DOJ: FBI digital counterintelligence weakened by focus on child porn

Cyber attacks are at an all time high but FBI spends twice as much effort fighting child porn, according to a scathing criticism by the U.S. Department of Justice.

Despite a dramatic increase in cyber attacks on U.S. public and private infrastructure and networks, and evidence that hostile foreign governments are behind many of these attacks, the F.B.I. has done little to counter these threats, preferring instead to expend twice as many resources in the investigation of online child pornography.

This criticism is being leveled by the Department of Justice itself, which accuses the FBI of incompetence and lack of commitment in countering demonstrated cyber threats while expending excessive resources on child porn.

Specific intelligence pointing to Chinese military attacks on State Department computers has resulted in a massive grab of classified material by China. U.S. corporations are also actively targeted by China and other countries seeking to acquire competitive market intelligence.

Russian and other governments are known to have active programs for penetrating U.S. computer networks with the aim of gaining strategic military and economic advantage over the U.S.

Given these demonstrated threats against the well-being and prosperity of the U.S. and its citizens, it is shocking (although not surprising) that far greater resources are instead allocated to the investigation of child pornography (much of it produced by kids themselves) and to the entrapment of those still foolish enough to fall prey to badge-wearing adults masquerading as minors.

This bizarre mis-allocation of limited tax payer dollars is the result of decades of media, government and busybody-fueled hysteria to all things having to do with kids and sex.

We are finally beginning to realize the terrible consequences which inevitably result from dangerously misguided policies brought about by a distorted perception of reality.

These consequences have become ever more apparent in the dramatic erosion of our liberty as well as in our security and prosperity.

Ironic it is that the shrill voices which proclaim as their greatest priority the protection of children are themselves the enemies of their future. And let us hope that the eventual recognition of this glaring truth will come soon.
******************************************

DOJ: FBI digital counterintelligence weakened by focus on child porn
Cyberattacks are at an all time high; FBI spends twice as much effort fighting porn

By Kevin Fogarty

April 29, 2011, 11:35 AM — Despite its growing digital surveillance capabilities and increasing responsibility for investigating and countering cyber attacks on the U.S., the FBI's core cyber security division turns out to be basically incompetent, according to a critical report from the Dept. of Justice. [PDF] http://www.justice.gov/oig/reports/FBI/a1122r.pdf

Part of the reason is that the 14 agencies that share some responsibility for online counter-espionage don't share information well. Another contributor is the lack of effective pressure from top managers to get agents trained in national-security intrusion topics and tactics.

Most of the reason is that the FBI spends twice as much effort investigating child porn as it does attempts by foreign governments to attack U.S. facilities or steal information that would damage U.S. national security, the report found.

To put that in perspective, the number of foreign attacks on the U.S. increased 40 percent between 2007 and 2008, according to the report, whose data are pretty old for such a sensitive topic.

An April study from McAfee showed 80 percent of utilities in 14 countries had been attacked during the previous year, an increase of almost 50 percent compared to the year before. Attacks ranged from distributed denial of services to intrusions to remove data to intrusions that attempted to take control of the utility's internal IT systems.

And that's just among civilian-run utility companies.

State Dept. documents released through WikiLeaks this month showed that years-long cyberattacks launched by the Chinese military had netted "terabytes" of sensitive data ranging from names and passwords that would give access to State Department computers, to the design of major weapons systems.

The "Byzantine Hades" attacks – and others coming from Russia and other unfriendly powers – represent a new state of cyberwar the U.S. is not yet prepared to fight.

The attacks have been so successful "we have given up on the idea we can keep our networks pristine," according to Stewart Baker, a former senior cyber-security official at the U.S. Department of Homeland Security and National Security Agency.

The focus has shifted instead to more sophisticated efforts to detect and counter intrusions as they're made.

Unfortunately, those are exactly the kinds of skills the FBI cyber squads lack and the kind of crime they don't have the time or resources to investigate.

Of 36 agents with cybersecurity responsibilities the DOJ tested – from 10 of the agency's 56 field offices, each of which has at least one "cyber squad" – only 23 told investigators they had the training to investigate national security intrusions.

The other 13 "lacked the networking and counterintelligence expertise to investigate national security intrusion cases." Five said they were completely unqualified to investigate national security intrusions effectively, the report said.

In 2007 the FBI created a separate career path for digital security investigators called the Cyber Career Path, which includes a four-stage training plan covering 12 core courses and a set of elective courses agents can use to develop a specialty.

The agency's habit of moving agents to new offices or new assignments every two or three years to expand their skills or experience makes completing that training difficult, the report concluded. So does a generally inconsistent focus on both online counter-espionage and giving agents either the training or time to build experience in investigating it.

Top FBI managers are much more comfortable with agents trained to track down domestic hackers and breaking down doors than they are investigating or countering serious online attacks from overseas.

The report – some information in which was blacked out to avoid releasing sensitive or top secret information to which the public should not have access – included the total number of agents who had completed all 12 courses as of June, 2010.

The number was the only part of the paragraph explaining the program that was redacted.

Online espionage isn't the FBI cyber squads' only responsibility, however. In 2009, 19 percent of the cyber agents worked on national security intrusion investigations, while 31 percent worked on non-spy-related digital crimes and 41 percent investigated online child porn.

That's not to say child porn and domestic, non-national-security related cybercrime should not be investigated.

When you're losing terabytes of sensitive data to foreign governments who can walk freely through your most secure computer systems, however, maybe it's time to reconsider your priorities.

Maybe shift a few agents away from the wankers and point them toward the enemy?


http://www.itworld.com/security/160701/doj-fbi-cyber-security-largely-incompetent-obsessed-child-porn

No comments: