Online Extra: Meet Cyberspace's Head Fed
FBI agent Daniel Larkin was destined, it seems, to be a cybersleuth. Fresh out of Indiana University of Pennsylvania, where he majored in criminology in the early 1980s, Larkin went to work installing surveillance equipment and dabbled as a private investigator.
A twentysomething whiz kid with no engineering background, he convinced city officials in Pittsburgh to let him install a closed-circuit TV system in the subway network and even wrote the design manuals himself. As a PI, he customized cameras and snuck them into clocks and ceiling lights at retail stores to nail employees stealing merchandise.
A few years later, as an eager FBI applicant, those gumshoe skills came in handy. During interviews with veteran Bureau agents, he hauled in the surveillance-system manuals and photos of the special spy cameras as evidence of his crime-fighting prowess. The FBI reviewers were wowed, and Larkin made it into the FBI on his first try -- a rarity. "It's a big factor in the FBI whether you can take on daunting tasks and come out on the other end," says Larkin.
"STILL OUTRUNNING US."
Now a 20-year Bureau veteran, Larkin leads the FBI's Internet Crime Complaint Center (IC3), where he's tasked with tracking down the multiplying hordes of cybercriminals marauding across the Web. It's a job that requires innovative tactics and perseverance. But just as he was in his days as a young surveillance maverick, Larkin is up to the task. He co-developed the FBI's first cybercrime strategy in 2002, and he's an advocate of international cooperation, which he says is necessary given the borderless nature of the Web. He also champions partnerships with private companies, such as Internet service provider Earthlink, (ELNK ) to speed the feds' intelligence gathering.
In the war on cybercrime, the FBI needs all the firepower it can muster. The rapid shift to criminal hacking has turned the Web into a dangerous place. Using fake e-mails to trick consumers into divulging identity information, a gimmick called phishing, hackers looted banks and credit card companies of $400 million last year.
So far this year, identity thieves have cracked corporate-security systems to steal data on more than 1.7 million people. The Federal Trade Commission estimates 10 million Americans have had their identities compromised. "The moonshiners are still outrunning us," says John Pescatore, vice-president of Internet research at Gartner (IT ) and a former Secret Service agent.
CALL TO ARMS.
Larkin is confident that he and his team will catch up. They've already made progress since the late 1990s, when Larkin, working from the Pittsburgh field office, noticed more and more crime and money moving onto the Web. He began collaborating with the U.S. Computer Emergency Readiness Team to track the criminals' tactics and attacks.
In the late '90s, for example, he watched as African scam artists, known as "reshippers," used automated credit-card entries to make huge purchases at online retail stores. That sounded the starting gun. Larkin and a group of other agents decided to write the FBI's National Cybercrime Strategy in 2002. "We said, 'we need to go online and interact with the bad guys more aggressively,'" he recalls.
Since then, fighting cybercrime has become the FBI's third-highest priority, after terrorism and counterintelligence. What's more, online crimes such as trading fake identity documents and stolen credit cards are increasingly viewed as key funding scams for terrorists, the FBI's focal point since the attacks of September 11.
TICS AND TALKS.
That puts Larkin in the hot seat. Often using leads generated by consumer and corporate reports filtered by his six agents and 33 analysts at IC3, the FBI has arrested more than 6,000 cybercriminals in the last three years and is currently investigating 2,800 e-crime cases. Recognizing that relying on security software isn't enough and that catching cybercrooks is vital, private companies often hand over data willingly rather than only when subpoenaed.
Larkin is no stranger to intense, tricky investigations. He was a team leader in the late '80s on Operation Illwind, which zeroed in on Pentagon graft. For six years, FBI agents tracked corrupt officials and defense contractors in a scam involving lucrative weapons deals. Day and night, Larkin and his colleagues tuned in to 37 different phone taps -- a complex puzzle of communiquEs that they had to piece together. Frequent loud bangs and shouts, Larkin says, caused slight hearing loss in both ears.
But the lengthy eavesdropping taught Larkin and colleagues about the peccadilloes of executives on the take -- and how an understanding of those human frailties could advance the investigation. Operation Illwind led to indictments for fraud and bribery in 12 states and the District of Columbia.
GETTING THEM TO SING.
He applies the same principle to fighting cybercriminals. He says many were teenage hackers who started off trying to impress friends with their coding prowess. But the former geeks' sensitive egos remain intact even after they've moved on to big-time crimes, such as cracking corporate networks and launching millions of "phishing" e-mails.
In a host of search and seizures in the last six months -- some of which will become public soon, says Larkin -- the FBI convinced members of spam and phishing rings to rat on their accomplices. "Our job is more than putting the bad guys in jail," says Larkin. "It's about getting the bad guys to turn over and take investigations to a higher level."
It just goes to show that when it comes to fighting crime in cyberspace, old-fashioned law enforcement still works.
Grow is a correspondent in BusinessWeek's Atlanta bureau
Edited by Patricia O'Connell