau, Erie County Sheriff's Department, the Bureau of Customs, state Attorney General's Office, and the Niagara Falls police department.

Increasing membership in InfraGard as a way to reduce cybercrime. The Cyber Task Force and private and public business members of InfraGard actively share information and can alert each other immediately to a threat or actual computer break-in.

"We want to know when a business computer is being attacked and we want to know immediately. That's the purpose of InfraGard," Hubert said.

- About 200 businesses, information technology departments, and colleges and universities in the 17 counties will be surveyed in the spring to measure how serious cybercrime is in the region. The survey will take two or three months to complete.

"We're going to measure all categories of cybercrime," Hubert said. "We want to learn the number of computer intrusions, amount of loss that resulted and the degree to which business data is at risk."

Knowing the extent of the problem will help combat it, she said. But it won't guarantee safety against becoming a cybercrime victim.

"There is no foolproof way that business or individuals can be 100 percent protected against cybercrime. As technology changes, sophisticated hackers will always find a hole," Hubert said.

Source: MSNBC