It’s not easy to drop in on Mitchell Thompson at work. After removing my shoes for airport-like security, I follow my escort down a hallway to a thick glass door. She scans her badge and punches in a code to gain entry. Behind the door awaits a protected bank of elevators reserved for employees of the U.S. Federal Bureau of Investigation.
High up in the FBI’s New York City field office, Supervisory Special Agent Thompson leads a 20-person squad that includes computer scientists and security professionals. They investigate cybercriminals who target the city’s largest banks and stock exchanges, as well as scammers who steal from everyday citizens.
In earlier years, occasional investigations into fraud and child pornography were handled by teams with minimal cybertraining. As the number of cases increased, the FBI realized it needed to develop its own cybersleuths. “Historically, people commit crimes at the speed of human,” Thompson says in his Texas drawl. “With the Internet, they’re able to commit crimes at the speed of the Internet.”
Cybersecurity is now one of the agency’s top three priorities, right behind terrorism and counterintelligence. The FBI has cybersquads in all 56 of its field offices. Larger offices support multiple squads that specialize in certain types of cybercrime—such as Thompson’s group, which focuses on financial misdeeds.
The FBI is not alone in shifting resources toward patrolling the Internet. Law-enforcement agencies around the world are hiring experts to hunt down cybercriminals. Europol, the European Union’s law-enforcement agency, established the European Cybercrime Centre in 2013. And its global equivalent, Interpol, once created its own private cryptocurrency and built a fake Darknet to study criminal behavior.
Thompson has been with the FBI for 10 years. In college, he majored in accounting and management information systems, and he later earned his MBA. His first job was as a CPA, auditing financial firms. After six years, he left in search of more rewarding work and became a special agent.
Initially, Thompson knew little about hunting cybercriminals. He learned cybersecurity practices through training with SANS, a specialized security institute, and CompTIA, an industry group for security professionals. The bureau also offers internal cybercertifications and programs on cyberforensics.
Thompson’s studies paid off in 2014, when he coordinated a takedown of cybercriminals with agencies in 19 countries that resulted in over 90 arrests. The operation targeted the creators and sellers of malware called Blackshades, which was used to collect victims’ keystrokes, steal account information, and spy on thousands of people through their webcams.
To initiate a case, Thompson explores leads from the FBI’s Internet Crime Complaint Center. The bureau uses data analysis to search for keywords and identifiers in filed complaints, and it bundles similar cases together, whether they be business owners hit by fraudsters or victims of a romance scam.
If a bank or insurance company in New York City detects an online intruder or a massive distributed denial-of-service attack, they can also call Thompson directly. Depending on the situation, Thompson may immediately deploy a cyberresponse team to start collecting evidence, such as making forensic copies of servers before the attack is over.
Though the FBI has at times rubbed the tech industry the wrong way—many saw its attempt to force Apple to unlock an iPhone as an affront to security and privacy—the bureau is eager to recruit the expertise it needs from the industry.
Thompson says he often needs people who can perform specific tasks, such as reverse engineering malware, though he doesn’t expect new hires to know it all. “No one is an expert on everything,” he says. “As long as you know what your limitations are and know who to ask when you come across your limitations, I’m great with that.”
Computer scientists, IT specialists, and engineers can join the FBI right out of college, though some work experience is usually preferred. It also helps to have patience—tracking down cybercriminals often requires months or years of persistent investigation. “When we work a case long enough, we have great success,” says Thompson.
This article appears in the February 2017 print issue as “FBI Agent Mitchell Thompson.”