Skip to main content

The Investigative Mission

The U.S. Secret Service has a long and storied history of safeguarding America’s financial and payment systems from criminal exploitation. The agency was created in 1865 to combat the rise of counterfeit currency following the Civil War. As the U.S. financial system has evolved - from paper currency to plastic credit cards to, now, digital information - so too have our investigative responsibilities.

Today, Secret Service agents, professionals, and specialists work in field offices around the world to fight the 21st century’s financial crimes, which are increasingly conducted through cyberspace. These investigations continue to address counterfeit, which still undermines confidence in the U.S. dollar, but it is credit card fraud, wire and bank fraud, computer network breaches, ransomware, and other cyber-enabled financial crimes, that have become the focus of much of the Secret Service investigative work.

Secret Service field offices continue their investigative work and are ready to combat a new wave of COVID-19 related cyber-enabled fraud.

An ultraviolet light source is used to verify the authenticity of a questioned note.

An ultraviolet light source is used to verify the authenticity of a questioned note.

Two criminal investigators looking at a map on a computer screen.

The U.S. Secret Service conducts in-depth analyses of the activities, tools, and methodologies used by cybercriminals to better assess the evolving threats they pose to the financial infrastructure and e-commerce.

Special agents comb through seized evidence following the arrests of several involved in a counterfeiting operation.

Special agents comb through seized evidence following the arrests of several individuals involved in a counterfeiting operation.

Cyber Investigations

Over the past several decades, the U.S. Secret Service has successfully identified, located, and arrested cybercriminals responsible for some of the most significant and widely publicized public and private industry data breaches. The U.S. Secret Service cybercrime mission has expanded the scope of its investigative efforts beyond its traditional limits.

As part of its mandate to combat financially motivated cybercrime, the U.S. Secret Service complements its investigative efforts with educational outreach programs. These programs are aimed at strengthening the ability of private and public sector entities to protect themselves against an array of cybercrime. The U.S. Secret Service conducts in-depth analyses of the activities, tools, and methodologies used by cybercriminals to better assess the evolving threats they pose to the financial infrastructure. The U.S. Secret Service then shares the results of these reviews with its network of public and private partners through its outreach programs.

The U.S. Secret Service is a Contributor to the Verizon Data Breach Investigations Report.

The U.S. Secret Service has cultivated mutually beneficial partnerships with law enforcement agencies around the globe, leading to successfully extraditing criminal suspects residing overseas to face prosecution in the United States. The U.S. Secret Service continues to forge new international partnerships in furtherance of its mission to pursue and apprehend cybercriminals globally.

As a result of the convergence of advanced technology and the Internet, both the quantity and sophistication of cybercrimes targeting U.S. financial institutions and critical infrastructure have increased. To protect the nation’s financial infrastructure from cyber criminals, the U.S. Secret Service has adopted a multipronged approach that includes:

The Criminal Investigative Division (CID) - a headquarters division in Washington D.C. dedicated to protecting the nation’s financial infrastructure in the cyber domain and supporting cyber investigations through intelligence collection, liaison, and asset management. The division serves as an integrated mission center, monitoring and supporting strategic investigations with a potential impact on the integrity of the U.S. financial infrastructure. The U.S. Secret Service cyber workforce has contributed to the apprehension of transnational cyber criminals responsible for large-scale data breaches, online criminal hosting services, and the trafficking of stolen financial data.

The Electronic Crimes Task Force (ECTF) Program - an established network of trusted partnerships to combat cybercrime through coordinated investigations, training, and technical expertise and information sharing. The 40 strategically located ECTFs boast a strong alliance of over 4,000 private sector partners, 2,500 international, federal, state and local law enforcement partners, and 350 academic partners. Since its inception, the ECTFs have prevented over $13 billion in potential losses to victims and arrested approximately 10,000 individuals. State and local law enforcement ECTF partners are trained by the U.S. Secret Service National Computer Forensics Institute.

To prepare for and confront cyber incidents, as well as participate in sharing real-time information regarding threats and protective measures, become a member of an ECTF. Please use the below listing of ECTFs to find and contact your local ECTF.

