"Cyber crime is our number three priority behind anti-terrorism and counter-intelligence, we devote a lot of resources to it, and Director Mueller sees it as a significant criminal problem and is very supportive of our efforts," said Henry. "We also get ample support from the U.S. Department of Justice and have been successful with the legal tools that are being made available to us."
Despite making headway, Henry said that the battle against botnets and other forms of cyber-crime remains an "electronic cat and mouse game" as once law enforcement officials and the security community identify and block one technique being used by schemers, the perpetrators tend to move on to some newer modus operandi.
The FBI assistant director said that as part of the agency's effort to stop botnets and other attacks, it is hoping that businesses and consumers will become more vigilant and aggressive in lending a hand by keeping their computers protected with the latest anti-virus programs.
The agency is also advising potential victims of cyber-crime to pursue investigation of such activity by contacting their Internet service providers, and the FBI has said publicly that people should report any suspected illegal activity to such companies rather than communicating problems directly to itself or other law enforcement organizations.
Security industry experts lauded the FBI's work to identify and detain hackers as part of its Operation Bot Roast, which led to the arrests of Soloway, Brewer, and Downey, but at least one authority said that the agency may be creating false expectations of relief for businesses and consumers by telling them to fight crimes via their ISPs.
Web access providers, particularly those that cater to residential markets, have minimized help desk support to save overhead costs, and customers may find themselves with little recourse or being asked to pay for additional security services when they call their ISPs to complain, said Danny McPherson, chief research officer at security filtering specialists Arbor Networks. Arbor provides network behavior analysis tools to a number of well-known ISPs, including AT&T, British Telecom, EarthLink, and NTT.
In addition to leaving customers unsatisfied with their ability to respond to attacks, and potentially driving ISPs with minimal support budgets out of business, asking the service providers to become the de facto police for stopping botnet activity is impractical for a number of reasons, McPherson said.
"You tend to see a lot of people, not just law enforcement, calling for quarantines of suspected botnet infected IP addresses, but you can't just start blocking legitimate users who may not know they are involved, what if you stop someone from making a VoIP-based emergency services call?" McPherson questioned. "If someone gets blocked by their ISP, they're going to move to another provider; systems and solutions to automate the security defenses needed to address this problem are being developed, but it will take time, and most infrastructure out there won't natively support that sort of work today."
McPherson said that it is encouraging to see cooperation between U.S. law enforcement officials and foreign nations, but he believes that the botnet issue will remain a major problem nonetheless.