At this point, the headlines all read like a best-selling crime fiction— complete with the elements of a great plot, suspense and intrigue, and the "BIG" investigation. There also are the protagonists: U.S. government agencies, big corporations and banks. And there are the infamous perpetrators: the alleged shady Russian hackers.
But this real-life “whodunit” or “howcatchthem” plot or sole purpose is to employ cyber-attackers to wipe out U.S. infrastructures and disrupt American lives.
This time, Russian hackers are suspected of stealing the personal tax information of more than 100,000 taxpayers from the U.S. Internal Revenue Service (IRS) during tax season. Last week, IRS Commissioner, John Koskinen, told reporters that “the information was stolen as part of an elaborate scheme to claim fraudulent tax refunds."
But when it came to confirming or denying that Russian hackers were responsible, Koskinen had refused to comment any further. However, according to The AP, two senior IRS officials later confirmed to reporters that the agency is currently investigating “Russian criminals based on computer data about who accessed the information."
The problem is that this is not the first cyber-attack committed by sophisticated criminals who’ve targeted the U.S., and it probably will not be the last. But the big mystery surrounding this non-fiction crime story is: With so much at stake, what’s being done about it?
Even Bill Browder’s novel, currently on The New Times’ best-selling list, about “the meteoric rise, and disastrous fall of a buccaneer capitalist who crossed the wrong people and paid a steep price,” doesn’t hold a candle to the narrative about JP Morgan Chase.
It was just last summer when the global financier became among America’s largest banks to be hit in a series of high-tech robberies involving stealing gigabytes of data, including over 80 million customers’ checking and saving accounts, email addresses and phone numbers. And the aftermath of the attack included pointing the finger at Russian hackers.
“The FBI is looking into a possible revenge plot involving Western sanctions levied on Russia because of the situation in the Ukraine,” Bloomberg News, the first group to report the story, said in 2014.
But by March 2015, investigators told the New York Times that architects of the cyber-attack were holding up in countries that would be “willing to transport suspects to the U.S. for trial." However, they said, that doesn’t mean that they are untouchable.
“The bad news is that many of these folks are located overseas, and they are using encryption and servers all over the world,” Leslie Caldwell, the assistant district attorney for the Criminal Division at the U.S. Department of Justice, told The New York Times. “But the good news is if we are able to jump on the breach early enough, we have an electronic trail and can get that evidence.”
In this particular case, investigators now believe that the hackers are “gettable,” because they reside “in countries with extradition treaties to the United States." But, unfortunately, that’s not the case with the other highly-publicized cyber-attacks that targeted Home Depot and Target, and most recently, the IRS.
The Gift of Fear
Perhaps those tasked with investigating these high-tech capers can get some tips by reading Gavin De Becker’s “Survival Signals That Protect Us From Violence,” which is also listed on The New York Times’ best-selling list.
In the IRS case, however, Russian hackers are suspected of pillaging data from a website called "Get Transcript," where U.S. taxpayers can download their past tax returns and other tax filings. According to The AP, the bad guys “cleared a security screen that required detailed knowledge about each taxpayer, including their Social Security number, date of birth, tax filing status and street address." And they had previously used some of the data to secure up to $50 million in fake tax refunds, Koskinen told The AP.
"We’re confident that these are not amateurs," Koskinen added. "These actually are organized crime syndicates that not only we, but everybody in the financial industry are dealing with."
So what’s being done about it? The U.S. Senate Finance Committee has summoned Koskinen and J. Russell George, the Treasury inspector general for the tax administration, to Capitol Hill for a hearing.
"When the federal government fails to protect private and confidential taxpayer information, Congress must act," Sen. Orrin Hatch, R-Utah, chairman of the Finance Committee, told CBS News. "Taxpayers deserve to know what happened at the IRS regarding the data theft, and this hearing will be the first step of many that the committee takes to determine what happened and how the government can prevent such attacks from happening again."
Maybe there will be a book written about the case.