Louis J. Freeh, Director
Federal Bureau of Investigation
Senate Committee on Judiciary
Subcommittee for the Technology, Terrorism, and Government Information
Good morning, Mr. Chairman, Senator Feinstein, and Members of the Subcommittee. I am privileged to have this opportunity to discuss cybercrime -- one of thefastest evolving areas of criminal behavior and a significant threat to our national and economic security.
Twelve years ago the "Morris Worm" paralyzed half of the Internet, yet so few of us were connected at that time that the impact on our society was minimal. Since then, the Internet has grown from a tool primarily in the realm of academia and the defense/intelligence communities, to aglobal electronic network that touches nearly every aspect of everyday life at the workplace and in our homes. The recent denial of service attacks on leading elements of the electronic economic sector, including Yahoo!, Amazon.com, Buy.com, eBay, E*Trade, CNN, and others, had dramatic and immediate impact on many Americans. As Senator Bennett recently stated, "these attacks are only the tip of theiceberg. They are the part of the iceberg that is visible above the water-in clear view. But as everyone knows, the largest part of the iceberg, and possibly the most dangerous, lies beneath the surface of the water and is difficult to detect. This is true also with the range of threats to the Internet and those that rely upon it."
I would like to acknowledge the strong support this Subcommitteehas provided to the FBI over the past several years for fighting cybercrime. Senator Kyl's strong support for vital cyber crime legislation such as the National Infrastructure Protection Act of 1996 and the Schumer-Kyl bill strengthening 18 U.S.C. 1030, is greatly appreciated. Senator Kyl and this committee have also been the strongest supporters of our National Infrastructure Protection Center.For that support, I would like to say thank you.
In my testimony today, I would like to first discuss the nature of the threat that is posed from cybercrime and highlight some recent cases. Then I will comment on our use of 18 U.S.C 1030 in fighting cybercrime and say a few words about the Schumer-Kyl bill. Finally, I would like to close by discussing several of the challenges that cybercrimeand technology present for law enforcement.
Cybercrime Threats Faced by Law Enforcement
Before discussing the FBI's programs and requirements with respect to cybercrime, let me take a few minutes to discuss the dimensions of the problem. Our case load is increasing dramatically. In FY 1998, we opened 547 computer intrusion cases; in FY 1999, that had jumped to 1154. At the same time, becauseof the opening the National Infrastructure Protection Center (NIPC) in February 1998, and our improving ability to fight cyber crime, we closed more cases. In FY 1998, we closed 399 intrusion cases, and in FY 1999, we closed 912 such cases. However, given the exponential increase in the number of cases opened, cited above, our actual number of pending cases has increased by 39%, from 601 at the endof FY 1998, to 834 at the end of FY 1999. In short, even though we have markedly improved our capabilities to fight cyber intrusions, the problem is growing even faster.
A few days ago the Computer Security Institute released its fifth annual "Computer Crime and Security Survey." The results only confirm what we had already suspected given our burgeoning case load, that more companies surveyedare reporting intrusions, that dollar losses are increasing, that insiders remain a serious threat, and that more companies are doing more business on the Internet than ever before.
The statistics tell the story. Ninety percent of respondents detected security breaches over the last 12 months. At least 74 percent of respondents reported security breaches including theft of proprietary...