Home News Stories 2006 March FBI Cyber Action Teams
This is archived material from the Federal Bureau of Investigation (FBI) website. It may contain outdated information and links may no longer function.

FBI Cyber Action Teams

FBI Cyber Action Teams
Traveling the World to Catch Cyber Criminals


FBI Cyber Action Team logoThe Turkish and Moroccan hackers must have thought they had come up with a brilliant moneymaking scheme: release a computer worm into cyber space, then sit back and watch it steal credit card numbers and other financial information from thousands of infected computers around the globe.

But instead of digitally hijacking masses of credit card numbers, the “Zotob” malicious code that hit the Internet in August caused countless computer systems worldwide to sputter and crash. Operations at major U.S. corporations and news outlets, for example, ground to a halt as computers began to spontaneously reboot.

That got the attention of the FBI. We quickly launched an investigation, gathering information from Microsoft and other private and public sector partners. Then, we forensically analyzed the computer code for possible clues about its origins and used legal processes to identify its possible authors. In no time, we’d traced the worm to Turkey and Morocco.

That’s where our investigation would have ended if not for the support and cooperation of our international colleagues. Authorities there agreed to help, and, in turn, our Legal Attaché offices in Turkey and Morocco offered to lend the investigative expertise of our “Cyber Action Teams,” or CATs.

What are CATs? Small, highly trained teams of FBI agents, analysts, and computer forensics and malicious code experts who travel around the world on a moment’s notice to respond to cyber intrusions. Along the way, they gather vital intelligence on emerging threats and trends that helps us identify the cyber crimes that are most dangerous to our national security and to our economy.

With the permission of our international counterparts, two CATs were en route to Turkey and Morocco with their computer gear in tow less than 72 hours after Zotob struck. (As a rule, our self-sustaining CATs bring along enough computer forensics equipment and other hardware and software necessary to run an investigation for up to six months.)

Once on the ground, the CATs continued forensically analyzing the malicious code, then shared with Turkish and Moroccan authorities the information they’d gathered—including IP addresses, e-mail addresses, names linked to those addresses, hacker nicknames, and other clues uncovered in the computer code.

Turkish and Moroccan law enforcement quickly analyzed and acted on that information, arresting two suspected Zotob perpetrators less than eight days after the malicious code hit the Internet. CAT computer forensic experts verified that the code found on seized computers matched what was released into cyberspace.

The Zotob investigation continues. Turkish authorities have possibly linked one of the suspects arrested to a larger credit card theft ring. Our CAT investigators remain in contact with law enforcement officials in Turkey and Morocco, and additional arrests are expected.

Links: Press Release | FBI Cyber Program | More cases