Cybersleuth

By Andrew Faught

As a prosecutor for the U.S. Attorney’s Office in New York, Tom Brown ’91 helped define a tough new approach for fighting cybercrime in the United States and abroad.

Tom Brown ’91

The 2007 heist went down like many computer crimes: perpetrators left little evidence and an even murkier escape route. But the Citibank breach was no ordinary offense. When it was over, hackers pilfered 300,000 accounts, whose information allowed thieves to create fraudulent ATM cards that were used to plunder $3.6 million from their victims.

It wasn’t the first computer breach to make news, nor would it be the last. But for Tom Brown ’91, then a prosecutor for the U.S. Attorney’s Office for the Southern District of New York, the deed called for a tough new approach to the burgeoning world of cybercrime.

Up to that point, “a lot of the investigations tended to be reactionary, and no one had a lot of experience doing them,” recalls Brown, who left the office in 2014 and is now a New York–based cybersecurity and cyberinvestigations consultant.

Brown decided on a new tack: he’d take the fight to the hackers. Working with the FBI, he pushed for proactive investigative techniques, including taps on e-mail accounts and Internet connections at home and abroad, with coordination from overseas law enforcement agencies. The new approach made a difference. Foreign cooperation had the effect of increasing the scope and reach of law enforcement. For example, Brown oversaw the first extradition of a criminal from Estonia to the United States, and cooperation between the countries has since increased. Further, his techniques continue to guide ongoing hacking investigations and pursuit of the “dark web”: illegal Internet sites that are hidden from and unindexed by search engines.

In the Citibank case, the prosecutor’s office, with Brown leading the charge, secured indictments against a pair of Russian nationals. Although the men remain at large, Brown snared the Estonian conspirator, earning him the FBI Director’s Award for Outstanding Cyber Investigation.  

While capturing cybercriminals remains the goal of law enforcement, the efforts are beneficial in themselves, Brown says. “It’s the naming and shaming,” he adds. “It lets the perpetrators know that we can find them and charge them. Deterrence is never 100 percent. We can let them know that they’re under threat.”

In the past decade, Brown has led some of the globe’s most complicated and sophisticated cyberprosecutions, targeting such criminal enterprises as Silk Road, an underground website that sold drugs, and hacker groups Anonymous and LulzSec, which broke into business and government computer systems around the world.

Challenges abound. Many hackers are in Eastern Europe, where higher education opportunities proliferate, but jobs don’t. Some nationals have turned to Internet skulduggery, which typically is out of reach of American law enforcement should a foreign government opt not to cooperate with the U.S. judicial system.

Hackers have myriad motivations, says Brown. Many are in it purely for financial gain, consorting in online speakeasies called carding forums, where they buy and exchange stolen information, most of it credit card and banking information. During his days as an assistant U.S. attorney, Brown created a phony carding forum, using it as a “giant wiretap” that allowed federal law enforcement to listen in to conversations and alert credit card companies to probable fraud.

Others, so-called hacktivists, promulgate a political agenda. In an early example, a 14-year-old Israeli boy wrote a program in 1999 that wiped out an Iraq government website. He said he was retaliating for the “horrible statements” Iraqis were spreading about Jews. Still others “are hacking for the fun of it,” says Brown. “Barriers to entry fall every day because new and free hacking tools are available online. Technically unsophisticated people can download these tools and engage in hacking very easily.”

Drawn to the work by a long-standing desire “to do justice and do good,” Brown now teaches cybersecurity courses at Cardozo School of Law in Manhattan.

After earning a history degree at Carleton, he moved to New York to become a paralegal, eventually returning to study law at the University of Minnesota. Although Brown planned to stay in the Midwest, he was offered a job in New York litigating commercial disputes. Four and a half years later, he joined the staff at the U.S. Attorney’s Office.

Through the years, he’s relied heavily on his Carleton education. “My liberal arts education taught me to be skeptical and not to take things at face value,” says Brown. “Skepticism—constantly probing and questioning—is essential for successful investigations and in preparing cases for trial.”

As for the future of hacking, “it’s a continually evolving arms race,” says Brown. “The bad guys are coming up with new stuff and the good guys are coming up with new stuff. It’s not going to stop anytime soon.”

If there’s any reason for optimism, it’s that businesses are finally getting serious about cybersecurity following recent breaches at Target, Home Depot, Sony, and elsewhere, though there’s a steep learning curve.

 “A lot of companies don’t have a good sense of their cyberinfrastructure,” Brown says, referring to computing and data storage systems that are linked by high-speed networks. “If you don’t know what you have, you can’t secure it, and that’s not uncommon. Businesses have to be savvier and place greater emphasis on cybersecurity. It makes good business sense.” 

Add a comment

The following fields are not to be filled out. Skip to Submit Button.
(This is here to trap robots. Don't put any text here.)
(This is here to trap robots. Don't put any text here.)
(This is here to trap robots. Don't put any text here.)