An FBI agent spoke to students and researchers Tuesday at the Biodesign Institute on the Tempe campus, warning them about the realm of cybercrime.
Paul Schaaf, a special agent for the cyber investigations division of the Phoenix office of the FBI, said cybercrime is the third-highest priority of the FBI, behind terrorism and counterintelligence.
“We’re seeing organized crime syndicates,” Schaaf said. “People are recruiting talent to get data.”
Cary Gielniak, the director of information technology services at the Biodesign Institute, said he wanted to make researchers aware of how easily their information could be compromised.
“If you’re working on a project, from a security perspective, you don’t want that information to get out,” Gielniak said. “We want people to be cognizant that when they’re storing their information that they are doing it safely.”
The most common security threats in the cyber realm are phishing attacks, “insidious” antivirus software and failure to conceal data, Schaaf said.
He investigated a recent case of phishing where spammers sent out between 15,000 and 20,000 phony subpoenas asking people to appear before the United States District Court. A link in the document subsequently downloaded malware onto the computers of 1,800 people before the spammers were caught, Schaaf said.
He also warned about the vulnerabilities of SQL servers, a database management system.
“Don’t put your secrets out there,” Schaaf said. “I can guarantee you the recipe for Coca-Cola is not on an SQL server.”
Data encryption, however, is something students and researchers should be familiar with, Gielniack said.
“Anyone across campus should know how to secure information,” Gielniack said. “Just because [data] is on your USB key or in your pocket doesn’t mean that it’s secure. If it falls out at a party, now someone has your Social Security number or credit card, whatever you have in hand.”
Schaaf took a similar tone with data encryption, and said he encouraged encryption of any device people might take outside.
To demonstrate his point, Schaaf told the audience about an FBI agent who had a thumb drive stolen during a car burglary. One of the files on the thumb drive included real names and addresses of undercover agents, resulting in the dismissal of the agent from the FBI.
Most companies tend to invite Schaaf to speak after a data loss, he said, but he came to the Biodesign Institute was with the intentions of prevention.
Biodesign Institute systems analyst principal Scott Lecomte said a widespread infection of a computer virus or malware within the Biodesign Institute could cost between $4,000 and $5,000 to clear every machine.
Most cybercrimes are perpetrated through clever social engineering rather than sophisticated technology, Schaaf said, citing a scam where someone pretending to be FBI Director Robert Mueller sends e-mails to unsuspecting people, persuading them to partake in an online fraud involving a Nigerian prince.
“I don’t even get e-mails from Director Mueller unless people are ready to walk me out the door,” he said.
Schaaf said surfing the Web wisely, choosing passwords wisely, practicing safe data transfers and knowing the risks associated with e-mail can help prevent people from becoming victims of cybercrime.
Reach the reporter at mhendley@asu.edu
