Freeh, Louis J.
Freeh, Louis J.
Louis J. Freeh
Reprinted from Cyber Terrorism and Information Warfare: 1. Assessment and Challenges, edited by Yonah Alexander and Michael S. Swetnam
Published in 1999
By the 1990s computer systems had become a critical operating component for governments and private business. The Internet, a computer network for information and electronic mail, allowed for almost instantaneous worldwide communication. Any disruption of a computer system in either governments or businesses brought a virtual halt to operations until the problems could be corrected.
The following excerpt is from "Speech by Louis J. Freeh, Director of the FBI, 1997 International Computer Crime Conference, New York, New York, March 4, 1997." Realizing that rapid advances in computer technology had not only benefited the world's population but also was an aid to those wishing to engage in criminal activity, Freeh praised leaders of private industry and law enforcement agencies for gathering together to discuss cyber crime issues. The conference involved individuals from the United States and from around the world.
"But we know with great certainty that of the problem [of cyber crime] is not dealt with very quickly, the time will come that . . . national security will clearly be at risk."
Freeh's words give an interesting insight into thinking at the end of the twentieth century concerning the potential threats of cyber crime. The threats he predicted could affect a nation's national security by disrupting computer network systems. Increasingly, national infrastructures were being operated and controlled with complex computer technology. Examples include communication systems, 911 emergency lines, business transactions, power generation, and transportation systems such as air traffic control. Criminal computer specialists already had the ability to intrude into computer systems of both private corporations and governments with serious consequences.
Freeh notes that the science of law enforcement, how crimes are investigated and criminals pursued, was changing dramatically because of advancing computer technology. No longer were crimes always committed at a particular geographic location by a person with a specific street address. No longer could a single law enforcement agency with local jurisdiction investigate and make arrests.
Internet crimes, Freeh pointed out, were committed in cyberspace. Local, state, national, or international jurisdictions did not exist for cyber crime. Instead local, state, and national law enforcement agencies would have to work together and with law enforcement agencies of different countries to both solve and prevent cyber crime. Since they knew their own systems thoroughly, computer specialists of international industries and businesses would also be required to aid law enforcement investigations.
Freeh called for those at the conference to begin thinking about pulling law enforcement and private business from all over the world into cooperative working groups to combat cyber crime. He called the cooperation a critical step toward designing systems and procedures to protect against and react to disruptions in computer networks.
Freeh describes measures the FBI had taken by 1997 to investigate the threat of cyber crime. The FBI Computer Investigations and Threat Assessment Center provided expertise in computer investigations and threat assessments. Three FBI computer squads had been organized to serve as a resource for other FBI divisions and other law enforcement agencies. Internationally, thirty countries had "Legats," FBI offices located abroad to provide "cop-to-cop bridges" in partnering with international law enforcement agencies.
Things to remember while reading excerpts from "Speech by Louis J. Freeh, Director of the FBI":
- In 1997 the potential for a direct terrorist action against the United States on U.S. soil did not worry many Americans. Neither did disruption of computer systems by terrorists. Aside from the occasional hacker entering a classified computer system, no such actions had been serious enough to cause much interest or concern. Freeh pointed out such national security matters were not a priority at the time.
- Freeh acknowledges that law enforcement has historically operated in a catch-up mode. Only once a crime is committed or new alarming information made public would Congress act to pass new laws enabling law enforcement agencies to act.
- Freeh gives examples of actual cyber crimes. He challenges both private industry and law enforcement agencies to begin thinking globally, in terms of worldwide cooperation. Calling for industry and law enforcement agencies all over the world to begin working together was a new concept.
Excerpt from "Speech by Louis J. Freeh, Director of the FBI"
I just returned from a very brief trip to the Mideast where I visited three countries and spent time with the leaders of all the countriesinvolved in the current peace process. We met with Yasser Arafat, the Prime Minister of Israel, King Hussein, President Mubarak , and, over the course of several days, all of my counterparts , both in law enforcement services and security services.
And part of our agenda . . . did in fact deal with some of the issues that this conference is going to address—issues like technology crimes ; law enforcement in the information age ; threats to infrastructure ; threats to national security; the new ways that criminals and terrorists have found to achieve their objectives; taking advantage of all of the technological changes; the transparency of borders ; the ability to travel and send information instantaneously. . . .
