Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

How do the FBI and Secret Service know your network has been breached before you do?

Ellen Messmer | March 27, 2014
Knock, knock! Secret Service here. "Is this your customer payment card data?"

A source at the U.S. Secret Service admitted that agents sometimes do go undercover masquerading as hackers to get information but declined to say much else. The FBI didn't comment on the topic, but Henry says that's just one way FBI agents work to ferret out cybercrime. He notes the FBI and Secret Service have "concurrent jurisdiction" in cybercrime and may work together on certain cases.

The FBI is "sometimes way deep undercover," says Stan Stahl, president of Citadel Information Group in Los Angeles. A few months ago Citadel was called in by a corporate customer that had been contacted by the FBI about a possible breach. In the course of that investigation it was discovered a laptop had malware on it that eluded anti-virus tools and the malware had been in contact with a botnet command-and-control server on the Internet.  "The FBI happened to be monitoring the C&C center" for that botnet, Stahl says.

According to a report entitled "Markets for Cybercrime Tools and Stolen Data: Hackers' Bazaar," published March 25 by the RAND Corp., the online black markets where the purloined spoils are sold and traded get shut down from time to time, as Silk Road was last October, but "substitutes appear almost immediately as competing forums vie for market share."

According to the report, law enforcement is getting better at the cybercrime effort because agents are getting more "technologically savvy" and they are making it a priority to go after cybercrime suspects because their crimes keep getting bigger.

The report claims the cybercrime marketplaces today are run like consolidated, highly organized criminal businesses. The so-called "freelance" criminals that once represented 80% of black-market participants a decade ago are now thought to be closer to 20% today.And these organized cybercrime groups have turned to newer technologies. "For instance, ICQ chats have been replaced by participants hosting their own servers, sharing email accounts where content is exchanged by saving draft messages, and using off-the-record messaging, the encryption scheme GNU Privacy Guard (GPG), private Twitter accounts, and anonymizing networks such as Tor, Invisible Internet project (I2P), and Freenet," the RAND report claims. "Participants frequently alter their communication tactics hoping to stymie law enforcement." The main language of cybercrime is Russian or Ukrainian, the report contends, though spear-phishing campaigns, for example, are typically done in English because the majority of potential victims they're going after speak English.  

The RAND report speculates that the reason takedowns of various crime-markets have "not seriously dented the market is that many countries condone hacker activity that is illegal in the United States. One Russian hacker was arrested, let out on a technicality, apologized to, and is now connected to the government. Although Russian officials may have a good idea of what is happening, as long as they can point to fraud in other parts of the world — especially in the West — they tend to let things slide." The report claims China "tends to turn a blind eye" as well, but some countries, including Vietnam, have actually been "helpful." And Romania, Ukraine and Poland are "selectively helpful" in pursuing cybercrime.


Previous Page  1  2  3  4  Next Page 

Sign up for Computerworld eNewsletters.