“I’m here to recruit you.” Was Christopher Wray, director of the FBI, really joking when he said that hiring people for the FBI was the reason for his presence at the Mandiant mWISE conference?
During his opening keynote speech on September 18, Wray explained how collaborating with the private sector has changed the FBI’s approach to combating cybercrime.
He said that the 9/11 terrorist attacks led the Bureau to open itself more to other parties, first in its counter-terrorism missions and then in other areas, including cyberspace.
“Today, our strategy is informed by where we sit, at the center of a cyber ecosystem that stretches from the defensive side, with the private sector but also agencies like the US Cybersecurity and Infrastructure Security Agency (CISA), all the way over to, on the offensive side, the CIA, the NSA and our foreign partners,” Wray added.
Over the past few years, the FBI has conducted several joint investigations and law enforcement operations in cyberspace, which encompass an increasing number of partners, including foreign cybersecurity agencies from ally countries and private organizations.
“The bottom line is: it doesn’t matter who gets the credit as long as the job gets done,” said Wray.
Recent law enforcement operations, such as the Hive ransomware or the QakBot malware loader takedowns, included partners like Zscaler, who helped with the investigation.
Victim Organizations Encouraged to Work with the FBI
However, the prime example of such public-private collaborations highlighted by the FBI director is the 2022 takedown of the Cyclops Blink botnet, allegedly built by the Russian military agency (GRU).
This is because, this time, the private partner WatchGuard was directly involved in the malicious campaign.
Wray explained: “The GRU’s Sandworm team had managed to implant malware on thousands of WatchGuard firewall devices worldwide. Those firewalls were primarily used by small and medium enterprises (SMEs). Our collaboration with WatchGuard allowed us to reverse-engineer the malware and develop and execute a sophisticated technical operation, severing GRU’s ability to communicate with the command-and-control layer.”
He added that while the operation’s success was partly due to “creatively combining a traditional federal search warrant and extraterritorial law enforcement authorities, we were only as successful as we were because of the participation of the private sector.”
Wray also cited joint efforts in 2021 after a cyber-attack on Colonial Pipeline disrupted fuel supply across the East Coast that involved Mandiant.
He then stressed that the FBI wanted more of these joint operations and called for more private organizations that have fallen victim to cyber-attacks to contact the FBI and make the Bureau part of their incident response plans.
Read more: FBI's QakBot Takedown Raises Questions: 'Dismantled' or Just a Temporary Setback?
“We know the private sector hasn’t always been excited about working with federal law enforcement. But when you contact us about an intrusion, we won’t be showing up in raid jackets. Instead, we’re going to treat you like the victims you are.”
“Any time many layers from the private sector, the government and managers and frontline defenders around the world all get together in one room, cyberspace becomes a little bit safer,” he concluded.