So you were just deceived by a carefully crafted phishing scheme that you provided some information to an attacker and by the time you realized, it was too late. A common question I receive is whether or not to report these incidents to the authorities and to whom to report to. It can be very confusing as Cybercrime can be federal, state, or local; it could be the FBI, the Secret Service, the Federal Trade Commission (FTC) or any number of other agencies. The theft of your private information, finances, client data, or any other potentially sensitive information can be damaging to your company and others that it touches.
Government agencies are available to assist private entities on investigating an incident and in some cases how to mitigate some of the consequences. For example the Secret Service and FBI both have forensic labs that are available to review systems that have been compromised. These agencies will work with your team and each other depending on the impact of the incident or crime. However, some of the responsibility will fall on you to do your own work which can get costly if you don’t have the staff to do it. Cybersecurity insurance can help with this regard, which we will touch on another time. These agencies will be tasked to ensure that key evidence is collected and preserved properly and ultimately bring the malicious actors to justice.
Here are some guidelines provided at a recent Secret Service Joint Electronics Crime Task Force meeting I attended. Cyber-related incidents “resulting in significant damage” is what interests the Federal Government in particular and as such encourage all incidents that:
result in a significant loss of data, cause severe down-time, or when systems are hijacked;
impact a large number of victims;
indicate that there was unauthorized access to systems gained or that malicious software was installed on critical information systems;
affect critical infrastructure (banking system, power grid, major health care) or core government functions; or
impact national security, economic security, or public health and safety.
Where to Report
The first place to go is to a local field office of the FBI or if money is involved, the Secret Service. They will coordinate with other agencies and agents as required. If you are obligated by law or contract to report the incident to an industry, state or federal agency, this will be need to be done by you with the help of your legal and insurance advisers. It is very important to understand that law enforcement agencies will not use your report as a means to levy charges or provide information that you disclose to them to other agencies that may oversee your company (i.e. FINRA/SEC).
The agencies will respond to the threat such as attributing where the threat came from, pursing the perpetrators, and preventing future incidents and activity. The second part of the response is to protect assets and help mitigate against vulnerabilities that are exposed, helping recover or restore systems and identifying other areas of risk.
Your local FBI Field Office
Report cybercrime, including computer intrusions, fraud, intellectual property theft, identity theft, theft of trade secrets, criminal hacking, terrorism, espionage (corporate or foreign), and sabotage to the FBI Field Office below. Report individual instances of cybercrime to the IC3.
FBI Field Office Task Force – http://www.fbi.gov/contact-us/field
Internet Crime Complaint Center (IC3) – http://www.ic3.gov
National Cyber Investigative Joint Task Force
Report cyber intrusions and major cybercrimes that require assessment for action, investigation, and engagement with local field offices of federal agencies.
NCIJTF CyWatch 24/7 Command Center: 855-292-3937 or firstname.lastname@example.org
United States Secret Service
Report cybercrime, including intrusions or attacks, transmission of malicious code, password trafficking, or theft of payment card or other financial information
Secret Service Field Offices and Electronic Crimes Task Forces (ECTFs) – http://www.secretservice.gov/contact/field-offices
United States Immigration and Customs Enforcement / Homeland Security Investigations (ICE/HSI)
Report cyber-enabled crime, including digital theft of intellectual property; illicit e-commerce (such as dark-web sites); internet-facilitated proliferation of arms and strategic technology; child pornography; and cyber-enabled smuggling and money laundering.
HSI Tip Line: 866-DHS-2-ICE (866-347-2423) or https://www.ice.gov/webform/hsi-tip-form
HSI Field Offices: https://www.ice.gov/contact/hsi
HSI Cyber Crimes Center: https://www.ice.gov/cyber-crimes
National Cybersecurity and Communications Integration Center (NCCIC)
Report suspected or confirmed cyber-incidents, including when the affected entity may be interested in assistance from the government to remove the adversary, help restore operations, and recommend further ways to improve security.
NCIC: (888) 282-0870 or NCCIC@hq.dhs.gov
United States Computer Emergency Readiness Team: http://www.us-cert.gov