US agencies making progress on cybercrime, officials say

But criminals continue to target U.S. businesses, with the FBI currently investigating 400 wire transfer cases

U.S. government agencies are getting better at sharing information about cyberattacks with private companies, but cybercrime shows no signs of slowing down, cybersecurity experts told lawmakers Wednesday.

The U.S. Secret Service, the Federal Bureau of Investigation and the Department of Homeland Security work closely together to combat cybercrime, witnesses from the three organizations told a subcommittee of the House of Representatives Financial Services Committee. But criminals are taking advantage of the growing amount of personal information online and the ability to share attack tools and strategies over the Internet, said A.T. Smith, assistant director of the Secret Service.

"The Secret Service has observed a marked increase in the quality, quantity and complexity of cybercrimes targeting private industry and critical infrastructure," he said.

The FBI is currently investigating more than 400 cases involving unauthorized wire transfers from bank accounts of U.S. businesses, said Gordon Snow, the assistant director there. Those 400 cases involved the attempted theft of US$255 million, with actual losses of $85 million, and the cases involving the takeover of accounts represent just one type of attack against financial systems, he said.

Snow also listed recent examples of payment processor breaches, stock trading fraud, ATM skimming, mobile banking attacks and other schemes targeting the U.S. financial system. Cybercriminals' capabilities are at "an all-time high," although combating cybercrime is a top priority for the FBI and other agencies, he said.

The annual cost of cybercrime is about $388 billion, including money and time lost, said Brian Tillett, chief security strategist at Symantec. That's about $100 billion more than the global black market trade in heroin, cocaine and marijuana combined, he said.

The financial services industry, the focus of Wednesday's hearing, is a top target for cybercriminals, Tillett said, but he also praised cybersecurity efforts there.

"The financial services industry generally, has been ahead of the curve on cybersecurity, recognizing the importance of these issues long before they were common in daily headlines," he said. "Thus, the need for action is not so much an issue of additional legislation or regulation, but rather an issue of responding to evolving threats by implementing mitigation and protection measures."

Subcommittee Chairwoman Shelley Moore Capito asked if the DHS and other agencies were sharing information about cyberattacks with each other and with private companies.

Employees of private companies with security clearances now have access to the DHS National Cybersecurity and Communications Integration Center (NCCIC), which coordinates cyberincident response efforts within the U.S. government, said Greg Schaffer, acting deputy under secretary at the DHS. U.S. agencies have also provided assistance to the financial services industry during cyberattacks, he said.

"We are in a better place today, in terms of information sharing, than we've been in the 15 to 17 years I've been in this space," Schaffer said. "We have certainly made a lot of progress."

Snow agreed, but said the sharing still needs to happen faster. If government officials wait to exchange information face-to-face, it's often too late to stop a threat, he added.

"We go from manual speed to network speed," Snow said. "This threat comes at us in nanoseconds."

Representative Steve Pearce, a New Mexico Republican, asked what percentage of cybercrime reports are prosecuted and what percentage result in a conviction. Snow and Smith said they didn't have that information immediately available.

The Secret Service made about 1,200 cybercrime-related arrests last year, resulting in the prevention of about $7 billion in losses, Smith said.

Pearce asked how often the three agencies representatives have met about cybersecurity issues. Snow said he's met with Smith and Schaffer more than 150 times. "Sometimes we have meetings even when we don't want to have meetings," he said.

Pearce also asked the agency officials about the percentage of cybercrime that goes undetected by government investigators. The problem may be much worse than statistics show, he said. "How many attacks are coming in that we don't even know about?" Pearce said.

That's difficult to judge, because there's no law requiring private companies to report most types of cybercrime, Schaffer said. "We know what we know about," he said.

Grant Gross covers technology and telecom policy in the U.S. government for The IDG News Service. Follow Grant on Twitter at GrantGross. Grant's e-mail address is grant_gross@idg.com.

Join the Good Gear Guide newsletter!

Error: Please check your email address.

Tags U.S. Federal Bureau of InvestigationGreg SchafferU.S. Department of Homeland SecurityfinanceSteve Pearcelegislationindustry verticalsIdentity fraud / theftA.T. SmithfraudintrusionsymantecU.S. House of RepresentativessecurityShelley Moore CapitoU.S. Secret ServicegovernmentGordon SnowBrian Tillett

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Grant Gross

IDG News Service
Show Comments

Essentials

Lexar® JumpDrive® S57 USB 3.0 flash drive

Learn more >

Microsoft L5V-00027 Sculpt Ergonomic Keyboard Desktop

Learn more >

Mobile

Lexar® JumpDrive® S45 USB 3.0 flash drive 

Learn more >

Exec

HD Pan/Tilt Wi-Fi Camera with Night Vision NC450

Learn more >

Lexar® JumpDrive® C20c USB Type-C flash drive 

Learn more >

Audio-Technica ATH-ANC70 Noise Cancelling Headphones

Learn more >

Lexar® Professional 1800x microSDHC™/microSDXC™ UHS-II cards 

Learn more >

Budget

Back To Business Guide

Click for more ›

Most Popular Reviews

Latest News Articles

Resources

PCW Evaluation Team

Azadeh Williams

HP OfficeJet Pro 8730

A smarter way to print for busy small business owners, combining speedy printing with scanning and copying, making it easier to produce high quality documents and images at a touch of a button.

Andrew Grant

HP OfficeJet Pro 8730

I've had a multifunction printer in the office going on 10 years now. It was a neat bit of kit back in the day -- print, copy, scan, fax -- when printing over WiFi felt a bit like magic. It’s seen better days though and an upgrade’s well overdue. This HP OfficeJet Pro 8730 looks like it ticks all the same boxes: print, copy, scan, and fax. (Really? Does anyone fax anything any more? I guess it's good to know the facility’s there, just in case.) Printing over WiFi is more-or- less standard these days.

Ed Dawson

HP OfficeJet Pro 8730

As a freelance writer who is always on the go, I like my technology to be both efficient and effective so I can do my job well. The HP OfficeJet Pro 8730 Inkjet Printer ticks all the boxes in terms of form factor, performance and user interface.

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Aysha Strobbe

Windows 10 / HP Spectre x360

Ultimately, I think the Windows 10 environment is excellent for me as it caters for so many different uses. The inclusion of the Xbox app is also great for when you need some downtime too!

Mark Escubio

Windows 10 / Lenovo Yoga 910

For me, the Xbox Play Anywhere is a great new feature as it allows you to play your current Xbox games with higher resolutions and better graphics without forking out extra cash for another copy. Although available titles are still scarce, but I’m sure it will grow in time.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?