In the face of the recent Target and Neiman Marcus data breaches the US Secret Service says new laws could help bolster the country's cybersecurity shield.
Testifying before a Congressional hearing entitled: "Protecting Consumer Information: Can Data Breaches Be Prevented?" US Secret Service Criminal Investigative Division Deputy Special Agent in Charge William Noonan said: "While there is no single solution to prevent data breaches of U.S. customer information, legislative action could help to improve the Nation's cybersecurity, reduce regulatory costs on U.S. companies, and strengthen law enforcement's ability to conduct effective investigations."
More on Network World: What is on a US Secret Service mainframe anyway?
Noonan said that advances in computer technology and greater access to personally identifiable information via the Internet have created a virtual marketplace for transnational cyber criminals to share stolen information and criminal methodologies.
"As a result, the Secret Service has observed a marked increase in the quality, quantity, and complexity of cyber crimes targeting private industry and critical infrastructure. These crimes include network intrusions, hacking attacks, malicious software, and account takeovers leading to significant data breaches affecting every sector of the world economy. The recently reported data breaches of Target and Neiman Marcus are just the most recent, well-publicized examples of this decade-long trend of major data breaches perpetrated by cyber criminals who are intent on targeting our Nation's retailers and financial payment systems," he stated.
The Secret Service has as one of its primary roles to protect the US financial system, is now leading the investigation into the Target and Neiman Marcus breaches. It is in fact the Secret Service who alerted Target to the problem. The New York Times wrote: Target had no clue until the Secret Service alerted the company about two weeks before Christmas. Investigators who had been tracking these criminals overseas and monitoring suspicious credit activity spotted in December one common thread: charges and payments made at Target.
While he didn't detail the exact systems the agency uses during the hearing, Noonan said the Secret Service "proactively investigates cyber crime using a variety of investigative means to infiltrate these transnational cyber criminal groups."
As a result of these proactive investigations, the Secret Service is often the first to learn of planned or ongoing data breaches and is quick to notify financial institutions and the victim companies with actionable information to mitigate the damage from the data breach and terminate the criminal's unauthorized access to their networks, Noonan stated.
One of the most poorly understood facts regarding data breaches is that it is rarely the victim company that first discovers the criminal's unauthorized access to their network; rather it is law enforcement, financial institutions, or other third parties that identify and notify the likely victim company of the data breach by identifying the common point of origin of the sensitive data being trafficked in cyber crime marketplaces, Noonan said.
"A trusted relationship with the victim is essential for confirming the crime, remediating the situation, beginning a criminal investigation, and collecting evidence. The Secret Service's worldwide network of 33 Electronic Crimes Task Forces (ECTF), located within our field offices, are essential for building and maintaining these trusted relationships, along with the Secret Service's commitment to protecting victim privacy," Noonan stated.
In order to confirm the source of data breaches and to stop the continued theft of sensitive information and the exploitation of a network, the Secret Service contacts the owner of the suspected compromised computer systems. Once the victim of a data breach confirms that unauthorized access to their networks has occurred, the Secret Service works with the local U.S. Attorney's office, or appropriate state and local officials, to begin a criminal investigation of the potential violations.
"During the course of this criminal investigation, the Secret Service identifies the malware and means of access used to acquire data from the victim's computer network. In order to enable other companies to mitigate their cyber risk based on current cyber crime methods, we quickly share information concerning the cybersecurity incident with the widest audience possible, while protecting grand jury information, the integrity of ongoing criminal investigations, and the victims' privacy," Noonan stated.
Noonan noted a few of the organizations the agency shares information with including:
- The Service's National Cybersecurity & Communications Integration Center;
- The Information Sharing and Analysis Centers;
- Contributions to leading industry and academic reports like the Verizon Data Breach Investigations Report, the Trustwave Global Security Report, and the Carnegie Mellon CERT Insider Threat Study.
The Secret Service also maintains a positive relationship with the DOJ's Federal Bureau of Investigation (FBI). The Secret Service has a permanent presence at the National Cyber Investigative Joint Task Force, which coordinates, integrates, and shares information related to investigations of national security cyber threats. The Secret Service also often partners with the FBI on various criminal cyber investigations, Noonan stated.
Noonan also noted the Service's partnership with private industry is its Cyber Intelligence Section (CIS) which analyzes evidence collected as a part of Secret Service investigations and disseminates information in support of Secret Service investigations worldwide and generates new investigative leads based upon its findings. CIS uses technology and information obtained through private sector partnerships to monitor developing technologies and trends in the financial payments industry for information that may be used to enhance the Secret Service's capabilities to prevent and mitigate attacks against the financial and critical infrastructures.
CIS also has an operational unit that investigates international cyber-criminals involved in cyber-intrusions, identity theft, credit card fraud, bank fraud, and other computer-related crimes. The information and coordination provided by CIS is a crucial element to successfully investigating, prosecuting, and dismantling international criminal organizations, Noonan said.
Check out these other hot stories: