- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
Network World - SAN FRANCISCO -- The U.S. government faces huge challenges both combating cybercrime and improving military cyber-defense capabilities, but progress is being made, according to officials speaking at the RSA Conference.
Howard Cox and Kimberley Peretti, attorneys in the Justice Department's cybercrime division, Tuesday spoke about cracking international cybercrime rings involved in stealing millions of dollars from U.S.-based ATMs through sophisticated network-sniffing and malicious code in bank systems that enable the theft of debit-card PINs.
Some of the high-profile cases are providing law enforcement with insights into the growing problem of cyber-crooks brazenly tapping into bank systems.
"They use the PINs to withdraw cash at ATMs and clean out accounts," Cox explained. Investigators believe hackers are finding vulnerabilities in banking systems, capturing huge blocks of PIN numbers, and locating encryption keys to decrypt encrypted PIN blocks that may be stored in hardware security modules (HSM), a physical box used to hold PIN blocks traversing the Internet in the banking system to be processed at points involving the bank or payment-card provider.
Employee debit cards that employers may use to provide employee payments are favored targets, and cybercriminals will "go into the system and change the [withdrawal limit] amount, get the cash and then go back into the system and change it back again," Cox said.
One bank reportedly lost $5 million in 24 hours through 9,000 withdrawals. Sometimes it appears the only reason the cybercriminals didn't steal more is because the ATMs ran out of cash.
"They're into banks, merchants, restaurants, large and small companies, domestic and international," Peretti said. "They're on every continent."
The top hackers appear to be overseas, "many Russian-speaking," Peretti said. They end up with plenty of money, they are young and they travel. Cooperation with law enforcement on an international level is improving, Peretti said, leading to a much better chance of apprehending, indicting and convicting cybercriminals who can carry out their crimes remotely over the Internet.
According to Peretti and Cox, these cybercriminals often work in a group comprising the hackers, the code writers and the "money mules to take it out of the ATM machines." They don't need to meet face to face to carry out their crime.
The U.S. government now has about 240 prosecutors travelling to work on cybercrime cases, and it's mainly the ones with "large-dollar impact" that get the most attention, Cox noted. He added that often "they know our networks as well or better than we do." Some use VPNs to "suck the data out," he said. "Some hackers use more security than their victims."
The U.S. military is also eager to improve its security posture in cyber-defense, according to RSA Conference speakers from the Department of Defense. Robert Lentz, deputy assistant secretary for information assurance -- effectively the military's CISO -- said the Defense Department's basic problem is "we have too many networks."