It's an obvious point, but one which I think we need to make: in the United States also, these critical issues will continue to occupy industry and law enforcement, but they are not at this time on the front burners for law enforcement or for national security people. This should not be surprising. We are not imminently threatened with the collapse of infrastructures. We are not seeing intrusions at a frequent enough index that people are alarmed about them. . . .
Today this kind of debate continues in Washington and around the world on encryption . Again, at this point we can't point to a proliferation of examples where encryption, unbreakable encryption, has caused the loss of lives or shut down major investigations. But we know, with great certainty, that if that problem is not dealt with very quickly, the time will come that, as robust encryption proliferates without any recovery systems , law enforcement and national security will clearly be at risk.
In a sense, this process really describes the history and the saga of law enforcement. In 1933, unarmed FBI agents transporting a prisoner were gunned down in a crossfire that became known as the Kansas City Massacre. Only then was Congress spurred to enact, within a week after that attack, the authority for FBI agents to carry firearms and make arrests.
It took the chance discovery of the Apalachin meeting up in New York and subsequent investigations in the mid-60's to demonstrate the existence of la Cosa Nostra in the United States—and that spurred Congress to authorize court-authorized wiretapping in 1968.
So we see, over the course of time, how law enforcement strives to catch up with technology. And I think that's where we are right now with computer crime, with the encryption issues, with the telecommunication issues, and with the wireless communication issues—all of which need to be addressed and solved.
So I really salute all of you—and the different countries and corporations that you represent—for putting together a conference which, for the first time, focuses internationally on this problem. Your lead is one that law enforcement must follow.
Today when new FBI agents graduate from our training academy in Virginia, they leave with their firearms and their badges, but they also leave with a laptop computer. It's an excellent symbol of the changing environment in which these young men and women will function over the next 20 years. It is also imperative for the way they must conduct investigations. When they serve law enforcement search warrants, they seize hard drives and disks instead of the boxes and boxes of records and books and ledgers that their predecessors, myself included, used to seize to support our cases.
Today, also, they chase fugitives over cyberspace as well as over fences. You may remember when we arrested Mr. Mitnik a year or so ago. He was found by the FBI, but he was found because we hired a 23-year-old computer specialist to locate exactly where he was and where he was transmitting from. That was the basis of effecting that arrest.
I though also I would mention, very briefly, some of the cases where the technology of computers and cyber crime is evidencing itself, and then talk generally and briefly about recent initiatives undertaken between the FBI and other government organizations, in partnership with the private sector, to deal with some of these problems.
Clearly these problems and issues cannot be solved unilaterally by law enforcement, no more than they could be solved unilaterally by the private sector . If we are to identify and respond to these various problems, we have got to unite the efforts of industry and law enforcement on an international scale.
Let me mention very quickly a couple of cases; these are all public cases so I can comment on them. The Citibank case . . . was a case where someone with a laptop computer, sitting in an apartment in St. Petersburg, Russia, intrudes into a bank and attempts to move millions of dollars out of accounts to a place where they can be exploited .
We had a similar case recently with a so-called "phone phreaker" in Sweden—and because of the assistance we received from Swedish authorities, we were able to solve that case. There a young man, sitting in his own apartment, hacked his way across the Atlantic Ocean into U.S. telephone switching systems and worked his way down tonorthern Florida, where over the course of several weeks, he interfered with 911 systems and had the capability to disable the system. It could have been disastrous, because 911 systems not only affect the police but also affect fire and emergency services.
Now extrapolate that to imagine if he had hit larger systems—banking systems, stock exchanges, or power grids in the northeast or northwest in the middle of winter.
We had another recent and continuing case in Baltimore, which we call the Innocent Images case. . . . It goes back to 1993 when we began investigating a kidnapping case. When we began to focus on several subjects, it became clear that they were using computers—computer telecommunications networks—to contact, identify and, in some cases, arrange for meetings with children.
In a sense, they were entering the homes of the children, not on the telephone or by a knock on the door, but through computer modems. That case, which has become a national initiative by the FBI, has resulted so far in approximately 88 arrests and 78 convictions. And the only people targeted in those cases are the individuals who are involved in large-scale distributions of pornography , and that's just, in our view, the tip of the iceberg.
We had a recent terrorism case where an individual maintained plans in his laptop computer to attack airliners and other targets. Part of the files contained in that laptop is still encrypted and is still in need of being deciphered by the law enforcement authorities.
Those are just several cases on the menu—again, not representative of thousands of others, but all of a very serious nature and with grave implications . If you take the context of those cases and translate them to large scale industries, to infrastructure, and to informational systems, then you can see that the potential is catastrophic .
