RAY SUAREZ, HOST:
And I'm Ray Suarez with All Tech Considered.
(SOUNDBITE OF MUSIC)
SUAREZ: More and more of our lives play out online. We share where we live, work, eat, travel. Criminals, too, increasingly have migrated to the digital universe, attracted by all that data we share, so a growing number of tech companies have launched their own crime-fighting cyber teams. NPR's Alina Selyukh looks inside one of them.
ALINA SELYUKH, BYLINE: The day began with a plan for what I imagined would be a super nerdy ride-along following cyber investigators as they kick down cyber doors and expose cybercriminals. So I decided to prepare in the most stereotypical way I could think of - with a doughnut and a coffee. Except I'm in a cafeteria in Silicon Valley, so my donut became a fancy cronut and a coffee became...
UNIDENTIFIED WOMAN: Medium latte.
SELYUKH: ...A latte. Soon my guide for the day arrives.
SEAN ZADIG: Hi, how's it going?
SELYUKH: Nice to meet you.
SELYUKH: His name is Sean Zadig. I must say his healthy breakfast puts mine to shame. Zadig runs a team of about 20 people. It's called threat investigations. And it lives inside a security unit known as the Paranoids at a company formerly known as Yahoo, now known as Oath after a merger with Verizon. And the team essentially hunts for fraudsters or child predators who try to use Yahoo emails or other platforms for their crimes. We're making our way through the glass-covered buildings on the company campus to meet Zadig's team. But before I do, I learn something about Zadig that kind of intrigues me.
ZADIG: You know, we went to the same academy that Secret Service went to and Homeland Security.
SELYUKH: He's a former federal agent - used to do law enforcement at NASA, tracking down hackers preying on NASA computers.
ZADIG: After the academy, I spent seven years with them focusing almost exclusively on international cybercrime.
SELYUKH: What was the first moment where you were, like, no one's noticed this and this is going down?
ZADIG: So it was in 2006. There was a case of a NASA employee who had opened a virus that was sent to her by a guy living in Nigeria. And it was...
ZADIG: ...It was a romance deal. And he had convinced this woman that they were going to get together and they were going to get married. And he was really trying to steal her identity.
SELYUKH: These types of crimes are often anonymous. It's relatively rare for them to end up in court. But Zadig tells me the story of how he ended up tricking the scammer guy into accepting a package from the victim, which got him arrested in Nigeria. And then Zadig tracked down the scammer's big boss and got him into an American prison. And then he says something interesting.
ZADIG: I felt accomplished that, OK, we got this guy. We showed that it can be done and that law enforcement and private industry should consider doing those type of cases.
SELYUKH: Law enforcement and private industry should consider these cases. Think about this - I'm inside a tech company talking to a former federal investigator about his government work. This is an interesting trend. Silicon Valley has been slowly staffing up with former agents from the FBI, the Secret Service or NASA. In a way, it's a reflection of modern crime. Criminals send emails, follow each other on Facebook, find victims on dating sites. Tech companies don't want to be used for criminal schemes, and hiring highly trained federal investigators helps. But there's also something else.
TOM PAGELER: The government doesn't always have the bird's eye view anymore.
SELYUKH: Tom Pageler is a former Secret Service agent who's now also in the tech industry. He says it used to be that the government had our data - Social Security numbers, voter registration. But now it's private companies that know where we are, who we're talking to. And this shift was already happening in the early 2000s when he was a federal agent.
PAGELER: So I think that actually, what is happening today is what we were hoping for back then - a really good partnership where well-trained individuals are going in the private industry and know how to investigate a case and package it properly for law enforcement to do what they need to do.
SELYUKH: Here's how this process might work. Let's go back to Zadig's team.
What are we looking at?
UNIDENTIFIED MAN: OK, so this is basically a fraud ring that we identified out of South Africa.
SELYUKH: So essentially this looks like a digital version of, like, in the movies they have crazy photos and red threads running from photo to photo. Is that...
UNIDENTIFIED MAN: That's absolutely right.
SELYUKH: I won't name this man to protect his work, but his chart is intense.
UNIDENTIFIED MAN: We've got connections from, you know, victim accounts to suspect accounts based on phone numbers. And then we've ended up being able to locate actual Facebook profiles for our subjects based on IP logins and phone numbers and things like that.
SELYUKH: This is how Zadig's team tries to connect Internet crimes to real-life criminals. The team can't see the content of emails for user privacy, but they can connect sketchy accounts by seeing who's emailing whom, or did they use the same phone number to sign up? Then they scour the web for social networks or other public digital trails connected to those emails and phone numbers. Turns out criminals sometimes shamelessly flash wads of cash right on Facebook.
ZADIG: We will print these charts out 2 or 3 feet wide and they'll be longer than a conference room table. And we'll often sit down with law enforcement prosecutors and walk them through here's how this account connects to this account. Here's how we identified this person.
SELYUKH: Zadig says this is how their cases end up being prosecuted. They know how to build one. About a third of them used to work in law enforcement.
ZADIG: And then we've come back later to follow up on cases, and we'll see these charts on the walls. You know, law enforcement or prosecutors have marked on them. They've made new connections that we hadn't made.
SELYUKH: Zadig's team usually comes in after something illegal already happened. That includes the gigantic hacks of Yahoo itself. They happened in 2013 and 2014, though the company only disclosed them last year. In the 2014 case, a Canadian hacker has pleaded guilty and three Russians, including two government agents, have been indicted.
Another time I met Zadig, he told me about a case that shows how often the public might not even realize that an investigation began inside a tech company. This new case had started as a tip from a bank that hackers were breaking into bank accounts and switching them to Yahoo emails. But Zadig's team noticed something else.
ZADIG: We saw that they had created, you know, dozens of Yahoo accounts that were used to file tax returns. And, like, your normal person files one a year, right? And these folks were filing dozens of tax returns a year.
SELYUKH: Two guys were later arrested for this. The scheme was tax fraud. And Zadig's team spotted it by seeing email subject lines like congratulations, you've finished your tax return or your refund has been issued. For law enforcement, this kind of information is only available with a warrant for each email account. They might have never connected these particular dots, definitely not this fast. And there is a touchy side to this comparison. Here's something Zadig told me over and over.
ZADIG: We're not law enforcement, even though some of us come from that background. We take really great pains to make sure that we have a really clear line between what is a law enforcement job what is our job?
SELYUKH: And there's definitely enough crime on the Internet to keep them both busy. Alina Selyukh, NPR News, Sunnyvale, Calif.
(SOUNDBITE OF MINOTAUR SHOCK'S "MY BURR")
NPR transcripts are created on a rush deadline by Verb8tm, Inc., an NPR contractor, and produced using a proprietary transcription process developed with NPR. This text may not be in its final form and may be updated or revised in the future. Accuracy and availability may vary. The authoritative record of NPR’s programming is the audio record.