|
REMARKS OF ATTORNEY GENERAL JOHN ASHCROFT
FIRST ANNUAL COMPUTER PRIVACY, POLICY & SECURITY INSTITUTE
Good afternoon. It is a pleasure for me to speak with you, and I am grateful to Senator Conrad Burns and to Rocky Mountain College for their kind invitation.
The concerns that bring you to this Institute – computer security and threats to information assets – are of central importance to us all. A few years ago, these conferences were quite rare. "Worms" and "viruses" were described in biology textbooks, not police reports. Today terms like these bring to mind crashed networks, massive disruptions in communications and infrastructure systems, and billions of dollars in damages.
Like revolutionary technologies before it, the Internet carries enormous potential both for advancement and for abuse.
Attacks on networks, frauds, software piracy, corporate espionage, and trafficking in child pornography are just some of the crimes facilitated by the Internet. The Department of Justice is committed to fighting these crimes, and I am here to ask for your partnership. Without your leadership, without your help, and without our collective efforts, the Department’s mission – to make our country a safer and more secure place for all Americans – can not be fulfilled.
Although there are no exact figures on the costs of cybercrime in America, estimates run into the billions of dollars each year. And unlike more traditional crimes, cybercrime is especially difficult to investigate.
First, the Internet can provide anonymity. On the Internet, it is easy for a criminal to create a fictitious identity to perpetrate frauds, extortions, and other crimes. Since many computer crimes – such as trading pirated software or child pornography – can be committed entirely on-line, this anonymity can significantly complicate an investigation.
Second, compounding these difficulties is the Internet’s borderless nature. A criminal anywhere in the world armed with nothing more than a personal computer connected to a modem can victimize individuals and businesses worldwide.
Third, the tremendous power of today’s computers makes it possible for a single cybercriminal to do a staggering amount of damage – damage far beyond what a single person could typically do in the traditional criminal world. For example, a sophisticated cybercriminal can release a virus or launch a denial of service attack affecting hundreds of thousands of computer users or critical infrastructures like power grids.
But we are not just faced with technical challenges. Even if we could master all the technology, the human dimension of cybercrime presents its own unique challenges. Sadly, there is a common misperception among many – especially many young people – that crimes committed on-line are not as serious as more traditional crimes.
The Department of Justice is doing everything it can to address these challenges.
First, we have dramatically increased our training of prosecutors and agents in this area. The Department has a specific section of the criminal division – the Computer Crime and Intellectual Property Section – devoted to combating cybercrime.In addition, the FBI has created Computer Crime Squads in 16 metropolitan areas around the country specifically to investigate cybercrime.
In Washington, the FBI’s National Infrastructure Protection center acts as a clearinghouse for information and expertise relating to cybercrime. And each federal judicial district – including the District of Montana – has at least one Assistant United States Attorney, a Computer and Telecommunications Crime Coordinator, who has received special training in how to investigate and prosecute cybercrime.
Second, we have worked with our partners in foreign law enforcement to address the internationalization of cybercrime. Partnerships such as the Group of Eight industrial nations and the Council of Europe have provided us with the means for discussing and developing better ways to investigate cybercrime which crosses borders.
Third, through the FBI, we have sponsored the InfraGard program, a unique partnership between the Department of Justice, businesses, academic institutions, and state and local law enforcement agencies, dedicated to increasing the security of the United States’ critical infrastructures.Fourth, the Department of Justice also reaches out to young people through programs like the Cybercitizen Partnership, our partnership with the Information Technology Assocation of America Foundation to teach young people the right ways to use the Internet.
Last and perhaps most directly, we are putting cybercriminals in jail. The arrest and guilty plea of both the author of the Melissa virus in the United States and "MafiaBoy" in Canada demonstrate our ability to solve cybercrime – even when it occurs on a massive scale or comes from outside our borders.
No matter how hard we work in the Department of Justice, we cannot solve this problem alone. For all our success in prosecuting the cybercrime we know about, we know that much more goes totally unreported. And this is where we need your help.
Our experience tells us that when a bank is robbed, bank officials call the police. But when valuable commercial information is stolen from computers, only rarely do the victims report this to law enforcement. Why? It could be for a number of reasons. We know from speaking with business managers that they are often embarrassed. Their computers – which they thought were secure – were not so secure after all. They fear customer mistrust and competitive disadvantage. And they are afraid that an investigation will disrupt their business.
We know that a company that does not report cybercrime to law enforcement may find itself in a far worse position than it ever imagined. A company that does not report crime leaves the criminal free to strike again. If a computer hacker has broken into your network and has stolen credit card numbers from your databases or has stolen valuable intellectual property, he may also have created a new backdoor to your network to use if you bar his original path.
Not reporting the cyber crime also creates incentives for repeat attacks against you. Cybercriminals talk to each other and when you don’t report, you are viewed by this community as an easy victim. I would urge you to recognize that when you report incidents of cybercrime, you are not just doing the right thing for the community – you are also doing something clearly in your own interest.Our experience with good corporate citizens that do report crime has been excellent. As a result of cooperation with industry, we recently arrested suspects in extortion and computer intrusions directed against Michael Bloomberg and his company by individuals in Kazakhstan; damage to GTE’s computers caused by a disgruntled employee; and a shill bidding art fraud run on e-Bay. In large measure, these success stories depended on the timely reporting of the events by the victims.
As we work to make the remarkable technology of the Internet a positive force for all Americans, and as we enter a new era in law enforcement, the future success stories belong to you. I urge you to be leaders in this field, and I look forward to working with you.
Thank you.
Go to . . . CCIPS home page || Justice Department home page
Updated page June 27, 2001
usdoj-crm/mis/jam