#mWISE: FBI Director Urges Greater Private-Public Collaboration

“I’m here to recruit you.” Was Christopher Wray, director of the FBI, really joking when he said that hiring people for the FBI was the reason for his presence at the Mandiant mWISE conference?

During his opening keynote speech on September 18, Wray explained how collaborating with the private sector has changed the FBI’s approach to combating cybercrime.

He said that the 9/11 terrorist attacks led the Bureau to open itself more to other parties, first in its counter-terrorism missions and then in other areas, including cyberspace.

“Today, our strategy is informed by where we sit, at the center of a cyber ecosystem that stretches from the defensive side, with the private sector but also agencies like the US Cybersecurity and Infrastructure Security Agency (CISA), all the way over to, on the offensive side, the CIA, the NSA and our foreign partners,” Wray added.

Over the past few years, the FBI has conducted several joint investigations and law enforcement operations in cyberspace, which encompass an increasing number of partners, including foreign cybersecurity agencies from ally countries and private organizations.

“The bottom line is: it doesn’t matter who gets the credit as long as the job gets done,” said Wray.

Recent law enforcement operations, such as the Hive ransomware or the QakBot malware loader takedowns, included partners like Zscaler, who helped with the investigation.

Victim Organizations Encouraged to Work with the FBI

However, the prime example of such public-private collaborations highlighted by the FBI director is the 2022 takedown of the Cyclops Blink botnet, allegedly built by the Russian military agency (GRU). 

This is because, this time, the private partner WatchGuard was directly involved in the malicious campaign.

Wray explained: “The GRU’s Sandworm team had managed to implant malware on thousands of WatchGuard firewall devices worldwide. Those firewalls were primarily used by small and medium enterprises (SMEs). Our collaboration with WatchGuard allowed us to reverse-engineer the malware and develop and execute a sophisticated technical operation, severing GRU’s ability to communicate with the command-and-control…