Cybercrimes present unique challenges for investigators.
Finding hackers on dark web proves tricky
ATLANTA | The federal investigators looking into the breach that exposed personal information maintained by the Equifax credit report company are used to dealing with high-profile hacks and the challenges they present.
The U.S. Attorney’s Office and the FBI in Atlanta have prosecuted developers and promoters of the SpyEye and Citadel malware tool kits, used to infect computers and steal banking information. They’ve helped prosecute a hack into Scottrade and E-Trade that was part of an identity theft scheme, and aided the international effort that in July shut down AlphaBay, the world’s largest online criminal marketplace.
The U.S. Attorney’s Office has confirmed that, along with the FBI, it is investigating the breach at Atlanta-based Equifax, which the company said lasted from mid-May to July and exposed the data of 145 million Americans. Neither agency would discuss Equifax, but the leaders of their cybercrime teams shared insights about the difficulties of cybercrime cases.
“They are challenging, and the success stories are rare,” said prosecutor Steven Grimberg, who leads the Atlanta U.S. Attorney’s Office cybercrime unit, created last year to fight the growing threat. For every conviction there may be 10 times as many that don’t end successfully, he said.
Atlanta has become a hub for cybercrime prosecution in large part because of a proactive and aggressive local FBI team, and because U.S. attorneys have committed the necessary resources in recent years, Mr. Grimberg said. Who’s behind the keyboard? Identifying who’s responsible is a key difficulty: Cybercriminals use aliases and operate on the dark web, in corners of the
“It’s a huge problem, a growing problem, and the scale of the tragedy — even for the people who stay alive — is very high.” — Microsoft founder Bill Gates, on pledging $100 million to Alzheimer’s research
internet reached using special software, where access is invite-only.
Investigators have infiltrated some of these online forums and can sometimes engage cybercriminals there, said FBI Supervisory Special Agent Chad Hunt, who oversees one of FBI Atlanta’s cyber investigation squads. Once they obtain some information, they can use search warrants to get other data, such as business records or credit card transactions, to match the online alias to a real person. Uncooperative foreign governments Even when a cybercriminal’s identity is pinpointed, arrests can take time. Many operate in countries that won’t extradite to the U.S.
But the FBI continues monitoring these suspects and can catch them if they travel, said Assistant Special Agent in Charge Ricardo Grave de Peralta, who oversees the Atlanta office’s cyber investigation squads.
“A lot of these people are in places that aren’t so great and they like to go on vacation, and we’re happy to meet them in a third location and perhaps bring them to a second vacation here in the United States, all expenses paid,” he said with a smile.
Deals and cooperation
Once confronted with evidence against them, some cybercriminals decide to plead guilty and work with prosecutors instead of going to trial.
Their language skills, technical expertise and ability to communicate on online forums and sites open exclusively to cybercriminals make their cooperation invaluable, sometimes leading directly to new prosecutions, Mr. Grimberg said. Meaningful sentences Prosecutors said the SpyEye malware caused close to $1 billion and Citadel more than $500 million in harm to individuals and financial institutions worldwide.
Because the scope of harm can be huge, federal sentencing guidelines often allow for a life-in-prison sentence.
Prosecutors ask for sentences tough enough to send a warning to others, and to discourage the person from returning to cybercrime when they get out. But because cybercriminals are frequently young, have no criminal history and the crimes aren’t violent, prosecutors rarely ask for life, Mr. Grimberg said. Working with the private sector Investigators and prosecutors in Atlanta work to establish relationships with companies before anything bad happens, which can make them more comfortable if there is a problem.
But companies may hesitate to contact law enforcement because they worry about reputational damage, actions from civil authorities, lawsuits, and the exposure of trade secrets or sensitive information.
Attacks launched by cybercriminals wreak havoc as more of everyday life moves online. The U.S. attorney’s office in Atlanta has worked with the local FBI office to prosecute a number of cybercrime cases. They’re currently investigating the breach at Equifax.