WEEKLY MEDIA BRIEFING WITH
THE DEPARTMENT OF JUSTICE
9:30 A.M. EST
THURSDAY, FEBRUARY 10, 2000
Q Good morning.
MR. HOLDER: Good morning.
I'd just like to start by making a statement about the computer -- the Internet problems we've been having over the last few days. As you know, the department has launched a nationwide investigation into recent attacks on some of the most popular sites on the Internet.The investigation is being coordinated by the FBI's National Infrastructure Protection Center, with investigative and other support from numerous FBI field offices around the country.
The FBI is also working closely with the department's Computer Crime section and with specially trained prosecutors around the country, who have authority and also who have expertise in obtaining court orders for electronic and other forms of evidence.Now the recent attacks are serious for a number of reasons. In addition to the malicious disruption of legitimate commerce, so-called denial of service attacks involve the unlawful intrusion into dozens or even hundreds of computers, which are used to launch attacks on the eventual target computer -- in this case, the computers of Yahoo, eBay, buy.com, and others. Thus the number of victims in these types of cases can be substantial, and the collective loss and cost to respond to these kinds of attacks can run into the tens of millions of dollars or more.
While we are still investigating the scope and the severity of these recent attacks, it's clear that these kinds of attacks are quite serious.
We have substantially bolstered our cybercrime efforts in recent years. In addition to the establishment of the National Infrastructure Protection Center at the FBI and the establishment of computer crime squads in FBI offices around the country, we established a network of specially trained federal prosecutors in each U.S. attorney's office, who have the authority and the expertise to provide round-the-clock assistance, including search warrants, subpoenas, and other types of orders.
These efforts, of course, are part of the administration's larger cybercrime and infrastructure protection effort. The president is seeking $2 billion this year to bolster our government-wide efforts, including efforts to boost the security of the government's information infrastructure.
At the same time, responding to the growing threat of cybercrime requires constant vigilance and additional resources.
The president has asked Congress to provide an additional $37 million next year to expand the Justice Department's cybercrime-fighting efforts.
This request includes new funds for computer crime prosecutors, additional investigative capabilities for the FBI, and to support state and local law enforcement agencies.
Finally, Internet security must be a community-wide effort. The private sector needs to take additional steps to safeguard their computer systems. This is one area where public-private partnerships can be truly effective.
We also need to begin teaching our young people about Internet ethics. Many young people don't know that it's wrong to break into -- or do know that it's wrong to break into a person's house, yet they don't feel the same moral apprehension before breaking into another person's computer.
There is no doubt that the Internet is providing countless benefits to our society, but we must be vigilant in responding to the growing threat of cybercrime, which requires a heightened response from law enforcement, more effective public-private partnerships, and broader efforts to educate the Internet community about the appropriate and responsible use of this wonderful new technology.
Q Mr. Holder, has there been any progress in the cyberattack investigation? And if there has, can you tell us about it in terms that doesn't compromise the investigation?
MR. HOLDER: Well, I'm not sure I'd want to comment on the progress that we've made, other than to say that the effort that we're making is a substantial one, involving U.S. attorney's offices around the country, specially trained prosecutors, countless numbers of FBI agents, in addition to the NIPC here in Washington, and also outreach efforts that we have made to industry.
Q Can you tell us whether we're at least looking at one source or are we looking at a number of sources, and whether the source or sources are in the United States or outside the United States?
MR. HOLDER: With regard to the first part of the question, I think it's too early to say. We don't know at this point whether we're looking one source or more than one -- no indication at this point that we are looking at anything that comes from outside the country, though there have been previous attacks, similar attacks that have been launched from outside the country. So that is a possibility we'll certainly have to consider.
Q In terms of the magnitude of the attack, you've talked about the actual victims, the people whose sites were shut down or disrupted. Part of the magnitude also deals with the number of host computers that were used to stage the attacks. What's the rough number there?
MR. HOLDER: I don't think we have a number at this point. It's hard to say. We suspect it involved a substantial number of computers that were needed to send this information to bring down the websites, but at this point I'm not aware of the number.
