Speakers


Deprecated: Function get_magic_quotes_gpc() is deprecated in /home/customer/www/nccsc.org/public_html/libraries/fof/input/input.php on line 102
FBI CyberSquad Albany NY

FBI CyberSquad Albany NY

Members of the CyberSquad Albany NY

https://www.fbi.gov/contact-us/field-offices/albany

The FBI is the lead federal agency for investigating cyber attacks by criminals, overseas adversaries, and terrorists. The threat is serious—and growing. Cyber intrusions are becoming more commonplace, more dangerous, and more sophisticated. Our nation’s critical infrastructure, including both private and public sector networks, are targeted by adversaries. American companies are targeted for trade secrets and other sensitive corporate data and universities for their cutting-edge research and development. Citizens are targeted by fraudsters and identity thieves, and children are targeted by online predators. Just as the FBI transformed itself to better address the terrorist threat after the 9/11 attacks, it is undertaking a similar transformation to address the pervasive and evolving cyber threat. This means enhancing the Cyber Division’s investigative capacity to sharpen its focus on intrusions into government and private computer networks. 

For more information on the FBI's cyber security efforts, read Addressing Threats to the Nation’s Cybersecurity

Key Priorities 

Computer and Network Intrusions

The collective impact is staggering. Billions of dollars are lost every year repairing systems hit by such attacks. Some take down vital systems, disrupting and sometimes disabling the work of hospitals, banks, and 9-1-1 centers around the country.

Who is behind such attacks? It runs the gamut—from computer geeks looking for bragging rights, to businesses trying to gain an upper hand in the marketplace by hacking competitor websites, from rings of criminals wanting to steal personal information and sell it on black markets, to spies and terrorists looking to rob our nation of vital information or launch cyber strikes.

Today, these computer intrusion cases—counterterrorism, counterintelligence, and criminal—are cyber program priorities because of their potential national security nexus.

In recent years, we’ve built a new set of technological and investigative capabilities and partnerships—so we’re as comfortable chasing outlaws in cyberspace as we are down back alleys and across continents. Those capabilities include:

  • A Cyber Division at FBI Headquarters to address cyber crime in a coordinated and cohesive manner;
  • Specially trained cyber squads at FBI headquarters and in each of our 56 field offices, staffed with agents and analysts who protect against and investigate computer intrusions, theft of intellectual property and personal information, child pornography and exploitation, and online fraud;
  • New Cyber Action Teams that travel around the world on a moment’s notice to assist in computer intrusion cases and gather vital intelligence that helps us identify the cyber crimes that are most dangerous to our national security and to our economy;
  • Our Computer Crimes Task Forces that combine state-of-the-art technology and the resources of our federal, state, and local counterparts;
  • A growing partnership with other federal agencies—including the Department of Defense, the Department of Homeland Security, and others—that share similar concerns and resolve in combating cyber crime.
Cyber Agent

Ransomware

Hospitals, school districts, state and local governments, law enforcement agencies, small businesses, large businesses—these are just some of the entities impacted by ransomware, an insidious type of malware that encrypts, or locks, valuable digital files and demands a ransom to release them.

The inability to access the important data can be catastrophic in terms of the loss of sensitive or proprietary information, the disruption to regular operations, financial losses incurred to restore systems and files, and the potential harm to an organization’s reputation. Home computers are just as susceptible to ransomware and the loss of access to personal and often irreplaceable items— including family photos, videos, and other records—can be devastating for individuals as well.

In a ransomware attack, victims—upon seeing an e-mail addressed to them—will open it and may click on an attachment that appears legitimate, such as an invoice or an electronic fax, but that actually contains the malicious ransomware code. Or the e-mail might contain a legitimate-looking website address, but when a victim clicks on it, they are directed to a website that infects their computer with malicious software.

Once the infection is present, the malware begins encrypting files and folders on local drives, any attached drives, backup drives, and potentially other computers on the same network. Users and organizations are generally not aware they have been infected until they can no longer access their data or until they begin to see computer messages advising them of the attack and demands for a ransom payment in exchange for a decryption key. These messages include instructions on how to pay the ransom, often with bitcoins because of the anonymity this virtual currency provides.

Ransomware attacks are not only proliferating, they’re becoming more sophisticated. Several years ago, ransomware was normally delivered through spam e-mails, but because e-mail systems got better at filtering out spam, cyber criminals turned to spear phishing e-mails targeting specific individuals. In some newer instances of ransomware, cyber criminals are seeding legitimate websites with malicious code, taking advantage of unpatched software on end-user computers.

The FBI does not support paying a ransom in response to a ransomware attack. Paying a ransom doesn’t guarantee an organization will get its data back—there have been cases in which organizations never received a decryption key after paying the ransom. Paying a ransom also emboldens current cyber criminals to target more organizations and offers an incentive for other criminals to get involved in this type of illegal activity. In addition, by paying a ransom, an organization may inadvertently fund other illicit activity.

As ransomware techniques and malware continue to evolve—and because it’s difficult to detect a ransomware compromise before it’s too late—the FBI recommends organizations focus on:

  • Prevention efforts—both in terms of awareness training for employees and robust technical prevention controls; and
  • The creation of a solid business continuity plan in the event of a ransomware attack.

Here are some tips for preventing ransomware (primarily aimed at organizations and their employees, but some are also applicable to individual users):

  • Make sure employees are aware of ransomware and of their critical roles in protecting the organization’s data.
  • Patch operating system, software, and firmware on digital devices (which may be made easier through a centralized patch management system).
  • Ensure anti-virus and anti-malware solutions are set to automatically update and conduct regular scans.
  • Manage the use of privileged accounts—no users should be assigned administrative access unless absolutely needed and only use administrator accounts when necessary.
  • Configure access controls, including file, directory, and network share permissions appropriately. If users only need read-specific information, they don’t need write-access to those files or directories.
  • Disable macro scripts from office files transmitted over e-mail.
  • Implement software restriction policies or other controls to prevent programs from executing from common ransomware locations (e.g., temporary folders supporting popular Internet browsers, compression/decompression programs).
  • Back up data regularly and verify the integrity of those backups.
  • Secure your backups. Make sure they are not connected to the computers and networks they are backing up.