Burglars with access codes: head of U.S. Secret Service in Mexico dissects cyber crime threat, as corporations scramble to protect themselves and their systems.Ordinary-break-ins are easily identified. Broken glass, jimmied locks and an empty space where the television once sat emit instantaneous felonious vibes. Other burglaries are not so apparent though, but they are increasing in frequency and scale so rapidly that law enforcement agencies--particularly in developing countries such as Mexico that are often strapped to meet basic infrastructure needs--are struggling to keep up with the intruders. Welcome to the world of cyber crime, where information is the commodity and a computer system the strongbox. A JOB FOR THE SECRET SERVICE To deal with this problem, multinational companies operating in Mexico have established their own networks of computer system administrators, just as smaller firms scramble to prevent a breach in their systems. The head of the U.S. Secret Service in Mexico, Edwin Lugo, recently met with a handful of these security insiders to discuss this ever-changing matter of "protecting the electronic cash register." Lugo's presence at a business roundtable might have struck some participants as odd, but the man who rides shotgun in President Fox's car during the leader's trips to the United States was quick to point out his agency's central role in issues of financial security. Although the Secret Service is generally associated with protecting the U.S. president and individuals close to him, the agency's original purpose can be traced back to the days immediately following the Civil War when a handful of private security personnel were contracted to protect Union currency from counterfeiters. Ironically, these orders to maintain the integrity of the nation's infrastructure were given by Abraham Lincoln prior to his ill-fated trip to Ford's Theater. The Secret Service has always been about "the physical protection of money," Lugo said, and just as the transfer and nature of money has evolved, "we have evolved." WIDE-RANGING IMPACT Lugo, who granted a private interview to BUSINESS MEXICO in his Paseo de la Reforma office following the roundtable, showed off an impressive grasp of this burgeoning problem, discussing a range of cyber assaults--from the interception of electronically transferred social security checks to credit card cloning. Although the Secret Service is neither a "clearinghouse for the due diligence that is expected of companies" nor "the coordinating investigating force down here," Lugo said that his agency has a vested interest in preventing cyber crime and working with small and large businesses toward this end. The Service also coordinates its efforts with both Mexican law enforcement agencies and other branches of U.S. law enforcement to ensure the safety of U.S. citizens as well as U.S.-based corporations and their money. Not only does the Service have this history of working with industry--the belief here Lugo said is that "the answers come in the interchange"--but it also maintains constant communication with other branches of law enforcement in order to coordinate investigations against this insidious threat. Lugo specifically cited the need to work with U.S. Customs, the Immigration and Naturalization Service, the legal attache in Mexico of the Federal Bureau of Investigation and the Alcohol, Tobacco and Firearms in fighting cyber crime. Say an e-mail on the kidnapping is intercepted. Call the FBI. Take an electronic message detailing the logistical movement of "coyotes" bringing individuals over the border. Call the INS. Imagine that someone illegally and electronically solicits the sale of a high-powered weapon done electronically. Call the ATF. "The area of cyber crime covers a multitude of violations," said Lugo, who studied computer science in college before entering a career in law enforcement. "It affects everyone." HOW TO SAFEGUARD A SYSTEM Although Lugo's early morning talk with corporate security experts included representatives from multinational conglomerates, the little businessman was not lost in the computer forensic expert's address. Lugo said that if enough small companies' systems are compromised, then it will have a significant impact on the local economy and possibly carry cross-border repercussions as a result. Recognizing that many small, so-called mom-and-pop businesses with 50 employees or less simply don't have the resources to have their own fulltime administrator, Lugo said that these business owners must ask themselves some tough questions (see box, p. 40) in order to prevent the compromise of their most valued information. On an even smaller scale, threats from cyber criminals on a personal level are out there as well. DON'T LEAVE HOME WITHOUT IT In Mexico City, people are often reluctant to leave home with credit cards in their pocket in fear of armed assault on the street, in which thugs force their victims to withdraw cash from ATMs or hold them in a safehouse while they max out the card. With cyber criminals, the physical assault maybe missing from the criminal cocktail, but the economic hit is just as strong. "This is probably the primary way residents will be