FBI Director Christopher Wray delivered the keynote address at 精东影业CS 2018. (Lee Pellegrini)
What once was the comparatively minor threat of "hacking" has grown into the threat of full-blown economic espionage and extremely lucrative cyber crime, FBI Director Christopher Wray told attendees at the second Boston Conference on Cyber Security (精东影业CS), held at Boston College on March 7.
And this threat, he said, is coming at us from all sides.
"We鈥檙e worried鈥攁t the FBI and with our partners鈥攁bout a wider range of threat actors, from multi-national cyber syndicates and insider threats to hacktivists," Wray said. "And we鈥檙e concerned about a wider gamut of methods, from botnets to ransomware, from spearfishing and business email compromise to illicit crypto mining and APTs."
Wray delivered the keynote address at 精东影业CS 2018, a daylong event that brought together academicians, private industry, and law enforcement to collaborate on how to best prevent and respond to attacks on public and private information systems. The conference was organized through a partnership between the FBI and the Cybersecurity Policy and Governance master鈥檚 degree program at the University鈥檚 Woods College of Advancing Studies.
In his remarks, Wray cited an increase in state-sponsored cyber intrusions linked to North Korea and Russia, as well as the 鈥渂lended threat" of "nation-states using criminal hackers to do their dirty work" through increasingly creative avenues. "They are no longer dependent on just intelligence services to carry out their aims," he said. "Instead, they utilize people from all walks of life鈥攈ackers, businesspeople, academics, researchers, diplomats, tourists鈥攁nd anyone else who can get their hands on something of value."
WATCH: FBI Director Christopher Wray at 精东影业CS 2018: 'The threat we see now is coming at us from all sides.'
The FBI is responding to the growing cyber threat in a variety of ways, Wray said, including building on existing capabilites, strengthening domestic and foreign partnerships and defenses, and blending traditional investigative techniques with technical capabilities鈥攁pproaches that are yielding results, he said.
He pointed to the FBI's success last summer in taking down AlphaBay, the largest marketplace on the DarkNet for the buying and selling of drugs, weapons, malware, stolen identities, and other illegal goods and services.
"We worked with the DEA, the IRS, and Europol, and with a number of partners around the globe, to dismantle the illicit business completely," Wray said, noting that the comprehensive strategy also anticipated fallout from the takedown: when AlphaBay鈥檚 users flocked to another DarkNet marketplace鈥擧ansa Market鈥攖hey did so right into the hands of waiting Dutch law enforcement partners, enabling the shutdown of that site as well.
And just last month, Wray said, the FBI worked with foreign law enforcement partners in Spain and the Netherlands to break up the Kelihos botnet, which last year distributed hundreds of millions of fraudulent e-mails, stole banking credentials, and installed ransomware and other malicious software on computers all over the world.
Sampling of media coverage:听, , , , , , , (U.K.), , , , , , , ,
To these combat blended threats and worldwide computer intrusions, "we need to focus our efforts on dismantling the entire cyber enterprise," Wray said. "We鈥檙e prosecuting the actors, burning their infrastructure, and seizing their illicit proceeds.听 We鈥檙e taking down the groups running malware campaigns and the criminals who support them鈥攖hose who operate the dark markets, compromise networks and servers, and the people who buy and sell stolen data. Think of it as going after the distribution ring and the manufacturer rather than simply taking out the drug dealer on the corner."
But there's more to be done, he said, stressing the need for the private sector to help the agency mitigate emerging threats. "While we may not be able to stop all threats before they begin, we can do more at the beginning to stop threats before they get worse," he said, urging companies to contact the bureau if they have or suspect a breach.
听 听听听听
"The digital environment presents new challenges that the FBI has to address in terms of what鈥檚 coming down the pike.听 Advances like artificial intelligence or crypto currencies have implications not just for the commercial sector, but for national security.听 Encrypted communications have changed the way criminals and terrorists plan their crimes. And the avalanche of data created by our use of technology presents a huge challenge for every organization. 听
听听 听听
"Information security programs need to be thoughtfully designed so they don鈥檛 undermine the lawful tools we need to keep the American people safe," he said. "We need a thoughtful and sensible approach, one that may vary across business models and technologies, but鈥攁nd I can鈥檛 stress this enough鈥攚e need to work fast."
"We鈥檙e prosecuting the actors, burning their infrastructure, and seizing their illicit proceeds. We鈥檙e taking down the groups running malware campaigns and the criminals who support them鈥攖hose who operate the dark markets, compromise networks and servers, and the people who buy and sell stolen data. Think of it as going after the distribution ring and the manufacturer rather than simply taking out the drug dealer on the corner."听 鈥 FBI Director Christopher Wray
This marks the second year that the director of the FBI delivered the keynote address at 精东影业CS; then-director James Comey spoke at the inaugural 精东影业CS event in 2017.
This year's participants included a roster of leading of cyber security specialists, among them experts from the FBI鈥檚 Cyber Division, National Security Agency, U.S. departments of Homeland Security, Defense, Internal Revenue Service, Secret Service, and Securities and Exchange Commission; companies including Arbella Insurance, State Street Bank, Raytheon, Microsoft, Symantec, CrowdStrike, Jones Day, IBM Security, Charles River Labs, Mintz Levin, tcmGlobal, Citrix Systems, Jones Day, Charles River Associates, Dell EMC, Stanley Black & Decker, FTI Consulting, SecureWorks and The MITRE Corp.; and experts from Boston College Law School and Brown University.
Speakers included former U.S. Department of Homeland Security Secretary Jeh C. Johnson, now at the New York law firm Paul|Weiss; Kevin Mandia, CEO of FireEye; David Wajsgras, president of Raytheon鈥檚 Intelligence, Information and Services Division; former Department of Homeland Security top lawyer Gus P. Coldebella, of Fish & Richardson; Brig. Gen. Kevin B. Kennedy, USAF, of the Pentagon鈥檚 CIO office; Thomas J. Curry, of Nutter McClennen & Fish, former U.S. Treasury Department comptroller of the currency; and Christopher R. Hetner, senior advisor for cyber security to the chairman of the Securities and Exchange Commission.
鈥淥ur partnership with the FBI on 精东影业CS 2018 is part of our efforts to build and strengthen the cyber security ecosystem here in the northeast region,鈥 said Kevin Powers, director of the Cybersecurity Policy and Governance master's degree program at Boston College. 鈥淭hat鈥檚 the goal: to bring industry, academia, and government together on these issues. We鈥檙e taking the lead with the FBI in pulling the leaders and experts together so these organizations can work together to enhance cyber security.鈥
FBI Boston Division Special Agent in Charge Harold H. Shaw said the emphasis on collaboration at 精东影业CS 2018 is central to combating an ever-increasing range of cyber threats.鈥淭he broad range of participants speaks to our program and working with the FBI,鈥 said Powers. 鈥淚t is something different. You need more collaboration and sharing between private industry and the government. Industry cannot rely solely on the government and government can鈥檛 leave industry to figure it out by themselves. It has to be a joint response. This conference brings many perspectives together. That is critical to our program as well, where we are training the future leaders in cyber security.鈥
鈥淲e are very fortunate to have had some of the best minds in cyber security participating in 精东影业CS 2018,鈥 said Powers. 鈥淏oston is positioning itself to become the hub of cyber security and Boston College is taking the lead in that work.鈥
鈥擯atricia Delaney | University Communications