WASHINGTON (Reuters) - Each week brings word of another cyber attack on a major U.S. institution, sending law enforcement scrambling and raising new questions about whether it has the ability or resources to track down cyber criminals.
The FBI says it is working to bulk up its cyber division as hackers focus on higher-profile targets, but is at the mercy of a Congress struggling to cut the massive budget deficit.
FBI Director Robert Mueller, who has made it his mission to boost computer savviness during his decade-long tenure, acknowledged there was more work to do when he testified to Congress recently about extending his term by two years.
“I will tell you that we will increasingly put emphasis on addressing cyber-threats in all of their variations,” Mueller said earlier this month. “Part of that is making certain that the personnel in the bureau have the equipment, the capability, the skill, the experience to address those threats.”
Some experts question whether the FBI has the tools or manpower to apprehend those responsible for attempts like one earlier this year that sought to infiltrate the International Monetary Fund’s computers, which hold sensitive economic data.
A Justice Department inspector general report in April said some FBI field agents raised concerns they were not qualified for cyber cases and were rotated between offices too often, hobbling their efforts.
The FBI is now reviewing its policy on agent transfers and reviewing training they receive for such investigations.
“The tools that the FBI has in its toolbox are really pretty limited,” said Stewart Baker, a former top official at the Homeland Security Department and now a partner at the law firm of Steptoe & Johnson.
“Many of these attacks are launched from overseas, they use individual e-mails with specially-packaged malware to get into the system,” he said. “The FBI doesn’t have a lot of tools to actually identify a wrongdoer.”
The FBI does not reveal how many hacking cases it has pending or the budget for its growing cyber division.
Following a joint investigation with the FBI, British authorities on Tuesday announced the arrest of a 19-year-old man suspected of involvement in the attack on the public website of the CIA.
A senior official in the FBI’s cyber division said his team has recently received more backing from Congress. Now, about 60 percent of cases focus on national security and criminal intrusions, up from 50 percent about two years ago. Most of the remainder deal with child pornography.
“As we’ve received enhancements to personnel and non-personnel resources, we’ve specifically trained them in the areas of intrusion,” Steven Chabinsky, deputy assistant director of the FBI’s cyber division, told Reuters.
A Senate Judiciary subcommittee on Tuesday weighed beefing up cyber laws. But the critical issue of finding more money could be difficult as Obama and Congress are under intense pressure to cut the budget deficit.
National security matters tend to get spared the budget ax, but the chances of a large boost in resources are slim.
Obama’s proposed budget for fiscal 2012, which starts October 1, includes a request for almost $19 million more for 42 new positions at the FBI focusing on investigating and protecting against cyber attacks, including 14 special agents.
Obama also sought money to hire six more attorneys who would be placed overseas to focus on cyber crime cases, adding to the 40 or so prosecutors already working on those crimes in the Justice Department’s criminal division.
The FBI has been confronted with both “nuisance” attacks, like the CIA and Senate website cases, and much more serious intrusions at the IMF, Lockheed Martin and Sony.
The latter cases are a “higher priority in terms of damage and victimization, but an overall investigative approach can be quite successful by looking at the entirety of the problem,” Chabinsky said, a possible indication of how broadly the FBI is examining the recent spate of attacks.
Still, he said the number of cyber attacks has not increased dramatically in the last two years, rather publicity about them has — either from the victims or those launching the attacks.
“But I think they’re more visible, and a trend toward destructiveness is disconcerting,” he said. “The level of capability that’s now being used for destructiveness as opposed to financial gain is different.”
Cyber attacks often span multiple countries and servers. Laws overseas may be different. Determining who was at the keyboard at the time poses yet more challenges.
Chabinsky said the FBI spends considerable resources on those cases that take them around the world. Cooperation by foreign governments in pursuing hackers has increased.
One expert offered praise for the FBI upping its game, noting it was zeroing in on the more serious cyber attacks. He said the FBI must also try to infiltrate groups that openly publicize their hacks, like Anonymous and LulzSec.
Editing by Warren Strobel