Black Hat: FBI Joins Fight Against ID Theft

The U.S. FBI is stepping up its fight against online fraud with a new initiative called Operation Identity Shield, according to a senior FBI official.

The project, which is already in operation, is one of a growing number of collaborations between the FBI and the technology industry. “It’s sort of an evolution of what we’ve seen in the phishing area,” said Daniel Larkin, chief of the FBI’s Internet Complaint Center, speaking at the Black Hat USA conference in Las Vegas on Wednesday.

The FBI’s antiphishing effort, called Digital PhishNet, was launched in late 2004 with backing from companies like Microsoft, AOL and VeriSign, as well as the U.S. Secret Service and the U.S. Postal Inspection Service.

The FBI plans to publicize Operation Identity Shield in the coming months, but already Larkin credits the effort as contributing to a number of arrests.

Concerns over identity theft are on the rise. The U.S. Department of Justice (DoJ) estimates that about 3.6 million families—about 3 percent of all U.S. households—were hit with some sort of identity theft during the first half of 2004. This crime costs the United States an estimated $6.4 billion per year, according to the DoJ.

The FBI realized in the late 1990s that the only way to fight cybercrime was through public-private-sector alliances like Operation Identity Shield, but it has taken time to build trust between the two sectors, Larkin said.

By dedicating an agent to working with Carnegie Mellon University’s Computer Emergency Response Team (CERT) and signing a memorandum of understanding to make it clear that the FBI would protect sensitive information, the two organizations eventually built a fruitful partnership.

After the attacks on the World Trade Center and Pentagon in 2001, CERT helped the FBI identify a virus in the e-mail account of one of the 19 terrorists associated with the attacks. “We were able to reconstruct that virus and where it came from and develop some really valuable information,” Larkin said.

That success led to a big change in the way the FBI tackled cybercrime, Larkin said. “We redefined what a task force was. We decided that we had to form public-private alliances.”

Soon, the FBI was forging new partnerships, like the SLAM-Spam initiative, which has identified about 100 criminal spammers since its inception. Another effort, called Operation Releaf (Retailers and Law Enforcement Against Fraud), has cracked down on “re-shipper” scammers who use stolen credit card information to have U.S. goods shipped to West Africa and Russia.

By Robert McMillan, IDG News Service (San Francisco Bureau)

Keep checking in at our Security Feed for updated news coverage.