Inside The Life Of Former FBI Agent’s International Cyber Security Stings
Being a “technologist,” pros and cons of cyber certifications and moreAdd bookmark
Former FBI agent and Founder of ECK Cyber Consulting, E.J. Hilbert, was featured on the March 12 episode of “Task Force 7 Radio,” hosted by information security executive George Rettas. Topics of discussion included being a “technologist,” pros and cons of cyber certifications and a comprehensive look at international cyber-ring takedowns.
Hilbert has more than 25 years of experience in the security arena and served in the FBI, and has been the head of security enforcement for MySpace, a CISO and the online investigator for his own firm. He’s also conducted in-depth market research.
Before the high-profile law enforcement cases and the experience with top players in the private sector, Hilbert was a high school teacher.
“(Then), I went into the FBI not knowing where I wanted to work,” he told Rettas. He added that he wanted to “stop bad guys” and be a “James Bond-type” agent. He’d had a longstanding interest in hacking, and was eventually pulled into complicated cases within the Bureau.
Hilbert said that in the beginning stages of FBI cyber-crime fighting, “we were flying by the seat of our pants.”
Once in the FBI, however, Hilbert said he realized it’s less about coding and more about manipulating individuals. This was the larger transition to “proactive” cyber-crime fighting, which emerged sometime in the early 2000s, Hilbert said.
Asked if he considered himself a “technologist,” Hilbert said you do not need a computer science degree to succeed in the space. “There are many aspects to cyber security,” he said. “You can’t be an expert on all of these things – networking, endpoint protection… It’s understanding the interconnectivity between people and machines, machines and companies, and how those things are manipulated.”
He continued: “Don’t get me wrong, you have to understand the tech, but not to the point of rewriting code every single day. It’s about understanding how those things work together – being a translator from ‘geek’ to ‘common speak,’ and from common speak back to geek.”
On certifications in the space, Hilbert said that CISSPs were once a big deal. However, he said coding and certain aspects of cyber security have become almost “trade school-like.” Certifications are important in displaying expertise in certain areas, but they don’t make you an “expert across the board,” he suggested.
When working as a sort of cyber “Renaissance man/woman,” Hilbert said, where the approach is across the entire spectrum, certifications are not really beneficial.
Hilbert then outlined the history of training within the Bureau. He said that he began with the FBI in 1999. By 2000 or 2001, the cyber division sprung up. He called himself an early “guinea pig” in the cyber training. Hilbert attended various courses initially run by cyber experts of the Air Force, which formerly maintained responsibility for cyber security in the military. Topics included intrusion techniques, social engineering and manipulation, etc.
“Now the FBI covers cyber security in the academy,” Hilbert said. “When I was going through, there was no such thing as cyber investigation. Now there’s a one-week course that everybody has to take. At Quantico, in 22 weeks of training, cyber is now covered – including databases, basic operations, basic forensics, basic collection of information (etc.).”
Has the FBI’s mission changed, however? Hilbert doesn’t think so. “The FBI is a law enforcement agency; their job is not to protect networks or systems. When a crime occurs, they come in and identify who’s behind it. And they’re very good at doing that…”
“Is the role of the FBI to protect companies?” Hilbert stated. “No, it’s not their job; it’s not what they’re set up to do.”
Two Types Of Cyber-Crime
The “Task Force 7 Radio” guest went on to discuss the two different types of cyber-crime: cyber-enabled and cyber-dependent. Dependent crimes, he said, are specifically related to the computer: DDoS attacks, viruses, malware, disruptions to systems. The next piece, he said, is cyber-enabled crime – covering fraud, manipulation, stocking, data-stealing, etc.
Hilbert said the two crimes are investigated in completely different ways. One follows the money – which is the enabled crime. The other is ensuring that systems can function properly.
“Of those two, cyber-dependent crime, oftentimes, doesn’t cause as much damage as cyber-enabled crime.” Enabled crime, he continued, leads to fraud, stolen data, espionage attempts, etc.
