25 October 2009

Financial Crime and Money Laundering

Let's start by talking about 10 days in January earlier this year [2009]. You may have heard of the torpig malware, which builds a botnet focused on stealing Banking details and other information.

In a period of just over a week, US researchers were able to penetrate the torpig botnet, and collect some information. Here's a summary of what they found.

182,000 unique PCs were infected. In addition, 50,000 new PCs joined the network from fresh infections, mostly from drive-by web site takeovers and other program flaws.

That's 5,000 new PCs every day.

8,310 financial accounts were compromised, from USA, Italy, Germany, Spain, Poland and more countries – from 410 different banks. (The standard torpig configuration targets more than 300 online banking systems around the world.)

Top financial accounts stolen include PayPal (1,770 accounts), followed by Poste Italiane (765), Capital One (314), E*Trade (304) and Chase (217.)

Also stolen were credentials from thousands of corporate web sites, and 1,660 credit and debit card details.

Nearly 300,000 user names and passwords were collected, including Google, Facebook, MySpace and others, thereby compromising a wide variety of personal information and documents.

Typical attacks include man-in-the-middle browser phishing, web injection and form spoofing.

The market for stolen credit cards and bank details is now seeing greater sophistication, with increasing supply leading to lower prices. For example, credit cards with CVV2 codes which have not yet been confirmed can be sold in batches of 1,000 for around $3 each. Prices go up to $12 when you add the consumer's name, address and date of birth. The market is so strong, thieves are using classic marketing tactics -- “buy 500, get 500 free.”

Estimates of revenue from just 10 days of the botnet operation range up to $8 million, based on current market prices for credit card details and compromised bank accounts. Not a bad return on investment for just one criminal enterprise.

And in news from researchers at McAfee, 12 million new computers have been taken over as botnet zombies since January – that's a 50% increase over last year. According to the report, 18% of all computers in the USA have been compromised, with second place China on 13%.

Here's another case, from Korea. Rhee Jin-shik, a 57 year old self-employed businessman, received a phone call from the Post Office, telling him that they were unable to deliver his new credit card. Rhee said he never ordered one, so the Post Office told him they were reporting it to the Financial Police, who would help him. A few minutes later, with uncharacteristic efficiency, someone from the Cyber Investigation Unit called, and told him that he was being targeted by a gang of criminals. In order to protect his money, he was recommended to transfer it from his current account, into a special “protected” account set up by the government. A kind manager from the government controlled Bank soon called him, to help him do this.

Naturally, all three callers were fake – part of a sophisticated Voice Phishing scam, which targets small business owners.

You've all heard similar cases, and we could stand here all day talking about them, but let's focus on what's important.

First, the Fraud market is a global, complex problem. Nearly every country is affected, and the criminal gangs behind it are increasingly professional, using sophisticated techniques and the latest technologies to achieve their goals.

Wherever there is Fraud, you can be sure that Money Laundering isn't far behind.

Fraudsters need to channel their illegal earnings back to where they can spend them. This also brings in tax evasion, and a whole range of different ways of benefiting from the proceeds of crime.

A more worrying trend is that a significant percentage of crime is also being used to benefit terrorist organisations. Recent investigations for example show that Somali marine piracy is being funded from Dubai, and banks there have been accused of laundering money for the pirates.

There are well-recognized links between some traditional informal methods of money transfer (such as Fei Ch'ien or Hawala), and terrorism financing. Increasingly, terrorists are using the same channels as regular criminals, and are investing resources to build their capabilities.

This global problem is growing and changing, almost faster than the authorities can keep up. To protect themselves, financial institutions have to become more effective.

The criminals are becoming smarter. Last week, we learned that fraudsters were using their access to Lexis-Nexis to steal information required for Credit Cards – and have been doing it for three years, putting more than 32,000 people at risk of financial loss.

The threats are multiplying. Another factor which is starting to have a major impact is the financial meltdown of the past 12 months.

This has led to a huge loss of confidence among consumers, as well as a surge in financial crime from desperate people, some of whom may have lost their jobs in the industry.

Thus, we see greater risk from insider threats, as internal fraud is driven by employees with knowledge of vulnerable systems, and fear for their future.

Finally, we must not neglect consumer confidence among the risks, as this has been particularly hard-hit by the collapse of banks and property prices, with a string of bankruptcies leading to unemployment and loss of investments.

In the Unisys Security Index survey (Wave 4), 61% of Europeans believe that the world financial crisis will increase their personal risk of becoming a victim of identity theft – with the Spanish having the highest levels of concern.



All of these problems require a firm decision by regulators and financial institutions to take the threat seriously – which means continuing to invest in training, building institutional capabilities, and selecting appropriate technologies to combat financial crime.


To summarize, we have the following conditions:

1) Increasingly sophisticated complex attacks on financial systems;
2) More professional, highly motivated and intelligent criminals, with an apparently endless variety of new techniques for stealing our money;
3) Blended threats, using combinations of online phishing, telephone and document fraud, plus dangerous malware and botnets;
4) Global financial meltdown, with associated higher risks of internal attacks;
5) Threats are increasing by 40% each year – we are entering the age of CyberWar.
6) Urgent action is needed now – requiring coordination between the financial industry and government.

The “sharp end” for most of this criminal activity is something we see every day in Fraud and Money Laundering investigations.

Those of us active in CyberSecurity believe that the old techniques, based on basic transaction monitoring with pattern matching are no longer enough.

Investigators and the executives responsible for risk reduction need better intelligence to combat these threats.

By intelligence, we mean the training, tools and techniques used in the world of CIA, NSA and FBI, but applied in the domain of financial crime.

It's not enough to have access to data. By itself, the data does not help us.

We have to work smarter. This means approaching financial crime in a new strategic way. It means breaking down some of the barriers which may exist between silos, bridging the gaps between compliance and fraud investigation departments.

We see a need for closer cooperation between regulators, the Financial Intelligence Units, and banks and insurance companies.

And finally, we need the political will to tackle these issues, or the problems will simply continue to get worse.

No comments: