In Oklahoma, Businesses and LEOs Fight Cybercrime

As crimes change, new collaborations form between corporate investigation teams and authorities

The survey warned that passwords, biometrics, anti-virus software and intrusion detection systems "cannot totally reduce an organization's risk of computer security breaches" and the associated financial losses.

One good sign, the survey said, is that financial losses declined dramatically in 2005, to $130 million among 639 organizations willing to esimate losses. That's down from $141 million in 2004 among 269 organizations.

In Oklahoma, the number of Internet crime complaints in Oklahoma spiked to 1,862 in 2005, up from 643 complaints in 2004, according to a database compiled by the Internet Crime Complaint Center.

Seventy-five percent of the complaints involved auction fraud or nondelivery of merchandise or payment.

The database is a cooperative effort between the FBI and National White Collar Crime Center.

Tony Whitledge, former director of the IRS Electronic Crimes Unit, said the corporate focus on securing data is an evolution, and sometimes a business "has to get beat up pretty bad" for executives to pay attention.

"You take a large corporation that's aware of threats, or taken a hit, and they will have security staff and do a pretty good job of securing their network and resources. But take a very small business that hires someone to put a network together, and they may not be security-aware at all," said Whitledge, who now runs his own computer forensics firm in Washington, D.C.

In the future, Adams said, the FBI wants to work closer with some 200 Oklahoma companies that handle government contracts.

"We want to stand next to a company that becomes victimized through a computer intrusion," he said. "We want to locate the bad guy, and we want to go after them.

"The efforts made by us here in Oklahoma are, hopefully, changing things to where industry and governments feel more comfortable contacting law enforcement."

In cyber space, the major line of defense for Oklahoma businesses is Oklahoma InfraGard , a nonprofit partnership between the FBI and the private sector.

Any attacks or intrusions on corporations in Oklahoma are reported to InfraGard. The chore of extracting information from computers can be referred to private forensics firms, or to one of the FBI's Regional Computer Forensic Laboratories across the United States.

The labs closest to Oklahoma are in Kansas City and Dallas.

Founded in 2002, Oklahoma InfraGard has more than 400 members, the fourth-largest chapter in the nation, Adams said. The memberships include public and private businesses, colleges and universities, tech companies, public utilities, police and other organizations. There are InfraGard chapters in all 50 states.

InfraGard is an outgrowth of partnerships, the most important change in the FBI since the terrorist attacks of 2001, FBI Director Robert Mueller has said. Until 2003, "cyber investigations were conducted on an ad-hoc basis."

Originally, Oklahoma InfraGard was formed so members could share vital information intended to protect critical infrastructure, including gas, oil, electrical, water, financial, transportation, telecommuncation and emergency-service facilities.

Today, the group also spends time discussing, in private, security problems facing their businesses.

Dan Biby, an InfraGard board member, said businesses are taking more precautions.

"Firewalls, secure networks, security policies and education of employees are all helping us thwart attacks," said Biby, who is also president and founder of Brookside Group, a firm that helps businesses prepare and respond to disasters.

"There's continual, 24/7, 365-day-a-year activity that must be in place to maintain that security. And budgets are tight," he said.