'Catch Me If You Can' FBI Security Superstar Abagnale: Federal Government Is The Easiest Target For Cybercriminals
Frank Abagnale, the teenage check forger turned FBI security expert popularized by the film "Catch Me If You Can," says the federal government itself is the easiest target for cybercriminals looking to grab cash without getting caught.
"To be honest with you, the federal government is the worst," said Abagnale, who has who has been a security consultant for the FBI for the last 41 years. "Medicare and Medicaid lost $100 billion last year that was paid out in fraudulent claims. That is 10 percent of their combined budget. We had the IRS pay out $5.8 billion in tax refunds to people who filed a return using somebody else's identity. Simple data analytics software would have caught most of that, but the government doesn't use it. We had unemployment fraud of $7.7 billion."
Abagnale, who has become a sought-after expert on identity theft and fraud and a consultant to technology companies, said the problem is the federal government lacks the profit motive of major businesses, which spend billions to protect themselves from cybercriminals.
"Because the government has no board of directors and no interest in profit, they basically don't do a lot to protect the infrastructure of our country or the 2,000 agencies that are involved in running our country," said Abagnale in an interview with CRN. "Consequently what has happened in the last couple of years is criminals have started to say, 'Wait a minute, who has all the money? The government. Who would be the easiest to defraud? The government.' So the government has become a huge target of criminals. It is the same for state, county and city government as well."
While major banks are spending billions on security technology and services, the federal government is a sitting duck, said Abagnale. "A major bank like Chase or [Bank of America] couldn't afford to lose $100 billion -- they would go broke, they would be out of business tomorrow," he said. "So they invest billions of dollars in technology to keep criminals out of their banks, and they are constantly updating and doing a good job of trying to build a fence between them and the person trying to rip them off. But the government is not doing that. The government is the easier target. So the criminals go to the government."
Abagnale said the time has come for the government to "wake up and start acting like a private business." He said the government needs to spend the "money and the time" to stop cybercriminals from pilfering billions of dollars. "It's not that big a deal to do, but they don't do it," he said.
Abagnale's comments on Friday came in an interview with CRN just before his keynote address in front of 1,300 attendees at the annual Whalley Computer Associates' Foxwoods Technology Conference, the largest technology conference in the Northeast. WCA is a Southwick, Mass.-based national solution provider, No. 225 on the CRN 2017 Solution Provider 500, that's known for its local touch.
After recounting his emotional life on the run as a teenager and his subsequent work with the FBI -- some of which was portrayed in the 2002 film, in which he was played by Oscar-winning actor Leonardo DiCaprio -- Abagnale said he has been involved in working on most of the major breaches that have hit the headlines, including the Equifax breach. The lesson learned from all those breaches: "Every breach occurs because somebody in that company did something they weren't supposed to do or somebody in that company failed to do something they were supposed to do," he told attendees. "Hackers do not cause breaches. People do. Hackers just wait for people to give them the opening to hack the system."
The breach of the credit reporting agency Equifax, which has exposed the personal information of 145.5 million Americans, for example, was a result of the company not maintaining its infrastructure with the proper security. "Obviously they didn't keep up their infrastructure. Their technology, their negligence, caused the hacker to have access," Abagnale said.
Abagnale, who lives in South Carolina, pointed out that when 3.8 million tax returns were stolen from the state of South Carolina in 2012, the state initially claimed no one in government was at fault. Abagnale's response: "That would be literally impossible. After a two month investigation, it turned out an employee took a laptop home they weren't supposed to take home. They used it on an unsecured environment on an unsecured wireless system and the hacker got into the tax revenue office and stole 3.8 million tax returns of the citizens of South Carolina."
Abagnale said cybercriminals that steal identity data, as in the South Carolina and Equifax breaches, "warehouse" that data to be used to grab cash over years and years. "If I breach Home Depot or Target I am stealing credit card numbers and debit card information, that has a very short shelf life," he said. "I have to get rid of that almost immediately. If I steal your name, social security number and your date of birth, you can't change that. So the longer I hold it the more valuable it will become. We are just now [five years later] seeing South Carolina start to show up in fraudulent activity. It will be two or three years before we see Equifax start to show up. They will warehouse that data until they get ready to sell it and use that data."
