WASHINGTON, D.C. — Cyberattacks are hitting U.S. businesses and governments in multiple ways, and the Federal Bureau of Investigation is stepping up efforts to detect and deter the growing problem, said FBI Director James Comey.
Comey made his remarks Tuesday, Aug. 30, just as his agency warned state election officials across the country to be on guard against hackers after the breach of a voter information database in Illinois and an attempted attack in Arizona.
Speaking at the Symantec Government Symposium, Comey labeled today’s hackers and data thieves as increasingly sophisticated and often part of a multinational or foreign state supported effort to breach information and databases. “Many of these threats are from criminals with inside information harvested from social media,” he said.
Comey did not comment directly on the election hacking attempts, but said that highest level of cyberthreats today are state-supported, and the biggest players include China, Russia and North Korea.
“Next down in the threat stack are the multinational criminal syndicates, followed by purveyors of ransomware, which is spreading like a virus,” he said. Further down the list are the so-called hacktivists, who aren’t interested in profit, but in embarrassing institutions and governments through leaking sensitive data.
Surprisingly, Comey listed terrorists as the weakest cyberthreat tracked by the FBI. He explained that terrorists are proficient at disseminating their messages to the public around the clock, but have yet to turn their attention toward computers as a target for terrorism.
To battle against the rising tide of cybercrime, the FBI has established cyberthreat teams around the country that take on threats based on their ability to counteract to specific kinds of criminal activity. Comey said the program has a created a healthy competition among teams to handle certain types of intrusions, extortions and breaches. In addition, the bureau has a Cyber Action Team that is ready to fly into a hotspot and respond at any time. The FBI also works closely with the U.S. Department of Homeland Security and national intelligence, as well as foreign partners to deter and, when possible, “incapacitate the bad boys,” he said.
Like other government agencies, the FBI struggles to find information security talent willing to work for government pay. The director also said that working with state and local government has become increasingly important as cybercrime continues to grow. “We can’t help with every problem [faced by states and localities], but we can provide training and equipment,” he said.
Perhaps the most controversial remarks focused on privacy and encryption, or what Comey termed: going dark. “This is our inability to use judicial authority to get access to data on a device,” he said. “Strong encryption is making more and more of the room going dark. In three years, post Snowden, through default encryption, that shadow is spreading through the room.”
A growing number of technology firms, most notably Apple, have introduced devices that encrypt data that not even the companies themselves can access. The FBI and other law enforcement agencies say the devices have become warrant-proof spaces for criminals.
The FBI has received 5,000 devices from state and local government agencies requesting help with decrypting them, Comey said, adding that the bureau was unable to open several hundred. With probable cause, he added, law enforcement has always been able to access an individual’s personal property, including communications, such as correspondence.
“But there is no such thing as absolute privacy," he said. "Widespread default encryption changes that bargain. We have never lived with absolute privacy, and default encryption impacts our ability to go after criminals and national security. Tools are becoming less effective because we are going dark.”
Comey called for a national conversation about the problem, saying an individual’s absolute control of data is not acceptable.
But having that talk might not be easy. Nuala O’Connor, president and CEO of the Center for Democracy and Technology, spoke after Comey and strongly disagreed with his views on encryption.
“I don’t agree with FBI Director Comey on dark room encryption,” she said. “The FBI wants to have the master key to the problem. That’s not right.”