It was an NYPD plainclothes officer that busted him, and it was just bad luck; the detective was looking for car thieves, not credit card fraudsters. Unfortunately for Albert Gonzalez, he just happened to give off the wrong kind of suspicious vibe that night as he was cashing out.
Of course, anyone would look suspicious standing at a cash machine a few minutes before midnight, cycling through a wallet full of cards, withdrawing the maximum daily limit on each of them, and then doing it again a few minutes after midnight when the limit rolled over.
Because he wasn’t prowling cars, the NYPD turned Gonzalez over to another agency, one that had been combating card fraud since there were cards to defraud: the United States Secret Service.
- Grand Canyon University - B.S. and M.S. in Cyber Security
- SNHU - B.S and M.S. in Cybersecurity
- Purdue Global - Bachelor of Science in Cybersecurity
- Arizona State University - Online Master of Arts in Global Security
Everything You Thought You Knew About the Secret Service is Wrong
When people think of the Secret Service, they think of black-suited agents in sunglasses with discretely worn earpieces and submachine guns in briefcases. But personal protection is a recent gig for the Service.
The agency was originally established in 1865 to combat a rash of counterfeiting set off by the chaos of the Civil War, and protecting the sanctity of the nation’s currency has remained its primary mission.
Few people know this, but until 2003 when it was reorganized under the newly-formed Department of Homeland Security, the Secret Service was actually a part of the Treasury Department.
Investigating “carders” – as hackers like Albert Gonzalez are known – who steal credit card information and defraud retailers and card companies, is well within the purview of the Secret Service.
The special agents that interrogated Gonzalez were quick to realize this was a meaningful bust. He was a rising star in a large, well-connected carding crew called Shadowcrew. One prosecutor described Shadowcrew as “an eBay, Monster.com and MySpace for cybercrime.”
By turning Gonzalez into an informant, the Secret Service’s cybersecurity team was about to take Shadowcrew down from the inside.
The Silent Professionals Who Were the First on the Trail of Cyberthieves
The Secret Service found itself investigating cybercrime earlier than most law enforcement agencies, doing so as an extension of its financial crimes investigations. As currency trading and processing became more heavily computerized, so did the investigative grounds on which the service operated. In 1984, passage of the Comprehensive Crime Control Act explicitly added computer fraud investigations to the Service’s purview, a decade before most other federal investigative agencies began taking on computer crimes.
By then, the Secret Service was charging full steam into hacker rings and fraud schemes. Operation Sundevil and Operation Cybersnare ran stings against hackers engaging in telecommunications and bank fraud in the early nineties.
The primary branches of the agency dealing with computer crime today are known collectively as the Electronic Crimes Task Forces (ECTFs). Thirty-nine of these special task forces were established around the country in the wake of 9/11.
Operation Firewall, the operation that took down Shadowcrew, was their first big operation.
Once they turned Gonzalez, (some of the agents nicknamed him “Soup,” after his online handle, “soupnazi”), Secret Service cybersecurity specialists were able to penetrate the online forums that Shadowcrew used as hideouts to coordinate their schemes, installing a VPN (Virtual Private Network) wiretap to collect intelligence that would later be used as evidence in building a case against them.
On the night of October 26, 2004, the ECTF was ready to strike. Using Gonzalez as a sort of bait, they had him engage other Shadowcrew members in chat sessions to keep them in front of their computers. In eight different states and six different countries, agents and local law enforcement officers fanned out. One by one, 28 different chat sessions went silent as the warrants were served.
And Gonzalez, despite his cooperation, got caught making the mistake of two-timing the task force. He was later sentenced to 20 years in the federal penitentiary in Leavenworth, Kansas. Together, he and Shadowcrew were found responsible for the theft and resale of more than 170 million credit cards– the largest such theft in history. For the first time since statistics had been kept on online card fraud, the number of incidents dropped precipitously in 2009 after Gonzalez and Shadowcrew were taken off the streets.
International Innovation Keeps Secret Service Cybersecurity Professionals on Their Toes
For every Shadowcrew takedown, dozens of new hacking groups, with hundreds of new techniques and exploits, spring up. The distributed nature of the Internet means that ECTFs have to worry as much about international thievery as they do homegrown threats. The service maintains field offices in 16 different foreign countries in addition to its domestic operations. Cybersecurity teams work closely with Interpol and other international law enforcement agencies to track and prosecute hackers operating overseas.
Now, the growth of digital currencies like BitCoin is presenting ECTFs with another challenge. The unregulated and anonymous currencies present a new challenge to cybersecurity agents tasked with tracing and proving the movement of stolen funds, as described in a March 2015 article on CoinDesk, a website dedicated to tracking digital currency developments.
Cybersecurity in the Protection Mission
But not all cybersecurity jobs with the Secret Service focus entirely on financial crimes. As people around the world now routinely share their thoughts and communications online, the Service’s Strategic Intelligence division has devoted more resources to monitoring for potential threats to the people under their protection.
In 2015, three men were arrested for plotting to kill President Obama and to conduct other terrorist operations on U.S. soil after one of them mentioned their goals on an online message board monitored by the Secret Service.
Not everyone realizes that simply making a threat against the president is a significant federal crime. In 2016, an Oregon man was arrested for making such threats on social media, acts which he simply claimed were “blowing off steam.” The Secret Service is not so sanguine about such language, and the man now faces five years in federal prison and fines of up to $250,000.
Qualifying for a Job With One of the Secret Service Electronic Crimes Task Forces
There are two routes to joining one of the Secret Service Electronic Crimes Task Forces.
The easier and more direct path is to become a technical specialist with the service, which falls into a category they call “Administrative, Technical, and Professional (APT)” positions.
APT candidates are expected to have extensive practical knowledge in their field, which would include hands-on experience and college education in computer science, cyber security or a related field. A bachelor’s degree is the minimum requirement, though master’s degrees are common.
In addition to those specialized qualifications, APT candidates are required to:
- Be U.S. citizens
- Pass a drug test
- Qualify for a top secret security clearance
- Not have, or be willing to remove, visible tattoo markings
A more challenging and less certain path to an ECTF is to start by becoming a special agent. Special agents are sworn law enforcement personnel. They may be assigned to any of the service’s missions or offices and consequently are required to:
- Be U.S. citizens
- Pass a drug test
- Qualify for a top secret security clearance
- Not have, or be willing to remove, visible tattoo markings
- Pass strenuous physical and mental qualifying exams
- Have qualifying visual acuity
Technically, only a high-school diploma is required for the special agent path, but naturally it is expected that those interested in moving into a position with the Electronic Crimes Task Force would have extensive knowledge and backgrounds related to computer science. It is common for candidates to hold at least a two-year degree from a school that has received a Center for Academic Excellence in Cyber Defense designation from the NSA (National Security Agency) / DHS (Department of Homeland Security):
- Center of Academic Excellence in Cyber Defense Education (CAE-CDE) for schools offering four-year and graduate degrees
- Center of Academic Excellence in Cyber Defense Two-Year Education (CAE-2Y) for community colleges offering two-year degrees
- Center of Academic Excellence in Cyber Defense Research (CAE-R) for research institutes
Beyond that, the Secret Service would provide specialized training required for particular assignments. Many successful candidates come from military or law enforcement backgrounds.