Threats Without Borders - Issue 141
Cyber-Financial Crime Investigation Newsletter, Week ending July 30, 2023
Recent Email.
“I’m a new investigator and I’ve just been assigned to the financial crime section. Where should I start?”
Well, you’re subscribed to the Threats Without Borders newsletter so you’re on the right track!
1) Review and understand the financial and cyber-associated criminal statutes of your state. What are the elements of identity theft in your state? Fraud? Forgery? When is a bad check criminal and when is it civil? Familiarize yourself with the pertinent case law also. Do you understand the restrictions Carpenter V. United States places on the government seeking data from third parties? Have you read the Van Buren ruling to see how computer trespass is to be applied under the Computer Fraud and Abuse Act?
2) Know your agency's policies concerning what cases get assigned for investigation and what don’t? You can’t investigate every theft and fraud that gets reported. If you don’t have loss limits written in the policy - ask to create some. Be able to explain to victims why you aren’t going to investigate their case and have the policy to back it up so you aren’t accused of favoritism, prejudice, or laziness. “Yes sir, I understand your credit card was used to purchase a case of beer in Texas while you were in Pennsylvania. And I agree that it’s absolutely a crime, but we won’t be conducting an investigation. AND HERE IS WHY….”.
3) Contact your prosecutor's office to get clarification on what cases they will accept. There is no use investing effort into a case where the suspect is on the other coast if your prosecutor won’t extradite. When will they approve extradition? Is it based on the grading of the violated statute or the amount of financial loss?
4) Identify the financial institutions in your jurisdiction and go make some new friends. Introduce yourself to the security and fraud teams. Explain your agency's policies and learn theirs. Host a meeting and bring everyone into your house for a meet-and-greet. A box of donuts and an hour of your time will pay 10X dividends. Building and maintaining relations is a key component of being a successful financial crime investigator.
5) Learn how money flows through national and worldwide financial systems. Understand the difference between an ACH and a Wire. How does a bank recall these transfers and when is it too late? What is Swift? Did you learn about FedNow?
6) Master the basics of computer networking. Understanding how digital devices talk to each other is essential. You will need to explain the concepts to others, specifically in search and arrest warrant affidavits. Additionally, it will help you know when a suspect is bullshitting you.
7) Learn how to use a spreadsheet. Everything is coming to you in CSV - Comma Separated Value. Your life will be so much easier if you are proficient with Excel and/or Google Sheets.
8) Develop a note-taking method and document everything. If someone shares contact information for an attorney at Google, save it. If someone shares a search warrant for an Internet Service Provider, copy out the affidavit language and save it. Read an insightful article about examining evidence from a mobile phone, save it.
9) Dress the part. You may be a cop but you’ll be spending a significant amount of time in the business world. Your black polo shirt, BDU pants, and 5.11 tactical shoes aren’t going to cut it. Neither will a pastel-colored shirt, matching paisley tie, and non-altered pants. Buy a nice suit or two along with some fashionable “business casual' attire. You’ll thank me for this!
10) And finally, NEVER STOP LEARNING. Continuous education and training are essential. Technology is ever-changing. The bad guys are changing their TTPs (tactics, techniques, and procedures) daily to remain a step ahead. Be intentional in your learning. Read every day. Watch videos every day. Ask questions of those more experienced than you every day.
How about some news?
The Security and Exchange Commission (SEC) formally adopted a rule requiring publicly traded companies to disclose cyber-incidents within four business days. The new regulation also requires registrants to “describe their processes, if any, for assessing, identifying, and managing material risks from cybersecurity threats, as well as whether any risks from cybersecurity threats, including as a result of any previous cybersecurity incidents, have materially affected or are reasonably likely to materially affect the registrant”. Good news…bad news. Good news for those in the cybersecurity industry and those trying to break into it as businesses will need to make huge investments to bolster their security teams. Bad news… businesses are already heavily competing for scarce cyber talent. https://www.sec.gov/news/press-release/2023-139 and https://www.sec.gov/files/33-11216-fact-sheet.pdf
Eight people have been indicted in St. Louis on charges that allege they stole at least 19 rental cars worth more than $1 million as part of an identity fraud scheme. According to the indictment, the suspects would reserve rental cars from the company using stolen credit card information and false identities. They would then pick the vehicles up using false documents and counterfeit credit cards. https://www.autoblog.com/2023/07/29/identity-fraud-rental-car-thefts/?guccounter=1
Android phone users will begin to receive notifications when the device recognizes a rogue Apple AirTag in it’s vicinity. Users will receive the message “ an unknown Bluetooth tracker is separated from its owner and is determined to be traveling with you”. Of course, the new service only detects AirTags and doesn’t yet observe other trackers such as Samsung, Tile or Eufy. https://9to5google.com/2023/07/27/android-airtag-tracker-alerts/
The White House FINALLY announces the nomination for the next National Cyber Director. President Biden announced that Harry Coker will be the next to step into the position. Coker is a graduate of the U.S. Naval Academy and held positions with the NSA and CIA. It should be an easy senate confirmation. Now lets get to work! https://www.axios.com/2023/07/25/biden-harry-coker-national-cyber-director
In news that surprises absolutely no one… Baltimore paid over $33,000 dollars for unused cell phones because they forget to cancel the cellular service. https://www.pennlive.com/news/2023/07/baltimore-spent-more-than-33k-on-election-cellphones-city-staff-forgot-to-turn-off.html
This lady fell victim to an online dating scam and lost $27,000 dollars. Now she’s asking someone she doesn’t personally know for advice…online. https://www.marketwatch.com/story/im-a-single-parent-and-fell-victim-to-an-online-scam-i-racked-up-17-000-in-credit-card-debt-what-do-i-do-79173081
I haven’t had time to dig into this report yet so a deeper analysis is forthcoming, but IBM Security has released their 2023 Cost of a Data Breach Report. Of immediate note, is the increased average cost of a data breach - up 2.3% from last year - 4.45 MILLION dollars per incident. https://www.ibm.com/downloads/cas/E3G5JMBP
Need a new job?
Senior Manager of Security and Content Protection - Marvel Studios. https://jobs.disneycareers.com/job/-/-/391/52156750080
Try this Tool
Research some IP addresses. https://www.ipvoid.com/
Irrelevant
Smartphone sales in the U.S. are down 24% from last year at the same. But those who are buying phones are choosing the Apple iPhone. And it’s not even close. iPhones made up 55% of all smartphone sales in the 2Q. The next closest competitor was Samsung at 23%. https://www.counterpointresearch.com/us-smartphone-shipments-q2-2023/
Someone was kind enough to drop a link to the newsletter in a Reddit thread. Thank-You, and a warm welcome to the new subscribers who decided to take the leap of faith and give up an email address.
The newsletter is FREE and never contains paid advertisements. These arrangements will continue for the foreseeable future. The only thing I ask in return is to share it with your colleagues to help the newsletter grow.
And as always - you can reply back to the email that delivered the newsletter or at cyficrime@substack.com.
Thanks,
Matt
“A BUSINESS THAT MAKES NOTHING BUT MONEY IS A POOR BUSINESS.” - Probably true, but I’d like to try it for a while.
Legal: I am not compensated by any entity for writing this newsletter. Obviously, anything written in this space is my own nonsensical opinions and doesn’t represent the official viewpoint of my employer or any associated organization. Blame me, not them.