FBI: Lack of incident reporting slows cybercrime fight

The Federal Bureau of Investigation's fight against cybercrime is being hindered by the refusal of many companies to report...

The Federal Bureau of Investigation's fight against cybercrime is being hindered by the refusal of many companies to report incidents, according to its director Robert Mueller.

Following last year's 11 September terrorist attacks Mueller made the fight against cybercrime and cyberterrorism the FBI's number three priority behind counter terrorism and counterintelligence.

But private-sector cooperation in that fight remains woefully inadequate, Mueller told an invitation-only meeting of industry and government officials.

"We probably get one-third of the [cybercrime] reports that we would like to get," said Mueller, speaking at the National Forum on Combating e-Crime and Cyberterrorism. "You're not enabling us to do the job," he added.

Without more companies cooperating with law enforcement agencies on prosecuting known or suspected cybercrimes, the FBI's analysis and prediction capability will not improve, nor will the overall state of security on the Internet, said Mueller.

"We understand that there may be privacy [and public relations] concerns," said Mueller. "We, as an organisation, have learned that you want us there quietly." However, for the attacks to stop, he added, "there has to be a sanction."

Mueller's concerns echo those of the UK's National High Tech Crime Unit. In June Phil Swinburne, specialist policy advisor to the High-Tech Crime Unit, told delegates to the Networks Show that fear of loss of reputation and the cost of cooperating in prosecutions were scaring cybercrime victims from reporting incidents.

In addition to making cybercrime and cyberterrorism one of the FBI's top three priorities, Mueller said the bureau had changed its hiring practices to focus on recruiting "a new type of agent" that can bring a "bedrock of experience" from the world of IT.

The FBI has set up three joint FBI-Secret Service cybercrime task forces and recently created a computer forensics laboratory in San Diego, with plans to establish additional labs throughout the country.

Harris Miller, president of the Information Technology Association of America, a leading vendor industry organisation, said that it was "absolutely critical" that the private sector and the government work together.

He acknowledged "the reality is that our interests are not always in alignment," but added that the chances of successfully fighting e-crime and cyberterrorism without government help "are literally zero".

Read more on IT risk management