Q Well, is that supposition based only on the magnitude of the attacks, or something else?
MR. HOLDER: Well, I'm not an expert on these kinds of things, but given the way in which these attacks are generally launched, I've been told by the people in our Computer Crime section that you generally need a substantial number of computers to do these kinds of things.
Q Is that dozens --
MR. HOLDER: It doesn't mean, on the other hand, that this particular kind of hacking is particularly sophisticated. What they've also said is that you do not have to have a great amount of computer expertise or very sophisticated equipment in order to do this kind of attack.
Q Mr. Holder, the $37 million increase that the department's seeking this year -- is that indicative of being behind the curve? Is this -- are you playing catch-up here? Where exactly would you place the federal effort in terms of fighting cybercrime?
MR. HOLDER: I think we're doing a pretty good job. I think that we've also recognized that we do need additional people. We need additional -- that additional forensic capabilities. This is, as everybody understands, a fast-changing area, and in order to keep up with those who would do the kinds of things that we're concerned about now, we're going to have to spend additional amounts of money, do a lot of training just to keep current.
Q A lot of that money would go to response teams. Do you know how they would work, who they would be and how they would work?
MR. HOLDER: Of the 37 million?
Q Yeah. A lot of the $37 million is aimed at setting up regional or several response teams to handle investigations of cybercrime.
MR. HOLDER: Yeah. One of the things we wanted to do was set up, for instance, regional computer forensic labs or facilities, where we would be able to launch investigations, hopefully in a quicker way. If you find that the site of an attack is out in the West, for instance, you'd be able to go the Western regional lab and, hopefully in that way, get the process going a little faster.
Response teams would involve the use of experts to try to get them on the scene faster, in order, as I said before, to just make sure that our response is as quick as it possibly can be. Time is important in these matters.
Q Mr. Holder, as far as motive; four days into this, your people must have some better working theories as to what might be guiding this, whether it's financial or thrill seekers, ideological? But what do you think is going on?
MR. HOLDER: At this point, I can't honestly say that we have a sense of what the motive is with regard to these people.
But whatever their motive, they have engaged in acts that we believe are violative of the federal criminal law, exposing them to penalties of at least five years in jail, fines of at least $250,000 or more. These are people who are criminals. And we will do all that we can to find them, to prosecute them, and to put them in jail. We don't consider this to be a prank; these are very serious matters.
Q Mr. Holder, in terms of trying to figure out whether this is more than one person, computer experts we talked to say one of the things you look at is, in essence, the fingerprints, the style of the messages, the little packets that are thrown at the ultimate victim computer. And if they were all very similar, that would be highly suggestive it came from one person. Are they all very similar? And does that suggest that perhaps it is one person?
MR. HOLDER: Well, I wouldn't want to comment at this point on information that's quite that specific. I mean, the FBI is working to develop leads, in addition to doing the computer forensic things that we do.
I think people should understand that, you know, investigations like this, though they involve computers, can also involve traditional ways in which you would want to crack a case: Are people talking, for instance, about what they have done?
So there are a whole variety of things that the FBI is doing.
Q Mr. Holder, you said that -- you keep saying "a substantial number," in quotes, computerss might be involved, and I know you wouldn't have a total amount, but can you give us a ballpark in terms of what does "substantial" mean, in your mind, in relation to this?
MR. HOLDER: I'm really only relaying information given to me by people who are a lot more expert in this area, and I don't have really much more than that.
Q Have we identified -- there are several strains of denial- of-service tools out there. Have we identified the particular strain or strains that are being used in this attack?
MR. HOLDER: That I don't know. Maybe Myron might be able to help you with that.
Q How do they know, as you said before, that it doesn't appear to be from outside the U.S.?
MR. HOLDER: We have no indications at this point that it is, but that is a possibility we're not foreclosing. In the past there have been similar denials of service that have been launched from outside the United States, and so that is one of the possibilities that we would certainly want to examine. But I'm saying at this point we don't have any indication that is the case.
