Attorney General Ashcroft's Speech Announcing Expansion of CHIP Program and Establishment of Nine New CHIP units (July 20, 2001)

In total, 10 units will be created, staffed with a total of 77 personnel, of which 48 will be prosecutors. U.S. law enforcement has been at the forefront of worldwide efforts to fight crime in the digital age, and the Department of Justice has been a major contributor to that effort. The Computer Crime and Intellectual Property Section of the Department is a highly specialized team of over two dozen attorneys. These dedicated men and women focus on computer crime and intellectual property crime. They provide expert assistance and training to the United States Attorneys offices, everyone of which has designated at least one prosecutor as a specialist in computer crime.

In addition, the Federal Bureau of Investigation has squads of specially trained agents in sixteen cities focusing on high tech crime as part of its National Infrastructure Protection Center. And in every FBI field office in the country there is at least one agent with computer crime training.

Despite these significant measures, however, the rapid advancement of technology has created new means and new opportunities for criminals to victimize companies and consumers. A survey of U.S. corporations and government agencies conducted earlier this year by the FBI and the Computer Security Institute gives a sense of the extent of cybercrime in America today. A full 85 percent of respondents said they had detected computer security breaches in their systems within the past 12 months. Sixty-four percent acknowledged financial losses due to computer breaches.

Price Waterhouse-Coopers reports that businesses spent $300 billion to fight hackers and computer viruses last year. And these costs, while already significant, are doing nothing but rising. In 1999 the "Melissa" computer virus did damage totaling about $80 million to 100,000 or so computer users. In contrast, last year’s "I love you" virus attacked users worldwide with an estimated cost of $10 billion.

The growing frequency, sophistication and cost of computer crime means that law enforcement must constantly rededicate itself to the vital mission of keeping cyberspace safe for all Americans. The formation of these ten CHIP units is an important step in improving our nation’s response to the many and varied challenges of the digital age. CHIP team members will strengthen the highly trained network of cybercrime prosecutors at the Department of Justice in the Computer Crime and Intellectual Property section and the U.S. Attorneys offices.

A great deal of credit for this initiative goes to FBI Director designee Robert Mueller and the U.S. Attorney’s Office in San Francisco which established the first of these units. Since its inception, the CHIP unit in Northern California has been a leader in prosecuting computer intrusion and intellectual property cases. To their great credit, their successful efforts are the model for the program I am announcing today.
The Northern California CHIP team successfully prosecuted one cybercriminal, for example, who illegally hacked into critical computer systems of the United States government, including the U.S. Department of Energy, NASA, the Department of Transportation and seven U.S. Department of Defense Air Force Base systems. He is currently serving a sentence of 18 months in prison.

The San Francisco CHIP team also prosecuted a large-scale conspiracy of cybercriminals that included armed robberies of shipments of computer components, the international sale of these components and then the money laundering of the proceeds. All eight defendants were convicted and received prison terms ranging from 2 ½ years to 13 years.

In another recent case, the team achieved what is believed to be the first ever criminal forfeiture of a web site in an intellectual property case. A group of individuals was charged with selling copyrighted software over the internet at a web site called "software-inc.com." After they were apprehended and pled guilty to criminal copyright infringement and conspiracy to commit wire fraud, the cybercriminals agreed to forfeit not just the $900,000 they made as the result of their illegal scheme, but the domain name for "software-inc.com" as well. When the site becomes the official property of the United States government, prosecutors intend to keep it up on the internet. Visitors will see a warning that the site has been seized by law enforcement and get the clear message that cybercrime carries real penalties for offenders.

Computer and software companies, some of whom were initially skeptical of the federal government’s commitment to mount an aggressive effort against cybercrime, have found themselves on the winning side of successfully prosecuted cases. Smaller companies that were the victims of cybercrime have told prosecutors that the recovery of stolen data by law enforcement allowed their companies to stay in business. They are grateful, they’ve said, that the team took the time to prosecute crimes against smaller companies as well as crimes against the computer and software giants. And as a result of these successes, the mutual trust that is essential to combating crime has taken root and begun to grow between private industry and law enforcement.

In addition to prosecuting cases, these new CHIP teams will focus on the prevention of cybercrime by working with local industry to anticipate future trends, identify vulnerabilities and stop cybercrime before it occurs. In addition, CHIP team members will offer regional training programs to increase expertise among federal, state, and local prosecutors and investigators in the special skills needed to address these crimes.

To do this job and to do it right, however, we need the help of the high tech community. Our experience tells us that when a bank is robbed, bank officials call the police. But when valuable commercial information is stolen from high tech companies, victims are often reluctant to refer their cases to law enforcement. We know from speaking with business managers that they are often disinclined to acknowledge that their computers – which they thought were secure – were not so secure after all. They fear customer mistrust and competitive disadvantage.

These fears, while understandable, are ultimately self-defeating for the high tech community. The failure to reach out to law enforcement when cybercrime strikes can leave businesses vulnerable to additional victimization. A company that does not report crime leaves the criminal free to strike again. It may also create incentives for criminals to victimize the same company again in the belief that no punishment will be forthcoming.

The new teams of prosecutors being announced today will work with industry to address the reluctance to report cybercrime. CHIP units will make themselves known to the businesses, universities, and other technical centers in their communities to build partnerships and to build trust. Together, we hope to convince the high tech community that when they report incidents of cybercrime, they are not just doing the right thing for their community – they are also doing the right thing for their business.

As we work to make the remarkable technological advances of the digital age a positive
force for all Americans, we enter a new era in law enforcement. I urge all members of the computer, software and high tech community to be partners with them in ensuring that justice and the rule of law prevail in cyberspace.

Thank you very much.

Attorney General Remarks Cybercrime Announcement July 20, 2001

Attorney General Remarks
Cybercrime Announcement
July 20, 2001