Fast Company

Secret Service Reveals How It Stalks Cybercriminals

The Secret Service recently spilled the beans on their anti-cybercrime investigations. Fake accounts on underground websites? Elaborate multinational credit card fraud investigations with Turkish law enforcement? They're doing that.

Secret Service

A top Secret Service official ended up spilling details about federal anti-hacker strategy at a relatively obscure federal hearing in Alabama. In testimony given to the House Committee on Financial Services, assistant director Alvin T. Smith revealed just how involved the Secret Service is in federal investigations into cybercrime ... and told some extremely cool stories in the process.

Smith was a witness at a field hearing called, simply, “Hacked Off: Helping Law Enforcement Protect Private Financial Information.”

At the naughtily named hearing, Smith detailed how the Secret Service has infiltrated underground websites (including both hacker and cyberfraud sites) and bulletin boards. A 2008 investigation into criminals who stole credit and debit card numbers from Dave & Buster's, OfficeMax, Sports Authority, and Barnes & Noble customers was largely accomplished thanks to accounts by undercover feds on illegal websites.

Undercover Secret Service agents then, with the assistance of Turkish and other international investigators, traced the sale of stolen American credit card numbers to Russia and Eastern Europe.

While The Guardian has previously revealed that the Secret Service has infiltrated hacker websites, this is one of the first times a federal official has spoken on the record about the extent of law enforcement penetration.

But pride of place in the presentation went to the elaborate methods that the Secret Service used to nab alleged credit card data thief “BadB,” aka Russian national Vladislav Horohorin. “BadB” was arrested in France in 2009 on charges related to the CarderPlanet website, which sold more than $9 million worth of stolen credit card numbers to criminals around the world.

Smith referred to Horohorin not by name, but as “one of the world's most notorious traffickers of stolen financial information.” His testimony also unveils how the Secret Service simultaneously embeds itself with cyberfraud investigators across the federal spectrum and works with international law enforcement:

The suspect is alleged to have created the first fully automated online store for selling stolen credit card data. Working with our international law enforcement partners, the suspect was identified and apprehended as he was boarding an international flight to Russia. Both the Computer Crimes and Intellectual Property Section and the Office of International Affairs of the Criminal Division of the Department of Justice played critical roles in this apprehension. This type of cooperation is crucial if law enforcement is to be successful in disrupting and dismantling criminal organizations involved in cybercrime.

In testimony, Smith also detailed how the Secret Service teamed up with Dutch law enforcement services to track a series of cyberattacks in 2010. This cyberattacks included everything from brute force attacks to sophisticated spearphishing attacks aimed at specific users.

Most importantly, the Secret Service has been embedding agents and staff at almost all levels of the federal government. The Secret Service has thoroughly melded handling of what they call “cyber” investigations with the Department of Homeland Security (DHS) and other government agencies. Secret Service agents are assigned on detail to (among others) the DHS' National Cyber Security and Office of Infrastructure Protection Divisions, DHS' Science and Technology Directorate, every individual FBI joint terrorism task force, the FBI's National Cyber Investigative Joint Task Force, the Treasury Department's Terrorist Finance and Financial Crime and Financial Crime Enforcement Network sections, the DEA's Special Operations Division, the Department of Justice's International Organized Crime division, the CIA, EUROPOL and INTERPOL.

The hearing was held at the Secret Service's National Computer Forensics Institute in Hoover, AL, which offers courses on everything from mobile device data recovery to intelligence/evidence gathering via social media to local law enforcement nationwide.[Image: Flickr user mdfriendofhillary]

For more stories like this, follow @fastcompany on Twitter. Email Neal Ungerleider, the author of this article, here.

Correction: An earlier version of this story erroneously reported the nature of the 2010 cyberattacks mentioned in the hearing. Fast Company regrets the error.

Add New Comment

0 Comments