The National Computer Forensics Institute (NCFI) - a state-of-the-art facility in Hoover, AL, providing state and local members of the law enforcement community with training in cyber incident response, investigation, and forensic examination. Graduates of NCFI join ECTFs as valued partners making vital contributions to significant cyber investigations, and work hand in hand with U.S. Secret Service agents and analysts. Since 2008, NCFI has trained over 3,800 state and local law enforcement officers, prosecutors, and judicial officials representing all 50 states and three U.S. territories.

The U.S. Secret Service Mobile Device Forensic Facility at the University of Tulsa - a forensic laboratory center specializing in digital forensics of a broad range of mobile electronic devices, to include smart phones, drones, skimmers, and Internet-of-Things (IoT) devices. The center provides training, develops hardware and software solutions for extracting and analyzing digital evidence from mobile devices, and supports criminal investigations conducted by the U.S. Secret Service and its partner agencies.

The Network Intrusion Responders (NITRO) Program - a cyber workforce of special agents dedicated to responding to and investigating network intrusions, business email compromises, ransomware and other cyberattacks, while collecting and preserving digital evidence.

The Electronic Crimes Special Agent Program - Computer Forensics (ECSAP-CF) - a cyber workforce of agents dedicated to conducting advanced computer, mobile device, and vehicle infotainment systems forensic examinations using specialized methods, software and equipment.

The Network Intrusion Forensic Analyst (NIFA) Program - a cyber workforce of forensic experts assigned to ECTFs to respond to cyber-attacks and cyber investigations by tracking, collecting and preserving digital forensic evidence. NIFAs possess prior cyber forensic experience and serve as subject matter experts within ECTFs. Strictly dedicated to our investigative mission, they provide continuity to Secret Service investigations.

Cyber Partnerships

The Cybersecurity and Infrastructure Security Agency (CISA) - established in 2018, as part of the Department of Homeland Security, to defend against threats and build a more secure and resilient infrastructure. CISA works with partners on evaluating physical and cyber risk to Critical infrastructure and Key Resources (CIKR), and houses US-CERT, ICS-CERT and the CISA Integrated Operations and Coordination Center (CIOCC). The U.S. Secret Service’s liaison team to CISA enhances information sharing, and promotes operational synchronization, and is responsible for interagency coordination and deconfliction of ongoing investigative operations and analysis.

The Computer Emergency Response Team (CERT) in coordination with the Carnegie Mellon University (CMU) - a federally funded research and development center (FFRDC), as part of the Software Engineering Institute (SEI), developing software and systems, designing training curricula, and conducting risk assessment and mitigation for critical infrastructure. The CERT liaison program leverages non-public technology and training to meet emerging cybercrime challenges, and provides technical support for complex cybercrime investigations.

The National Cyber Forensics & Training Alliance (NCFTA) - a nonprofit corporation founded in 2002, created for the sole purpose of establishing a neutral, trusted environment to facilitate information sharing with the ultimate goal to neutralize cyber threats. A partnership between law enforcement, private industry, and academic experts, focused on proactively identifying, mitigating, and neutralizing cyber threats globally. A centralized NCFTA database aggregates real-time data of daily fraud occurrences, cyber trends, and criminal targeting, shared by members, which is examined by NCFTA analysts. Analysis reports are issued in real time with both corporate and law enforcement partners, thus facilitating the mitigation of emerging threats and minimizing future losses.

The U.S. Secret Service partners with numerous private and public sector entities locally, nationally, and globally to prepare for and protect from cybercrime. U.S. Secret Service employees are detailed to other Department of Homeland Security agencies, the Departments of Justice and Treasury, Europol and Interpol.

