LIANE HANSEN, host:
This is WEEKEND EDITION from NPR News. I'm Liane Hansen.
(Soundbite of people talking)
Mr. CHRIS PAINTER (Deputy Chief, Computer Crime and Intellectual Property Section Department of Justice): How are you doing?
Mr. SHAWN HENRY (Deputy Assistant Director, Cyber Division, Federal Bureau of Investigation): Great. (Unintelligible).
Mr. PAINTER: Very good to see you again.
Mr. HENRY: Hey, good to see you.
Mr. PAINTER: Got to see you got your Diet Coke to keep the caffeine going.
Mr. HENRY: Yeah, actually.
HANSEN: Two of the nation's top cyber crime enforcers interrupted their busy morning last week to sit down and talk to us about their jobs. One works for the Department of Justice, the other for the FBI. They investigate and prosecute cyber criminals.
I don't want to be an alarmist here, but what are the odds that the average citizen is going to be the victim of a cyber crime?
Mr. HENRY: I, well, I can tell you this, you put an unprotected computer on the Internet, I would say with virtual certainty within 30 minutes your computer is going to be compromised.
HANSEN: Scary stuff to start this week's segment in our cyber crime series. Today, we're going to examine cyber fraud.
Since the beginnings of the Internet some 25 years ago, hackers and other computer criminals have found ingenious ways to use this technology to their advantage.
Kevin Mitnick was one of America's most wanted, and now works as a cyber security consultant. We called him. He explained how he became a notorious hacker.
Mr. KEVIN MITNICK (Cyber Security Consultant, Mitnick Security Consulting): Well, because I have such a passion for technology and wanting to learn how technology works, I compromised numerous companies - mainly telephone companies and companies that develop cell phones and operating systems. And at one point I became a fugitive. And I used my computer skills to evade the government - the FBI and the U.S. Marshals for about three years. And finally when they caught up with me, I became the example. I was arrested in a point of time where the Justice Department wanted to make computer crime a top priority, and they needed a symbol to show their dedication to fighting computer crime. So my case was used as that symbol.
HANSEN: Kevin Mitnick did nearly five years in prison for hacking into dozens of corporate computers, stealing proprietary software and damaging their networks. Chris Painter helped put Mitnick behind bars, when Painter was an assistant U.S. attorney in the mid-1990s. Today, he heads the computer crime and intellectual property section of the Department of Justice. He and his FBI counterpart met us at the Justice Department's offices here in Washington.
Mr. PAINTER: Good to see you.
Mr. HENRY: Good to see you.
HANSEN: We're seated in the cyber crime lab at the Department of Justice, a very clean, well-lit room. There's a horseshoe counter with various computers on it, displaying the Department of Justice seal and several small computer towers called FRED, which is Forensic Recovery Evidence Device.
Chris Painter is jovial and low key, yet eager to tell us some stories. So we asked how cyber criminals have evolved.
Mr. PAINTER: Cyber criminals are certainly very clever and they certainly, because of the nature of their technical experience, had advanced and found new ways to commit crimes. I mean, we're always seeing new and different ways for these criminal groups to act. And frankly, we've seen a real change in the kind of paradigm of these cyber criminals. We had a lot of these criminals who were doing these hacking and other crimes, doing it somewhat for their own edification - just to show that they could.
Now, what we're seeing more and more is organized criminal groups. Sort of like traditional OSE groups, but they are spread all over the world and they are linked virtually by computers. And they are doing it now very explicitly for the money. This is where the money is. And because this is where the money is, that creates a greater threat, it creates a better motivation for them.
And although the traditional people were using the Net just to commit these crimes, were not all that bright in the way they committed them in the past and the hackers were really smart in the way they did them, we've seen a convergence between those two groups so that they're doing it for money and they're being clever about hiding their identity, going through different countries.
HANSEN: Tell us about that. What are some of the new ways they're committing crimes?
Mr. PAINTER: Well, one of the things that we've seen really grow over these years is something called botnets. And botnets are armies of what are kind of colorfully described as zombie computers or slave computers that are tens of thousands strong that are operated by a control channel to do a whole host of different crimes. I think both of us have called this in the past the Swiss Army knife of computer hacking and computer crimes because they're used for identity theft, they're used for spam, and we've been targeting them. The FBI, specifically, is also been targeting them.
