Cybercrimes are presenting unique investigation snags
ATLANTA — The federal investigators looking into the breach that exposed personal information maintained by the Equifax credit report company are used to dealing with high-profile hacks and the challenges they present.
The U.S. attorney’s office and FBI in Atlanta have prosecuted developers and promoters of the SpyEye and Citadel malware toolkits, used to infect computers and steal banking information. They’ve helped prosecute a hack into Scottrade and ETrade that was part of an identity theft scheme, and aided the international effort that in July shut down AlphaBay, the world’s largest online criminal marketplace.
The U.S. Attorney’s office has confirmed that, along with the FBI, it is investigating the breach at Atlanta-based Equifax, which the company said lasted from mid-May to July and exposed 145 million Americans’ data. Neither agency would discuss Equifax, but the leaders of their cybercrime teams shared insights about the difficulties of cybercrime cases.
WHO’S BEHIND THE KEYBOARD?
Identifying who’s responsible is a key difficulty: Cybercriminals use aliases and operate on the dark web, in corners of the internet reached using special software, where access is invite-only.
Investigators have infiltrated some of these online forums and can sometimes engage cybercriminals there, said FBI Supervisory Special Agent Chad Hunt, who oversees one of FBI Atlanta’s cyber investigation squads. Once they obtain some information, they can use search warrants to get other data, such as business records or credit card transactions, to match the online alias to a real person.
UNCOOPERATIVE GOVERNMENTS
Even when a cybercriminal’s identity is pinpointed, arrests can take time. Many operate in countries that won’t extradite to the U.S. But the FBI continues monitoring these suspects and can catch them if they travel, said Assistant Special Agent in Charge Ricardo Grave de Peralta, who oversees the Atlanta office’s cyber investigation squads.
Even with friendly foreign governments, extraditions can take time: Often, the merits of a case are essentially litigated in the process, so authorities in the other country are satisfied the incriminating evidence is solid, Grimberg said.
DEALS AND COOPERATION
Once confronted with evidence against them, some cybercriminals decide to plead guilty and work with prosecutors instead of going to trial.
Their language skills, technical expertise and ability to communicate on online forums and sites open exclusively to cybercriminals make their cooperation invaluable, sometimes leading directly to new prosecutions, Grimberg said.
The government is committed to being as transparent as possible about that cooperation, especially when people get lighter sentences as a result, Grimberg said, but details are often sealed because cooperators fear repercussions.