"The security force known for protecting the president is now in the game of taking a bullet for Kentucky businesses.
The U.S. Secret Service has established an Electronic Crimes Task Force in Kentucky to help educate businesses about possible traps and predators that want to do harm to their data and their companies, as well as helping investigate incidents when they occur.
"What we try to do is take a 360-degree look at everything, whether it is a physical protectee (such as the president) or a cyber issue, and a lot of that is trying to employ some best practices," said Paul Johnson, special agent in-charge of the Louisville Secret Service office.
The Kentucky Electronic Crimes Task Force is one of 24 nationwide established in the wake of the September 11 attacks in the U.S. Patriot Act. While most provisions of the Patriot Act deal with terrorism and terrorist threats, Special Agent Johnson's recently formed outfit takes aim at protecting the state's economy from attacks whether or not they are brought on by terrorism, and the vast majority aren't.
While terrorism is "a very important aspect" of any electronic crime investigation, Johnson said his unit has found that the majority of financial fraud is simply, "bad guys that are greedy and want to become rich."
"There's not an al Qaeda operative at the end of every bank fraud, or every credit card fraud or every incident that happens," Johnson said.
A series of quarterly seminars that kicked off in May at Louisville's Galt House with more than 80 different companies and institutions in attendance hopes to bring businesses from around the commonwealth and nation together to share experiences and best practices for prevention and recovery. While well intentioned, Johnson said it has proven difficult for businesses to be willing to open up and discuss problems they've faced.
"In the old days, businesses would never come together and share that they had any kind of problem, because they didn't want their competitors to know that they were having problems. Nowadays, everybody is under the same attack; everybody's under the same type of network intrusions, attacks on their critical infrastructures," Johnson said. "Basically what's happened is everybody's in the same boat together, so we might as well share best practices, common experiences, and for us the big thing is getting people in the same room and talking. So far it's been very successful."
The next seminar is slated to take place in Somerset on the morning of Nov. 13.
"Basically it's an opportunity for us to educate, to share stories, to talk to folks about trends, things that we're seeing happening, not only in your local community but the state of Kentucky and on a national and international level," Johnson said.
Seminars and education such as this can be a much-needed reminder for any type of company, according to J. Andrew Brinkhorst, director of the Security Solutions Group for Lexington-based Systems Design Group, Inc.
"Targeted attacks are going up; it is the trend that we're seeing. It's beneficial to connect with an organization that can help you identify if you are part of a trend that you may otherwise not see," he said.
While the targeted attacks are mainly focused on large institutions such as national banks, universities and governmental agencies, no business is immune. Recently, Brinkhorst said, a small community bank in Kentucky made it so the only information that was able to come through their DSL connection was company e-mail. "They have probably the smallest possible attack surface that you could have," he said.
Companies that might not see themselves as vulnerable still should eliminate vulnerabilities such as open unused Internet data systems like Telnet, which could be used as an entry for a mal-intentioned person to gain vital company information.
Modern Internet attacks are becoming more and more sophisticated and most often have one thing in mind, according to both Johnson and Brinkhorst - making money through fraud. While the attacks of five to 10 years ago might have been orchestrated by a 35-year-old living in his parent's basement or a college computer student trying to make a name for himself in the hacker universe, Brinkhorst said today's attempts to get your information come from much more devious syndicates.
"It's organized crime now," Brinkhorst said. "It's a big business and it's organized crime. The amount of money lost to electronic fraud last year is extremely significant. I'm not sure it would put you in the Fortune 10 (if all done by the same entity), but it would certainly put you in the Fortune 100 if it was legitimate revenue."
It doesn't have to be that way in Kentucky or elsewhere if businesses would just take normal safety precautions, Johnson said. Likening it to the failure to buckle your seatbelt when getting into a car, there are a number of small, easy steps that can be taken to prevent an attack or lessen the effects.
"Are you downloading the patches, do you keep the latest net security devices, have you changed pass codes, are passwords changed automatically," Johnson said. "A lot of times people leave the front door unlocked."