Federal agents have investigative skills, forensic knowledge, access to attachŽs in foreign countries, and established relationships with Internet players as big as Cisco Systems and as small as the local ISPs often used by hackers to launch attacks. (Do you? Does anyone at your company?) The feds can also build a case by aggregating your information with data from other cybercrime victims you’d probably never find on your own. When you really need it, they can also find someone who speaks Dutch.

That’s just what Susan Iverson needed in May 2000. Iverson, the information technology manager at J.H. Baxter, a San Mateo, Calif., wood-treatment company, came to work one morning and heard a voice mail that would raise the hairs on the back of any IS exec’s neck. An official from the DOD (yes, that DOD, the U.S. Department of Defense) had called to say one of his servers was being attacked from an IP address registered to J.H. Baxter, and would Iverson be so kind and find the break and shut down the intruder?

Iverson and her team found the break and traced it to an IP address in the Netherlands registered to IBM but recently sold to AT&T. When Iverson tried to get someone to shut it down, she had trouble negotiating between the two companies, juggling two time zones and two languages. With the IP address still open and the assault still in process the next morning, she decided to bring in the big guns?the FBI’s Northern California field office. IBM and AT&T took notice, the hacker was shut out, and Iverson was free to start repairing and securing her own systems.

In one sense, Usermagnet and J.H. Baxter are typical, modern corporations. They’ve been victims of a cyberattack. If you believe a similar attack, or worse, can’t happen to you, you’re either naive or deep in denial.

In another sense, the two companies are rarities in the IT universe?organizations willing to call in federal law enforcement when they’ve been hacked. "That’s extremely rare. Extremely!" exclaims a spokeswoman for a financial services trade organization when asked if any of her members had ever contacted the feds.

A recent Sound Off column on CIO.com (see "Will You Partner with the FBI on Security?" at comment.cio.com) solicited opinions on the National Infrastructure Protection Center’s InfraGard program, which lets companies anonymously share data on cyberbreaks. This drew a similar level of alarm among IT execs, if not outright vitriol. "There is no such thing as a partnership with the government. My interests don’t even appear on their radar," said one IT director. Another respondent wrote, "Keep corporate security where it belongs?out of the hands of the government!"