By almost any standard, Shawn Henry has been a successful lawman. As the FBI’s top cybercop, he has racked up a string of busts against hackers affiliated with notorious underground groups: In just the past eight months, according to two knowledgeable sources, the FBI and its foreign partners have arrested 80 hackers affiliated with Anonymous, AntiSec, and LulzSec.
Despite those successes, however, Henry says the government is losing its battle against hackers. “We have had a lot of success with cybercrime investigations. We’ve made arrests, we’ve had some impact,” Henry told the Daily Beast in an interview on Tuesday. “That said, we are not winning. Even though we’ve had success, the offense outpaces the defense and the problem is getting bigger.”
The recent arrests, which took place on three continents, were a big deal. They included alleged hackers of LulzSec, who only a year ago were openly taunting senior FBI agents on Twitter. LulzSec hacked FBI servers, defaced the CIA’s public website, and pilfered the emails of senior military flag officers after hacking into the servers of Booz Allen Hamilton. It appears the FBI was aided in its investigation by an American named Hector Xavier Monsegur, who reportedly turned on his fellow hackers at some point in August.
Anonymous, a hacking group that has worked with WikiLeaks, has defaced and slowed down many websites affiliated with law enforcement and other government agencies.
Henry, who left his FBI job last month to join the private sector, spoke to The Daily Beast after testifying on Tuesday at a hearing on cyberthreats conducted by the House Homeland Security Subcommittee on Oversight, Investigations and Management.
“I would offer that only a very small group of individuals… have ever seen ‘below the water line,’ and the real threat is grossly underappreciated by the public.”
Henry would not discuss LulzSec, Anonymous, or other specific groups in the interview. He did, however, acknowledge that there have been recent advances in the field of cyberforensics that make it easier to locate the computers of hackers. Identifying the individuals carrying out Internet sabotage is harder, he said.
Last April, the Justice Department issued an indictment for 13 John Does involved with creating a botnet—a web of infected computers that can carry out tasks without the owners’ being aware of it—known as Coreflood. The FBI successfully apprehended the servers but could not track down the hackers who were using them.
“From a technical perspective, you can [trace a hacker] back to a computer in many cases,” Henry said. “I think the technology has helped in that regard. But … it’s not just the computer [we need to reach], but the fingers on a particular keyboard at the time the attack took place. That’s a lot more challenging.”
Henry added, “I think there are a lot of investigative techniques the FBI has used over the last few years that have allowed it to infiltrate these organizations, to use intelligence to better identify who the players are within the organization, to get a full scope and understanding of the infrastructure of the organization. And those capabilities … have allowed us to be more successful.”
At the hearing Tuesday, Henry compared the hacking threat to an iceberg, however. While the public sees the tip of that iceberg—things like credit-card fraud and other scams—Henry said below the water line are threats to networks of classified information.
“I would offer that only a very small group of individuals, primarily those in the intelligence community, have ever seen ‘below the water line,’ and the real threat is grossly underappreciated by the public,” he said.
Henry’s job at the bureau was to catch both the hackers who pose an intelligence threat as well as garden-variety scammers who prey on small-business owners and regular citizens. He repeatedly told business leaders that they needed to exercise more diligence in hunting hackers on their own, and to report when their proprietary networks were breached.
Henry is now joining a start-up company based in Irvine, Calif., called CrowdStrike, which develops new technology to monitor computer networks and hunt the hackers that try to live inside web servers undetected.
“There is nobody who has the authority to protect dotcom,” Henry said in the interview. “I think the private sector can step up and fill a void … and I want to be part of that solution.”