Armed with search warrants, O’Neill saw the stolen data was flowing from the dump sites to computer servers scattered across the U.S. Agents tracked down those servers -- one belonged to a law office, another a dentist -- but none were still being used by the hackers. Then, in July of 2010, O’Neill got lucky.
One of those computer servers belonged to New Harrisburg Truck and Body in Mechanicsburg, Pennsylvania. With permission from the shop’s innocent owner, agents in August 2010 placed a “sniffer” on his computer.
Truck Shop
The sniffer revealed that the hackers were using the truck shop’s computer to store and use their “tools” -- malicious software that scanned the Internet for vulnerable computers, allowed them to break into those computers, steal the data, upload it to a dump site, download it to the truck shop’s computer and then zap it around the globe.
The hackers were careful. They masked their identities by using anonymous e-mail and chat accounts. They hid their location by routing through other servers in Europe.
Even so, O’Neill suspected they were in Romania. They chatted in e-mails in the language, and the agent managed to track some of their computer activity back to the country.
It was now late 2010 and O’Neill was getting concerned that the hackers would figure out he was monitoring them. The Secret Service was caught in a Catch-22: agents wanted to keep watching in secret to find out the hackers’ identities yet had an obligation to alert customers, retailers and financial institutions that the accounts had been hacked.
“Their clients were emailing them and saying, ’Why are you cheating me? These are bum cards,’” O’Neill said, of the messages he secretly read.
Solid Lead
Finally, in late October, agents picked up a solid lead: in an online chat, a hacker mentioned that his computer had been seized and his house raided by Romanian police investigating his cyber activities.