Now Erik Rasmussen takes some time to talk about the US Secret Service’s achievements and the role of public-private partnerships in fighting cybercrime.
Nicholas Percoco: Now I’d like to have you spend a couple of minutes talking about some of the successes your organization has had. We spoke a lot about “here’s what the criminals do, here’s what their activities are in terms of infiltrating organizations and stealing data.” Maybe you could talk about some of the results of your investigations?Erik Rasmussen: Ok. With this great sort of modified lineup of people we have here (see right-hand image), all these individuals were under investigation by the Secret Service due to various computer-related crimes. In the lower right there’s a very interesting picture of Albert Gonzalez with his DEFCON badge around his neck, but he was one of the main hackers responsible for the TJX breach several years ago, and he’s in federal prison now.
There’re some other individuals on there that were involved in a very significant point-of-sale breach that occurred in the food & beverage industry several years ago, that have been recently brought to justice, including an actual Romanian who Romania actually allowed us to extradite to the United States to serve justice in front of the United States Justice System.
There’s an individual on there who was responsible for a denial-of-service attack against a domain name registration company that locked out his domain once they knew it was resolving to a botnet he was running. That was prosecuted out of the Los Angeles office for the Secret Service.
There’s some individuals on there, too, responsible for the very beginning actually of, I guess you could call, some of the Anonymous cases out there. I don’t know if everybody recalls, but in about 2006 or early 2007 there was an individual that was responsible for a denial-of-service attack against the Church of Scientology after a very infamous Tom Cruise video surfaced on YouTube. And he was one of the individuals responsible for initiating that attack.
And then we have also on here more traditional white-collar crime where an individual worked at a telecom kiosk in a mall, and he and his girlfriend used the ability to have a 100% discount for the cell phones at their store, give them to himself via various post mailboxes, then resell them on eBay and to other third parties, where he was defrauding that store for about $1 million with the cell phones, from a single store.
So, as you can see, all those crimes may be things related to what’s in the Global Security Report or other investigations that are very much related to things that the Secret Service does.
Nicholas Percoco: Ok, Erik. So, I guess one of the big questions that people often ask us is, you know, why are we working together? Why are we here sitting on stage together? You often hear a lot about public-private partnerships; this is a perfect example of one that actually works and that’s actually been successful. We’ve done a lot of investigations, we’ve shared a lot of results of those investigations with Erik’s organization, with the Secret Service, and internally gained a lot of knowledge about the criminal activity, the criminals behind the activity. And that helps us in our investigations to understand better how to investigate, better understand the mindset of where they’re going in those organizations, what they’re targeting. And so, maybe you could add a little bit – what benefit do you have by working with an organization like Trustwave?
Erik Rasmussen: The Secret Service is extremely proud of that relationship, and I think what it builds is a level of trust with the rest of the private sector and with other government sectors that may at some point need the resource of Trustwave and/or the Secret Service. When they see people collaborating and being able to work and share information – because I think information sharing maybe is an overused term – that’s important because people of course want to be able to assist in an investigation, maybe get some sort of feedback before, during or after. And that occurs with us, especially with our point-of-sale investigations. The incident response side of Trustwave is extremely robust and it shares a lot of information with the Secret Service and vice versa. And also, I think we help each other out with various training modules that we can send out to the different Secret Service entities to be able to show that both sides can learn from what it’s like to be able to experience the cyber environment privately and the cyber environment in the government sector.Nicholas Percoco: Great, thank you! So with that, there’re two things that you take away from this session, or we hope you take away. One is: better insight into the world of the financially motivated cybercriminals. And the second piece is that public-private partnerships do work, and that’s by sharing information with law enforcement, by engaging with any organization involved in criminal investigations. Folks in the security industry can really help put a really big dent into the criminal enterprise, into the cybercrime that’s going on today.
So with that, thank you Erik! And everybody here, I’d like to thank you for listening!