Q Do you think the penalties for things like this are serious enough? And I ask that because the most notorious hacker that I think that we've had to date was Kevin Metnick (sp), who led the FBI on a nationwide chase for a long time. Finally he was caught in North Carolina. He was put in prison and just last week he was released. He had served his sentence. Is there any thought of increasing penalties as a deterrent?
MR. HOLDER: Well, I mean, I think that's certainly something that we ought to consider. We at the Justice Department have generally expressed a concern that penalties for white collar crimes are too low and that the sentencing guidelines, the table that courts use in making penalty determinations, ought to be raised. We've expressed that to the Sentencing Commission and hopefully that will be something that the Sentencing Commission will take up relatively quickly this year.
Q But here, of course, you're bound by the statute, which is, regardless of what the guidelines say, it gives you a maximum of five years for the first offense.
MR. HOLDER: Right.
Q Do you think the statute should be changed?
MR. HOLDER: I think it's something we ought to consider. Who knows how long these particular attacks will go on, and we will obviously have to determine what the magnitude of the loss actually is. But it seems to me that you could end up with a situation where we might want to consider raising the penalties.
Q Do you happen to know whether it's correct, we've been told that these little packets that are thrown at the host site, that come streaming in to shut it down, some of them carry a message. Is that correct?
MR. HOLDER: I'm not aware. I don't know. I don't know.
Q Mr. Holder, it was acknowledged yesterday at the FBI news conference that these attacks are particularly hard to prevent; that as you develop software to protect against them, intruders are developing their own software to foil your filters.
Isn't a quick apprehension, a conviction and a significant jail sentence your only real option here to deter attacks like this in the future?
MR. HOLDER: Well, these are -- you're right. These are things that are difficult, but not impossible, to prevent. There are certain measures, I understand, that can be taken that make it more difficult for these things to be done that the -- I think they're called the "zombie" computers -- can do to make them less amenable to this kind of attack and, obviously, I think that's something that we have to try to work with industry to help develop, come up with ways in which we make this more difficult. It may be ultimately impossible to fully prevent these kinds of things, but I think we can probably do a better job of trying to prevent them from happening.
Q Can you give us some indication of the pace of the investigation? You've said it's nationwide, lots of people involved.
But is this sort of like going back to all the host computers and asking for their records? Is it largely a paper search at this point? Are you in hot pursuit? I mean, can give us some indication of how the investigation works?
MR. HOLDER: As I said, I don't want to go into too many specifics, but I think it would be safe to say that this is something that is extremely active, that is very extensive. It involves substantial numbers of people; it involves people at a whole variety of levels all around the country, both within and outside of government. So I would say this is something that is -- you said "hot pursuit;" I'd say this is something that is a hot investigation.
Q But given, I mean -- one of the reasons we're all sort of scrambling around here is that we've never covered anything like this before because there's never been anything like this before. And in part, you know, you've never had to investigate anything quite like this before. So just to get a sense here, is this something you think -- your folks think will take weeks, if not months, to go back upstream and connect all these little dots, or is it something that will happen quickly? I mean, where -- is it the very beginning here, or what?
MR. HOLDER: I don't know. I mean, it's hard to tell, you know, what is the break in any case. Somebody gets careless in the way in which they talk to somebody else; that could be the thing that breaks the case. There is something that our computer forensic people come up with quickly or over the course of some weeks. I think it's just kind of hard to tell. But I think the American people should be reassured that we're doing all that we can to try to figure out exactly who is behind this.
Q Since the news conference yesterday, have there been any other attacks?
MR. HOLDER: Just in terms of timing, I'm not sure. There have been about a half dozen or so attacks and I just don't frankly remember, Pete, exactly from the time the attorney general's news conference to when anything might have happened.
Q Mr. Holder, what's the success rate in terms of tracking down hackers? Does the National Infrastructure Protection Center have a list of cases and the percentages that they have been able to close? They have only been in operation a couple of years. But what's your sense of the success rate?
