When shared services go bad

When it comes to agency IT, shared services are an important administration goal. There's another sort, however, that keeps a top FBI cyber official up at night.

Cyber criminals are increasingly collaborating on malware and attacks, John Riggi, section chief for cyber division outreach at the FBI, said during a presentation at the ISC2's Cyber Secure Gov conference on May 14 in Washington. He fears that terrorists and hostile states will get in on the act as well.

"Russia, China, Iran. Everyone knows about them," Riggi said. "ISIL [Islamic State in the Levant] wants to develop a cyber capability. They don't have it yet, as far as conducting computer intrusions. They have the capability to conduct some low level web defacement [at smaller, local-level sites in the U.S.], but certainly not at a national level."

"What I'm concerned about personally, what I think the government's concerned about, is that ISIL will buy the capability to conduct a sophisticated attack" because of the growth of deep-web markets for malware and other increasingly complex computer and network intrusion services, he said.

Unlike commercial networks that mostly face assault from specific types of criminals online, federal networks are beset by every kind of criminal and hostile actor, he said -- including thieves looking for monetary reward, hacktivists, terrorists and nation-sponsored espionage.

The rise of criminal shared services has been startling, he said. "The bad guys have figured out that cooperation works."

Criminals in the deep web sell all manner of malware and other capabilities to test security. "Some even have help desks, some are fee-driven," Riggi said.

He warned federal IT specialists in the audience that spearfishing is the most effective and increasingly sophisticated method of getting around cyber defenses.

Cyber criminals and other bad actors on the web are fine tuning their malicious emails using information they're getting from social media, targeting IT professionals who innocuously post information about their jobs or capabilities.

"They're looking for individuals who talk about access levels" in networks and other specifics from federal employees with critical access.

Speculation in the press that the thefts of "bulk PII [personally identifiable information]" from government and other web sites were done to mine it for individuals with critical access responsibilities might not be far-fetched, according to Riggi.

"IT people are the keys to the kingdom," he said.

The cross-currents between organized online criminals and foreign governments can amplify even criminal theft of such data, he said.

"Russian [electronic criminal] groups have a close relationship with Russian intelligence," he said. Those groups have been contracted by Russian intelligence in the past.