Ex-Gumshoe Nabs Cybercrooks with FBI Tactics

Crooks are crooks, right?

Whatever motivates serial violent offenders doesn’t switch off when they stop mugging people and instead pick up a keyboard to transform into cyber actors who craft cyber threats.

At least, that was the thinking behind the 2012 creation of the FBI’s Cyber Behavioral Analysis Center (CBAC).

“Behavioral characteristics and motivations of cybercriminals in the real world and virtual world are the same,” said Crane Hassold, who helped to create the CBAC after spending more than 11 years as an FBI analyst, offering strategic and tactical analytical support to cyber, financial crime and violent crime cases. “The only thing that differentiates them is their choice to use a computer to facilitate a crime.”

During his stint at the FBI, Hassold researched a slew of cyber threat flavors: malware, network intrusions, denial-of-service attacks, botnets, phishing and hacktivism. He also served as a subject matter expert who trained others on collecting and analyzing open-source intelligence (OSINT) to identify investigative leads and adversary attribution. As well, Hassold spent his days scouring digital evidence to identify behavioral artifacts and investigative leads and reverse-engineering malicious code to better understand adversary motivations and tactics.

Now, he’s director of threat intelligence at cloud-native email security platform Abnormal Security.

After having honed his skills in the behavioral analysis unit, Hassold now goes undercover to connect with attackers directly, unfettered by the red tape of working at a law enforcement agency.

He’s got some interesting stories: stories about looking at cyber threats at a more human level, about delving into more than the tools, techniques and procedures (TTPs) – all those technical bells and whistles of cybercrime.

Hassold visited the Threatpost podcast recently to share his stories about using the concepts built by the FBI to understand how criminals exploit victims’ behavior in business email compromise (BEC), about engaging with BEC actors (first covertly and then overtly), and more. As well, he shared some key findings from Abnormal’s recent report about ransomware.

You can download the podcast below or listen here. For more podcasts, check out Threatpost’s podcast site.

Check out our freeupcoming live and on-demand online town halls** – unique, dynamic discussions with cybersecurity experts and the Threatpost community.**

(Brought to you by Specops Technology. Underwriters of Threatpost podcasts do not assert any editorial control over content.)