WASHINGTON — The Justice Department is adding resources and agents in Pittsburgh to combat hackers after the Steel City's law enforcement agencies, universities and companies led the way on two landmark prosecutions.
The two cases targeting people in China and Russia have helped make Pittsburgh the epicenter of the U.S. fight against foreign hackers. Now, the FBI is sending hundreds of new agents to the city, mainly to support such cybercases, and the Justice Department is studying if Pittsburgh's example can be replicated across the nation.
Pittsburgh's efforts have been enabled by a mix of local technology researchers, aggressive law enforcement agents and businesses rich with trade secrets. While attorneys in other cities have gone after foreign hackers, Pittsburgh was the first to connect corporate cyberespionage to the Chinese government and document direct consequences to U.S. companies.
"It's a model that we need to apply nationally," said John Carlin, assistant U.S. attorney general for national security.
"In order to bring a case," he said, "we need to learn not just technically how it was done but ... why it was done and why it mattered."
A lot of those answers can be provided by U.S. Attorney David Hickton, the top federal law enforcement officer in western Pennsylvania. He was responsible for the indictment of five Chinese military officials in May on claims they infiltrated the computers of Pittsburgh icons U.S. Steel and Westinghouse Electric. A month later, his office helped with a case led by the FBI in Pittsburgh to dismantle one of the world's most insidious computer viruses, Gameover Zeus.
"We are at the emergent stage of the problem of our age," Hickton said.
Hickton, 58, who was confirmed as U.S. attorney in 2010, said he is marshaling all the public, private and academic resources he can, in part, to help save jobs in his hometown.
While FBI Director James Comey declined to say how many agents would go directly to Pittsburgh, he did tell reporters July 30 that it would be "enough to make a meaningful additional contribution to support the work" that Hickton's office is doing.
Hickton said his biggest concerns include hackers stealing intellectual property from companies and drug gangs trying to hide from law enforcement by organizing and communicating through the Internet.
At first glance, Pittsburgh would seem an unlikely venue for ambitious anti-hacker efforts. Yet the city is a place where the past and future collide. Manufacturing companies built by industry titans Andrew Carnegie and George Westinghouse have withstood the test of time, including economic downturns, wars and global competition.
Elsewhere, universities, companies and government are coordinating cybersecurity research. The FBI's cybersecurity fusion unit in Pittsburgh works with other law enforcement agencies, Internet companies and industry officials to share information and resources.
Carnegie Mellon University's Software Engineering Institute, which receives Department of Defense funding, worked with the FBI to take down Gameover Zeus, which allegedly stole more than $100 million and locked down U.S. computers until ransom was paid. Hickton's office indicted Evgeniy Mikhailovich Bogachev for running the operation.
Along the banks of the Monongahela River, where copper smelting and steel manufacturing plants once thrived, now stands the Pittsburgh Technology Council, a trade association representing more than 1,400 multinational and startup technology companies.
The 56-page indictment unveiled by Hickton's office on May 19 marked the first time the Justice Department legally accused members of the Chinese People's Liberation Army with hacking U.S. companies.
The companies attacked included U.S. Steel, Westinghouse, Allegheny Technologies and Alcoa. Westinghouse is the nuclear reactor arm of Toshiba.
Investigators learned that Chinese hackers on multiple occasions broke into the computers of U.S. Steel in 2010 while the company was litigating trade disputes against Chinese firms for dumping subsidized steel in the United States, according to the indictment. The hackers gained unauthorized access to data on more than 1,700 computers, including sensitive, non-public, information about the company's litigation strategies, the Justice Department said.
In 2012, one of the hackers stole network credentials for virtually every employee of Allegheny Technologies, according to the indictment. The access would have allowed the hackers to monitor activity on the company's computers and steal information, the indictment said.
Hickton wouldn't discuss exactly how the investigation was conducted or how much participation he received from the targeted companies, saying he didn't want to re-victimize them.Copyright © 2014, The Baltimore Sun