Ramping Up the Cyber Criminal Hunt
The U.S. Secret Service expands cybercrime teams.
U.S. Secret Service officials are establishing two new cybercrime task forces—in Cincinnati and Denver—that will enhance the agency’s ability to detect and investigate information technology-related crimes, including credit card theft, attacks on the banking and finance infrastructure and identity fraud.
Officials are unable to provide a specific date for the new task forces to be operational, but it will be very soon, says Chris Gagne, assistant to the special agent in charge, Criminal Investigative Division, Secret Service. The two additional teams will give the Secret Service a total of 33 Electronic Crimes Task Forces (ECTFs). “They’ll go live very soon,” Gagne reports. “The larger task forces are concentrated in some of our larger offices, like Washington, D.C., New York, Miami, Dallas and Los Angeles.”
The ECTFs share a common purpose: the prevention, detection, mitigation and aggressive investigation of attacks on the nation’s financial and critical infrastructures. They provide the necessary support and resources to field investigations that meet any one of the following criteria: significant economic or community impact; participation of organized criminal groups involving multiple districts or transnational organizations; and the use of schemes involving new technology. “It’s primarily cases involving financial electronic crimes. You can define electronic crimes broadly, but they include criminal activities that make substantial use of technology,” Gagne explains.
Electronic crimes include any criminal activity that makes substantial use of information technology. Some criminal statutes under Secret Service jurisdiction, for example Title 18 U.S. Code, sections 1028-1030, were written specifically to address crimes involving information technology. Title 18 U.S. Code 1028, 1029 and 1030 cover identity fraud, device access fraud and and computer fraud. “The mission has evolved to keep pace with the way society has changed and the way it uses technology. When we set up the first task force, the Internet was in its infancy compared to how we see it today,” Gagne reflects. “There was very little commerce taking place over the Internet compared to now.”
In fiscal year 2013, the Secret Service arrested more than 1,000 individuals for cybercrime violations. In total, those individuals allegedly are responsible for more than $235 million in fraud losses and had the potential to cause more than $1 billion in fraud losses. Over the past four years, the service has arrested more than 4,900 cybercriminals, who caused actual losses of more than $1.3 billion and had the potential to cause losses of more than $11 billion.
Officials decline to discuss specific cases, but they are investigating the recent Target department store database breach and theft of credit card numbers. Target reported the theft of about 40 million credit and debit card records and 70 million additional records with customer information, including addresses and telephone numbers. “Detecting, investigating and preventing serious data breaches are now a major priority as seen from the news recently,” Gagne offers.
Cracking electronic crimes can be challenging. “Effectively investigating cybercrimes can be an arduous task,” Gagne asserts. “A lot of these investigations are long-term prospects to bring them to their conclusion. It involves special agents who are not only good investigators but technically astute, patient and methodical and who have a passion for the hunt,” he declares.
Furthermore, electronic criminals enjoy a level of mystery and invisibility that presents complexity to an investigation. “Anonymity is quite a hurdle for us,” says George Ogilvie, a Secret Service official. “The Internet provides a level of anonymity that’s difficult to overcome at times. Internationally and domestically, there’s certainly a lot that goes into an investigation to uncover the identity of some of the people committing these crimes.”
The international nature of electronic crimes also presents hurdles. “[The threat] is transnational now,” Gagne states. “That’s the trend. It’s been going in that direction. The growth over the past 10 years or so in transnational crime is of particular concern to us.” As do other industry and government officials in the Defense Department and elsewhere, Gagne reports that cybercriminals are becoming more technically astute. “These groups are developing increasingly sophisticated tools and techniques to exploit the information technology to elicit a profit,” he reports. “It’s not just in the sophistication of the malware, but in the scale and sophistication of the fraudulent activity itself. The malware that’s out there is constantly improving, so we have to evolve.”
