Threats Without Borders - Issue 142
Cyber-Financial Crime Investigations Newsletter, Week ending August 6, 2023
Last week, I provided ten tips for those who have found themselves newly assigned to the glamorous and high-stakes world of cyber and/or financial crime investigation. The last suggestion was:
And finally, NEVER STOP LEARNING. Continuous education and training are essential. Technology is ever-changing. The bad guys are changing their TTPs (tactics, techniques, and procedures) daily to remain a step ahead. Be intentional in your learning. Read every day. Watch videos every day. Ask questions of those more experienced than you every day.
A reader asked… “Hey Matt, where do I find good training?”
The answer is easy if you’re a sworn law enforcement officer employed by a state, local, or tribal agency. The National White Collar Crime Center (NW3C) is absolutely the top source of financial and cyber crime training for law enforcement. And best of all…it’s free. I can’t say the NW3C is completely responsible for my success, but they have played a large part. I have completed 11 of their courses over the years and consider the knowledge gained as foundational. I’d love to be able to give back someday and have always thought they would be a great partner for my idea to provide high-quality cybercrime education to rural police agencies in a live-training format.
The organization provides many of its basic courses online and on-demand. Create an account and start learning! https://www.nw3c.org/UI/CourseCatalog.html
For those in the private sector, it’s a little more complicated…and a lot more expensive. First and foremost, join the International Association of Financial Crime Investigators and take advantage of the free and low-cost training opportunities provided by the local chapters. https://www.iafci.org/
The Association of Certified Anti-Money Laundering Specialists (ACAMS) and the Association of Certified Fraud Examiners (ACFE) also offer fantastic low-cost training online and at the local chapter level. https://www.acams.org/en https://www.acfe.com/
Upstart training organization Antisyphon Training has set out to “disrupt the traditional training industry by providing high-quality and cutting-edge education to everyone, regardless of their financial position”. And they are doing it. Many of their classes are “pay what you can” and those that aren’t are very reasonably priced. Especially considering the instructors are some of the most prominent persons in the industry. You’ll recognize many of the names, particularly if you have been involved with SANS training over the years. And I can’t help but think SANS is the motive behind this effort. https://www.antisyphontraining.com/
Speaking of SANS, the training is fantastic - if someone else is paying for it. And even then it’s become somewhat hard to stomach. I have attended two SANS courses and achieved the linked GIAC certifications. I learned a lot, enjoyed the process, and am proud of the effort, however can’t see myself attending another SANS offering unless they drastically change their pricing model. But - if someone else is willing to foot the bill - get what you can get! https://www.sans.org/
And regardless of who your employer is, private or public sector, self-education is a must. Countless blogs, newsletters, and Youtube will fill your learning syllabus tenfold.
How about some news
All devices should be reset to factory settings prior to selling or trashing, but Canon has issued an advisory reminding users of such. The warning explains that Canon printers store Wi-Fi connection settings, including passwords, that may not be deleted by the “usual initialization process”. https://psirt.canon/advisory-information/cp2023-003/
In the event that any of you are also publishing your own Voice Over IP (VOIP) application, Twilio issued a help document explaining how attackers are exploiting such applications through “SMS Traffic Pumping Fraud”. https://support.twilio.com/hc/en-us/articles/8360406023067-SMS-Traffic-Pumping-Fraud
Bank investigators and AML analysts - the Federal Financial Institutions Examination Council (FFIEC) has issued an update to the BSA/AML Examination Manual. Someone send me the cliff notes. https://www.fdic.gov/news/financial-institution-letters/2023/fil23040.html
If you steal money from one church to start another church…should you be starting a new church? A Pennsylvania man has been charged with stealing 33K from a Pennsylvania church where he was the “pastor”. He has since moved to Colorado with the intent to start a new church… to steal from. https://www.wgal.com/article/perry-county-former-pastor-accused-of-stealing-money-and-items-from-church/44738628
A Connecticut man would walk into a Home Depot, load a high-end door onto a cart and then go to customer service for a return. No receipt needed. And if the store would deny the return… they allowed him to leave with the door …which he would go return at another store. The scheme worked to the tune of $300,000. That’s a lot of doors! I’ve seen this return-scam done all different ways but never with a door. Hand tools, power tools, even flooring. But never something a big and bulky as a door. https://www.yahoo.com/news/man-charged-cheating-home-depot-163023566.html
Researchers have developed a keylogger attack that determines the key stroke by the sound made when the key is pressed. They claim to have an accuracy rate of 95%. And they can do it through video conferencing apps like Zoom. Good grief. https://www.bleepingcomputer.com/news/security/new-acoustic-attack-steals-data-from-keystrokes-with-95-percent-accuracy/
For the low price of $200 per month, an advanced AI engine will facilitate fraud for you. Malicious code, phishing pages, scam emails? No problem, it does it all. Welcome to FraudGPT. https://netenrich.com/blog/fraudgpt-the-villain-avatar-of-chatgpt
The Cybersecurity and Infrastructure Security Agency released its FY2024-2026 Strategic Plan. A significant portion the federal government is worthless at this point. CISA is working, I like CISA. https://www.cisa.gov/sites/default/files/2023-08/FY2024-2026_Cybersecurity_Strategic_Plan.pdf
Cool Job
Chief Information Security Officer (CISO) - Commonwealth of Pennsylvania https://www.governmentjobs.com/careers/pabureau/jobs/4151548/chief-information-security-officer
Cool Tool
Search all the names https://bellingcat.github.io/name-variant-search/#gsc.tab=0
Irrelevant
This guy went to see 50 different dentists complaining of the exact same ailment - almost all 50 gave a different diagnosis. The article was originally published in 1997 but has been re-published continuously since because, well…dentists. https://www.rd.com/article/how-honest-are-dentists/
I’m addicted to caffeine. I drink ~6 cups of coffee a day and have about eight hours (without intake) before I start to feel the stress. I’m fully tweaking at 10 hours. Sadly, I’m better than I was. This study shows that coffee has positive benefits beyond just the caffeine. Drink up! https://www.psypost.org/2023/07/new-research-suggests-coffee-has-unique-cognitive-benefits-beyond-caffeine-167305
Thanks for reading this weeks issue of Threats Without Borders. Please consider sharing the newsletter and if you just happened to browse in - subscribe.
matt
“Stay away from negative people — Vibes are contagious.” - Probably the reason the newsletter struggles to get subscribers.
Legal: I am not compensated by any entity for writing this newsletter. Obviously, anything written in this space is my own nonsensical opinions and doesn’t represent the official viewpoint of my employer or any associated organization. Blame me, not them.