HANSEN: Chris Painter is seated next to Shawn Henry, deputy assistant director of the FBI cyber division. He's been leaning back in his chair, listening to Painter. Then, he straightens up in front of the microphone.
Henry is a little intimidating, a G-Man in black. His head is shaved and his gunmetal gray eyes seemed to have x-ray vision. I get the feeling he knows everything about me. I want to know more about these botnets. So, Henry explained the FBI strategy.
Mr. HENRY: We actually started a botnet initiative. We termed it Bot Roast, a clever play on words. But just to focus our agents and our analysts on what the threat was. So two methods for us, I think, to try and have an impact on the problem. One is the deterrent effect, being able to aggressively investigate and then, through the Department of Justice, successfully prosecutes somebody and let them know that when they commit one of these crimes they're going to pay for it. They're not going to get six months probation, but they may get five or six years in prison sitting next to somebody who's doing hard time for a physical crime. So actually being able to investigate it successfully and have a deterrent effect is one part.
But the second part, I think, that is critical is to raise the public's awareness. When Chris talks about 10,000 bot armies of computers, there's actually millions of computers that are controlled. And the average computer user does not even know their computer's under somebody else's control. So for your listeners to understand this, you might be working on your computer, surfing the Internet, shopping, and there's somebody who is actually on that computer with you and you don't know it. You log off. They're actually using your computer to attack other computers, to steal other people's passwords and user names, to steal people's credit cards so that the resources of your computer, because it's not adequately protected, is susceptible to being utilized by somebody else.
HANSEN: Our lives, how we worked and how we communicate have been changed immeasurably by the Internet for the better. But you should know the risks. Even the savvy FBI investigator Shawn Henry says he's amazed how sophisticated cyber criminals are.
Mr. HENRY: In this environment, in this virtual world that we live in, we've seen these organized groups that live virtually where we have groups that are organized, not like "The Sopranos" organized crime, but organized in that each of the players in this group have a specific expertise. And they may never have met each other ever. They meet online in a chat room - one from Turkey, one from Ukraine, one from the United States, one from Greece, one from Russia, one from you name the country - each of them having a particular area of expertise.
One might actually compromise computers and develop a botnet. One might write spam e-mails specifically to entice you to give up your username and your password. Somebody might actually harvest those credit card numbers when they come in. Somebody else might actually take the money and physically launder it and turn it into real money. And then somebody else might actually send the money using Western Union or some other type of financial transport mechanism to get the money into the pockets of the other members. They never meet. They never see each other. They never touch each other, but they are organized. They are together. And to me, that's an aha moment, where we watched crime actually moved from the physical world to the virtual world.
HANSEN: So how do you protect your computer? Here are some tips our experts gave us. Keep your Firewall turned on. It's like a gatekeeper who checks all your visitors. Use anti-virus software. Make sure your operating system is up to date and when you're not using your computer, turn it off. If after all that you still become prey for the cyber fraudsters, you can report it to the federal authorities. Go to the Web site ic3.gov to file a complaint. There's more on our Web site, npr.org.
No one is immune from cyber crime. Police officers, lawyers and doctors have been defrauded. Susan Grant is the director of consumer protection for the Consumer Federation of America.
Ms. SUSAN GRANT (Director of Consumer Protection, Consumer Federation of America): You have to remember that con artists are really insightful. They know what buttons to push. They know what makes people tick.
HANSEN: Grant tells the story of one woman, an accountant, who was sought into an e-mail scam originating from Africa.
Ms. GRANT: She was convinced that this person had contacted her about getting his money out of his country and into her bank account because of her accounting expertise. He also appealed to her because, through their communications, he picked up on the fact that she was a very religious person. And so he started to say that he was as well. When this person contacted me, she had bought plane tickets to fly to Ghana to meet with this guy, and she was within three days of going.
Susan Grant is with the Consumer Federation of America.
Next week, in the final installment of our series on cyber crime, we examine cyber stalking.
Unidentified Man #1: If somebody wants to stalk you, the Internet is a huge advantage for them now. They don't have to put the work they used to have to put in to find out your address, your phone number, what you look like. So we've got a situation with immense amounts of information that are outside of your control, yet, are probably accessible to people with malicious intent.