financialservices.house.gov

Cmte Financial Services (R)
Contact:


After the Breach: the Monetization and Illicit Use of Stolen Data

Washington, Mar 15 -

The Subcommittee on Terrorism and Illicit Finance met today to examine the monetization and illicit use of stolen data after a hack. Just as the world is quickly increasing its presence online, cybertheft is becoming a more and more common operation.

“Cybertheft is particularly damaging because the sensitive information being stolen, including Social Security Numbers, is difficult or sometimes impossible to change,” said Subcommittee Chairman Steve Pearce (R-NM). “The victim of a breach can become a victim repeatedly as their identity can be used to apply for credit cards, mortgages, and other financial products over and over again. Unfortunately, this activity is only becoming more widespread as criminal organizations realize the low cost of entry, the ease of using hacking tools, and the difficulty law enforcement faces trying to apprehend hackers. I thank the witnesses and my colleagues for discussing how we can combat these cyber-attacks and protect Americans’ sensitive information. I look forward to continuing this work so we can strengthen our financial system to better predict and prevent future breaches.”

Key Takeaways

• Data theft is becoming a more profitable and illegal operation for cybercriminals because of its low risk of identification by law enforcement and high reward potential.

• Nations that offer sanctuary to cybercriminals or use cybercrime as a tool to prey upon innocent victims must come under greater pressure from the U.S. and the international community to halt this reckless behavior.

Topline Quotes from Witnesses

“…[c]ybercrime markets are highly reliable. Finding ways of tarnishing the reputations of the markets, by wasting a criminal’s time or making an exploit tool purchased on the black market ineffective, can help to prevent the loss of information and cut the value chain early in the attack cycle. Solutions might include spreading misinformation or injecting false products into the markets to breed distrust among the actors and increase the number and quality of arrests.” – Lillian Ablon, Information Scientist, RAND Corporation

“The steady stream of major breaches where consumers’ SSNs were stolen, the most recent being 145 million stolen from Equifax, creates a compelling opportunity for change. Policymakers need to modernize the Social Security Number system. A good start is to determine what digital technologies offer strong security to create renewed confidence in the Social Security credential. A private sector eco-system of trusted identity management could then be built upon the new foundation of a modern, digitally secure SSN.” – Joe Bernik, Chief Strategist, McAfee

“One major difficulty for estimating the cost of cybercrime and cyber espionage is the problems that criminals face in monetizing the results of their theft. Even if we know the value of what was taken, in many cases criminals cannot gain the full value, particularly for personally identifiable information (PII) or intellectual property (IP). It is harder (in some cases, much harder) to monetize the result of a successful hack than it is to hack itself. One reason we believe that cybercrime continues to increase is that criminals have become better at monetization, in part because of the availability of cryptocurrencies like Bitcoin.” – Dr. James Lewis, Senior Vice President, Center for Strategic and International Studies