That’s not really FBI Director James Comey emailing you from Nigeria asking for some quick cash, but even with the most up-to-date software the way a person treats that type of scam email could endanger a network.
“People get emails from me saying I’m in Nigeria. I need you to wire me money,” Comey told a crowd at Boston College for a cyber security conference, telling them the people who use devices in our increasingly interconnected world are the weakest link in the defenses against cyber criminals.
While Comey wants private companies and institutions to open up channels of communication with the FBI, pledging that the bureau does not want their intellectual property, he is also trying to beef up the bureau’s human resources.
“The FBI is an addictive life,” said Comey, who said the agency is trying to be a “little cooler.” He said the FBI does not offer “bean bag chairs and granola” — office staples of well-funded tech firms — but the agency is moving closer to that.
In the spotlight after President Donald Trump’s claim that former President Barack Obama wire-tapped him during the presidential campaign, Comey also offered a hint at his professional future, saying he would like to be invited back to the Boston Conference on Cyber Security and indicating he intends to remain at the agency long-term.
“You’re stuck with me for about another six and a half years, so I’d love to be invited back again,” Comey told the audience.
Obama appointed Comey to a ten-year term as director of the FBI in 2013.
Boston’s high tech sector offers both a potential talent pool for a director seeking to respond proactively to cyber threats from China, Russia, North Korea and Iran, and a “target rich environment” in the estimation of the bureau’s Boston chief.
Boston Division Special Agent in Charge Harold Shaw said the Bay State’s collection of major companies, defense contractors, startups, university-based research and development programs and the tech sector are all potential targets for cyber criminals.
“It will be a daily struggle to stay in front of all the cyber threats that confront us today,” said Shaw.
Acknowledging that the FBI is not as financially rewarding as the private sector and involves hard work, Comey said his recruitment strategy is to tell people “your lives are empty pursuits of money,” and inviting them to more mission-driven employment.
While Comey invited the audience – but not the press in the back – to ask him “about anything,” the interlocutors at Gasson Hall steered clear of any inquiries regarding Russia, Wikileaks or the president’s recent wiretapping assertion that Comey reportedly sought to push back against through the U.S. Department of Justice.
Kate Stebbins, the assistant secretary of innovation, technology and entrepreneurship in Massachusetts, queried Comey about the security of health care infrastructure.
Comey said health care organizations are sometimes so busy they do not back up their electronic files, making them vulnerable to cyber criminals who could lock up their data in what is known as a ransomware attack.
“It’s disastrous to pay the ransom,” Comey said. He said, “We have to make it unprofitable.”
Gov. Charlie Baker has said keeping data secure from hackers is one of the things “I lie awake at night worrying about,” and the state has taken steps to foster cyber-security ties with Israeli firms, and devoted research dollars to the subject. Senate President Stan Rosenberg in January said he has considered establishing a task force within the Senate to look at cyber security.
Comey is looking to generate “competition within the FBI” by assigning cyber security cases to offices that have demonstrated they can handle them, rather than making assignments based on the geographic location of where a cyber-attack manifests itself.
The FBI director was in Chelsea on Tuesday to celebrate the opening of a regional headquarters that will house a new cybersecurity facility. The bureau also has a “fly team” or Cyber Action Team ready to respond on-location to cyber attacks on short notice, Comey said. Comey said businesses should view the FBI’s cyber security operations the way they now view local fire departments, sharing basic frameworks proactively to facilitate effective response should disaster strike.
The bureau was aided in responding to the notorious hack of Sony, which was blamed on North Korea, because the company had already been in communication with the FBI and the FBI knew the “basic contours” of its network, Comey said.
Law enforcement requests for information are sure to bump up against the interests of organizations wary of giving away too much.
Terrorists have used the internet to communicate secretly, recruit and proselytize, but they have not yet used it as a “tool of destruction,” Comey said, predicting that will happen in the future. He said nation-states pose the biggest threats in cyber security, followed by multinational syndicates that are in the business of stealing money and information.
Revelations about U.S. snooping abilities exposed by former National Security Agency contractor Edward Snowden have heightened interest in encryption technology that can keep personal data out of the hands of spy agencies or law enforcement, even if they have the physical device where it is stored.
Comey said over three months the FBI lawfully received 2,800 devices related to investigations into terrorism, pedophilia and counterintelligence, but has been unable to access the data on 1,200 of them. Using the analogy of a shadow creeping across a room, Comey warned that the FBI’s capabilities are becoming limited by the ubiquity of encryption.
Comey, who said he values his own privacy, said “user control of data is not a requirement for strong encryption,” noting the FBI retains some control of the devices it gives out to its employees.
“There is no such thing as absolute privacy in America. There is no place in America that is outside of judicial reach. That’s the bargain,” Comey said.
The director said he wanted to alert the American public that law enforcement tools become more limited with the spread of encryption technology, which he described as useful in preventing cyber intrusions even as it can hinder investigations.
“It is not the FBI’s job to tell the American people how to live,” Comey acknowledged. He said, “We all value privacy, I hope. We all value security. We should never have to sacrifice one for the other.”