Cyber cops: It may take years to find Target hackers may take years to find

Published 7:25 pm Friday, April 18, 2014

WASHINGTON — Secret Service investigators say they are close to gaining a full understanding of the methods hackers used to breach Target’s computer systems last December.

But the agency says it could take years to identify the criminals who stole some 40,000 debit and credit card numbers of Target shoppers and other personal information from as many as 70 million people in the pre-Christmas breach.

And it may take even longer to bring the offenders to justice. The federal investigation is complicated by the international nature of high-profile digital heists. The perpetrators are likely located overseas, which makes extradition and prosecution difficult. As a result, the Secret Service is focused on monitoring the online activities of its suspects, in hopes that they’ll be able to arrest them at an opportune moment, says Ari Baranoff, an assistant special agent in charge with the Secret Service’s criminal investigative division.

Email newsletter signup

“We take a lot of pride in having a lot of patience,” Baranoff said during a rare sit-down interview with the Associated Press at the agency’s headquarters in Washington. “There are individuals we’ve apprehended that we’ve known about for 10 years and we’re very comfortable indicting these individuals, sitting back and waiting patiently until the opportunity arrives that we can apprehend them.”

Target said it can’t yet estimate what the breach will cost the company, but some analysts put it at close to half a billion dollars. The total cost of the breach — which also would include losses incurred by banks, consumers and others — could easily reach into the billions of dollars.

Target, which is in the midst of its own investigation, has said very little about how the breach happened, except that it believes the thieves gained entry to its systems by infiltrating computers owned by one of its vendors, thought to be a Pittsburgh-area heating and refrigeration business.

Baranoff couldn’t speak specifically about the federal investigation into the Target breach, since the case is ongoing, but he talked candidly about the growing threat of large-scale, financially motivated cybercrimes and the Secret Service’s efforts to stop them.

Behind every major breach, there’s usually a team of highly specialized cybercriminals who mainly know each other through online nicknames and reputations. Most aren’t motivated by politics, just greed, Baranoff said.

If the hackers do invest in anything, it’s their own operations. An increasing number are building their own server farms, sometimes leasing space to other criminals, making it harder for law enforcement to track them down.

Further complicating matters, Baranoff said the vast majority of high-level cybercriminals tend to be Russian speakers based in former Soviet and Eastern European countries, which largely puts them out of the reach of U.S. authorities.

But the Secret Service has strong ties with cybercrime agencies in many countries — including The Netherlands, Germany and the United Kingdom — and has found others to be helpful as well, even if they don’t have extradition treaties with the United States.

While best known for protecting the president of the United States, the U.S. Secret Service was originally formed in 1865 to investigate crimes related to counterfeit currency. The passage of the Patriot Act following the Sept. 11 terrorist attacks expanded its role in investigating computer-related crimes.

From the agency’s unassuming headquarters a few blocks from the bustle of the National Mall, special agents infiltrate online forums frequented by hackers, monitoring their activities, and creating online undercover identities in hopes of infiltrating criminal networks.

 

 

 

The same kinds of activities take place at the Secret Service’s other electronic crimes task forces in the U.S. and overseas. The tactics the investigators use are surprisingly similar to the law enforcement methods used by traditional beat cops everywhere. But digital investigations come with their own challenges. And based on the growing volume of stolen data now up for sale, hackers are becoming more sophisticated and more successful at evading justice.

Chester Wisniewski, senior security adviser for the computer security firm Sophos, says it’s the Secret Service’s ability to coordinate with law enforcement agencies around the world that make it effective in fighting cybercrime and help speed things up.

“With electronic crime, criminals move extremely fast and they’re dependent on the police being tied up in red tape,” Wisniewski says.

But challenges remain. After years of work, agents might be able to shut down a message board where stolen credit card numbers are bought and sold, but there’s nothing to stop another from replacing it the next day, he says.

Meanwhile, political and economic pressure on countries known to harbor cybercriminals can also help, Wisniewski says, noting that U.S. promises of a better trade status helped eliminate much of the cybercrime that previously originated in Romania.

Despite all of that, many countries, including Russia, follow an unwritten rule: they won’t pursue cybercriminals as long as they don’t commit crimes in their own countries, Wisniewski says.

Baranoff says criminals could evade U.S. capture indefinitely if they stay hunkered down in their homes, but they’re generally not happy staying put and like to spend their ill-gotten gains on trips to countries friendly to the U.S.

That’s when authorities can make their move.

“These actors are making a lot of money and they want to travel,” Baranoff says. “Some have suggested that there’s no greater punishment actually than forcing them to stay where they are.”