Computer Crime Investigators Engage in War on Cyber Threats
By Special Agent Matthew Johnson, Air Force Office of Special Investigations.
04/18/01 - Andrews Air Force Base, Maryland -- April 18, 2001 (AFPN) -- The Air Force Office of Special Investigations fields a team of 48 specially trained agents to ward off hackers, thwart computer criminals, and detect cyber terrorists.
They are called computer crime investigators, or CCIs, and escalating threats from the cyber world keep them on their toes. Probes and scans of Air Force computers from foreign locations alone number in the millions per year.
The need for vigilance against such threats is clearly demonstrated by the damage caused to the Air Force by last year's "I Love You" computer virus:
- Number of users executing the virus: 7,418
- Number of servers offline: 1,065
- Average downtime: 32 hours
- Total cost: $3,174,427
Imagine such a crippling attack -- or several at one time -- during wartime operations, and it is easy to understand why information assurance awareness is so critical to the Air Force.
It is also easy to understand why so many adversaries choose to operate in cyberspace: Their attacks are harder to identify, they benefit from the rapidity of information flow, they can inflict great damage without great expenditure, and cyberspace provides a virtual sanctuary from identification.
And that is why CCIs have become increasingly important. CCIs provide rapid response to intrusions into Air Force information systems and networks worldwide. These officer, enlisted, and civilian agents are dispersed to seven primary locations around the world, supporting OSI field units and Air Force commanders in their respective areas of responsibility.
CCIs provide threat information, analysis, operations and intelligence support by engaging investigations and information assurance issues with military and civilian Computer Emergency Response Teams, other military and federal law enforcement entities, and intelligence agencies.
Besides providing response to high-profile viruses, a CCI's primary caseload revolves around traditional computer intrusion investigations. In 2000, CCIs opened 26 substantive computer intrusion investigations. Half of these investigations originated in foreign locations.
Intrusions that originate from the United States are divided into two categories: traditional intrusions and intrusions from "insiders."
Insiders are Air Force members, employees or contractors with access to Air Force information or systems who exceed their authorized access. Because of their regular access to information systems, insiders present the greatest potential for causing harm.
While CCIs are critical to the war on cyber threats, they cannot do it alone. They depend on every Air Force member complying with sound computer practices. Do not open e-mail attachments from unreliable sources. Do not load unauthorized software onto your computer. Do not send information to anonymous e-mail requesters. Do not attempt to venture outside of your authorized level of access. But do report these things if you become aware of them.
If you see a violation or exploitation of an Air Force resource or information system, immediately notify your assigned security officer or local OSI detachment. You may just foil the attempt of an adversary who seeks to harm our information systems.