Reporting Cyber Crime and Hacking to the FBI

Attended the IT Summit in Laramie, and learned some good things about internet crime from a presenter from the FBI. Some of the information was illuminating.

Much of what he said was a reiteration of what I know – common sense protects you the majority of the time. But automated crime is not only on the rise (as we feel the impact of in spam and increasing site threats), it is exponentially increasing as technology makes it easier and easier for people to automate exploitation.

The real eye opener though, had to do with website exploitation reporting. Just what do you report to the FBI? I asked him. I told him I’d had a site that was exploited, and that since the web host had shut down my site due to abuse by someone else on the site, that I assumed they’d reported it to the FBI. He said they would not! So if your site is hacked, it is up to YOU to report it, and to preserve evidence.

Evidence comes in the form of two things:

• First, any files that have been placed on your website.
• Second, the log reports that show the activity during the time in which any material was installed on your site without your consent.

So how do you get that?

The typical scenario, is this:

• You install some kind of insecure software, or a form, onto your site.
• At some point, your email from the site stops working, or you get a report from a site visitor that the site is down, or you discover for yourself that your site is down. A notice appears that it has been suspended.
• You call your hosting company, and they inform you that an abuse has occurred. At this point, you are UNABLE to access ANY files! You cannot preserve any evidence at all!
• Usually, the hosting company will remove the offensive material, and then reactivate your account.
• You can then access the log files (if your hosting package has visitor logs), but the offensive files are gone.

If you want to preserve evidence and report, you’ll need to ask your hosting company to cooperate. You’ll have to ask them to zip or tar (compress) the offensive files BEFORE they delete them, and then report the offense to the FBI, making the log files and abnormal site files available to them as requested.

To report a violation, go to: http://www.ic3.gov/complaint/. This organization is a cooperation with the FBI, and they aggregate small cyber crime reports, including site attack data, and looks for patterns, so that violators can be prosecuted. When they gather sufficient evidence to build a case worth investigating further, it is turned over to the FBI. Your report can help isolate an offender and bring them closer to prosecution.

The point here is, YOU must report. No one else will do it for you, because YOU were the victim.

Had I known that previously, I’d have reported and collected evidence on the three prior attacks experienced by myself or my clients during the last 4 years.

I’ve learned to protect sites better, but the risk is still there. In the event that it should happen again, a report will be filed, now that I know that I SHOULD, and now that I know HOW.