victims of cyber crime. This is not a future threat. For several years it has been a major problem," said Jon French, managing director of IPSA International, who was recently tagged with a series of large charges on his credit card (some 40,000 pesos over the course of two days) that has been attributed to cyber criminals. And although the traditional strongarm mugging still remains a threat on the streets of Mexico City, residents and visitors should keep tabs on their account, as someone may be ringing up charges even though the credit card sits snug in the victim's wallet. Cloning, or the capability of duplicating the data or magnetic stripe on the back of a credit card, accounts for the majority of credit card fraud in Mexico City, according to Logo. Some US$50 million in damage is done annually through credit card fraud in Mexico City alone. QUESTION OF JURISDICTION So how does the Secret Service get involved in this problem and protect U.S. interests here in Mexico? Lugo was emphatic in pointing out that his team is not here to step on anyone's toes, whether those toes be Mexican or American. He repeatedly commended the efforts of Mexican law enforcement--a rare stance in these days in which Mexican cop-bashing has become fashionable--and took an almost humble position on where the Secret Service fits into this global crime-fighting battle. "I don't want to give the impression that when it comes to technology or when it comes to cyber crimes that the United States holds the handle on how to take care of the issue," Lugo said. "We are in constant communication with representatives not just in the United States, but representatives from Europe, Asia and all over the world. It is interesting to see this information-sharing process that goes on within law enforcement, because no one really has all the answers." WINNING THROUGH TEAMWORK Given the difficulty of fighting a criminal foe that hides in a computer and masks his identity through the stroke of a finger, Lugo stressed the importance of information sharing between authorities as fundamental to keeping the upper hand. "Remember that technology is in constant flux. In order for us to be the experts that we are, it requires that we understand what is transpiring," he said. "If a system is being compromised here [in Mexico], we want to know what is happening. Maybe we can compare it to something that has occurred or maybe it is something that we have never seen before." Stressing once again that his elite team is not a "clearinghouse for due diligence" that is fundamentally the company's own responsibility, Lugo invited comments from the private sector in the case of cyber crime that is affecting several businesses and not the fault of simple negligence. Only by staying on the cutting edge can the Service do what it was originally assigned to do in 1865--protect the money. By working with business to stay informed about what Lugo called the "latest and greatest" in technology, investigators are confident that they can keep up with the criminals in a constantly changing digital landscape. WHO JUST GOT FIRED? This daunting, rapid-fire new age of instantaneous fund transfers and databases filled with highly sensitive personal information requires heightened vigilance--both in terms of the system itself and the individuals who have access to it. "You have to be really careful as far as who has access to your information. In the majority of situations, I would say there is some sort of internal complicity. Who has left the company and has access to the information?" said David Robillard, associate managing director for Kroll Mexico, a risk consulting company and one of the leading electronic data recoverers. "You can't take a laissez-faire approach." Other specific threats mentioned by Logo and other experts include the interception of Social Security checks intended for retired U.S. citizens and rampant, almost unprosecutable, libel through anonymous e-mails to the victim's clients and associates. And the criminal in both cases could be right next door or he could be in his mother's basement somewhere in South Korea. "International borders don't exist with cyber crime," said French, a former U.S. State Department official. "The only limitation that exists is the imagination of the perpetrator." Matthew Brayman is the editor of BUSINESS MEXICO. RELATED ARTICLE: Secret Service Says Here follows a sampling of basic tips gleaned from Secret Service official Edwin Lugo on how to protect the security of your company's computer system. On hired system administrators: "Are they in fact capable of supporting the system? "Are they going to be accountable to the owner? "You will have to test them. You have to understand that because everything changes so quickly, you cannot assume that they can be trusted implicitly." On finding the problem first: "It is testing to make sure that if there is a problem with your system, that you are the one that finds it. "There is a saying that, if there is bad news, you want to hear it now, and you want to hear it first. "The sooner you have the problem in hand, the sooner you can come to a solution." |
|
||||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion