Cloudsec Yesteryear's hack of Sony Pictures was an act of war, stated FBI Supervisory Special Agent Timothy Wallach, who delivered the FBI's gradation system of cybercriminals to net security conference Cloudsec on Thursday, 17 September.
US agencies have fingered the North Korean government for the Sony attack repeatedly, initially to much scorn as the nation is popularly believed to be residing in the technical dark ages.
However, the Norks role in the breach has been increasingly accepted, as information about the NSA's role in attribution has been made public.
Presenting the act of war at one end of the spectrum, with hacktivists at the other end, FBI Supervisory Special Agent Timothy Wallach told Cloudsec about the agency's ongoing efforts to deal with cybercrime.
Wallach made it clear the FBI distinguished hacktivists – a term he suggested covered ideological actors, including everyone from LOIC and Lizard Stresser ego-hackers, through to those defacing police websites following the shootings of young African American men – from those cybercriminals who were motivated by financial gain or espionage.
The hack of Sony pictures, he suggested, was an act of warfare, though it remains unclear how it might be considered a military act of sabotage, other than its nation-state backing.
According to Wallach, who is currently assigned to lead the Cyber Task Force in the Seattle Field Office of the FBI, reports of breaches increased by 55 per cent between 2013 and 2014.
These breaches often targeted personal identifiable information, although an increasing number went after healthcare information, which Wallach regards as a larger target.
Intellectual property espionage from China remains an issue, especially from the People's Liberation Army (PLA) advanced persistent threat Unit 61398, which was exposed by Mandiant in 2013. Unit 61398 had been known by the codename "Byzantine Candor" by US intelligence agencies since 2002.
The five-man strong PLA hacking team is unlikely to face attention while residing in China, Wallach stated, although they would be picked up were they to travel outside of the country.
$3m bounty for capture. Also known as "Slavik" and "lucky12345".
Also mentioned was one Evgeniy Mikhailovich Bogachev, also known as Slavik and Lucky12345. The creator of the GameOver Zeus trojan has a $3m bounty on his capture, which Wallach encouraged attendees to have a think about.
A criminal complaint (PDF) filed in the District Court of Nebraska states that Bogachev "has been a member of a long-running conspiracy to employ widespread computer intrusions, malicious software, and fraud to steal millions of dollars from numerous bank accounts in the United States and elsewhere".
Research delivered at Blackhat earlier this year, and produced by a coalition of Fox IT, Crowdstrike, and the FBI, suggested that Bogachev "had obtained a level of protection [from the Russian security agencies], and was able to get away with certain crimes as long as they were not committed against Russia".
In his book Spam Nation, Brian Krebs offered details about the criminal conspiracy, called the Russian Business Network, which Bogachev is alleged to be a member of. Krebs' focus is on spammers who enjoyed FSB protection via donations made to a volleyball league.
The spammers' bread-and-butter was in attracting people to purchase drugs through unlicensed online pharmacies, which were sold at much lower prices than they retailed for in the US. This may offer an explanation as to why healthcare information is becoming such a large target for hackers, although this was not suggested by Wallach.
As with its counterpart in the UK, the FBI is keen to see the NCFTA model of cooperation increased to include overseas partners, according to Wallach, who had previously been assigned as the FBI Legal Attaché at its office in Bern, Switzerland.
The FBI has 60 fully operational Legal Attaché offices and 15 sub-offices, with 165 agents and 103 support personnel assigned for a total of 268 employees stationed around the world.
Wallach, who has been with the agency for 19 years, noted that the FBI is still having difficulty recruiting talent. People who work for the FBI do so due to their belief in "the mission", he acknowledged.
A Department of Justice report into the agency earlier this year found that recruits were discouraged by the invasive recruitment processes, and better private-sector salaries.
The DoJ report found that five of the FBI's 56 field offices did not have even a single computer scientist assigned to them, which suggests the cybercrime functions of its Legal Attaché programme may be limited.
According to testimony delivered to a Senate subcommittee on the Legal Attaché programme, "[the] growth of transnational crime caused by the explosion in computer and telecommunications technology ... has made it necessary for the United States to cooperate with countries around the world concerning security issues."
Wallach also celebrated the FBI's International Cybercrime Coordination Cell (IC4), the platform from which international cooperation took down the Beebone botnet earlier this year. Such a collaboration provides "the model for international cooperation" stated Wallach.