SAN FRANCISCO--The FBI handles a broad range of criminal threats, but addressing the threat to critical infrastructure and organizations from cyber attackers has become one of the bureau’s top priorities, occupying much of the FBI’s time and resources, the bureau’s director says.
“The diversity of the cyber threat we face right now is unlike anything that we’ve faced in our lifetimes,” Christopher A. Wray, the director of the FBI, said during a keynote talk at the RSA Conference here this week.
“The range of attackers and attacks is unprecedented.”
Wray, a former Assistant United States Attorney and Assistant Attorney General, took over as FBI director in August 2017 after the departure of James Comey. He said that cyber attacks present a unique challenge for law enforcement agencies, because the scope of both the attacks and the attack groups is so large. Cyber attacks comprise a wide range of individual techniques, and different groups have their own individual motivations, targets, and goals. The FBI, as the country’s top law enforcement agency, is tasked with investigating not just everyday cybercrime, but also more sophisticated nation-state attacks and operations by foreign intelligence services. This is no small challenge.
“We’re dealing with foreign intelligence services, other nation state-affiliated groups, cybercrime groups, all of it,” Wray said.
Even for an organization with the manpower, resources, and investigative experience of the FBI, defending against and investigating this broad range of attacks and adversaries is difficult. Wray said the FBI relies heavily on cooperation with private sector organizations for help with threat intelligence and other information.
“The reality is, we couldn’t do what we do without the private sector,” he said.
There are many former FBI cybercrime investigators in the private sector now, and there have been both formal and informal information-sharing programs involving the FBI and security vendors for many years. One of the limitations of those programs in the past has been that much of the information flow went one way: from the private companies to the FBI. This is partly due to the nature of criminal investigations, which prevents law enforcement from being able to share certain kinds of information.
“The reality is, we couldn’t do what we do without the private sector."
But recently, there have been a number of examples of the FBI informing organizations about active attacks or penetrations of their networks. Just today, Citrix, the virtualization software vendor, announced that the bureau had alerted the company to a possible compromise of the Citrix internal network. Citrix said it has started a forensic investigation into the attack, which the FBI alerted the company to on March 6.
“While our investigation is ongoing, based on what we know to date, it appears that the hackers may have accessed and downloaded business documents. The specific documents that may have been accessed, however, are currently unknown. At this time, there is no indication that the security of any Citrix product or service was compromised,” Stan Black, the CISO of Citrix, wrote in a post.
“While not confirmed, the FBI has advised that the hackers likely used a tactic known as password spraying, a technique that exploits weak passwords. Once they gained a foothold with limited access, they worked to circumvent additional layers of security.”