many cyber security experts claim that conficker was created to form a huge botnet, a large collectioncomputers controlled remotely by cyber criminals to steal, among other things, financial and identity data. software technology companies and government agencies regarded the threat as being so great that they collaborated to form the conficker working group, a unique effort to neutralize the botnet and closely track its movements. [ticking] coming up: the new american heroes. >> if you look at, like, the focus groups or whatever, people say, "savior," and "they saved me," and "they saved my data." "this stuff's irreplaceable." >> hi. >> the geek squad makes a house call, next on 60 minutes on cnbc. [ticking] 3q it's very important to understand how math and science kind of makes the world work. in high school, i had a physics teacher by the name of mr. davies. he made physics more than theoretical, he made it real for me. we built a guitar, we did things with electronics and mother boards. that's where the interest in engineering came from. so now, as an engineer, i have a career that

many cyber security experts claim that conficker was created to form a huge botnet, a large collectionf computers controlled remotely by cyber criminals to steal, among other things, financial and identity data. software technology companies and government agencies regarded the threat as being so great that they collaborated to form the conficker working group, a unique effort to neutralize the botnet and closely track its movements. [ticking] coming up: the new american heroes. >> if you look at, like, the focus groups or whatever, people say, "savior," and "they saved me," and "they saved my data." "this stuff's irreplaceable." >> hi. >> the geek squad makes a house call, next on 60 minutes on cnbc. [ticking] tourism season in years. in florida we had more suntans... in alabama we had more beautiful blooms... in mississippi we had more good times... in louisiana we had more fun on the water. last season we broke all kinds of records on the gulf. this year we are out to do even better... and now is a great time to start. our beatches are even more relaxing... the fishing's great. so p

take down the core flood and the botnet.were a great deal. the botnet made a measurable dent in the amount of spam that is out there on the internet. but there is still a ton of that stuff going on and, two, it is great cases, but not a lot of cases. i am informed that if you look at it or intellectual property theft through cyber, hacking their confidential data their formulas and secrets, xl trading that out and then using that using now, we have made zero cases that in all of those cyber-- cybercases and intellectual property theft cases, there has been a human link. we have found the guy who is downloading to disk and putting it in his pocket. my impression is that they are standing in front of a fire hose, trying to do their best to manage around an immense amount of work. from what i hear from private sector folks, they would like to have more fbi and law enforcement support when they have been hacked. nine times out of 10, they don't even know they have been hacked. they get told they have been hacked when your folks

we have had a couple of successes here working with the isps to promote the stopping of botnet. on all this we are cooperating on a bilateral basis and increasingly multilaterally on operational matters. we were recently in india where we had signed a certification to certification cooperation agreement which allows us if we see attacks coming from india we can call them up and ask them to check in with the hosting company and see what is going on and they can do the same with us. that could be quite helpful. this collaboration can work as all cyber security works that is effective on the internet. the fourth. just to capture the overall picture here is the question of internet content. both europeans and the united states and our strategies talk about the importance of keeping the internet open. that means open from a technology and operable stand. but it also means an open place for discourse. this is an area where it my opinion there is the least amount of international agreement. we will have a long set of conversations about what content is appropriate by governing bodies a

there'll be an international partners day as part of that, and there's also work together on botnets, so i think there's a lot of operational collaboration. i think on the information-sharing front an approach that we've found successful in the united states and we've also found success. in bilateral arrangements is to really just whenever you share information, you know, state what the agreement is about how it can be handled. so you can use the red, yellow, green approach that is just for that conversation, that it can be shared with a trusted group, or it can be more broadly disseminated. and i think at this point we're at a place where we kind of have to deal with it on a case-by-case basis and get some experience before we come up with an overall framework for that area, but i think that can work quite well as long as you're explicit up front about how it would be shared. >> thank you. >> about information sharing, it is a difficult area because it involves usually a lot of information sharing on business solutions and practices. let me compare that to another field which as a me

there will be an international partner stage as part of that, and there is also worked together on botnets. a lot of areas of cooperation and collaboration. on the information sharing front , the approach that we have found successful in the united states and also found successful on bilateral arrangements is to really just whenever you share information, you know, state what the agreement is about how we can be handled. you can use the red, yellow, green approach that is just for that conversation. it can be shared with the trusted group or it can be more broadly disseminated. at this point we are in a place where we have to kind of deal with it on the case by case basis and get some experience before we come up with a overall framework. but i think that can work quite well as long as you are explicit upfront about how it would be shared. >> thank you. >> information sharing. it is a difficult area because it involves usually a lot of information sharing on business solutions and practices. let me go back to another field which as a member we feel at your level it is useful to think about

botnets are now criminalize. everything is not [unintelligible] there are issues that have to be included in this for a bird. the sec at -- the second development, the resilience of the internet and of systems. it is important to talk about minimum standards. this is difficult to define. we have a huge problem with various practices. we have countries, uk, germany, france, and we have countries [unintelligible] without having an elective approach. we need to tackle minimum standards to help these countries to increase the standards of resilience. we need to encourage shareholders approach. we have listened to a commissioner at this morning who said the european union does not have an example of a position on -- it appears on a number of documents supported by the european parliament. has to be fair, open enough, and also to perform their duties. i am not going into detail. many things can be talked about security and cooperative security plans. all this seems very important to be functional in all the member stat

it takes more of a headquarters role, because inevitably, in most of these, whether it be a botnet orhave you, it may have been started in romania or morocco or what have you -- consequently, the old way of allocating responsibility to the office of the first u.s. attorney -- they have and get the subpoena of the grand jury, they don't work in this environment. what we are working within the bureau is putting together a distributed. >> i am going to interject. in those cases, you don't have a criminal case. you have a civil effort to shut it off, which was done brilliantly, but it is hard to keep that up within the fbi's structure when there is no criminal case contemplated. [talking over each other] >> we look at it as national security could is is one of the problems that you have with cyber. at the time of the cyberintrusion, you do not know whether it is a state actor, you don't know whether it is organized crime or organized crime working for the a state actor, or an individual or group of individuals, who are not organized but distributing the anonymous type of attacks. or lastl

had a couple of successes here working with the isp on a voluntary basis to promote the stopping of botnets. there was discussion earlier about the importance of managing the domain name system and, of course, on all this we are cooperating on a bilateral basis an increase in the multilateral on operational matters. we were recently in india where we signed a search to assert cooperation agreement which allows us to, if we see a tax that appear to be coming from india we can call them up and ask them to check in with the hosting company and see what is going on. they can do the same. so that can be quite helpful in this operational cooperation and collaboration. can work, as all cyber security actually works that is effective on the internet in a very informal basis and among communities of trust. so the fourth area just to capture the overall peace, picture here is the question of internet content. we all, both europeans and the united states and our international strategies talk about the importance of keeping internet open which means open from a technology and interoperable standpoint,