Consider for example, a recent exercise by a government agency that is responsible for maintaining and transmitting secure information. This agency ran some computer attacks against its own very well defended systems, using people inside and outside the agency to perform them. The results of the test were that 88 percent of the attacks were successful. Again, the implications of that exercise, translated to all our informational systems, are sobering .
We have been trying to respond to the prospective issues involved in this issue in a number of different ways. In June last year the President signed an Executive Order that asked all government agencies, coordinated by the FBI, to do a critical infrastructure study over a one-year period that would focus on the vulnerabilities of the systems—both physical and informational security—and that would compose and design protocols of plans and systems to protect key areas of government, as well as private industry infrastructure.
That process has been ongoing now for several months. We have enlisted the assistance of many agencies, particularly Department of Defense agencies, which have great expertise in this area. We have also heavily relied upon private industry and private consultants to supply some of the necessary expertise for analysis and planning.
In addition, pursuant to the Executive Order and to a Presidential Directive on terrorism, we established an FBI Computer Investigations and Threat Assessment Center in our headquarters, which we call CITAC. The purpose of that center is two-fold: one, to develop and provide expertise in computer investigations; secondly, to do threat assessments with respect to computer crime infrastructure defenses. This ties in as best it can with the infrastructure analysis program which is ongoing at the same time.
We have established three FBI computer crime squads in the field now, one is there in New York; two, in others cities around the country. These are very different animals in terms of our FBI structure. Most FBI squads are programmatic squads , dealing with bank robbery or with theft from interstate shipment. These new computer crime squads, however, are disciplinary squads—nonprogrammatic and specifically designed and ordered to gather up, within a particular division, all of the computer investigative expertise that we have both from an analytic and an operational point of view. We then use them as a resource for all other programs, criminal programs, or national security matters. We also use them to assist our partners in other law enforcement agencies.
Part of our CITAC program also requires the SACs in all our 56 field divisions to form working groups with local industry—banking, utilities, energy, whatever the framework may be for that particular location—and put together working groups that will serve both to advise and respond to a crisis that threatens infrastructure, whether it be a criminal or a national security matter. To date, those advisory working groups are working very well around the country.
Again, the real key to success here—and I don't think it can be repeated too much—is the critical partnership of government with the private sector and private industry. . . . It is critical that, prior to an emergency, we develop the contacts, the associations, and the working groups to deal with some of those problems.
We have worked very hard, as you know, in the legislation area to obtain the authorities that not only enable us to continue our investigative programs and techniques, but also help us anticipate some of the emerging problems. Last year, for instance, the FBI worked very hard with private industry and with many distinguished academics , to propose and ultimately to see pass the economic espionage statute, which is really a trade secrets act.
The interesting thing behind that initiative, however, was the fact that it was computer crime—particularly computer intrusions into major companies to valuable trade secrets—that focused our efforts to protect commerce and industry here in the United States. We found, for instance, that the traditional theft statutes, like the transportation of stolen property, just didn't apply to the situations where an intruder into or an employee of a corporation quickly downloads an important trade secret and transports that information on a disk either locally or globally.
The courts had said in many cases that intellectual property or knowledge of a trade secret was not really a "good" or "ware" as intended by the Congress in the interstate transportation of stolen property act. So we found we had a large area of criminal activity legally exempted from the FBI's program.
A major impetus for this trade secrets act was thus the ability of computer criminals to steal valuable intellectual property that doesn't quite fit the 1930s definition of "goods, wares, and merchandise." This is just one example of our legislative initiatives directed towards those technology problems.
Encryption is another important one. We realize that the need for robust encryption is critical for the health of our national economy andfor American competitiveness, here and overseas. As a law enforcement agency that wears a national security hat, however, we also realize that we need encryption with some exempted or court-authorized recovery mechanism for those very rare instances when encrypted channels are used to either transmit or store information relative to a crime, an act of terror, or a national security matter. Of course such a mechanism would be available to us only under court orders and very stringent requirements , as with the 1968 court-authorized wiretapping statute. . . .
Another FBI initiative that deals with the cyber crime and global crime issue is the expansion of our Legal Attaché program. As many of our international friends here know, the FBI has had, for many, many years a "Legat" program, as well call it, where FBI agents are assigned to various embassies to engage in liaison functions with the host law enforcement authorities. They deal exclusively in law enforcement-related activities. They do not engage in any other non-criminal activities except as liaison.