‘Max’ & Carder Planet
Hilbert then outlined his extensive casework history. Perhaps the most prolific cyber case: that of Maksym Igor Popov. The Ukrainian hacker connected to the Carder Planet organized crime group, agreed to serve time in the U.S. for hacking into Western Union. He even openly met with FBI agents to facilitate the process. Popov, who was connected to translating information into money for the online bazaar group, served time in Kansas City. Then, his defense attorney worked out a deal with the Bureau for Popov to go to Southern California, sit with an agent, and communicate with hackers around the world. There, they’d talk hackers into coughing up crucial information, buy stolen goods and notify victimized companies.
Hilbert said Carder Planet, the online bazaar, dealt with goods/services, stolen credit cards, financial records, system exploitations, etc. Hilbert said the organization was set up like the Italian mafia – with a Godfather, consiglieres and enforcers down the line.
Hilbert served as a “vendor” that purchased the corrupted material. If a deal was made on one of the back channels on the Dark Web, the Bureau would be closer to nabbing top hackers.
“They’re not necessarily searched by Google or Bing, you have to know where to go, where to look,” Hilbert said.
He added, “Any time you run a source…it’s a game. Their job is to minimize impact… A law enforcement officer’s goal: to get them to do what you need them to do…”
“‘Max’ knew the right people,” Hilbert said. “He understood who was who. He used code words online. Was he a big deal? That just feeds his ego.”
In his time with ‘Max,’ the Bureau helped identify 200 separate hackers, and 1,500 companies that were hacked into – over a nine-month period of undercover work. The operation was called “Ant City,” after utilized equipment from a pirated software gang retained a video game that allowed users to burn map items with a magnifying glass. The name, Hilbert said, just stuck.
Eventually, ‘Max’ left for the Ukraine and did not return to the U.S. There, he “set up shop,” Hilbert said. He identified victim companies, notified them of intrusions and offered his service to remediate – which some might label “extortion.”
“At no point in time was Max a saint,” Hilbert said. “At no point in time was he necessarily ‘no longer a criminal element.’ Max was Max, he’d take advantage of any situation he can… From the eyes of many Eastern European hackers: cyber-crime is a victimless crime. You’re not hurting people, you’re hurting organizations. And when you grow up in a world where the government takes everything, you’re just taking back your own money.
An fbi.gov intrusion case ultimately complicated the whole affair, as a private company in Boston was also breached. The sources, it seemed, would have to be identified. Hilbert was allegedly told not to name his source, at which point the complexity grew.
Hilbert was ultimately shifted to counter terrorism – where he’d still deal with cyber-crime. There, Hilbert took on the persona of a Chechnyan child forced to move to the U.S. who sought to return to his Muslim roots. For a year and a half, Hilbert infiltrated online groups.
Hilbert later left the FBI, saying he “lost faith in the Department of Justice,” after the Popov case led to internal complications.
When allegedly told to stay put and wait for the dust to settle, Hilbert left the Bureau and entered the private sector. There, he worked with top companies like MySpace, PricewaterhouseCoopers, and more.
“I’ve lived a blessed and unique life in the world where I was able to do those jobs,” Hilbert said of the casework, international travel and more. “Good luck, bad luck – I wouldn’t change it for the world.”
In the waning moments of the show, Hilbert offered up the following advice: “The best advice I can give at this point in time is, being technical alone is not a skillset that needs to go out there. If you want to move into management, or move into making things happen, just having tech skills is not it.”
He continued: “It’s about understanding people, the business, the decisions you make or put forward. From a security, operational or procedural perspective, there is a wide-ranging impact on the company as a whole.”
He added, “There are no ‘new threats,’ the threats are the same. The basics of cyber security are: Gaining access and taking stuff, or disrupting access so no one else can do it.”
The "Task Force 7 Radio" recap is a weekly feature on the Cyber Security Hub.
To listen to this and past episodes of "Task Force 7 Radio," click here.
Find Hilbert on LinkedIn, here.
Be Sure To Check Out: U.S. Needs GDPR-Like Privacy Laws: Cyber Expert