Computer Crime Research Center


Police Grapple With Cybercrime

Date: April 29, 2014

Analyst Cody Dunn works with SnapTrends location-based social-media monitoring software at the Statewide Information and Analysis Center in Sandy, Utah. The state's cybercrime team and other law-enforcement agencies can use the information to detect threats. Cayce Clifford for The Wall Street Journal
When cybercriminals stole $2.5 million from the state of Utah in 2009, authorities got most of the money back—but never could find their man.

The money was wired to a bank account in Texas, officials said, as a step before an attempt to move it overseas. Utah authorities managed to freeze much of the funding in the U.S., but couldn't figure out how the state agency got hacked and by whom, officials said. At one point, state investigators sought a man with a false name at a nonexistent address.

"It was just, for us, kind of a helpless feeling," Utah Commissioner of Public Safety Keith Squires said of the incident.

As crime is increasingly moving online, state and local police—who have spent decades refining how to track down murderers, thieves and drug dealers—are having a hard time keeping up.

"It probably is one of the most perplexing questions right now in terms of state and local policing: How do they handle this stuff?" said Richard McFeely, who recently stepped down as the top cybersecurity official at the Federal Bureau of Investigation. "We're not generally working these cases. We need to get out ahead of this."

In 2012, consumers reported $525 million in damages to the Internet Crime Complaint Center, a group run partly by the FBI that collects data on cybercrimes, including fraud, hacking and identity theft. That was an 8% increase from the prior year.

The FBI and Secret Service have advanced tools to investigate cybercrime. The Secret Service, with private-sector firms, has been probing the theft of 40 million credit- and debit-card numbers from Target Corp. TGT +0.15% last year. But federal agencies have limited resources, and handle only the most egregious cybercrimes. That leaves most such cases to local police.

When a computer virus infiltrated the Swansea, Mass., police department's computer network last year and threatened to destroy files unless police paid a ransom in bitcoin, the digital currency, police said they had to look up what exactly bitcoin is.

Last summer, hackers disabled the website for the Screamin Peach, a waxing salon in Fort Collins, Colo., with a flood of useless Web traffic, manager Kat Mueller said. Each time the shop's Web manager restored the site, hackers crippled it again, preventing customers from booking appointments online. Local police looked into the matter but eventually gave up. "Since the detective was unable to identify any suspects, the case has been closed," Fort Collins police spokeswoman Rita Davis said.

Lacking specialized skills, some local police departments hire private cybersecurity companies to conduct digital investigations. Some states have developed task forces and high-tech crime labs that act as clearinghouses for local departments, though most focus on child pornography.

Now, the FBI is attempting to bolster local capabilities. Last year, the bureau offered three Utah state troopers top-secret security clearances and lessons on how to track hackers from places like China and the former Soviet bloc. Since then, the New York State Police sent one trooper to a similar program in Albany.

In Utah, the effort also means FBI special agent Jeffrey Coburn is helping solve cases with which his agency normally wouldn't bother. Mr. Coburn said he and state police are on the trail of a suspect who hacked into the network of a city they wouldn't identify, gaining access to industrial-control software used to manage public utilities, such as power stations or water-treatment plants.

It's unclear what the suspect hoped to accomplish, but the intrusion alarmed police. "The hacker mind is an interesting mind," Mr. Coburn said.

So far, Utah's cybercrime team has closed two cases, neither directly related to hacking but involving computers. In one, Darrell Cooper of Tooele, Utah, pleaded guilty to stealing DVDs from a grocery-store rental kiosk. Mr. Cooper was sentenced to three years' probation. The other case involved a man selling counterfeit jerseys online.

The Utah police tapped for the project had no cybercrime experience, though some dabbled in technology in their spare time.

The techniques are more IT guy and less "Law &Order." In the case of the municipal-network hacker, the officers being trained by Mr. Coburn scanned thousands of lines of code from the computer's internal journal, called a log file, to discern how a hacker broke in and from where. The evidence then led to search warrants and interrogations. Authorities said they have seized the suspect's computer, but haven't yet made an arrest as they are probing him for other possible crimes. "He knows we're on to him," Mr. Coburn said.

Federal involvement doesn't always mean a quick resolution. After hackers breached the payment system for several state-run liquor stores in North Carolina last summer, the FBI's Charlotte field office picked up the case. More than nine months later, district attorneys said they aren't prosecuting it and a local FBI spokeswoman declined to confirm or deny an investigation.

Another hurdle: Many cyberattacks originate overseas, where state police often are unlikely to have the power to make an arrest. "Legally, I'm not going to Romania," said Lt. Mark Brown with the New York State Police. "That's where a lot of these cases are coming from."


Add comment  Email to a Friend

Copyright © 2001-2013 Computer Crime Research Center
CCRC logo