We have Legats now in 30 countries. On my last trip, in fact, I dedicated an office in Tel Aviv, which will also serve as liaison with Jordan, with the Palestinian authority, and with the office in Cairo. Over the next two years, pursuant to a plan approved by the Congress, we will open another 16 Legats which will take us to the places like Beijing, South Africa, and Buenos Aires—places where law enforcement needs cop-to-cop bridges and the police-to-police contacts that are necessary to deal with crimes like computer crime and others that have no boundaries and that are committed in the twinkling of a eye. These crimes absolutely require us to work with our partners in order to identify and solve them.
We are behind the eight ball , I think, in our efforts to deal both with cyber crime and global crime. But the initiatives I have mentioned—including infrastructure initiatives, training initiatives, the Legat programs—are all certainly moving in the right direction. My concern is that we are moving too slowly and that the pace of change is so rapid that, despite our best efforts and our resources, we will still remain a little bit behind the curve.
If you think about what's happening now with respect to cyber crime and global crime, it's not unfair to compare it to the advent of the automobile back in the early part of the century. Easy automobile use then changed everything. It didn't just change the economy, it also had an immense impact on law enforcement, which had been dealing with crime on a localized basis.
Today the change is from national to international borders. I remember when I was a new FBI agent here in New York in 1975. It was an anomaly to have a lead in your case which went overseas to a foreign bank account, or to need to speak to a witness who was outside our jurisdiction, or to need records from an offshore location where we had no jurisdiction.
Now in 1997, that's all changed. It is probably rare when we don't have an international connection in a drug case or an economic crime case, or a fugitive case or a national security matter. Just like the automobile back in the 1920s and the 1930s, the computer is impacting the economy and the science of law enforcement today, except, probably, with a tenfold greater impact.
It is affecting everything we do in law enforcement. It is changing the rules of the game with respect to how we prepare for and deal with national security issues. And it will continue to do that at an even more alarming rate.
Remember the old gangster movies where somebody robbed a bank, got in an old Model T, and raced away from the police to a state line—where the police had to stop because they didn't have jurisdiction to take the bank robbers over the state line? Congress intervened when that happened. It established interstate banking authority for the FBI with respect to the bank robbery jurisdiction. And everybody thought we had solved the problem. In today's world, though, we are dealing with global borders and economic borders that have ceased to exist. We now need to have authorities from Congress, and we also need technological means to deal with a problem that is getting increasingly more complex and global. We need to draw on your expertise and advice and partner our efforts.
So, let me just close by again thanking you all for your attendance and participation here. We certainly appreciate your interest. We thank your chiefs and director generals for approving this. Andwe ask that you help us to combat these new crime phenomena. A critical part of our success will come from industry and from you. Thank you very much.
What happened next . . .
On September 11, 2001, nineteen terrorists, all members of al Qaeda, a terrorist organization based in Afghanistan, hijacked four fully fueled U.S. airliners. Two were flown into the twin towers of the World Trade Center in New York City, one into the Pentagon in Washington, D.C., and the fourth, presumably heading for Washington, D.C., crashed in Pennsylvania. A total of 3,047 people died and the issue of national security immediately went to the "front burner" as the nation's number one priority.
Cooperation between law enforcement agencies, private businesses, and Americans in general became crucial. Just as Freeh predicted, computers had become vital to terrorists and criminals as communication and planning tools. Computer systems themselves became the target of criminal activity when terrorists made efforts to disrupt key communication networks, or extract sensitive information from company or military files. Since cyber crimes are carried out over worldwide computer linkages, U.S. and international law enforcement agencies had to work together, ignoring traditional jurisdictional boundaries.
In 2004 the FBI and Computer Criminal Intellectual Property Section (CCIPS), both within the U.S. Department of Justice, were the lead law enforcement agencies dealing with cyber crime. The FBI Investigative Programs, Cyber Investigations Unit has the responsibility of protecting the nation from cyber crime, from both terrorist activities and cyber criminals such as sexual predators or those stealing from U.S. businesses. All information about terrorist threats goes to the Terrorist Threat Integration Center (TTIC) in Northern Virginia. Representatives of all U.S. counterterrorist agencies work together at the TTIC.
The CCIPS employs a team of about forty lawyers to prosecute cyber criminal cases. CCIPS also oversees the National Cybercrime Training Partnership (NCTP) that provides education to local state and federal agencies in the latest law enforcement techniques for fighting cyber crime.
