The U.S. Secret Service yesterday presented its Director’s Recognition Award to two staff members of the CERT® Program, part of the Software Engineering Institute at Carnegie Mellon University, for their contributions to the TJX network intrusion investigation. The Director’s Recognition Award is given to corporate or industry individuals or organizations who have provided significant assistance to the Secret Service in its investigative or protective mission.
Rich Nolan and Matthew Geiger received the award from Eric Zahren, special agent in charge of the Pittsburgh office of the Secret Service in a brief ceremony at the SEI headquarters in Pittsburgh. Nolan is technical director of the Digital Investigations and Intelligence Directorate (DIID) in the CERT Program, and Geiger is a senior member of the technical staff in the DIID.
The DIID works closely with federal law enforcement and intelligence agencies to provide operational support, identify and develop tools that address needs not met by commercial tools, and provide training to improve the state of practice among digital forensic analysts.
The TJX investigation involved a network intrusion that compromised customer records at T.J. Maxx, Marshall’s, and other retailers. Eleven individuals were indicted in 2008 in connection with the data breach, one of the largest data breaches in U.S. history; they were allegedly responsible for the theft of account data for more than 90 million credit and debit cards over a six-year period.
Explaining the reason for the award, Kenneth Jenkins, special agent in charge, Criminal Investigative Division, said, “[In the TJX investigation] traditional investigative techniques revealed that sophisticated and complex network masking, encryption and other obfuscation techniques were being employed as counter-measures to thwart investigators from identifying suspects, their methods of operation, and the access, recovery and seizure of digital evidence. In response, the [DIID] developed both an innovative approach and custom tool to overcome these counter-measures. This approach proved successful in recovering sufficient digital evidence necessary for prosecution. The methods successfully employed by the [DIID] will certainly become a mainstream investigative practice that will benefit future Secret Service technology-based investigations. They have also filled a definitive need within the current arsenal of law enforcement digital forensic tools and techniques.”
“No individual government agency or entity alone can deal effectively with what we’re going to face in the cyber realm,” said Zahren in the award presentation. “The Electronic Crimes Special Agent Program and Electronic Crimes Task Forces were initiated to bring agency resources together with the expertise and creativity of our partners. What you do at Carnegie Mellon and CERT is the ideal of that concept.”
Rich Pethia, director of CERT, said, “We appreciate the strong relationship that CERT has built with the Secret Service. Our relationships with law enforcement agencies enable us to put our ideas to good use.”
Nolan, a seven-year staff member at CERT, is a U.S. Marine Corps veteran and a former Drug Enforcement Administration agent. Geiger, who joined the SEI in 2006, has assisted U.S. federal agencies in several high-profile cybercrime investigations as part of CERT's forensics team. Prior to joining CERT, he worked for 14 years in Southeast Asia, including founding a computer forensics company in Singapore.Photo caption: Rich Nolan (left) and Matthew Geiger