Are You Ready to Seize Some Cryptocurrency?

/
Are You Ready to Seize Some Cryptocurrency?

The U.S. Department of Justice (DOJ) announced in early February 2022 that they had arrested two individuals, Ilya Lichtenstein and his wife Heather Morgan. When the couple was arrested in connection with the theft of cryptocurrency from the Bitfinex cryptocurrency exchange in 2016 and subsequent laundering of the proceeds, it led to one of the most valuable seizures of illicit proceeds in law enforcement history.

Read More

Global Security Advisor Proposes ‘Moon-shot’ Fight Against Cybercrime

/

LIVE FROM THE ACFE GLOBAL FRAUD CONFERENCE

Dick Carozza, CFE
Editor, Fraud Magazine

Marc Goodman, a global security advisor, believes the anti-cyber crime community should mount a campaign against online criminals similar to President John F. Kennedy’s challenge to land a man on the moon.

“He made a bold declaration. … We don’t have anything like that for cyber security; yet we’re handing over every aspect of our lives over to these machines with no concept of protection. … We’re all going to have to do that,” he said. “And you folks from the ACFE have the right skill sets, the right knowledge, the right network to make that happen. I invite you to join me in that fight.”

Over the last 20 years, Goodman built his expertise in cyber crime, cyber terrorism and information warfare. He’s worked with Interpol, the United Nations, NATO, the Los Angeles Police Department and the U.S. federal government.

He founded the Future Crimes Institute to inspire and educate on the security and risk implications of newly emerging technologies. He also serves as the global security advisor and chair for policy and law at Silicon Valley’s Singularity University — a NASA- and Google-sponsored educational venture dedicated to using advanced science and technology to address humanity’s grand challenges.

“Technology can be awesome,” Goodman said. “It’s had a tremendous impact on the world. … But there’s a significant downside to technology and the ways bad guys use it. …

“All the technology change is leading to a paradigm shift in crime and in fraud. Crime used to be an easy affair; it was a good start-up business. You could go out and get a knife or a gun, hide in a dark alley and say ‘stick ‘em up.’ … But eventually criminals could only rob so many people in a day. New technology helps criminals rob more people,” Goodman said.

In the Target breach last December more than “one-third of America had its information compromised. … Now one person can rob 100 million people.” Also, Target had to spend $214 for each one of the accounts hacked. He said a recent Center for Strategic and International Affairs study said that the annual global cost for cyber crime is $400 billion — about 1 percent of the U.S. GDP. 

He then shared some cyber crime developments. Here are just a few:

  • Innovative Marketing Solutions, a company in Kiev, set loose a popup box that told computer users that they had a virus, and for $49 they could download malware protector software that would solve their problems. However, users actually never had infected computers until they paid their money and downloaded the software. Before the FBI and Interpol shut them down, the business ripped off $500 million.
  • When we’re browsing on the Internet, we only see the “surface web” — underneath is the “Web Profunda” or “Deep Web,” which is 500 times larger than the web we know. “About 50 percent is involved with crime and fraud,” Goodman said. The Deep Web site, “Silk Road,” sold drugs, guns, fake IDs and hits for hire, among other nefarious goods and services. Before the site was taken down, 20 percent of all American drug users had purchased their drugs on the site, he said.
  • Most flashlight apps on phones steal contact information.
  • Those who think they’re calling their banks often are shunted via malware to criminal call centers that request, and often receive, personally identifiable information.
  •  Fraudsters are hacking pacemakers, insulin pumps and vehicle computer systems.

Goodman said that personally we should:

  • Use different passwords for every system.
  • Always use a VPN when connected to public networks.
  • Always encrypt our data.

Corporations should:

  • Implement open-source intelligence programs. Go into the Dark Web.
  • Place adults in charge of risk, fraud and security.
  • If something is really important, don’t put it in a computer.
  • “Red team” and test your assumptions; find problems before hackers do.
  • Hackers are already in the system; hunt them out.

“Technology runs the world,” Goodman said. “ … When it fails, what’s our backup plan? We don’t have one.” He said we owe it to our children’s children to not leave them a scary cyber world.

Find more conference coverage at FraudConferenceNews.com.

Know Thy Enemy: Cyber Thieves

/
Cora.JPG

LIVE FROM THE ACFE ANNUAL FRAUD CONFERENCE

Cora Bullock

Assistant Editor, Fraud Magazine

In his lively presentation on Monday, Cary Moore, CISSP, EnCE, discussed cyber threats, both from without and within an organization. The insider is the cyber thief who works from within the company and is often a trusted employee.

The insiders fall into the following categories:

  • Traitors - These are people who consciously decide to betray their organization. There is not much information on them in the private sector as usually they are fired, not studied. Red flags include unusual change in work habits and seeking out sensitive projects.
  • Zealots - These firmly believe that the ends justify the means, and their cause is absolutely correct. Being so highly motivated makes them especially dangerous.
  • Spies - In the private sector spies can be working for your biggest competitor. They find out such business intelligence as product development and launches, potentially costing you millions of dollars.
  • Browsers - These employees casually peruse information, not actively seeking out anything specific but will use information for personal gain. They are extremely hard to identify.
  • Well-Intentioned - Everyone wants to help, but when an employee receives a pleading email from someone purporting to be a friend or relative, they will scramble to help that person. However, they unleash costly viruses when clicking on links or opening attachments via spear phishing, whaling and smishing.

Moore advised on how to frame and conduct an investigation into these insiders. His tips included looking for bogus accounts, activity at odd or unusual times and employees turning their computer screens so people passing by can't see them.

He said ideally, don't let anyone outside of your company connect to your network, but if you must, have them sign the same network access agreement as your employees, including monitoring by IT. When you have visitors in your building, don't assume they are without suspicion. Make sure they have an escort at all times. They can walk out with your intellectual property safely stored on flash drives hidden in watches, pens, even cufflinks - "for the James Bond in all of us," said Moore.

Read the full article and find more Conference coverage.