The FBI plays two very important roles in cyberspace. First,
it is the lead law enforcement agency for investigating
cyber attacks by foreign adversaries and terrorists. The
damage to the United States' national security from a cyber-based
attack includes devastating interruptions of critical communications,
transportation, and other services. Additionally, such
attacks could be used to access and steal protected information
plans. The FBI also works to prevent criminals, sexual
predators, and others intent on malicious destruction from
Internet and on-line services to steal from, defraud, and
otherwise victimize citizens, businesses, and communities.
The Cyber Division at Headquarters manages investigations
into Internet-facilitated crimes and supports Counterterrorism,
Counterintelligence, and Criminal investigations
that call for technical expertise. In addition, most FBI field offices have
specialized cyber squads. Cyber Action Teams or "CATS" are
available to assist with specialized expertise anywhere
in the world. FBI Regional Computer Forensic Laboratories
throughout the country help state and local law enforcement solve cases where
evidence is locked in a computer.
The FBI's Internet Fraud Complaint Center (IFCC) operates as part of a cyber-community
watch. The self-policing efforts of honest and vigilant Internet users result
in potential fraudulent activity over the Internet being brought to the attention
of law enforcement through the IFCC. The IFCC does much more than just collect
complaint information. It ensures that the information, along with additional
investigative information developed by IFCC personnel, is disseminated to the
appropriate agencies and that identified fraud schemes are either prevented or
mitigated. The IFCC processes and refers all complaints it receives, regardless
of the alleged dollar loss. In its first year of operation, the IFCC received
36,410 complaints, resulting in 30,503 valid criminal complaints. The IFCC turns
complaints into reports and forwards them to, on average, two or three law enforcement
agencies. The referral process has spawned hundreds of criminal investigations
throughout the country. The FBI uses the data to identify multiple victims, various
crime trends, and same-subject cases, thus initiating the investigative phase
of the IFCC's operations.
CYBER ATTACKS: NET JAM
Cyber attacks can take many forms, including worms, web
site defacing, distributed denial of service (DDoS), and
physical attacks. These attacks have been increasing
at an alarming rate since the rapid growth of the Internet in the 1990's. NET
JAM is the code name for a series of DDoS attacks which began on February 7,
2000. This case was investigated by the FBI in Atlanta, Boston, Dallas, Los
Angeles, San Antonio, San Francisco, Seattle, Washington, DC, and several Legal
DDoS attacks prevent victims from offering their web services
on the Internet to legitimate users. A DDoS attack uses
compromised computer networks to flood
a victim's computer network with massive amounts of data, overwhelming the victim's
computer network and causing it to stop operating.
During the investigation, the FBI determined that the perpetrator
resided in Canada, and called upon the FBI's Legal Attache
in Ottawa to gain the assistance of the Royal Canadian
Mounted Police (RCMP).
On April 15, 2000, the RCMP arrested a Canadian juvenile
known as Mafiaboy for the February 8th DDoS attack on CNN
in Atlanta, Georgia. On August 3, 2000, Mafiaboy
was charged with 64 additional counts. On January 18, 2001, Mafiaboy appeared
before the Montreal Youth Court in Canada and pleaded guilty to 56 counts.
These counts included mischief to property in excess of
$5,000 against Internet sites,
including CNN.com, in relation to the February 2000 attacks. The other counts
related to unauthorized access to several other Internet sites, including those
of several US universities. On September 12, 2001, Mafiaboy appeared before
the Montreal Youth Court in Canada and was sentenced to
eight months "open custody," one
year probation, and restricted use of the Internet.
ON-LINE CHILD PORNOGRAPHY: OPERATION CANDYMAN
The FBI's Houston Field Office initiated Operation CANDYMAN
after an undercover agent identified three eGroups (Candyman,
Shangri_la and Girls12-16), now called
Yahoo! Groups, involved in posting, exchanging, and transmitting child pornography.
Through the issuance of a court order to Yahoo!, the FBI was provided 11,670
unique email addresses which participated in the three eGroups. Subsequent subpoenas,
court orders and search warrants uncovered enough information to identify 1,822
domestic and 4,664 foreign subjects.
As of March 4, 2003, FBI field offices across the United States had executed
over 608 searches, indicted 131 individuals, arrested 125, and obtained 69 convictions
in connection with the Candyman investigation. Sixteen of the subjects arrested
have admitted to the molestation of 58 children. Arrests have included teachers,
a school bus driver, a fireman, a police and fire commissioner, a Big Brother/Big
Sister caseworker and a cheerleading instructor.
ON-LINE UNDERCOVER: INNOCENT IMAGES
In May 1995, the Baltimore FBI Office began an undercover
operation-code named "Innocent
Images"-to target people who use computers to receive and/or distribute child
pornography and to recruit minors into illicit sexual relationships. Since
then, the case has grown to become a national FBI initiative that addresses
exploitation of children, particularly through the use of on-line computers.
More than 2,000 people have been convicted to date.
In early 2002, a 15-year-old girl disappeared from her
home. Her parents contacted the police and reported that
their daughter was "on the Internet all the time
and could possibly be missing due to Internet enticement." The police requested
FBI assistance. Two days later, the FBI received a telephone call from an anonymous
individual stating he was on his computer, in a "sadomasochistic" chat room.
The individual also stated the subject was bragging and sending real-time photographs
of a young female he identified as his "sex slave," who he was allegedly molesting
The FBI determined the girl in the photographs was the
victim. The Internet Protocol (IP) address of the subject
was captured, and the Internet service provider was
subpoenaed to obtain the identity and address of the subject. The subject's
home was identified.
The local FBI field office, along with the police, responded
to the location, made forcible entry, and recovered the
victim. No other individuals were located
in the residence. The victim was restrained to a bedpost with a dog collar
around her neck and a 22' chain with two padlocks. She
was clothed only in thong underwear and had visible bruises.
She was taken to a local hospital.
The kidnapper was arrested at his place of employment without incident.
INTERNET FRAUD: JAY NELSON
In August 2000, the Internet
Fraud Complaint Center (IFCC) made a referral to the appropriate
federal, state, and local law enforcement agencies regarding
Jay Nelson, also known as (a.k.a.) Richard Nelson, doing
business as Harddrives4sale.com. Complainants alleged that
Nelson was selling computer equipment via Internet auction
sites, but ultimately failing to deliver the purchased
merchandise. Investigation by the San Jose Police Department
that Rick Pascale, originally thought to be a subject in
an unrelated matter, was in fact one of several aliases
used by Nelson. An investigation of Jay Nelson was initiated
the United States Postal Inspection Service (USPIS) in
Boston, Massachusetts. In November 2000, a search and seizure
was executed at Nelson's residence, at which time several
computers were seized. Nelson was subsequently arrested
on January 30, 2001, but released on the conditions that
turn over any computers and agree not to use the Internet.
On February 14, 2001, Nelson fled town one day prior to
his arraignment. Nelson was then placed on the USPIS's
Most Wanted List. An investigation determined that Nelson
from town to town, staying at each location only long enough
to perpetrate a new scam. On July 17, 2001 Nelson was arrested
in Kissemmee, Florida. Nelson's Internet fraud scheme victimized
over 300 individuals resulting in monetary losses in excess
of $1 million. The excellent communications between the
IFCC and the USPIS resulted in linking seven separate cases