X
    Categories: Tech

How does the FBI investigate cyber-attacks?

FBI Cyber Division. Image: theUSBport.com

The Federal Bureau of Investigation is a national security institution concerned with probing large-scale criminal schemes like terrorism, espionage, and most recently, cyber crime.

The FBI also provides additional support at a federal level to local law enforcement authorities in serious felony cases like murder, assault, kidnapping, and white-collar crime. In extraordinary instances, judges can expand agent’s jurisdiction to make arrests abroad.

Cyber criminals are among the most wanted fugitives on the FBI’s list, but they operate makes them all the more elusive to the organization. Below we describe the resources and methods the Bureau may use when investigating cyber crimes.

FBI’s cyber division: Methods and Goals

First of all, it should be clarified that the FBI has no established protocols to investigate anything and that they treat each case differently according to the circumstances.

As a national security organization, the Bureau has its own Cyber Division with dedicated agents and squads in each of their 56 field offices in the United States. There are also 93 Computer Crime Task Forces spread across the territory.

Cyber Action Teams are also available as liaison divisions that travel all over the world to where they are most needed and offer their help in significant cybercrime investigations.

Regarding procedures, it would all depend on the case, the target of the attack, and whether it is a domestic or an international incident. First order of business would be containing the threat, although sometimes going straight to damage control is the necessary course of action.

Both national and international cyber crimes involve everything from attacks to financial systems, telecommunications platforms, emergency networks, and service providers public and private. Identifying targets is a common start point.

It’s all about collaboration 

Pinpointing the location of the perpetrators is not easy, as they tend to hide in the darkest shadows of the net or are guarded by state-run operations such as Russia and North Korea’s hacking divisions.

Luckily, expert Bureau agents have at their disposal an extensive arsenal of tools to help them track down and bring these criminals to justice. The FBI’s Criminal Justice Information Services (CIJS) are one of the first repositories to go to for information.

Various hubs of the organization provide different kinds of services and intelligence, including databases from the National Crime Information Center (NCIC), the Law Enforcement Enterprise Portal (LEEP), the FBI Vault, and others.

Systems like eGuardian and iGuardian exist so that intelligence agencies, national and foreign, can easily share and consult data they consider valuable to ongoing investigations. More coalitions like the National Cyber Investigative Joint Task Force are helping hands as well.

Using the information they can gather from going through records and empiric investigation, the cyber agents of the FBI are usually capable of reversing hacking anyone by following the traces they left behind.

If they are lucky enough, they might find signature marks of an already identified criminal group. Sometimes, specialists can even tell the identity of a perpetrator by the software or malware they used or left behind.

These findings do not always lead to concrete actions, since identifying the person of interest that is potentially responsible for a crime is not enough. Individuals need to be tracked down, confirm their link to the incidence, and then held accountable by issuing a national or international notice.

Most of them have ties with third parties. For example, the Turla Group and Fancy Bear have been linked to the Russian government.

Source: FBI

Rafael Fariñas:
Related Post