U.S. law enforcement agencies struggle to detect cyberattack sponsors

Most computer crimes originate in Russia and other Eastern European countries, according to U.S. law enforcement officers, but officials do not have the capability to pinpoint whether such attacks are sponsored by criminal enterprises or nation states, they told Senate lawmakers on Tuesday.

Easy, cheap access to the Internet, particularly in that region, has facilitated tax refund scams, ATM fraud and U.S. proprietary data theft, Justice Department officials said during a Senate Judiciary subcommittee hearing on cyber crime.

"Right now, we see on the criminal side a majority of the attacks coming from the individuals who are located in Russia and Eastern European countries," said Gordon Snow, assistant director of the FBI's cyber division. "We see that very large part of the world -- that's extremely connected -- being an area where a lot of the threat is coming from."

Such perpetrators often communicate through chat rooms in a "cyber underground" dedicated to stealing and exploiting identity and financial data, officials testified. Increasingly, they resort to carding, or using a victim's credit or debit card account number -- not only to cash out cards -- but also to sell and resell the identifying data, to hack into other computer systems and commit Internet auction fraud, officials added.

U.S. law enforcement agents have raided many of these communities, yet, as lawmakers underscored, it is hard to determine who or what is stoking the criminal activity.

"China is directing the single largest, most intensive foreign intelligence gathering effort since the Cold War against the United States," said Sen. Orrin G. Hatch, R-Utah. "Methods for conducting informational warfare to advance the goals of the nation state might also involve secretly sponsoring terrorists. China is often cited as providing government support to computer hackers."

The Secret Service, an agency within the Homeland Security Department authorized to investigate computer crime, two weeks ago obtained a long-term visa to open an office in Beijing, said Pablo Martinez, deputy special agent in charge of the Secret Service criminal investigative division. The Secret Service already has an office in Russia.

Snow said law enforcement and intelligence agencies governmentwide coordinate to try to trace the source of a threat.

"The successes that we've had have been many," he said. "The problem with it is that there are still some very high-profile cases that we've seen, just by looking through The Wall Street Journal or any other media outlet, where we still don't know to this day who the attacker is, what state we can attribute it to, or who that person behind the keyboard was."

Snow cited the recent breach of a network owned by the parent company of the Nasdaq Stock Market in New York as an example of the kind of attack directed against important U.S. infrastructure that is difficult to pin to a clear culprit. "As we would in response to any such breach, the FBI is working to identify the scope of the intrusion and assist the victim in the remediation process," he testified.

The cost of cyber crime to the U.S. economy also is hard to decipher. Often, businesses do not disclose attacks, preferring to absorb the cost rather than reveal vulnerability, so it is impossible for officials to accurately quantify the total financial damage. Snow pointed to one 2010 estimate from the Ponemon Institute and security firm ArcSight that calculated the median annual cost of Internet crime for an entity ranges from $1 million to $52 million.