By Rich Lord and Albert Anderson
Pittsburgh Post-Gazette
PITTSBURGH — Picture hundreds of thousands of computers, secretly enslaved to a distant puppet master who orders them to snatch funds, up to seven figures, from their owners’ bank accounts. Where does the world turn for help?
In the past month, a coalition involving the Pittsburgh office of the FBI, a Carnegie Mellon University center and a quiet nonprofit has taken down the Gameover Zeus computer theft network, crippled the Cryptolocker data ransom scheme and indicted the Russian accused of being their puppet master. Also five Chinese cybersoldiers have been indicted.
The indictments “give a warning signal that the U.S. is now going to go after hackers outside of U.S. borders,” said Bhavani
Thuraisingham, executive director of the Cyber Security Research Institute at the University of Texas at Dallas. “I won’t say it will stop people, but it will deter people in the future.”
Pittsburgh has become the arsenal of cybersecurity because it is home to CMU’s Software Engineering Institute with its 260-person CERT cyberteam, and because the FBI placed a nonprofit training alliance here, assigning a data warrior to its helm. Add U.S. Attorney David Hickton and his enthusiastic e-prosecutors, and the city is wired for battle.
The resulting cases represent “new ground for not only the FBI, but the entire U.S. government,” said Scott S. Smith, special agent in charge of the bureau’s Pittsburgh field office.
The man in charge of breaking that new ground is J. Keith Mularski, supervisory special agent for the FBI Pittsburgh’s cybersquad, who grew up in White Oak and graduated from McKeesport Area High School. He majored in history at Duquesne University, but said he was “a techie at heart, kind of a gearhead, tinkering around.”
A decade ago, Mr. Mularski took on the persona of “Master Splyntr,” a Polish purveyor of email spam. He persuaded the operators of one of the two largest markets in stolen credit card information to use a computer server secretly controlled by the FBI.
He spent years doing battle with Max Ray Butler, known as Max Vision, the head of the other big stolen credit card market. Each accused the other of being a federal agent. Butler, 41, of San Francisco, is now a federal prisoner, following a prosecution in Pittsburgh.
In 2005, the FBI assigned Mr. Mularski to run the National Cyber Forensic and Training Alliance, a nonprofit based in South Oakland, created by the FBI as a “neutral setting for law enforcement, academia and private industry,” he said. The Training Alliance has hosted investigators from allied nations, forging a global network of computer sleuths.
The Training Alliance was based here in part to be near CERT, which has worked with the Department of Defense and other agencies since 1988 to identify Internet threats.
“With cyber not having any borders,” Mr. Mularski said, “we can work a case out of Pittsburgh that is multinational and global in scale.”
When a computer virus emerges on the scale of Gameover Zeus — which turned 350,000 computers into a “botnet” of unwitting servants and siphoned tens of millions of dollars — word often reaches CERT early on.
“We may be asked to do a deep dive on a piece of malicious code or a bad actor,” said Kristopher Rush, deputy technical director for cybersecurity solutions at CERT. “Through our relationships, we may well have access or have done work on something months prior.”
A given piece of malicious computer code, he said, may have a family tree of “18 variants,” which CERT can trace to the root, he said.
In the cases of malicious programs Gameover Zeus and Cryptolocker — the latter of which infected 230,000 known computers, encrypting their data and demanding ransom for its release — federal investigators determined that the root was Evgeniy Mikhailovich Bogachev, a resident of Anapa, Russia.
Mr. Bogachev, indicted last month for conspiracy, wire fraud, computer fraud, bank fraud and money laundering, may never see a U.S. courtroom because of Russia’s historical refusal to hand over its citizens. Under the supervision of U.S. District Judge Arthur J. Schwab, though, the FBI and allies from seven other countries set up cyber command centers in Pittsburgh and The Hague, Netherlands, and shut down both of the schemes attributed to him.
Hacking victims like U.S. Steel, Alcoa, Allegheny Technologies, the United Steelworkers International Union and Westinghouse Electric “could’ve buried their heads in the sand and let the activities continue in which case the companies would be whittled away,” Mr. Smith said. Instead, the hacks spurred a probe that led to the May indictments of five members of Unit 61398 of China’s People’s Liberation Army.
Experts say it’s unlikely China will turn the five over to the U.S.
Though unlikely to result in extradition for the accused, Mrs. Thuraisingham contends that there is merit in pursuing legal action as part of what must be a multifaceted response to cybercrime. “We cannot have one solution, we must combat the issue in many ways.”
“We put ourselves on the map” with the international indictments, Mr. Mularski said, crediting his “fantastic team.”
“We are uniquely positioned to take on this threat. We’re going to take it on.”
Copyright 2014 the Pittsburgh Post-Gazette