FBI's Chabinsky: Cybercrime is a profession

A cybercrime may occur in the virtual world, but its damage can be very real. The severity of such crimes is one reason cybercrime has become a top priority for the Federal Bureau of Investigation.

Every day, foreign countries and terrorist organizations seek to steal U.S. public- and private-sector information "for the purpose of undermining the stability of our government or weakening our economic or military supremacy," said Deputy Assistant FBI Director Steven Chabinsky, speaking at FOSE on Tuesday. "The cyber threat can be an existential threat, meaning it can challenge our country's very existence, or significantly alter our nation's potential," Chabinsky warned.

The people behind these mysterious attacks often view themselves as businessmen because they are typically non-violent, white-collar criminals and cybercrime is their sole source of income. Greater organization by these groups has led to the "professionalization" of cybercrime. Like a corporation, different team members contribute their talents to the project. Chabinsky outlined 10 specializations seen in a typical cybercrime:

1. Coders - Write the malware and exploits necessary to commit the crime;

2. Distributors and vendors - Trade and sell stolen data;

3. Techies - Maintain the critical infrastructure (servers, encryption and database languages);

4. Hackers - Search for and exploit the applications, systems and network vulnerabilities;

5. Fraudsters - Create and deploy social engineering schemes;

6. Hosters - Provide safe hosting of content on servers and sites;

7. Cashers - Provide and manage drop accounts;

8. Money movers - Transfer illicit proceeds;

9. Tellers - Launder money through digital currency services;

10. And finally, Leaders - The "people people," who often have no IT skills, but can keep the entire team working together as planned.

Self-reliance is rare. "Almost every cyber criminal is a member of at least one online forum, website or chat room," says Chabinsky. They use these virtual meeting places to discuss techniques, share tools and tips, and evaluate other users. Over long periods of time the FBI is infiltrating and taking down these networks.

"We've also learned that the communication methods used by these criminals are to them, a social outlet as well...after a time the members of these forums become friends," said Chabinsky. Getting to know the members who frequent these networks can help the FBI recognize their traits, the things they buy and sell and what they are interested in. Even as they change names, email addresses and networks FBI agents are able to recognize them.

"It's not just that cyber criminals steal money, it's the amount that they can steal." They can steal imaginary money--money that isn't backed by gold or hard dollars, and that is the type of damage that can make entire institutions crumble.

The FBI now has more than 1,000 cybersecurity experts throughout its 56 field offices and has made computer forensics a required part of it's special agent training program. What's more, the bureau has bolstered it's international cybersecurity collaboration, working with law enforcement in more than 60 countries, Chabinsky said. But the FBI can't do it alone.

"The cybercrime threat cannot be prevented without collaboration from other agencies," Chabinsky said