Pittsburgh gains national reputation as hub for preventing computer hacks
Computer hackers are not always looking for a company’s biggest secrets.
More often, computer criminals and spies want executives’ emails and memos about business deals, contract negotiations and internal operations, computer security experts told the Tribune-Review.
“A lot of the trade secrets are highly, highly secured, highly guarded. There’s a lot of security practices around them,” said Chris Geary, who heads one of two cyber investigations teams at the FBI’s Pittsburgh field office. “But there’s a lot of other fringe information that provides that same economic advantage to competitors.”
Hackers use the intelligence they gather to begin attacks that few victims are prepared to defend, experts said. Information gleaned from emails can be used to impersonate executives, steal money and learn about internal strategies.
But while intruders stealthily plot ways of getting inside, computer security experts in Pittsburgh work just as secretly behind the scenes to block the attackers. In fact, Pittsburgh has gained a national reputation as a major hub for trying to prevent computer threats.
Some of the city’s most critical cyber investigators agreed to talk about their work with the Trib and Essential Pittsburgh, a daily talk show on Pittsburgh’s NPR station, WESA-FM.
It’s a constant battle, said Maria Vello, president emeritus of the National Cyber-Forensics & Training Alliance, a Pittsburgh-based nonprofit that collects and shares information about computer threats. The scariest vulnerabilities are the ones that no one has detected, she said.
“The biggest thing that concerns me are the things that are not being reported, are the companies that don’t know that they have been hacked,” Vello said. “Everyone has heard of all of the breaches in retail; everyone has heard about all of the breaches in health care. (But) no company is immune, and no one is safe.”
Last week, federal prosecutors in Pittsburgh charged hackers with stealing $3.5 million from a Westmoreland County energy company and with almost taking $1 million from the Sharon City School District in Mercer County.
The alliance, with offices on the Second Avenue site of a former Jones & Laughlin Steel Corp. mill, works with cyber security investigators from government and top national companies — including banks, retailers, automakers and pharmaceutical manufacturers.
Vello’s office overlooks the surrounding Pittsburgh Technology Center complex, but she uses the windows as dry erase boards to keep track of projects and work out solutions. Employees from private companies work among cubicles, many of them marked with the name of their employer.
The nonprofit purposely keeps a low profile to avoid tipping off attackers or becoming a target, she said. She worked as the group’s president and CEO until last month, and plans to stay on as an adviser until the end of the year.
“Private industry has the best information,” Vello said. “They see who’s knocking on the door, what’s traversing the network, how they are figuring out what the thresholds are for different activities.”
The government lacks that kind of information, she said. If companies are willing to share it, the alliance can hide details about customer information and corporate secrets — and share the threat with the government and other companies so they can protect themselves.
“We tell people, ‘Leave your ego at the door,’ ” Vello said. “ ‘Come, focus on what you can share, and let’s work together as a team.’ The enemy is on the outside. It’s not in the inside of the NCFTA.”
Emails and internal communications are highly valued by hackers because they can be used to pull off other crimes. Attackers will do a tremendous amount of research, Vello said, to learn whether executives are on vacation, enjoy outside interests, or are dealing with particular problems.
A criminal might use that information to impersonate a top corporate official and persuade a chief financial officer to wire money to a fraudulent bank account.
Foreign spies, meanwhile, can use similar information and tactics to learn about the target’s internal strategies, negotiating positions and larger secrets, the FBI’s Geary said.
His team specializes in computer threats coming from China. The team put together information leading to federal hacking indictments against Chinese military leaders last year, but most of its work never makes headlines.
FBI investigators in Pittsburgh conduct counter-intelligence work to look at the theft of military secrets that could be used against the United States and the stealing of company trade secrets that can give Chinese competitors an unfair advantage.
They identify threats, notify companies about steps they can take to better protect themselves, and look for new types of attacks, Geary said.
“When we look at our investigations, one of the biggest hurdles we have to overcome is talking to industry and showing them,” he said.
Tactics the FBI uses to pursue criminals online do not often vary drastically from the ones it uses to find bad guys anywhere, said Mike Christman, special agent in charge of cyber for the FBI’s Pittsburgh office. He headed the local agency’s operations targeting gangs and drug trafficking.
“Criminals are different in the violence they may employ or the techniques they may employ, but certainly, they have some similarities. And likewise, we have some similarities in the way we would conduct an investigation,” he said. “… Our goal is to learn as much as we can from them, and at times, that may mean developing a rapport or relationship with them.”
Christman, who grew up in Youngstown, Ohio, and Geary, originally from Glassport, talk about fighting cyber crime in personal terms, backed by growing up in Rust Belt areas when jobs were being moved overseas. Along with the photos of fugitives hanging in the FBI’s offices, Christman has images of Steelers players, a shot of PNC Park and a photo of himself with Arnold Palmer.
“The businesses we have here have advanced Pittsburgh based on their technological acumen,” he said, “but as a result, those businesses have ideas, and research and products that cyber criminals are very interested in stealing.”
Andrew Conte is a member of the Trib Total Media investigations team. Reach him at 412-320-7835 or [email protected].