U.S. Attorney Durkan:
The following post appears courtesy of the office of U.S. Attorney Jenny Durkan of the Western District of Washington. U.S. Attorney Durkan is also the chair of the Justice Department’s Cybercrime and Intellectual Property Enforcement advisory group.
The Puget Sound region of Washington state is home to high-tech heavyweights like Microsoft, Amazon and Boeing and a flourishing start-up scene that attracts top talent from around the world. Two recent indictments and a high-profile conference put the spotlight on flipside of that success: the increased threat of cybercrime.
Jesse James said that he robbed banks “because that’s where the money is.” Today, increasingly the money – and the capacity to steal it – is online. From scareware to skimming to information theft to distributed denial of service (DDOS) attacks, efforts to steal money and attack our digital infrastructure are on the rise.
U.S. Attorney Jenny Durkan, who chairs Justice Department’s Cybercrime and Intellectual Property Enforcement advisory group, and the prosecutors in the Western District of Washington have made combating cybercrime a top priority. That includes working with companies and individuals to enforce federal laws when systems are hacked, personal information is compromised, payroll and banking information is misused, electronic commerce is disrupted or trade secrets are stolen.
For example, last month, a grand jury indicted three defendants who hacked into computer systems to steal personal and business information used in a variety of thefts and frauds.
When the indictments were announced, U.S. Attorney Durkan said:
“These defendants combined ‘old school’ methods such as burglary, with high tech methods such as using unprotected wireless networks to hide their identities while draining bank accounts and committing fraud. The victims in this case quickly reported the hacking to law enforcement — a key step to bringing these defendants to justice.”
Critical to cracking this sophisticated scheme, which is alleged to have victimized more than 50 area businesses, was the fact that companies came forward to report the crimes. Because of that reporting, members of the U.S. Secret Service Electronic Crimes Task Force were able to connect the dots on what looked like unrelated incidents. As part of the public education around protecting business and personal networks , the U.S. Attorney and law enforcement provided tips to protect against being a victim:
- Businesses should review their wireless encryption and confirm that they are using the appropriate level of encryption (WPA2 Personal or WPA Enterprise).
- Businesses should keep a record of all laptop computers and ensure that any computers with remote access are encrypted. Any missing laptop computers should have passwords and credentials replaced immediately.
- Businesses should be aware of hacking that can occur from physical access to the server room as well as from external hacking.
- Employees should never click past security certificate warning screens and should notify their IT staff immediately.
- Managers should be aware of “watercooler” talk among employees that may indicate a breach has occurred. This includes numerous employees complaining of fraud on personal accounts.
- Businesses should ensure that they have a security response plan prepared in the event that some kind of incident does occur.
- If you notice suspicious activity, contact your local law enforcement. You can make a referral to the U.S. Secret Service Electronic Crimes Task Force or other law enforcement agencies through the Justice Department’s portal: www.cybercrime.gov/reporting.htm.
Another crime that has gotten attention in western Washington is “skimming” – a crime that involves electronic to steal credit and debit card information at ATMs and at points of sale. It is estimated to be a $1 billion-a-year crime. Over the last several weeks, prosecutions of individuals involved in what is believed to be one of the largest skimming operations on the West Coast have begun. The hope is that the arrest of those engaged in skimming, coupled with increased public awareness, will help diminish the losses from this crime.
As with hacking, there are things people can do to protect themselves from skimming:
- If the access door to a lobby ATM is broken, don’t use the ATM, go somewhere else.
- If there is more than one ATM, and a sign has been placed on one of the units saying it is out of service, go somewhere else – the sign could be an attempt to direct traffic to the machine where skimming equipment is installed.
- Check the machine before putting your card in – is the card slot securely in the machine? Has anything been installed around the edges of the machine that could conceal a camera? Is any glue or sticky substance around the key pad or card slot?
- Always attempt to cover your hand when you enter your PIN so that if there is a camera, the numbers cannot be captured.
- Watch your account activity and report any unauthorized credit or debit charges immediately.
With these cases as a backdrop, earlier this month the U.S. Attorney’s Office and the University of Washington School of Law hosted a cybercrimes conference Federal and local law enforcement officials, cyber-security professionals from the region’s many high-tech companies, and attorneys who represent the technology industry. The conference focused on current trends and emerging threats in cybercrime and cyber-terrorism, proposed amendments to the Electronic Communications Privacy Act to balance privacy expectations and law enforcement needs, and how to work with law enforcement agencies in response to incidents of cybercrime.
The rise in the number, scope and damage caused by cybercrime is alarming. The Justice Department, through its integrated investigation efforts and prosecution teams in U.S. Attorney’s Offices, and industry must work together to address the threats we face to protect our people and the economy.