FBI embeds cyber-investigators in Ukraine, Estonia

Agents are working cybercases with local law enforcement

Hoping to catch cybercrooks, the U.S. Federal Bureau of Investigation has begun embedding agents with law enforcement agencies in Estonia, the Ukraine and the Netherlands.

Over the past few months, the agents have begun working hand in hand with local police to help crack tough international cybercrime investigations, said Jeffrey Troy, chief of the FBI's Cyber Division, in an interview at the RSA Conference in San Francisco. Because virtually all cybercrime crosses international borders, this type of cooperation is crucial, law enforcement experts say.

The embedding was inspired by a successful operation in Romania, begun in 2006, which led to close to 100 arrests. "We looked at that and said, 'Where else can we do this,'" said Troy, who heads up FBI cybercrime operations.

The FBI has a history of embedding its agents with international police. In the 1980s, U.S. agents worked with Italian law enforcement to crack mob cases that involved the two countries. "This is not a new model, but it's certainly new to cyber," Troy said.

Troy wouldn't comment on what cases the agents were working, but he said, "those countries were selected for a reason."

Currently, there is one embedded agent in each of the three countries, and one remains in Romania, Troy said.

Security experts say the Ukraine is home to a large number of online scammers and the creators of bank-account-emptying malware such as the Zeus Trojan. "Ukraine's a huge problem," said Paul Ferguson, a researcher with Trend Micro. "I would rank it above Russia right now."

Traditionally, securing law enforcement cooperation with Ukrainian police has been a problem, however. "It's encouraging that they have someone embedded there," Ferguson said. "I hope it's more than just a token presence."

Ferguson had no comment on why the FBI might be in Estonia, but his company has linked a widespread rogue-antivirus operation to an unnamed Estonian company that displayed 1.8 million scam "You are infected" messages to Web surfers in July 2009.

The third FBI agent is stationed in The Hague, the Netherlands.

Back in the U.S., agents have also created an in-house botnet expert group of technically savvy agents who can help the FBI's local law enforcement teams investigate botnet-related cases, Troy said. Now more than ever, scammers are using botnet-infected computers to steal banking credentials from victims and move that money offshore.

Recently, the FBI helped shut down a massive botnet, called Mariposa, which had infected millions of computers worldwide.

Troy called botnets "a significant threat."

"There are zillions of botnets out there," he said.

More about: FBI, Federal Bureau of Investigation, Mariposa, RSA, Trend Micro
References show all

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
Users posting comments agree to the Computerworld comments policy.
Login or register to link comments to your user profile, or you may also post a comment without being logged in.
Related Coverage
Related Whitepapers
Latest Stories
Community Comments
Tags: botnets, cybersecurity, estonia, fbi, Ukraine
Whitepapers
All whitepapers
Sign up now to get free exclusive access to reports, research and invitation only events.
Featured Download
/downloads/product/145/microsoft-security-essentials/

Microsoft Security Essentials

Microsoft Security Essentials provides your home PC with real-time protection. It constantly uses the latest technology ensuring that you will always stay up to date ...

Computerworld newsletter

Join the most dedicated community for IT managers, leaders and professionals in Australia