MR. HOLDER: I don't know if there are any statistics or if they have any reports in that regard. Myron might be able to help you with that at the end of our session. I just don't know if they have those kinds of statistics on hand.
Q Mr. Holder, one of the things that the attorney general mentioned yesterday is that there has got to be a partnership between the private sector and NIPC and the Justice Department to make sure these attacks are promptly reported. Are you trying to set up some kind of mechanism so that you know, as soon as possible, when these attacks occur?
Yesterday, Ron Dick was not aware immediately that there had been reported attacks on Datek and others. Are you trying to improve that mechanism?
MR. HOLDER: Yeah. We need to work with industry so that people will understand, companies will understand, that as soon as these kind of incidents occur, that the appropriate people in government -- Federal Bureau of Investigation, NIPC -- are made aware of them.
The concern that we have is that one company, with what might seem to them to be a minor incident, could actually be part of a larger scheme. And unless we are made aware of all of the things that are going on, we won't really know the dimensions of the problem. And that's why we really have to work with industry to make sure that we have better response times.
Q To follow up on -- MR. HOLDER: Here.
Q -- the question real quickly; this does involve substantial record-checking, does it not?
MR. HOLDER: I suspect that will be one of the things that we'll be doing. Yeah.
Q Mr. Holder, this one -- this particular attack did not involve any content change on these sites. Is that more of a concern to you from a law enforcement standpoint? It certainly seems to be -- in the tech world, that they are more afraid of worms and things that get in and actually change content secretly or without real evidence of it. Is there any kind of hierarchy in your sense, in terms of prosecutions and so on?
MR. HOLDER: Well -- I mean, obviously, changing websites, gaining access to credit card information -- I mean, those are things that we would be of great concern. But if you look at the possibilities here -- I don't know what the money losses are for any of these sites. But if one these sites, given the -- you know, the size of Amazon or something and the amount of money that they generate over the course of an hour, gross sales -- if they are down for a couple of hours, I mean, you could be looking at something that, in just dollar terms, would be very serious.
So I'm not sure that I would rank one as more serious than another. It seems to me that this is all very serious.
Q But in terms of fear of privacy invasion from the average citizen out there, this one is not one of those cases?
MR. HOLDER: No, we don't have any indication that that kind of information has been gleaned or sought in these kinds of attacks. But again, I don't think that makes it less serious. It might be more comforting to people who are using credit cards to use the Internet to buy things, to transact business.
Q Have we reached that point that people should be afraid that this particular type of attack could lead to the next, more serious type of attack, that they could get your credit card number and so on?
MR. HOLDER: I'm not sure that I'd draw that conclusion. I think that generally the companies that use the Web to sell things have done a good job in, you know, using encryption technology so that sales can be made in a safe way. I mean, I've used the 'Net to buy a whole variety of things and never had any problems.
Q Mr. Holder, the Internet commerce is generally credited with being one of the engines that's driving current U.S. economic prosperity. Is there some fear on the part of the administration that these types of repeated attacks will lessen the public and industry's confidence in the Internet as a marketplace for commerce?
MR. HOLDER: Well, I mean, that's certainly a concern that we have to have. I mean, we saw yesterday on the stock market -- at least experts I saw last night indicated that at least part of the drop that we saw in the Dow, the NASDAQ was attributable to what we saw happening in these attacks, so that -- that, again, I think, points out a reason why these things have to be taken extremely seriously and dealt with in that way.
Q On another subject --
Q Before we do that question --
Q -- can I just ask one other question about the -- it's been explained to us the people who do this first have to download some software that allows them to mount these attacks --
MR. HOLDER: And there you get -- you're going to exhaust my knowledge very quickly here, I think. (Laughter.) Okay.
Q It may be a contest to see whose runs out first, because -- well, I'm on the edge, anyway. But has the department looked at whether it should be legal or illegal to be able to download this software, which appears to have no legitimate function?
MR. HOLDER: Well, you have exhausted my knowledge there.
MR. HOLDER: I just don't know.
Q All right.
