Breach Response , Data Breach , Forensics

Inside the Cybercrime Investigator's Notebook Ex-Secret Service Agent Shares Insights on Attackers, Intrusions
Inside the Cybercrime Investigator's Notebook
Jeff Shaffer, manager, PricewaterhouseCoopers

Jeff Shaffer, a former Secret Service agent, has been investigating cybercrime for more than 25 years. Now a manager at PricewaterhouseCoopers, where he deals with breach response, assessments and forensics, Shaffer says his years of law enforcement experience are paying off, helping him offer new insights into cybercrime trends he's watched unfold over his career.

In this exclusive interview with Information Security Media Group, Shaffer notes that conducting forensics investigations is becoming more challenging, because attackers are constantly improving their abilities to mask their intrusions and network movements. Still, he says, organizations can protect their assets better by knowing what data the attackers are after.

"Knowing what motivates them is going to help you secure your network," Shaffer says. "Having an idea about from where the attacks originate, potentially, who the threat actors are, what particular groups might be involved. ... Some things have certain signatures, which provide you with an idea of where an attack may have originated from and where it might go next, as it relates to targets, lateral movement and the particular information that they may be looking for."

Attacks waged to extract specific types of information or data are conducted differently, he adds, so the modus operandi will vary from attacker to attacker. Shaffer credits his law enforcement background with providing him the experience and expertise to understand those differing attack characteristics.

"I think the trends that I was able to see at the Secret Service, along with the investigative skills, the interviewing skills, things like that, are the perspectives that I can provide here at PwC that can really only come from that law enforcement background," Shaffer says.

Which types of attacks are more concerning to him today - cyber-terrorism or cybercrime? Shaffer says industries need to be concerned about both.

"It's an interesting question, because there is cyber terrorism and cybercrime, and I don't think there's been a clear distinction between the two," he says. "Does one fall under the other, and vice versa? No one wants to be a target ... But I think if people are looking at what some of these trends are, what some of the threats are, and they've identified what it is that they have that the threat actor may be looking for, then they can allay some of that concern to a degree."

Organizations that designate the data they need to protect from various threat actors have the advantage of putting mechanisms in place to protect their assets, Shaffer says. "I think that can help them sleep better at night," he says.

During this interview (link above), Shaffer discusses:

  • The most prevalent mistakes businesses make that hinder investigations;
  • Why the continual breach of PII is concerning to businesses and consumers;
  • Why more security companies are looking for employees with law enforcement backgrounds.

Shaffer joined PricewaterhouseCoopers in 2015, after a long career with the Secret Service as a senior special agent and director of the top ranked Secret Service Digital Forensics Laboratory. Shaffer has extensive and varied experience as an investigator, protection specialist, counter-terrorism specialist, team leader and digital forensic examiner. He has been nominated on separate occasions for Secret Service Agent of the Year and Texas Law Enforcement Agent of the Year. He also has been a recurring speaker at ISMG's Fraud and Breach Prevention Summits, presenting on topics such as Mobile Payments and BYOD.

Around the Network