Keyboard crime Cyber security expert offers words of caution

By Frank Weir Legal News Thomas Winterhalter, a supervisory special agent for the Detroit FBI's Cyber Squad, addressed the Washtenaw County Bar Association's Intellectual Property Section recently, offering a fast-paced primer on Internet crime, cyber espionage, and cyber terrorism. And when it comes to computer crime, there's plenty to worry about, he indicated. Winterhalter sports a technological background, having previously designed computer chips after earning a degree in electrical engineering from the University of Michigan. "In our work, cyber includes intrusions of any sort be they by nation states, criminals or terrorists," he began. "We also assist with supporting other FBI investigations which are highly technical." Over the course of the hour, Winterhalter described a cat-and-mouse game as investigators chase criminals, spies, and terrorists who expand their attempts to do what they do and hide their activities from law enforcement authorities. "Most of my personnel are engineers and computer scientists. Only a few have a law enforcement background," Winterhalter noted. The nature of the game is such that Winterhalter preferred not giving out hard copies of his power point presentation and asked that some comments not be published, all in the interest of not letting the other side know what the FBI knows and how authorities respond. Even though the FBI has attaché offices around the world, Winterhalter said, and the bureau works with law enforcement and other countries around the globe, he noted that cyber crime "has no borders." "John Dillinger couldn't commit a thousand robberies on the same day in all 50 states in his pajamas from halfway around the world," he said. "That's the challenge we now face with the Internet. As FBI Director James Comey has said, cyber crime blows away all concepts of time and space and requires us to shrink the world just as the bad guys have. We treat Internet crime just as seriously as a criminal kicking in your door and stealing your stuff." A further complication, Winterhalter said, is the blurring of criminal and terrorist activities and nation states. "Some nation states influence some of the criminal actors in their countries. When we see this, we work to share that information with the international community." He added that bank fraud is a good example of the cyber challenge the bureau faces. "We work with the banks involved when we see fraudulent activities," Winterhalter said. "We have seen criminals change their tactics as we figure out how they are operating." Winterhalter added that after criminals "rob the bank" they have begun to take down a bank's computer system, take it offline, so the now more elaborate security systems couldn't monitor what they were doing. They also developed ways to steal passwords, hack into a banking system, recognize when someone logged in, and then hijack that session. "It's a cat and mouse game that continues to this day," he said. Winterhalter explained that "almost any crime can be committed with a computer on the Internet. There are cyber threats everywhere." Different victims are targeted and are as diverse as public sector energy utilities to point of sale systems that consumers are more familiar with, Winterhalter indicated. Target and Michael's have been among the hacking victims, he said. "Twelve years ago, a criminal group targeted Lowe's. As it turned out, the criminals were in the metro Detroit area and hacked into a wireless network and downloaded customer data," he said. "But they didn't use the information against individual consumers but rather attempted to extort Lowe's by threatening to release the data criminally and to embarrass the corporation that its security systems had been breached." Winterhalter noted several times that corporations sometimes do not want to participate in investigations when the bureau discovers a security breach. "They are concerned about the effect of negative publicity on their reputations, their share price. Sometimes we will tell them about a particular system that has been breached and they will shut that system down but the breach is still there and typically turns up in another of their systems. Most of companies let us get much more involved because they realize its the only way to resolve the attack. We actually have seen an increase in companies willingness to work with us and coming to us first." Yet another facet of Internet crime is "hacktivism," criminal espionage and terrorism, Winterhalter explained. Hacktivism, seeking social change, has been much in the news with "Anonymous" and other groups. "We saw this with the recent unrest in Ferguson, Missouri when hacktivists got into the police department personnel data and found information on the police officer involved in the shooting. It wasn't for monetary gain but rather a 'digital protest' against the department and the officer. But, these protestors released personal information about the officer which put him and his family in harm's way." Computer crime in the commercial sector is yet another area under the purview of FBI monitoring, Winterhalter said. The bureau sees people inside companies who are terminated or starting a competing company, who use computers to steal data including research, or to attack their former employer in revenge. "We had someone in Michigan who was terminated and he brought down an Ohio hospital's computer system for six to eight hours. Viewing lab results, test results, X-rays and MRIs, patient registration and discharge, and so forth, were all disabled during that time. He was a Syrian national and fled the country but he came back and pled guilty." Closer to home, Winterhalter told of a husband-and-wife engineering team who stole technology from General Motors, hoping to sell to another company but were discovered and prosecuted. Another Michigander stole information from an energy drink company, including bottling formulas, capping systems, and attempted to set up a competing company, which eventually failed, Winterhalter said. He noted that some criminal actors actually steal proprietary information from a company and try and make it their own. One criminal enterprise even went back to the company that did the original research to get help in setting up the system, the design of which they had stolen, when they were unable to get it working. "Unfortunately, the original company was struggling and felt they had no choice but to assist them," Winterhalter said. Winterhalter concluded that individuals and companies should always evaluate their risk with computer data by analyzing threat, vulnerability and consequence. "Some companies rush to expand overseas to increase their global presence. But privacy laws vary in other countries and it may be more difficult to monitor your computer systems. What kind of a connection and network will you have between your foreign offices and headquarters here? "You might sacrifice profit and share growth but it might make more sense in the risk evaluation to stay smaller and in the U.S. when you balance possible profit increase with what you stand to lose if attacked or the cost to secure your data and networks." He stressed the importance of companies contacting the FBI when they suspect criminal activity in its computer systems. "It's a learning process. As companies contact us, they learn what is significant and what isn't. Furthermore, it is important for us to know what information was stolen, or attempted to be stolen, so we can help understand the impact to the United States and her allies." He noted that former FBI Director Robert Mueller said, "There are two types of companies when it comes to computer crime. Those that have been hacked and those that will be." Published: Wed, Apr 15, 2015