One of the most serious emerging threats we face is cyber crime. While private industry is taking steps to prevent intrusions, attacks will inevitably occur. And when they do, the U.S. Attorney’s Office has tools available to bring these criminals to justice.
Cyber attacks threaten to disrupt our nation’s power, water, communication, emergency and other critical systems. In the private sector, cyber criminals can steal millions of dollars with the click of a button. Our reliance on digital infrastructure leaves us vulnerable to threats from both sophisticated foreign nations and common cyber criminals. As Attorney General Eric H. Holder, Jr., as stated: “From criminal syndicates, to terrorist organizations, to foreign intelligence groups, to disgruntled employees and other malicious intruders, the range of entities that stand ready to execute and exploit cyber attacks has never been greater.”
The methods of attack are as varied as the motives, and new methods are constantly emerging – botnets, backdoors, Trojan horses, malware and spyware give intruders the ability to access files, steal funds or damage computer systems.
One trend is known as spearphishing, in which criminals use a refined approach to target individual employees via email and redirected websites. Emails or websites contain links that release viruses and malware. Last year, 11 energy sector companies were attacked in this way. One common lure is a web link that looks like shipping data with “UPS” in file name. Spearphishers sometimes obtain biographical and organizational information from websites and use it to craft convincing email messages that appear authentic. Criminals also use information on websites listing conference attendees and their contact information to target victims by sending harmless looking messages, such as “Click here to view conference highlights.” The link then opens the door allowing the hacker access to the computer system.
To address the cyber threat, President Obama recently issued an executive order implementing recommendations from the bi-partisan Commission on Cybersecurity. Among other things, the Executive Order directs federal agencies to increase cooperation with private sector to protect cyber systems critical for national and for economic security.
Through these efforts, private and public entities are taking preventive steps to harden targets, such as improving firewalls, strengthening passwords, and limiting access, among other strategies. Despite these efforts to lock our computer systems from intruders, the locks will inevitably be broken. As Seattle U.S. Attorney Jenny Durkan, Chair of the Attorney General’s Subcommittee on Cybersecurity has stated: “When the locks are broken, we are there to investigate and prosecute.”
The Department of Justice has a number of resources dedicated to addressing cyber crime, including the Computer Crime and Intellectual Property Section as well as prosecutors in every U.S. Attorney’s Office who investigate and prosecute cybercrime offenses. In additional, the newly created National Security Cyber Specialist Network focuses on national security threats. Our attorneys work closely with law enforcement partners, including the FBI, Secret Service, and Homeland Security Investigations.
We urge victims to contact law enforcement at the first sign of intrusion. Law enforcement has access to investigative methods that are not available to the private sector, making it easier for us to identify, stop and punish the perpetrator, which will deter and prevent future attacks. First, federal prosecutors can use Mutual Legal Assistance Treaties with foreign governments to obtain witness testimony and physical evidence from overseas. MLATs can also be used to extradite criminals who commit their crimes from overseas. For example, in United States v. Suvorov, the defendant was extradited from Germany and sentenced to seven years in prison for hacking into the Dave & Buster’s restaurant chain across the United States and stealing more than 100,000 credit card accounts.
Other tools unique to law enforcement include undercover operations and stings to identify hackers. Prosecutors can use grand jury subpoenas to obtain IP addresses, email account information and subscriber data, which can sometimes take agents directly to the offender’s door. Search warrants can be used to obtain the contents of email communications and computers, even deleted files, permitting prosecutors to build an electronic evidence trail. Law enforcement agents can use physical surveillance to provide corroborating evidence to electronic communications, such as the perpetrator’s physical presence at the location where an IP address originates. Prosecutors can send preservation letters to prevent internet service providers from destroying evidence while an investigation proceeds. Finally, Justice Department lawyers are able to collaborate across jurisdictions within the United States and around the world.
Penalties for intrusions include prison, fines, restitution for victims and asset forfeiture of the instrumentalities of the crime. But to successfully investigate and prosecute a cyber crime, victims should contact law enforcement as soon as the breach is identified, before the offender can flee and evidence can be spoiled. Computers should not be reviewed until they can be forensically imaged by law enforcement to preserve evidence and so that a chain of custody can be documented.
When computer systems are breached, private entities are sometimes reluctant to report the intrusion to law enforcement, for fear of bad public relations or loss of control of the investigation. But if an intrusion goes unreported, the hacker will strike again against you or another victim.
The Department of Justice is committed to working to address these concerns. First, sensitive information can be protected during a prosecution through use of a protective order. In a recent case in Detroit, the court directed that only the parties and jury could see trade secret information, using a screen to prevent disclosure to courtroom spectators during the trial. In addition, names of victims can be redacted from charging documents. Prosecutors are instructed to protect the interests of victims by keeping senior managers informed, consulting with IT staff and minimizing disruption of day-to-day business. For example, computers sometimes can be mirror-imaged rather than seized for investigative purposes.
At the U.S. Attorney’s Office for the Eastern District of Michigan, we are committed to working with our industry partners to do all we can to protect Michigan’s technology and critical infrastructure from intruders. At the first sign of an intrusion, please contact us at 313-226-9100 or the FBI at 313-965-2323.
Barbara L. McQuade
United States Attorney
Eastern District of Michigan