So you were just deceived by a carefully crafted phishing scheme that you provided some information to an attacker and by the time you realized, it was too late. A common question I receive is whether or not to report these incidents to the authorities and to whom to report to. It can be very confusing as Cybercrime can be federal, state, or local; it could be the FBI, the Secret Service, the Federal Trade Commission (FTC) or any number of other agencies. The theft of your private information, finances, client data, or any other potentially sensitive information can be damaging to your company and others that it touches.
Government agencies are available to assist private entities on investigating an incident and in some cases how to mitigate some of the consequences. For example the Secret Service and FBI both have forensic labs that are available to review systems that have been compromised. These agencies will work with your team and each other depending on the impact of the incident or crime. However, some of the responsibility will fall on you to do your own work which can get costly if you don't have the staff to do it. Cybersecurity insurance can help with this regard, which we will touch on another time. These agencies will be tasked to ensure that key evidence is collected and preserved properly and ultimately bring the malicious actors to justice.
Here are some guidelines provided at a recent Secret Service Joint Electronics Crime Task Force meeting I attended. Cyber-related incidents “resulting in significant damage” is what interests the Federal Government in particular and as such encourage all incidents that:
The first place to go is to a local field office of the FBI or if money is involved, the Secret Service. They will coordinate with other agencies and agents as required. If you are obligated by law or contract to report the incident to an industry, state or federal agency, this will be need to be done by you with the help of your legal and insurance advisers. It is very important to understand that law enforcement agencies will not use your report as a means to levy charges or provide information that you disclose to them to other agencies that may oversee your company (i.e. FINRA/SEC).
The agencies will respond to the threat such as attributing where the threat came from, pursing the perpetrators, and preventing future incidents and activity. The second part of the response is to protect assets and help mitigate against vulnerabilities that are exposed, helping recover or restore systems and identifying other areas of risk.
Report cybercrime, including computer intrusions, fraud, intellectual property theft, identity theft, theft of trade secrets, criminal hacking, terrorism, espionage (corporate or foreign), and sabotage to the FBI Field Office below. Report individual instances of cybercrime to the IC3.
FBI Field Office Task Force – http://www.fbi.gov/contact-us/field
Internet Crime Complaint Center (IC3) – http://www.ic3.gov
Report cyber intrusions and major cybercrimes that require assessment for action, investigation, and engagement with local field offices of federal agencies.
NCIJTF CyWatch 24/7 Command Center: 855-292-3937 or firstname.lastname@example.org
Report cybercrime, including intrusions or attacks, transmission of malicious code, password trafficking, or theft of payment card or other financial information
Secret Service Field Offices and Electronic Crimes Task Forces (ECTFs) – http://www.secretservice.gov/contact/field-offices
Report cyber-enabled crime, including digital theft of intellectual property; illicit e-commerce (such as dark-web sites); internet-facilitated proliferation of arms and strategic technology; child pornography; and cyber-enabled smuggling and money laundering.
HSI Tip Line: 866-DHS-2-ICE (866-347-2423) or https://www.ice.gov/webform/hsi-tip-form
HSI Field Offices: https://www.ice.gov/contact/hsi
HSI Cyber Crimes Center: https://www.ice.gov/cyber-crimes
Report suspected or confirmed cyber-incidents, including when the affected entity may be interested in assistance from the government to remove the adversary, help restore operations, and recommend further ways to improve security.
NCIC: (888) 282-0870 or NCCIC@hq.dhs.gov
United States Computer Emergency Readiness Team: http://www.us-cert.gov
I started Triada Networks in 2008 to service boutique asset managers and to help registered investment advisers get the most of their technology investments. I’ve been providing information technology solutions for the financial services community in New York Metro for a long time now, and I’ve seen how businesses must adapt to the changes in the market and in technology in order to succeed.
Meltdown and Spectre – what a mess
What does the Equifax breach mean?
New Petya Variant Ransomware Spreading Globally
The Internet Broke and It's Your Fault
Triada Networks partners with Global Cyber Alliance to raise security awareness among independent investment firms
Raffi Jamgotchian TV Interview on Stop My Crisis with Vivian Gaspar
The Importance of Security Awareness Training
What is the NIST CyberSecurity Framework and Do I Need to Care?