Black Hat: Feds Look To Arrest ID Theft With New Industry Alliance

When it comes to keynote speakers, a self-described recovering technophobe who works for the FBI might not be the first person you think of to kick off a show like Black Hat.

Still, Dan Larkin, unit chief for the FBI's Internet Crime Complaint Center, on Wednesday stood before a packed Caesar's Palace auditorium to highlight his agency's efforts to get smart about cybercrime by enlisting the help of the industry and the security research community.

"I used to be afraid of you all," Larkin joked. No longer. Since 9/11, Larkin has been at the center of several efforts to enlist the help of security pros to help federal law enforcement crack down on a number of different cybercrimes. The latest effort will be Operation Identity Shield. Although Larkin didn't provide many details, look for the FBI to publicize its new identity theft crime-fighting unit in the coming months.

Today's threats are more sophisticated, spread out internationally, and rely on social engineering more than ever before, Larkin said. Tomorrow's threats will be even worse as attackers continue to exploit vulnerable Web applications and servers, target mobile devices with malware-laden SMS text messages, and deface popular Web sites such as MySpace.

Another attack technique gaining traction is the "IP Relay end around," which Larkin describes as a way for thieves with stolen credit card numbers to fraudulently order merchandise from merchants via Internet Protocol Relay, a service set up to let people who have difficulty hearing or speaking communicate through an Internet connection. "It's been an unsecured door thus far," he added.

Larkin's Internet Crime Complaint Center, or IC3, is a reporting and referral system for Internet crime complaints that makes use of an online complaint form and a team of agents and analysts. IC3 was formed in 1999 as the Internet Fraud Complaint Center, a partnership between the FBI and the Justice Department's National White Collar Crime Center.

Operation Identity Shield follows a number of collaborative efforts between the FBI and the IT industry. Digital PhishNet was established in December 2004 as an enforcement operation to unite industry leaders in technology, banking, financial services, and online auctioneering with law enforcement to combat phishing. In 2003, the FBI and the Direct Marketing Association launched Operation Slam Spam to give law enforcement assistance from industry to identify, prosecute, and lock up criminals threatening to undermine e-mail as a viable form of communication.

"Criminals use the whole portfolio of techniques and tools at their disposal to steal information and money," Larkin said. With cybercrime, "it's not just arresting the bad guys and shutting down their networks. It's about ongoing education and understanding of the situation."