FBI Embeds Cyber-Investigators in Ukraine, Estonia

Hoping to catch cybercrooks, the U.S. Federal Bureau of Investigation has begun embedding agents with law enforcement agencies in Estonia, the Ukraine and the Netherlands.

Over the past few months, the agents have begun working hand in hand with local police to help crack tough international cybercrime investigations, said Jeffrey Troy, chief of the FBI’s Cyber Division, in an interview at the RSA Conference in San Francisco. Because virtually all cybercrime crosses international borders, this type of cooperation is crucial, law enforcement experts say.

Also Robert Lemos’ report Cyberwar: Is Offense the New Defense?

,br>

The embedding was inspired by a successful operation in Romania, begun in 2006, which led to close to 100 arrests. “We looked at that and said, ‘Where else can we do this,'” said Troy, who heads up FBI cybercrime operations.

The FBI has a history of embedding its agents with international police. In the 1980s, U.S. agents worked with Italian law enforcement to crack mob cases that involved the two countries. “This is not a new model, but it’s certainly new to cyber,” Troy said.

Troy wouldn’t comment on what cases the agents were working, but he said, “those countries were selected for a reason.”

Currently, there is one embedded agent in each of the three countries, and one remains in Romania, Troy said.

Security experts say the Ukraine is home to a large number of online scammers and the creators of bank-account-emptying malware such as the Zeus Trojan. “Ukraine’s a huge problem,” said Paul Ferguson, a researcher with Trend Micro. “I would rank it above Russia right now.”

Traditionally, securing law enforcement cooperation with Ukrainian police has been a problem, however. “It’s encouraging that they have someone embedded there,” Ferguson said. “I hope it’s more than just a token presence.”

Ferguson had no comment on why the FBI might be in Estonia, but his company has linked a widespread rogue-antivirus operation to an unnamed Estonian company that displayed 1.8 million scam “You are infected” messages to Web surfers in July 2009.

The third FBI agent is stationed in The Hague, the Netherlands.

Back in the U.S., agents have also created an in-house botnet expert group of technically savvy agents who can help the FBI’s local law enforcement teams investigate botnet-related cases, Troy said. Now more than ever, scammers are using botnet-infected computers to steal banking credentials from victims and move that money offshore.

Recently, the FBI helped shut down a massive botnet, called Mariposa, which had infected millions of computers worldwide.

Troy called botnets “a significant threat.”

“There are zillions of botnets out there,” he said.