Q Well, wouldn't that be comparable to any download? I mean, isn't it a free speech issue? Just gathering information is not a crime.
MR. HOLDER: Yeah, I mean, you know, we obviously want to, as we do things on the criminal side to monitor these kinds of things, we want to make sure that people who use the Internet, who use the web understand that we are sensitive to privacy concerns, and I think that's actually a good point. In the absence of some indication that these things are being used in an improper way, we'd have to think, I think, about whether or not we wanted to make the possession, the mere possession of them, you know, illegal. But again, I'm not an expert on this.
Q Are you using any former hackers at all in the investigations?
MR. HOLDER: I wouldn't want to comment on that.
Q Were you involved in the decision made by the attorney general with respect to the death penalty for Carl Cooper?
MR. HOLDER: The deputy attorney general's office is always involved in these cases. I get involved in a variety of things that the attorney general has to decide. But what we've tried to do is not comment as to what my role is -- or actually what her role is -- when there are matters by regulation or statute that I have to decide. So I will say that the deputy attorney general's office was involved, but I really wouldn't want to comment on what my role, if any, was in that matter.
Q But can you say if you personally have any qualms, having been a chief prosecutor for D.C. -- the attorney general, as well as you, have long talked about how you don't like to see Washington telling locals what to do and how to do it. Do you have any qualms about the Justice decision going contrary to the local desires?
MR. HOLDER: Well, again, I don't want to comment on -- I'm not sure, when you say "local desires" -- if you mean within the Justice Department, we've not really commented as to what position anybody took within the Justice Department. I think the spokesman for the U.S. Attorney's Office said it best, that we do speak with one voice, and that voice is the attorney general's, in this regard.
You know, kind of getting away from that case and looking at this more generally, one of the decisions that has to be made is whether or not a particular case is a federal one as opposed to a local one. And, you know, there are cases that are appropriately handled by local authorities and some that have certain things about them that make them appropriately handled by federal authorities. Federal cases have to be judged on a nationwide standard. We have one system, and it is appropriate for people in the federal system all to be treated in the same way. And that's one of the things that we try to search for, especially when it comes to the death penalty. We strive for uniformity in the application of federal law and in the treatment of people who are federal defendants.
Q Now, are you going to undertake a study of the people already on death row? Obviously, they are disproportionately minorities. And given what the governor of Illinois has done, given White House expressions of concern, are you going to go back and review all those cases to make sure all those people belong on federal death row?
MR. HOLDER: Well, we want to make sure that the system is as fair as it can be, and we are always looking for ways to improve the system.
The attorney general asked me, when I was the U.S. attorney here in Washington, D.C., to look at a few aspects of the federal criminal justice system for -- and to check whether or not there were any racial disparities that should be of concern to us. We have expanded that study to look at the whole -- the capital part of the federal criminal justice system. It was a review that the attorney general asked us to conduct before the Cooper case. So that is actually a study that is ongoing.
Q Okay. And that study is of how the entire capital apparatus works within the federal justice system? Does it go backward, as well as forward?
MR. HOLDER: Yeah. I mean, it's an historical study of the federal system with an emphasis on finding out whether or not there are inappropriate racial disparities within that system. But as I said, it's something that the attorney general had asked us to do. The chairman of the Attorney General's Advisory Committee, Mark Calloway, who is the U.S. attorney in North Carolina, is helping us in that effort.
Q And when did that study start?
MR. HOLDER: A few months ago -- I'd say a couple months ago.
Q Does that study need to be completed before the director of the Bureau of Prisons can set a date for the first federal execution?
MR. HOLDER: No, I don't think so.
This study was ordered by the attorney general, I'd say almost out of an abundance of caution. We don't have anything, to our knowledge, that gives us reason to believe that there is a disparity within the system. But we want to make sure; we want to make sure that that is so. And that is why the attorney general ordered that that study be conducted -- as I said before -- as she asked me to do, looking at a variety of things earlier, which apply to the federal criminal justice system.
