NewsPronto

 
Times Advertising


.

Action Sports

imageimage
imageimage

When Roman Seleznev, the son of a member of Russia’s parliament, arrived at the Maldives airport to fly home from vacation, he never expected to be greeted by U.S. federal agents.

Now Seleznev is sitting in a Seattle jail, accused of having hacked into U.S. businesses from Russia to steal hundreds of thousands of Americans’ credit and debit card information — and selling it on extensive underground criminal forums he allegedly maintained.

Seleznev, allegedly known online as Track2, among other names, is accused of hacking into card-swiping Point-of-Sale devices at checkouts in stores across the U.S. as far back as 2009, with the first charges against him being secretly filed three years ago.

(Also on POLITICO: Most credit card breaches unnoticed)

Then, in July, as Seleznev was set to board the Maldives flight with his partner and her child, he was apprehended by Maldivian authorities and turned over to U.S. Secret Service agents. The agents flew him in a chartered jet to a federal prison in Guam, a waypoint on his trip to Washington state.

The international Seleznev dragnet is a powerful example of what FBI Director James Comey recently called efforts to “shrink the world the way the bad guys have” in cyberspace.

With major international hacking crimes against U.S. retailers like Target and Home Depot on the rise, today’s criminals can pick the pockets of hundreds of thousands of unsuspecting victims from across oceans — all with the click of a button and some lines of code.

And just as the John Dillingers of the world have gotten a 21st-century makeover, the lawmen and women of today are working to do the same, as a legal system with its roots in the 18th century shows its age in the digital era.

(Also on POLITICO: Student privacy pledged; critics scoff)

But the key elements of old-fashioned policing — relationships, undercover work and a nose for interviewing — are still just as important to fighting these online bandits as street crime.

“A burglar can only burgle one house at a time, but a cyber criminal can rob 100 million computers while he is sleeping from a distance,” said Troels Oerting, head of the European Cybercrime Centre, Europol. “You’re trying to fight 21st-century crime with 18th-century weapons in law enforcement.”

The stakes of the game are high. In 2013, the Justice Department revealed charges against eight alleged cyber thieves for a scheme that ripped off ATMs worldwide for $45 million in less than 24 hours. In all of 2011, U.S. banks were physically robbed of just over $38 million, according to FBI statistics.

But while the bad guys can seem larger than life — law enforcement officials from the local to the international want to send the message that they aren’t untouchable.

(Also on POLITICO: JPMorgan hit in largest bank hack)

All cases start with a detection. Either the victim company recognizes it has been breached, or, more likely, a law enforcement agency or outside monitoring system notifies it that it may have been compromised.

As in the Seleznev case, the victims are almost always numerous and national: either multiple branches of a nationwide chain or institutions linked by a common hackable weakness.

In response, law enforcement and the private sector have had to get better at recognizing patterns.

“If you look at it in isolation, [fraud] looks like a local and, sometimes, relatively small crime. Someone realizes there’s money missing from their account, they report it to the bank, the bank tries to run it down,” said Jenny Durkan, the U.S. attorney for the Western District of Washington, adding that banks and law enforcement began to get more sophisticated in looking at thefts. “When people lifted their heads and looked more broadly, they saw it wasn’t a local crime at all: It stretched to California, to other states and sometimes to other countries.”

Banks now can be one of the early identifiers of breaches, having the unique ability to aggregate customer information and recognize when a cluster of victimized users all shopped at one common place.

Once the patterns are detected, though, the map of the hack will often cross multiple international borders. That means the feds have to work just as well with Romanian cops as they do Seattle cops....