Cy­ber­crimes present unique chal­lenges for in­ves­ti­ga­tors.

Find­ing hack­ers on dark web proves tricky

The Washington Times Daily - - FRONT PAGE - BY KATE BRUMBACK

AT­LANTA | The fed­eral in­ves­ti­ga­tors look­ing into the breach that ex­posed per­sonal in­for­ma­tion main­tained by the Equifax credit re­port com­pany are used to deal­ing with high-pro­file hacks and the chal­lenges they present.

The U.S. At­tor­ney’s Of­fice and the FBI in At­lanta have pros­e­cuted devel­op­ers and pro­mot­ers of the SpyEye and Ci­tadel mal­ware tool kits, used to in­fect com­put­ers and steal bank­ing in­for­ma­tion. They’ve helped pros­e­cute a hack into Scot­trade and E-Trade that was part of an iden­tity theft scheme, and aided the in­ter­na­tional ef­fort that in July shut down Al­phaBay, the world’s largest on­line crim­i­nal mar­ket­place.

The U.S. At­tor­ney’s Of­fice has con­firmed that, along with the FBI, it is in­ves­ti­gat­ing the breach at At­lanta-based Equifax, which the com­pany said lasted from mid-May to July and ex­posed the data of 145 mil­lion Amer­i­cans. Nei­ther agency would dis­cuss Equifax, but the lead­ers of their cy­ber­crime teams shared in­sights about the dif­fi­cul­ties of cy­ber­crime cases.

“They are chal­leng­ing, and the suc­cess sto­ries are rare,” said pros­e­cu­tor Steven Grim­berg, who leads the At­lanta U.S. At­tor­ney’s Of­fice cy­ber­crime unit, cre­ated last year to fight the grow­ing threat. For ev­ery con­vic­tion there may be 10 times as many that don’t end suc­cess­fully, he said.

At­lanta has be­come a hub for cy­ber­crime pros­e­cu­tion in large part be­cause of a proac­tive and ag­gres­sive lo­cal FBI team, and be­cause U.S. at­tor­neys have com­mit­ted the nec­es­sary re­sources in re­cent years, Mr. Grim­berg said. Who’s be­hind the key­board? Iden­ti­fy­ing who’s re­spon­si­ble is a key dif­fi­culty: Cy­ber­crim­i­nals use aliases and op­er­ate on the dark web, in cor­ners of the

“It’s a huge prob­lem, a grow­ing prob­lem, and the scale of the tragedy — even for the peo­ple who stay alive — is very high.” — Mi­crosoft founder Bill Gates, on pledg­ing $100 mil­lion to Alzheimer’s re­search

in­ter­net reached us­ing spe­cial soft­ware, where ac­cess is in­vite-only.

In­ves­ti­ga­tors have in­fil­trated some of these on­line fo­rums and can some­times en­gage cy­ber­crim­i­nals there, said FBI Su­per­vi­sory Spe­cial Agent Chad Hunt, who over­sees one of FBI At­lanta’s cy­ber in­ves­ti­ga­tion squads. Once they ob­tain some in­for­ma­tion, they can use search war­rants to get other data, such as busi­ness records or credit card trans­ac­tions, to match the on­line alias to a real per­son. Un­co­op­er­a­tive for­eign gov­ern­ments Even when a cy­ber­crim­i­nal’s iden­tity is pin­pointed, ar­rests can take time. Many op­er­ate in coun­tries that won’t ex­tra­dite to the U.S.

But the FBI con­tin­ues mon­i­tor­ing these sus­pects and can catch them if they travel, said As­sis­tant Spe­cial Agent in Charge Ri­cardo Grave de Per­alta, who over­sees the At­lanta of­fice’s cy­ber in­ves­ti­ga­tion squads.

“A lot of these peo­ple are in places that aren’t so great and they like to go on va­ca­tion, and we’re happy to meet them in a third lo­ca­tion and per­haps bring them to a sec­ond va­ca­tion here in the United States, all ex­penses paid,” he said with a smile.

Deals and co­op­er­a­tion

Once con­fronted with ev­i­dence against them, some cy­ber­crim­i­nals de­cide to plead guilty and work with pros­e­cu­tors in­stead of go­ing to trial.

Their lan­guage skills, tech­ni­cal ex­per­tise and abil­ity to com­mu­ni­cate on on­line fo­rums and sites open ex­clu­sively to cy­ber­crim­i­nals make their co­op­er­a­tion in­valu­able, some­times lead­ing di­rectly to new pros­e­cu­tions, Mr. Grim­berg said. Mean­ing­ful sen­tences Pros­e­cu­tors said the SpyEye mal­ware caused close to $1 bil­lion and Ci­tadel more than $500 mil­lion in harm to in­di­vid­u­als and fi­nan­cial in­sti­tu­tions world­wide.

Be­cause the scope of harm can be huge, fed­eral sen­tenc­ing guide­lines of­ten al­low for a life-in-prison sen­tence.

Pros­e­cu­tors ask for sen­tences tough enough to send a warn­ing to oth­ers, and to dis­cour­age the per­son from re­turn­ing to cy­ber­crime when they get out. But be­cause cy­ber­crim­i­nals are fre­quently young, have no crim­i­nal his­tory and the crimes aren’t vi­o­lent, pros­e­cu­tors rarely ask for life, Mr. Grim­berg said. Work­ing with the pri­vate sec­tor In­ves­ti­ga­tors and pros­e­cu­tors in At­lanta work to es­tab­lish re­la­tion­ships with com­pa­nies be­fore any­thing bad hap­pens, which can make them more com­fort­able if there is a prob­lem.

But com­pa­nies may hes­i­tate to con­tact law en­force­ment be­cause they worry about rep­u­ta­tional dam­age, ac­tions from civil au­thor­i­ties, law­suits, and the ex­po­sure of trade se­crets or sen­si­tive in­for­ma­tion.


At­tacks launched by cy­ber­crim­i­nals wreak havoc as more of every­day life moves on­line. The U.S. at­tor­ney’s of­fice in At­lanta has worked with the lo­cal FBI of­fice to pros­e­cute a num­ber of cy­ber­crime cases. They’re cur­rently in­ves­ti­gat­ing the breach at...

Newspapers in English

Newspapers from USA

© PressReader. All rights reserved.