Q In a somewhat related area, just talking about the fairness of the justice system, is the question of post-conviction appeals based on DNA evidence. There are a lot of anecdotal stories out there, anyway, of people -- where prosecutors are refusing to allow the tests, when it could possibly point to innocence. There are people where DNA has apparently proven their innocence, but they're still locked up.
The attorney general's DNA commission made a recommendation months and months ago that a whole new taxonomy, if you will, be considered by prosecutors in this country. But that recommendation is just sort of sitting there; you-all haven't moved forward on it at all, while people, apparently innocent, are still languishing in prison.
MR. HOLDER: Well, I mean, I think, you know, we have to take the system that we have and acquaint it with these new technologies that we now possess. And I think the one thing that we can never have is a system that imprisons people who should not be there. It obviously shakes the confidence of the people in the system, which ultimately hurts us on the prosecution side. And so the use of DNA, you know, when appropriate, should be used. And I think it's certainly the attorney general's concern, as well as mine, that in those cases where it's appropriate, we would hope that state and local prosecutors would avail themselves of that technology, to make sure that things that have occurred in their systems happened in an appropriate -- were correctly done.
Q But have you moved to change legislation? There may be legislation required to change it -- certainly on the federal level and to encourage on the state level for post-conviction appeals.
MR. HOLDER: Well, I mean, if you look at, you know, as -- kind of the preliminary stuff that we've looked at on the federal side, at least, with regard to death cases, we don't have -- and it's, I think, generally because we're not talking about -- the cases are really kind of different from local cases. We've not had many concerns expressed about -- many factual concerns about the way in which the cases were handled. There are a whole variety of concerns about the way in which the death penalty might be sought, might be -- but if you look at the federal death cases, you don't have substantial numbers of concerns raised by defendants about the facts, the underlying facts.
Q Mr. Holder, may I ask a quick question about the Elian Gonzalez case? Is -- there were published reports earlier this week about various convictions in the household where he is. Is the INS looking at those? And if so, for what purpose?
MR. HOLDER: That matter is under review, and we will look at that, try to make some kind of factual determination and then decide what steps, if any, need to be taken. You have to keep in mind that this is a little boy who went through a very traumatic experience back in November. There was an understandable desire to have him put in a comfortable environment, and I think the INS acted appropriately there. Now that we have this new information, we'll have to look at it and see, as I said, what steps, if any, are appropriate.
Q What about the father's request, have you determined how you're going to respond to the father's request that he be moved from one uncle to the other?
MR. HOLDER: That matter is actually -- that's still under review.
Q That was the question, whether we're any closer to answering the letter. It's two weeks old -- from Juan Gonzalez.
MR. HOLDER: As I said, that matter, we're still reviewing it.
Q Thank you.
Q Another subject? Thank you. Bill Webster, that is William Webster, former FBI and CIA director, recommended that there be a consolidation and streamlining of the 148 federal law enforcement entities. Basically, what I'd like to ask you, he recommends that the attorney general have broad authority in all aspects of this type of consolidation. Is Ms. Reno or are you in favor of this kind of an action?
MR. HOLDER: Well, I think we actually have been pretty consistent about this for a pretty good number of years, I guess probably since the mid-'90s or so. I don't think that there is a need to integrate the ATF, the DEA, for instance, or certain ATF functions, the DEA, into the FBI. We obviously need to work on ways in which we cooperate so that we make sure that we are efficiently using the federal investigative resources that we have. But beyond that, I don't think, as I said, it's a position that we have consistently taken that there's any greater need -- there's a need for any greater integration.
Q Thanks very much.
MR. HOLDER: Thank you.
Copyright ©2000 by Federal News Service, Inc., 620 National Press Building, Washington, DC 20045 USA. Federal News Service is a private firm not affiliated with the federal government. No portion of this transcript may be copied, sold or retransmitted without the written authority of Federal News Service, Inc. Copyright is not claimed as to any part of the original work prepared by a United States government officer or employee as a part of that person's official duties. For information on subscribing to the FNS Internet Service, please email Jack Graeme at firstname.lastname@example.org or call (202)824-0520.