Matt Zbrog
In today’s world, you are your data. So what happens when that data is stolen? It’s a question that’s becoming more and more important: according to the Bureau of Justice Statistics, over 10 percent of Americans aged 16 or older experience identity theft every year, with the associated financial losses totalling over $17 billion.
Identity theft is, in and of itself, nothing new. The FBI has been busting people for counterfeit IDs and forged checks for a long time. But with the integration of the internet into mainstream society and commerce, identity theft has taken a new and insidious turn.
While it can take many forms, identity theft is primarily about stealing people’s data: Social Security numbers, login names and passwords, driver’s license numbers, and bank account information. Ways to use this information maliciously range from tax return fraud, to medical fraud, to digital impersonation. But by far the most common consequence of identity theft is compromised debit and credit card information.
The case against one of the most infamous identity thieves began by pure chance. In July 2003, a plainclothes NYPD detective observed a young man pulling out cash from an ATM. The detective noticed that the young man pulled out a few hundred dollars, then inserted a new card and pulled out a few hundred dollars more. And then he did it again. And again. The cycle repeated and repeated, until the NYPD detective intervened. The young man, whose name was Alberto Gonzalez, had been cashing out funds from blank cards that he’d imprinted with stolen card numbers.
Alberto Gonzalez, also known by his online handle soupnazi, was arrested and turned over to the Secret Service’s Electronic Crimes Task Force, who had been investigating cases of cash-related identity theft in the area. Investigators learned that not only did Gonzalez have millions of stolen credit card numbers on a database in his personal computer, but he also worked as a moderator of a large online black market site called Shadowcrew that peddled both stolen data and the tools needed to take advantage of it.
Agents convinced Gonzalez to work as an informant. In this role, Gonzalez persuaded his coworkers to begin communicating through a secure VPN (a VPN which had, in fact, been wire-tapped by the Secret Service), and his efforts in the investigation led to the indictment of over a dozen members of Shadowcrew. He then aided in another investigation, and then another, earning the trust of the Secret Service, and even a paid salary. He spoke at conferences and seminars. And, along the way, unbeknownst to his handlers, he worked with fellow hackers to steal an additional 180 million identities from corporations like OfficeMax, Target, Barnes & Noble, and 7-Eleven.
One way Gonzalez’s crew worked was through a technique called ‘war-driving,’ where hackers would park themselves physically close to a big-box store, and next, with high-powered antennae and laptops, listen in on the traffic of the store’s WiFi networks. Gonzalez would compromise log-in accounts, debit and credit card numbers, and transaction information; then he’d store his haul on rented servers in the Netherlands, Latvia, and Ukraine. From there, Gonzalez sent this data out to an international syndicate, where collaborators in Europe, Asia, and South America would buy the stolen info and then send cash or wires back to Gonzalez, through proxies.
In a parallel two-year investigation, an undercover agent was finally able to meet with one of Gonzalez’s collaborators in Dubai. While there, the agent copied the collaborator’s hard drive, gaining info that linked them to major cases of identity theft in the US. This led investigators to a case in North Carolina where a man had been caught with $200,000 in cash and 80 blank debit cards. That led them to a man named Jonathan James, who investigators surveilled and found sitting in a car with a laptop and a high-powered antenna. And, finally, that led to a thumb drive that showed who was providing this network with stolen card data: someone who went by the name of soupnazi.
In the subsequent raid on Gonzalez, investigators found two laptops teeming with evidence and over $1.6 million in cash. According to the Office of the Attorney General, Gonzalez cost victimized companies over $400 million in reimbursements and legal fees. Gonzalez pled guilty to all charges against him, and received the longest-ever sentence given to an American for computer crimes: two concurrent 20-year terms.
Identity theft doesn’t have a typical crime scene. There is no blood, and there are no fingerprints. But there are still forensic traces if an investigator knows where to look.
Today’s investigations require following the trail of money and data across international borders and through complicated tunnels of tech. Forensic professionals from both the public sector and the private sector need to be versed in a wide range of fields: from cybersecurity, to forensic accounting, to digital evidence collection. Their investigations can take years, requiring collaboration between numerous agencies and countries. To catch today’s criminal requires one to be as intelligent and sometimes as ruthless as the suspect.
