The FBI’s cyber chief issued a warning last week that the agency is beginning to see increased targeting of mobile devices, including smart phones and tablet computers, by sophisticated cyber criminal organizations.

Speaking at the annual GovSec Conference in Washington, D.C., April 3, Gordon M. Snow, the FBI’s Assistant Director in charge of its Cyber Division, said the new mobile attack trend is likely to increase in the near future as the number of smart phones and tablets skyrocket.

“There are more wireless devices being used in the United States than there are Americans,” said Snow. “It is estimated that by the end of 2012 the number of mobile connected devices will exceed the number of people on earth.” Adding to the vulnerability, say experts, is the lack of anti-virus software for smart phones and tablets. Unlike desktop computers, most smart phones and tablets do not come with security software installed by default.

For the first time in the U.S., the FBI and the Justice Department were granted permission by a federal judge to take control of the Botnet’s command and control servers and intercept communications between the infected systems and the servers controlling them.”

In addition to the wireless attack trend, Snow said the FBI is preparing for an increase in targeting of public safety network infrastructure. Congress recently passed legislation that freed up additional wireless spectrum for dedicated use by first responder organizations nationwide. That network is now only in the beginning stages of being built. But as it grows, so too will the number of deliberate attacks, said Snow.

“In the cyber criminal world, we see three primary actors: Foreign intelligence services, terrorist groups and organized criminal enterprises,” he said, adding that such actors are using multiple attack vectors, including the supply chain, trusted insiders and proximity attacks to target networks for intrusions designed to steal private financial information as well as create new ‘Botnets’ – large collections of computers infected with malware that allows hackers and criminals to control them remotely, often without the owner of the system being aware that they have been compromised.

The increase in the number and sophistication of cyber threats has led to changes in the FBI’s structure. The agency has placed cyber specialists in each of its 56 field offices nationwide, numbering more than 1,000 agents, intelligence analysts and forensic specialists.

“At the heart of the FBI’s cyber response effort is the National Cyber Investigative Joint Task Force (NCIJTF),” located outside of Washington, D.C. , Snow explained. The NCIJTF manages a wide variety of interagency task forces focused on cyber threats. Task force members can also be assigned “to more defined teams called Threat Focus Cells,” said Snow. These are teams that are focused on specific intrusions and problems, such as botnets. Each cell is composed of a team leader, investigative agents, intelligence and technical analysts, engineers and other specialists.
The agency has also embedded cyber specialists with foreign law enforcement agencies in Romania, Estonia, Ukraine, and The Netherlands, he said, in an effort to focus the FBI’s efforts on international cybercrime ‘hot spots’.

In what Snow called a “precedent-setting investigation,” the FBI in April 2011 played an instrumental role in stopping the spread of the Coreflood virus, a key-logging program that allowed cyber thieves to steal personal and financial information by recording unsuspecting users’ every keystroke. The virus impacted more than 800,000 users in the U.S.

“For the first time in the U.S., the FBI and the Justice Department were granted permission by a federal judge to take control of the Botnet’s command and control servers and intercept communications between the infected systems and the servers controlling them,” said Snow. Experts were then able to send a “remote stop command” to infected machines, which allowed anti-virus software to begin removing the malware.

As the sophistication and scale of such attacks increase, Snow said he sees a future in which the only option in some cases will be to mitigate the impact to users. “We have to make a cultural shift from protecting systems to protecting the information,” he said.

“What would you do if I told you that right now, while you sit here today, a criminal gang is in your office reading your emails, copying your business plans and stealing your research,” Snow asked the audience gathered at the GovSec conference. “I’m telling you that kind of intrusion and that kind of theft is happening today,” he said. “And yet we aren’t calling law enforcement and we aren’t addressing the threat.”

(Video of his Snow’s remarks are available here, beginning at the 37:00 minute mark.)