There are forty-nine FBI Legal Attachéor Legats offices in the world. The FBI special agents assigned to Legats work side by side with other countries to prevent terrorism.
Did you know . . .
- By 1977 new graduating FBI agents were trained and armed with firearms but their most important piece of equipment was a laptop computer.
- Encryption, or coded messages, used in computer communications benefited law enforcement agencies and businesses but also benefited criminals. For example, a business might code the credit card numbers of its customers so the numbers cannot be stolen. Criminals, too, send information in code so law enforcement is unable to decipher it. Just as encrypted message codes of the Japanese and Germans were broken by U.S. intelligence agents in World War II, Freeh believed further efforts in the study of encryption were essential.
Consider the following . . .
- Historically law enforcement agencies stayed within their jurisdictions for investigative work and arrests. For example, state police did not move across state boundaries. Why does Freeh say crime can no longer be solved "unilaterally" by a single agency? Why are traditional jurisdiction boundaries, in some cases, obsolete?
- Why was Freeh so determined to involve private industry in combating cyber crime? Think in terms of an industry as the victim and their computer specialists having expert knowledge of their computer systems.
- What single event in U.S. history put national security and cyber terrorist crime on the "front burner?"
- Research and list at least five types of cyber crime.
Mideast: Region between Europe and Asia including northeastern Africa.
Arafat, Hussein, Mubarak: Arafat, leader of Palestinian Authority; Hussein, king of Jordan; Mubarak, president of Egypt.
Counterparts: Government law enforcement directors of other countries.
Technology crimes: Disabling computer systems or using computers and the Internet for criminal activity.
Information age: Communications with high speed computers.
Infrastructure: Basic framework for systems, such as communications, bridges, railroads, roadways, airports.
Transparency of borders: Lack of geographical lines in cyberspace.
Intrusions: Terrorist threats or acts.
Encryption: Coded message systems that allow secret information to be sent.
Proliferation: Rapid increase.
Robust encryption proliferates without any recovery systems: Vigorous encryption continues without a way to retrieve the coded data.
Apalachin meeting: A historic gathering of numerous organized crime leaders.
La Cosa Nostra: The Mafia, an Italian and Sicilian crime organization.
Private sector: Privately owned businesses and industry.
Exploited: Used by criminals for criminal activities.
Phone phreaker: A person who disrupts and causes confusion in a telephone system.
Extrapolate: Project to a larger situation.
Pornography: Videos, books, and photographs focusing on nudity and sexual activities.
Deciphered: Figured out.
Grave implications: Capable of doing great harm.
Sobering: Makes one think more serious consequences would be likely.
Prospective issues: Potential criminal activity.
Protocols of plans and systems: Defense strategies.
Pursuant to: In direct response to.
Determine weak areas that could be hit.
Groups of agents that deal with certain types of criminal activity.
SACs: Security assessment centers.
Authorities: Legal responsibility.
Academics: Scholars, such as university professors, who were experts in trademark, copyright, and patent issues.
Trade secrets: Business secrets.
Intellectual property: A creation of someone's mind, such as a poem, song, story, or play.
Exempted or court-authorized recovery mechanism: Legal authority to retrieve information stored in computers like legal authority to wiretap telephone lines.
Strict guidelines for information gathering to avoid invasion of privacy of individuals or groups.
Liaison functions: Cooperating and coordinating.
Host: The country where Legat is located.
Behind the eight ball: Needing to act and react defensively.
Intervened: Took action on.
For More Information
Alexander, Yonah, and Michael S. Swetnam, eds. Cyber Terrorism and Information Warfare: 1. Assessment and Challenges. Dobbs Ferry, NY: Oceana Publications, Inc., 1999.
Sherman, Mark. Introduction to Cyber Crime. Washington, DC: Federal Judicial Center, 2000.
"Computer Crime and Intellectual Property Section (CCIPS) of the Criminal Division." U.S. Department of Justice.http://www.cybercrime.gov (accessed on August 19, 2004).
"The Electronic Frontier: The Challenge of Unlawful Conduct Involving the Use of the Internet." U.S. Department of Justice.http://www.usdoj.gov/criminal/cybercrime/unlawful.htm (accessed on August 19, 2004).
Internet Crime Complaint Center.http://www.ic3.gov (accessed on August 19, 2004).
"Investigative Programs, Cyber Investigations." Federal Bureau of Investigation.http://www.fbi.gov/cyberinvest/cyberhome.htm (accessed on August 19, 2004).