U.S. Secret Service Establishes Electronic Crime Task

Wednesday, May 24, 2006
By David Templeton, Pittsburgh Post-Gazette

The U.S. Secret Service is expanding its relationship with local universities and financial institutions to prevent and combat electronic crimes.

The Secret Service's local field office already had created a network with Carnegie Mellon University, the University of Pittsburgh and Duquesne University and local financial institutions to try to prevent hackers from stealing information and money.

Yesterday the service announced it was establishing Electronic Crime Task Forces in nine cities, Pittsburgh included, to create public-private partnerships aimed at fighting high-tech computer-based crimes.

Those crimes include e-commerce fraud, intellectual property violations, identity crimes, telecommunications fraud and computer intrusion crimes.

"If we could educate private industry and law enforcement about prevention, we could end these crimes," said Matt Lavigna, assistant special agent in the Secret Service's Pittsburgh Field Office. "Basically we're looking to confront and suppress technology-based criminal activity that damages the integrity of financial payment systems."

The local partnership, he said, will continue using CMU's Software Engineering Institute's CERT Program to help solve cyber crimes and identify weaknesses in financial computer networks. CERT focuses on research, development, training and education, and responds to cases in which computer networks have been breached.

"We don't need to create anything new," Agent Lavigna said. "CMU has the expertise. We rely on them to educate us and help us. If we hit a wall in an investigation, we go to the guys at CERT and ask for input. We actually have agents detailed at CERT."

Agent Lavigna provided this scenario:

If someone hacks into a bank's computer data base, the bank will summon help. The Secret Service will investigate and, if necessary, use CERT to help identify the hacker and "plug holes" in the network so the problem does not recur.

"They [at CERT] are software specialists and they are good at analyzing code and malicious content," he said. "If someone puts malicious code on a computer, they can decipher that code and put the author's signature on it."

Agent Lavigna said the Secret Service has had several cases in which CERT has been instrumental in directing agents where to look, leading to convictions.

CERT and the Secret Service also release a periodic "Insider Threat Report," that analyzes acts of insider sabotage on computer systems and provides information and prevention advice.

Solving one financial institute's problems can provide lessons in prevention for other institutions. Agent Lavigna said the task force will hold quarterly meetings to bring everyone up to speed on local and global issues.

"This is not going to go away, no matter how much we tell people not to respond to e-mails that they won the lottery or to a site infected with malicious code or a network that is not secure," he said. "This is a constant education and crime-fighting effort."

(David Templeton can be reached at dtempleton@post-gazette.com or 412-263-1578 )
http://www.post-gazette.com/pg/06144/692624-28.stm