Skip Links

US Secret Service: Stronger laws could help fight sophisticated cybercrime

US Secret Service part of “Can Data Breaches Be Prevented?” Congressional hearing

By Layer 8 on Wed, 02/05/14 - 12:24pm.

In the face of the recent Target and Neiman Marcus data breaches the US Secret Service says new laws could help bolster the country's cybersecurity shield.

Testifying before a Congressional hearing entitled: "Protecting Consumer Information: Can Data Breaches Be Prevented?" US Secret Service Criminal Investigative Division Deputy Special Agent in Charge William Noonan said: "While there is no single solution to prevent data breaches of U.S. customer information, legislative action could help to improve the Nation's cybersecurity, reduce regulatory costs on U.S. companies, and strengthen law enforcement's ability to conduct effective investigations."

More on Network World: What is on a US Secret Service mainframe anyway?

Noonan said that advances in computer technology and greater access to personally identifiable information via the Internet have created a virtual marketplace for transnational cyber criminals to share stolen information and criminal methodologies.

"As a result, the Secret Service has observed a marked increase in the quality, quantity, and complexity of cyber crimes targeting private industry and critical infrastructure. These crimes include network intrusions, hacking attacks, malicious software, and account takeovers leading to significant data breaches affecting every sector of the world economy. The recently reported data breaches of Target and Neiman Marcus are just the most recent, well-publicized examples of this decade-long trend of major data breaches perpetrated by cyber criminals who are intent on targeting our Nation's retailers and financial payment systems," he stated.

The Secret Service has as one of its primary roles to protect the US financial system, is now leading the investigation into the Target and Neiman Marcus breaches. It is in fact the Secret Service who alerted Target to the problem.  The New York Times wrote: Target had no clue until the Secret Service alerted the company about two weeks before Christmas. Investigators who had been tracking these criminals overseas and monitoring suspicious credit activity spotted in December one common thread: charges and payments made at Target.

While he didn't detail the exact systems the agency uses during the hearing, Noonan said the Secret Service "proactively investigates cyber crime using a variety of investigative means to infiltrate these transnational cyber criminal groups."

As a result of these proactive investigations, the Secret Service is often the first to learn of planned or ongoing data breaches and is quick to notify financial institutions and the victim companies with actionable information to mitigate the damage from the data breach and terminate the criminal's unauthorized access to their networks, Noonan stated.

One of the most poorly understood facts regarding data breaches is that it is rarely the victim company that first discovers the criminal's unauthorized access to their network; rather it is law enforcement, financial institutions, or other third parties that identify and notify the likely victim company of the data breach by identifying the common point of origin of the sensitive data being trafficked in cyber crime marketplaces, Noonan said.

"A trusted relationship with the victim is essential for confirming the crime, remediating the situation,