Of course the government agencies aren't the only ones discovering cybercrime. Gartner analyst Avivah Litan says in the retail sector the banks that issue payment cards notice fraud starting on customer accounts and call Visa and MasterCard, for example. When they get multiple banks calling about payment fraud, it might be tracked down to a specific time and place. "Sometimes the fraudsters sort the cards and hit one bank at a time to avoid the detection early on," she says.
Independent security reporter Brian Krebs' articles on his site Krebsonsecurity.com have also alerted the public of major breaches. Among his many major stories, Krebs broke the news about the Target breach, which had the company scrambling to issue a public statement about how it was investigating the report. Krebs says most of his tips come from sources in the financial industry, not law enforcement.
Krebs says he's not sure if his reporting may have impacted companies' decisions about whether and how much to work with law enforcement. "My sense is that in cases where the news breaks before the victim is ready to go public, there is more pressure on the victim to sync up with law enforcement agencies that may be involved, at least initially just to get some lay of the land and to inform an official statement for the press. Whether that communication continues in earnest after that is anyone's guess."
Krebs adds that he's seen cases where "law enforcement will reach back to a known victim organization after reading some details published in the press that appear to draw connections for law enforcement that perhaps they didn't see before, and the law enforcement agency will try to reconnect to gather more info in the hopes of testing those theories."
But how law enforcement regards Krebs and his ground-breaking stories about data breaches? "I don't know how law enforcement views me frankly," says Krebs. "My guess is as an impediment; they usually prefer to keep things under wraps until people are in silver bracelets."
What happens after the FBI or Secret Service show up with evidence of a breach?
Bromium's Crosby points out that law enforcement typically shows up at the business they think was compromised with concrete evidence, such as the stolen data itself and technical information like IP addresses.
And one of the main questions then becomes, are the companies victimized ready to investigate it? Unfortunately, often they are not, say security experts at Solutionary, which last year became part of NTT's security group. Rob Kraus, Solutionary's director of the company's security engineering research team, who has participated in forensics investigations at the behest of corporate customers who've had the "bad news" visits from FBI and the Secret Service, says every case is different.
Sign up for Computerworld eNewsletters.