Federal official warned companies Monday that hackers have stolen more than 500 million financial records in the past 12 months, breaking into high-profile financial institutions without walking out their front door.
“We’re in a day when a person can commit about 15,000 bank robberies sitting in their basement,” said Robert Anderson, executive assistant director of the FBI’s Criminal Cyber Response and Services Branch.
FBI and Secret Service officials at a cybersecurity event held in Washington told business leaders that the U.S. financial sector is the most active target for hackers. The event organized by a lobbying organization for the financial sector called the Financial Service Roundtable, came in wake of the massive amount of attacks and successful data breaches targeting businesses such as Target, Home Depot, JPMorgan Chase Bank among other financial institutions.
“You’re going to be hacked,” Joseph Demarest, assistant director of the FBI’s cyberdivision, told the business leaders at the conference. “Have a plan.”
Supervisory Special Agent Jason Truppi of the FBI reported nearly 439 million records have been breached in the past six months. Nearly 519 million records have been stolen in just the past 12 months he continued.
According to federal authorities, around 35% of stolen records came from breached websites, 22% came from cyberespionage, 14% occurred at the point-of-sale where physical goods were purchased in store, and 9% came from swiped credit or debit cards, primarily from hacked or malware ridden point-of-sale devices.
Continuing, about half the United States population, around 110 million Americans, have had their personal data leaked online in some fashion within the past year, according to Tim Pawlenty, president of the Financial Services Roundtable and the former governor of Minnesota.
Around 80% of victims in the business community did not know they had fallen victim to hackers until they they were notified by government officials, vendors, customers or banks, according to a recent study by Verizon.
Federal agents said businesses need to reach out to the FBI and Secret Service for tips on how to protect their data from a breach or becoming a victim of theft. If a business falls victim to an attack, company officials need to contact law enforcement agencies immediately, rather than trying to sweep the news under the rug keeping quite and dealing with the attack internally, the FBI said. “No one is going to solve this problem on their own,” said Supervisory Special Agent Thomas Grasso of the FBI. “This is something we all need to work together on.”
Federal officials and Secret Service said they have been able to take down international cybergangs with the help of US-based businesses and international law enforcement allies overseas. The agents said many attacks against companies are committed by cybercriminals overseas.
Last year, The Wall Street Journal reported that in 2013, data protection spending was on track to hit $46 billion. According to a report from the Washington Post this summer, the effects of cybercrime have cost the global economy nearly $445 billion in damages. The Unites States alongside Germany and China account for around half, roughly $200 billion.
The FBI cited a story during the conference how an agent was able to lure one Romanian hacker down to the USA, posing as a woman inviting the cybercriminal to enjoy gambling and romance. “He was quite surprised that I was the one meeting him when he arrived,” said Secret Service Special Agent Matt O’Neill.
The man arrested is now serving seven years in federal prison. Romanian authorities were able to extradite one of the mans co-conspirators to the USA, reflecting the partnerships with U.S. law enforcement and global allies to catch the hackers.
“Five years ago, we would have focused on whether the (hacker) was in the United States where we could get our hands on them,” Grasso said. “Today, we’re going to team up with our overseas law enforcement partners and go after them.”
To ensure the ability to work together, congress could strengthen cybersecurity legislation and update surveillance laws allowing federal agents great authority to catch cybercriminals, Pawlenty said. An ongoing bill to do just that has been passed by the House and the Senate has not yet commented on the bill. The Senate has reported to be taking a slower approach to cyber-based bills, passing bills one at a time making it easier for the Department of Homeland Security (DHS) to hire cybersecurity experts.
“Our government and our businesses are in a daily fight against hackers,” Pawlenty said. “It’s getting increasingly concerning, and it needs to be met with action by Congress.”