It is mid-morning at the Internet Storm Center, an emergency response team strictly run by volunteers. They are studying data coming from sensors in thousands of other computers around the world, looking for suspicious activity online, or trends that spell trouble.
Marc Sachs, the center's director says, " We can quickly see this spike, as we call it; we could look at that spike and within minutes, see an outbreak of a piece of malicious code or worm or other type of activity."
If malicious code is detected, the word is quickly put out, and like a swat team, different international public and private groups that act as computer emergency response teams, or certs, move in to help control it.
Marc says cert teams are commonplace. "Today most countries now have national certs, computer emergency response teams, and most universities have certs. Most large businesses have cert teams and cert cc [Coordination Center] continues to be the coordinator of thousands now of these emergency response teams."
When the Internet was first built, there was little need for emergency Internet response teams looking for malicious activity or cyber crime. In those days everyone online was assumed to be a "good guy."
Defining mutual trust determines the protocol used. “That mutual trust defined the different protocols, the different systems, the different applications," said Marc.
Things have changed dramatically since then -- there are now nearly a billion users online -- yet the network still works on that "trust" system. Not being able to verify who is on line is one of the Internet's major wiring flaws, and it presents an ideal world for cyber criminals.
Dan Larkin is chief of the FBI's Internet Crime Complaint Center and says the nature of the Internet may be one attraction for illegal activity. "That's the attraction of the Internet. It's obviously broad. It allows the bad guys to expand the scope of their schemes, and scope of their ability to make money from their schemes and to be anonymous."
One popular cyber scheme involves manipulating the network's domain system, to redirect users to sites they don't even know they are visiting. On the screen, it looks like they have clicked on, say, their bank's site, but it is often a fraud.
Michael Nelson is Vice President of Policy at the Internet Society, an organization that helps to set Internet standards. "People are going to these websites, typing in their credit card and their name, password, and losing thousands of dollars."
Identity theft is a multi-billion dollar industry, and the IT world is working on ways to require positive identification by users. Smart cards, which act as ID's are one such answer. "You'll be able to slip this in a computer to verify that you are who the computer thinks you are. You can also do this with fingerprints, we now have laptops that have a $50 fingerprint reader that can verify that you are there, that it's really you."
But cyber criminals are skilled in technology and are constantly finding ways to manipulate the system. Marc says, "We don't know where these guys will go next. It's completely up to the creative minds of the attackers as to what's next."
For FBI agents like Dan Larkin, keeping one step ahead of the "bad guys" has meant changing the way law enforcement traditionally does business. Today, the FBI cyber division works with academic and commercial groups…all experts in the field. "The thing we try to do is to tap them (experts) to open our doors to those intelligence and subject matter experts and bring them into the fold as an extension of our international cyber task forces."
Another major change has been to involve the public. In the past, the FBI kept things quiet while they worked to build a case. Dan Larkin says this is changing, "It's going to be a two prong approach: we're going to try to keep empowering the consumer on what the problem is and at the same time, hopefully aggressively, go after the bad guys."
Both the FBI and the Internet Storm Center have websites to keep the public --individuals and businesses -- aware of the latest cyber schemes. They also offer tips and technical assistance.
At the very least, Marc gives some basics to keep in mind. "Keep your software updated, run anti-virus, have firewalls, just normal common sense things you need to do. Industries need to make sure they've got good policies in place."
On the day we visited the Internet Storm Center, the state of cyber space seemed to be relatively calm. But when the next cyber storm does hit, this and other groups will be fighting it.