Catching identity thieves is one of the most difficult tasks for forensic investigators. Large swathes of data are often stolen in a single heist, then parceled off to a wide network of accomplices who parcel the stolen data out further. The very nature of the crime includes the masking of one’s identity, which makes pinpointing the perpetrator all that much harder. Much of the attention focuses on preventing attacks in the first place, or recouping losses to the unwitting victims. But small groups of dedicated investigators are going after the perpetrators themselves. If you’re ready to study up and join the fight, read on to get a look at some standout programs and experts working against identity theft.
For forensic professionals who wish to become experts, Norwich University has an MS in information security and assurance that can be completed almost entirely online. Students may choose to concentrate in one of several areas, including computer forensic investigation and incident response team management; critical infrastructure protection and cyber crime; and vulnerability management.
The curriculum is delivered one course at a time, with each course lasting 11 weeks. Class sizes are small and the subject matter is tailored to each student’s individual education track. Both the NSA and the DHS have designated Norwich as a Center of Academic Excellence in Information Assurance Education.
Those looking to get their start in the fight against identity theft can earn an online bachelor of science in cybersecurity from Utica College. Students learn about topics like information assurance, digital forensics, intrusion investigations, cyber operations, and fraud investigations.
The curriculum is informed by Utica’s Center for Identity and Information Protection, a collaborative dedicated to national research on the subject of identity protection. The NSA, DHS, Defense Cyber Crime Center (DC3), and the EC-Council have all recognized Utica College for its excellence in digital forensics, cyber defense, and information assurance. Do note that, as a degree completion program, applicants will need either an associate’s degree or a minimum of 57 credits earned from an accredited university.
Purdue University’s Polytechnic Institute offers an advanced MS in computer and information technology (CIT) that is research-focused. The school provides numerous on-campus resources, including computing power and research laboratories. Students may choose to specialize in a number of subjects, including information security and cyberforensics. Courses include subjects such as: cyberforensics of the cloud and virtual environments; information security management; network forensics; and advanced network security. At the culmination of their studies, students must present and defend a thesis on a topic of their choosing.
Dr. Austen D. Givens is an assistant professor of cybersecurity, cyberpolicy, and risk analysis at Utica College, where he also serves as director of graduate cybersecurity programs. He teaches at both the graduate and undergraduate level on subjects such as network security and emergency management. Before joining academia, Dr. Givens worked with the Department of Defense and Department of Homeland Security, and he’s testified before the New York State Senate on cybersecurity threats. Today he’s a well-known thought leader in cybersecurity, making TV and radio appearances on the subject. His most recent book focuses on public-private partnerships in countering cybersecurity threats.
Tyson A. Martin serves on the advisory board for the graduate program in information security and assurance at Norwich University. As a graduate of the CISO executive program at Carnegie Mellon University’s Heinz College of Information Systems and Public Policy, he brings over two decades of experience in information security and risk management across multiple industries. Prior to joining the advisory board at Norwich, Martin served as CISO for PokerStars and The Orvis Company. A progressive thought leader in the cybersecurity industry, Martin is a strategic advisor for early-stage startups, and he also supplies security market research to venture capital and private equity groups.
Dr. Marcus K. Rogers is a professor at Purdue University, where he teaches courses in computer and information technology. He received his PhD in forensic psychology from the University of Manitoba in 2001. Prior to joining academia, he worked as a police officer and participated in numerous fraud and computer crime investigations.
Dr. Rogers is a fellow of the American Academy of Forensic Sciences (AAFS), where he also serves as chair of the digital and multimedia sciences section. His research focuses primarily on cyberforensics and psychological digital crime scene analysis. In addition to his teaching work, he has authored numerous books, chapters, and academic articles on the subjects of forensic psychology and digital forensics.
Matt Zbrog
Matt Zbrog is a writer and researcher from Southern California. Since 2018, he’s written extensively about the increasing digitization of investigations, the growing importance of forensic science, and emerging areas of investigative practice like open source intelligence (OSINT) and blockchain forensics. His writing and research are focused on learning from those who know the subject best, including leaders and subject matter specialists from the Association of Certified Fraud Examiners (ACFE) and the American Academy of Forensic Science (AAFS). As part of the Big Employers in Forensics series, Matt has conducted detailed interviews with forensic experts at the ATF, DEA, FBI, and NCIS.