Abagnale said the lesson to be learned from the breaches is that the federal government and corporations of all sizes need to do a "much better job of protecting our infrastructure."
Abagnale said he sees Truesona -- which aims to eliminate passwords with its true persona technology -- as the best product to stop cybercriminals. "This is a technology the CIA wanted -- the ability for an agent out in the field in Afghanistan to send back data over their iPhone to the field office in Langley, Va., so Langley could know the person on the other end of that device was 100 percent accurately their agent without exception," he said.
Today, Truesona has a commercial product. "We are getting rid of passwords," said a determined Abagnale, who works with Truesona. "Passwords are an old 1970s technology. It is stagnant. It is the root of all the problems we have today. We have got to get rid of passwords."
Conference attendees said Abagnale's call to action did not fall on deaf ears. They said they were inspired to do a better job of protecting IT infrastructure.
Paul Miles, a patrolman who doubles as an IT manager for the Southwick Police Department, said the lesson from Abagnale's address is that individuals need to be better educated to protect businesses and organizations from potential breaches. "It reaffirms the point that user education is key to protecting agencies from breaches and inappropriate dissemination of data," he said. "At the ground level it is easy for users to forget that social engineering is the primary source of breaches."
Miles said IT managers and users need to be constantly vigilant about the need for proper security procedures. "Everybody is a target," he said."We are constantly reminding our employees what the proper practices are in terms of network security. We also make sure that our physical layer protections are in place and patches are in place."
Miles, who has attended the last four WCA Technology Conferences, credited Whalley Computer Associates as a "tremendous resource" for helping protect the department. "In terms of service, Whalley is absolutely outstanding. I couldn't ask for a better resource. They are the hometown team, but in my experience I couldn't ask for a better response from them. They have been instrumental in making sure our infrastructure is secure and works properly."
Steve Dodge, director of technology for Rumsey Hall School, a boarding school in Washington, Conn., said keeping the identity of students at the school safe is "paramount."
"Hearing what Frank had to say about Truesona and no passwords is important for the future," he said. "Password technology is an issue on a global scale. Getting rid of passwords would only improve safety. Keeping people identity's safe from cybercriminals is paramount."
Besides his call to action on security, Abagnale told attendees his own personal story of criminal behavior as con artist and check forger, which was set in motion when his parents divorced after 22 years of marriage. Abagnale stood in the courtroom as a 16-year-old crying and refusing to decide which parent he would live with. Instead of making the choice, he ran away. "By the time my parents got outside, I was gone," he said. "My mother never saw me again for about seven years until I was a young adult. Contrary to the movie, my father never saw me or ever spoke to me again."
Abagnale considers himself fortunate to have gotten a second chance and to have met his wife 40 years ago on an undercover assignment for the FBI in Houston, Texas. "When the assignment was over I broke protocol to tell her who I really was," he said. "I didn't have a dime to my name, but I eventually asked her to marry me against the wishes of her parents. She did."
As for his redemption, Abagnale said it is not a result of being born again or seeing the light or being rehabilitated in prison. It is that, "God gave me a wife."
"She gave me three beautiful children," he told the hushed crowd. "She gave me a family and she changed my life. She and she alone. Everything I have. Everything I have achieved, who I am today, is because of the love of a women and the respect three boys have for their father -- something I would never jeopardize."
Abaganale advised those in the audience that still have their mother and father: "Give them a hug. Give them a kiss You tell them you love them. While you can."
As for the men in the audience, Abagnale posed the question: "What does it really mean to be a man? Absolutely nothing to do with money, achievements, skills, accomplishments, degrees, professions, positions. A real man loves his wife. A real man is faithful to his wife. And a real man next to God and his country puts his wife and his children as the most important thing in his life. (Catch Me If You Can director) Steven Spielberg made a wonderful film, but I have done nothing greater, nothing more rewarding, nothing more worthwhile, nothing has brought me more peace, more joy, more happiness, more contentment in my life than simply being a good husband, a good father. I strive to be everyday of my life a great Daddy."