Cybercrime

Crime trends show an increased use of the cyber domain to carry out financially motivated crimes by breaching and exploiting electronic data. The U.S. Secret Service continues to pursue and arrest cyber criminals who take advantage of human error, IT security complacency, and technical deficiencies in networks and electronic devices. These crimes include:

  • Access Device Fraud - an elicit transferring of funds that involves credit and debit cards, or other types of account access devices. More information
  • Network Intrusion - unauthorized access to computers or networks, using a variety of methods, to include malware and bots. More information
  • ATM Cashout Attack - involves Access Device manipulation and Network Intrusion.
  • Illicit Financing Operations and Money Laundering - investing illicit proceeds into the financial system, while attempting to disguise them as legitimate transactions. Visit here and here for more information
  • Cryptocurrency Illicit Activity, Cryptojacking - illicit hijacking of the processing power of computers or networks by exploiting vulnerabilities in webpages, software, and operating systems, and installing cryptomining software to earn cryptocurrency. More information
  • Point-of-Sale System Compromise - unauthorized access to checkout or cashier systems that process the electronic transfer of payments (i.e., credit cards/debit cards, mobile payments) for goods and services. More information
  • Business Email Compromise - type of payment fraud that involves the compromise of legitimate business email accounts for the purpose of conducting unauthorized wire transfers. More information
  • Ransomware - type of malicious software designed to block access to computers or networks until a sum of money is paid. More information
  • Identity Theft and Use - theft of Personally Identifiable Information to illicit financial gain. More information

Understand and Prepare

A Secret Service guide for Cyber Incident Response Planning outlining what actions organizations should take to cultivate an understanding of the technological and regulatory limitations, responsibilities, and resources available to them, and how to apply the acquired knowledge to their operations. This guide does not constitute legal advice and is only for reference purposes.

Respond

A high powered microscope is used by investigators to verify the printing method used to create a collection of deceptive notes.

A high powered microscope is used by investigators to verify the printing method used to create a collection of deceptive notes.

An investigative assistant examines the print characteristics of a counterfeit bank note.

An investigative assistant examines the print characteristics of a counterfeit bank note.

A counterfeit specialist verifies the authenticity of this genuine $100 banknote.

A counterfeit specialist verifies the authenticity of this genuine $100 banknote.

Counterfeit

The threat of counterfeit U.S. currency to the financial system of the United States has grown in recent years. Advances in technology, the availability of scanning and printing devices and the adoption of the U.S. dollar by nations as their legal tender have exacerbated the threat. To counter these threats, the Secret Service focuses on strategic international investigations targeting counterfeiters and their distribution networks. The agency has also initiated a comprehensive international forensic counterfeit detection training program for bankers and law enforcement officers overseas.

Secret Service examiners extract stolen account data from a device attached to the inside of a payment terminal.

Secret Service examiners extract stolen account data from a device attached to the inside of a payment terminal.

Secret Service polygraph examiners assess the suspects change in physiology to determine whether they are being deceptive or truthful.

Secret Service polygraph examiners assess the credibility of an examinee’s statements by evaluating change in specific physiological indicators during an examination.

Forensic photographer uses alternative light sources to visualize fingerprints found on evidence.

Forensic photographer uses alternative light sources to visualize fingerprints found on evidence.

Forensic Services

The Secret Service is home to an advanced forensics laboratory, which includes the world’s largest ink library and the Forensic Information System for Handwriting (FISH). The lab is ISO/IEC 17025 accredited by the ANSI-ASQ National Accreditation Board (ANAB) for Latent Print and Questioned Document Examination. The Secret Service also provides expert analysis related to polygraph examinations, fingerprints, false identification documents, credit cards and other related forensic science areas.

The Secret Service deploys a unique blend of technologies and expertise in forensic and documentary photography, graphic and web design, geospatial imaging, video/multimedia production, forensic audio/image enhancement, forensic speaker recognition, as well as three-dimensional (3D) LiDAR data collection, modeling, animation and simulation.

In 1994, Congress mandated the Secret Service provide forensic and technical assistance in matters involving missing and exploited children. The Secret Service offers this assistance to federal, state and local law enforcement agencies and the National Center for Missing and Exploited Children.

Writing ink examination performed by Secret Service document analysts and chemists during a federal investigation.

The Secret Service has the only International Ink Library, which contains more than 12,000 ink samples used in forensic examinations.

Forensic document examiners evaluate threatening letters and questioned documents for evidence to determine authorship.

Forensic document examiners evaluate threatening letters to determine authorship.

Forensic scientists use state of the art techniques to enhance audio and video to identify suspect in a child abduction case.

Forensic scientists use state-of-the-art techniques to enhance audio and video to assist field investigators.

Locate a Field Office

Contact us at field offices around the country.