Cyber criminals stole over $10 billion from U.S. citizens and entities last year, an ‘unprecedented’ amount of loss resulting from a threat which is both growing in sophistication and increasingly harder for victims to protect themselves from, agents with the FBI said Wednesday.
Speaking at Boston College for the seventh Boston Conference on Cyber Security, FBI Boston Division Special Agent in Charge Joe Bonavolonta said that in his division alone — one of the Bureau’s largest, covering Massachusetts, Maine, New Hampshire and Rhode Island — “victims reported more than $298 million in losses” as a result of cyber crime.
“FBI Boston continues to receive as many as four reports per week from new victims, and in some cases they’ve suffered tens of millions of dollars in losses per individual report,” Bonavolonta said.
In April, the city of Lowell was attacked by a cyber criminal group calling themselves “Play” which used malware — that’s computer software made with malicious intent — to access and lock up city and school district computer systems.
When the victims wouldn’t pay the group’s ransom, they apparently posted a trove of stolen information to the unindexed so-called dark web, where it can be shared and sold by criminals and rogue states. A request for comment on how things stand in Lowell, more than a month after their systems went down, was not immediately returned.
Though the case is still under investigation and Bonavolonta could not comment on it specifically, the SAC said Lowell isn’t the only government agency hit by ransomware or locked out of their systems.
“(It’s) a very pervasive issue, and not just here in the New England area, it’s very common throughout the entire country in terms of various types of municipalities being hit with these kinds of attacks, and they can be incredibly disruptive,” he told the Herald. “It can shut down government work and cause many significant issues, even relating to public safety potentially.”
While it may seem like small agencies lack the ability to protect themselves, according to Bonavolonta simply maintaining unnetworked data back ups helps take the power out of the hands of criminals who might prevent access to important information.
The annual conference and other partnerships like it, Bonavolonta told the audience of cyber security professionals, academic experts, and policy makers gathered at Gasson Hall, is a perfect example of another tool the nation’s top law enforcement agency needs in it’s toolbox to work against the continued danger to American citizens and corporations from both state-sponsored and lone cyber criminals.
“It’s indicative of why we have these conferences today, which is to bring in members of local, state, and federal government — public sector as well as private sector — to have these discussions on how the cyber threat has evolved,” he said. “And just talk about what can be done to mitigate the threat, such as depth of defense, various layers of different kinds of cyber defense that really can in many cases prevent these attacks from occurring.”
Another key, according to Deputy FBI Director Paul Abbate, beyond locking up the cyber criminals the FBI does catch, is maintaining the agency’s authority under Section 702 of the Foreign Intelligence Surveillance Act.
“When dealing with cyber threats, 702 is the tool we use to collect foreign intelligence by targeting, say, a hacker in China, — a non-U.S. citizen located outside of the U.S. who is not covered by the constitutional protections we enjoy as Americans,” he said. “It is how we connect the dots between foreign threats and targets here in the U.S.”
The rule, however, has been much in the news after it was revealed the agency also used it to track rioters during the storming of the U.S. Capitol Building on January 6th, 2021, and during the Black Lives Matter protests in the summer of 2020. Section 702 is set to expire at the end of the year.
“We cannot afford to lose it,” Abbate said. “To make sure we are using our authorities correctly and appropriately, we have put in place an entire slate of important reforms to our processes, electronic systems, training and oversight.”