The pace of technological change feeds the threat. “The advent of technology and the Internet and the pace at which they evolve have created opportunities for cybercriminals,” Gagne points out. “We’ve observed a marked increase in the quantity, quality and complexity of cybercrime cases targeting our financial institutions and critical infrastructures. That emanates both domestically and internationally.”
Secret Service officials stress the importance of domestic and international partnerships to overcome the challenges and fulfill the mission. “At the core of the ECTFs, it’s about the collaborations. It’s about the partnerships with academia, law enforcement and the private sector,” Gagne says. “Collaboration is ultimately a force multiplier for us, to be able to successfully and efficiently investigate cybercrimes. One of the things I say—and my guys get tired of hearing me say it—the success of ECTFs relies on the strength of our partnerships.”
The Secret Service has numerous foreign offices across the world, including ECTFs in London and Rome, which were established in 2010 and 2011, respectively. “We use our partnerships not only for our investigative mission but also for our protective mission, so we’ve learned a long time ago that the best way to get our job done is with the partnerships we’ve developed not only domestically, but also internationally,” Ogilvie declares.
Cooperation can include, of course, foreign governments and the International Police Organization, commonly referred to as Interpol. Closer to home, partnerships include local, state and law enforcement agencies. For example, the ECTFs can support evidence gathering. “We assist local law enforcement in recovering evidence from computers, cellphones or other digital devices,” Gagne reports.
The Secret Service also cooperates with private organizations, including Trustwave Holdings Incorporated, Chicago, and Verizon Communications Incorporated, New York. Both companies publish annual reports on electronic crimes, with Secret Service support. The Trustwave 2013 Global Security Report maintains that during 2012, “Nearly every industry, country and type of data was involved in a breach of some kind.” The report’s key findings include: retail businesses make up the highest percentage of investigations at 45 percent; e-commerce sites were the number one target at 48 percent; and mobile malware has exploded by 400 percent.
Verizon’s 2013 Data Breach Investigations Report indicates that 75 percent of break ins are opportunistic, rather than targeting a specific business, but the vast majority are for financial gain. Verizon also reports that once criminals gain access to a network, “They take any data that might have financial value.” Gagne echoes the statement. “The organized cybercriminals seek to gain unauthorized access to corporate payment card data and other easily monetizable information, to sell it or engage in other fraudulent activity to profit from their illicit activity,” he says.
Additionally, the ECTFs partner with the Computer Emergency Response Team (CERT) at Carnegie Mellon University, Pittsburgh, and with the University of Tulsa, Oklahoma, which hosts the Secret Service’s Cell Phone Forensics Facility. The universities provide support services and research into new technologies.
The Cell Phone Forensics Facility provides training and conducts both forensic examinations and research on mobile devices. Facility personnel fulfill immediate, high-end examination needs and develop technological solutions to help the Secret Service perform its mission.
The service also works with the National Computer Forensics Institute, Hoover, Alabama. The institute is a partnership between the Secret Service, Department of Homeland Security, state of Alabama and the Alabama District Attorneys Association. “We run this facility down there to train state and local law enforcement officers in computer forensics and network intrusions. We train state judges and prosecutors through this facility as well,” Gagne states.
ECTF personnel can undergo several levels of training as part of the Electronic Crimes Secret Agent program. Most of the training is done at the James J. Rowley Training Center located just outside of Washington, D.C. The first level includes a 40-hour course on computer basics. Next comes training in computer forensics and then network intrusion courses. Agents can also receive advanced classes in all courses.
The first ECTF was established in 1995 as the New York Electronic Crimes Task Force. The intent was to combine resources of academia, the private sector and local, state and federal law enforcement agencies to combat computer-based threats to the financial payment system. After the attacks of September 11, 2001, and as a result of the Patriot Act, the Secret Service was directed to establish a nationwide network of electronic crimes task forces. Those later task forces were modeled after the original.
Despite 14 years with the Secret Service, Gagne says he still has a passion for the hunt. “It is extremely challenging and can be extremely taxing, but I do like my job. I love everything about it,” he says.