Frank Abagnale, the teenage check forger turned FBI security expert popularized by the film "Catch Me If You Can," says the federal government itself is the easiest target for cybercriminals looking to grab cash without getting caught.
"To be honest with you, the federal government is the worst," said Abagnale, who has who has been a security consultant for the FBI for the last 41 years. "Medicare and Medicaid lost $100 billion last year that was paid out in fraudulent claims. That is 10 percent of their combined budget. We had the IRS pay out $5.8 billion in tax refunds to people who filed a return using somebody else's identity. Simple data analytics software would have caught most of that, but the government doesn't use it. We had unemployment fraud of $7.7 billion."
Abagnale, who has become a sought-after expert on identity theft and fraud and a consultant to technology companies, said the problem is the federal government lacks the profit motive of major businesses, which spend billions to protect themselves from cybercriminals.
"Because the government has no board of directors and no interest in profit, they basically don't do a lot to protect the infrastructure of our country or the 2,000 agencies that are involved in running our country," said Abagnale in an interview with CRN. "Consequently what has happened in the last couple of years is criminals have started to say, 'Wait a minute, who has all the money? The government. Who would be the easiest to defraud? The government.' So the government has become a huge target of criminals. It is the same for state, county and city government as well."
While major banks are spending billions on security technology and services, the federal government is a sitting duck, said Abagnale. "A major bank like Chase or [Bank of America] couldn't afford to lose $100 billion -- they would go broke, they would be out of business tomorrow," he said. "So they invest billions of dollars in technology to keep criminals out of their banks, and they are constantly updating and doing a good job of trying to build a fence between them and the person trying to rip them off. But the government is not doing that. The government is the easier target. So the criminals go to the government."
Abagnale said the time has come for the government to "wake up and start acting like a private business." He said the government needs to spend the "money and the time" to stop cybercriminals from pilfering billions of dollars. "It's not that big a deal to do, but they don't do it," he said.
Abagnale's comments on Friday came in an interview with CRN just before his keynote address in front of 1,300 attendees at the annual Whalley Computer Associates' Foxwoods Technology Conference, the largest technology conference in the Northeast. WCA is a Southwick, Mass.-based national solution provider, No. 225 on the CRN 2017 Solution Provider 500, that's known for its local touch.
After recounting his emotional life on the run as a teenager and his subsequent work with the FBI -- some of which was portrayed in the 2002 film, in which he was played by Oscar-winning actor Leonardo DiCaprio -- Abagnale said he has been involved in working on most of the major breaches that have hit the headlines, including the Equifax breach. The lesson learned from all those breaches: "Every breach occurs because somebody in that company did something they weren't supposed to do or somebody in that company failed to do something they were supposed to do," he told attendees. "Hackers do not cause breaches. People do. Hackers just wait for people to give them the opening to hack the system."
The breach of the credit reporting agency Equifax, which has exposed the personal information of 145.5 million Americans, for example, was a result of the company not maintaining its infrastructure with the proper security. "Obviously they didn't keep up their infrastructure. Their technology, their negligence, caused the hacker to have access," Abagnale said.
Abagnale, who lives in South Carolina, pointed out that when 3.8 million tax returns were stolen from the state of South Carolina in 2012, the state initially claimed no one in government was at fault. Abagnale's response: "That would be literally impossible. After a two month investigation, it turned out an employee took a laptop home they weren't supposed to take home. They used it on an unsecured environment on an unsecured wireless system and the hacker got into the tax revenue office and stole 3.8 million tax returns of the citizens of South Carolina."