Threats Without Borders - Issue 143
Cyber-Financial Crime Investigation Newsletter, week ending August 13, 2023
This past week was Blackhat. The annual hacking cybersecurity conference in Vegas. Of course, I shouldn’t have to tell you, it’s been plastered all over LinkedIn for the past week. I’ve never attended so I don’t really know what goes on out there in the desert. Maybe I’ll get there sometime. A colleague who is a regular attender of the event told me people only publicly post they are at Blackhat because they are trying to sell something: either a security product or themselves. He claims the real hackers, the ones that actually break stuff and put it back together, never talk about it. Makes sense. I guess If I ever get there I’ll be one of the ones talking about it.
I’d like to give a shout-out to my subscribers in the Greenwich, Connecticut area. There’s a lot - thank you for sharing the newsletter with others!
The newsletter also has a large number of subscribers from the United States Postal Inspection Service. Thank You for making the newsletter part of your weekly reading!
I’ve been doing this long enough that I should never be surprised enough to ask, “how does this happen”. But how does this happen??? “In August, the results of the forensic accounting audit revealed that between 2016 and 2023, Kenneth Long allegedly stole a total of $899,968.36 from various bank accounts belonging to the Birdsboro Union Fire Company.”. A volunteer fire company lost 900K in eight years! How could someone steal over 100K per year and it took someone else eight years to notice? Holy Moly. https://www.wfmz.com/news/area/berks/fire-company-treasurer-accused-of-stealing-nearly-900-000-from-department/article_cc007cd0-3aca-11ee-a94e-3bdc16684edf.html
The Securities and Exchange Commission (SEC) filed charges against 11 different financial services firms for allowing employees to utilize communication applications that did not maintain records. The main focus was the use of apps like WhatsApp, Signal, and Telegram, but the SEC made a special point to emphasis the use Apple iMessages technically violated the regulations. Wait what? No iMessages? I guess we’re all going to Teams messages and email? https://www.cnbc.com/2023/08/08/regulators-hit-wall-street-banks-with-549-million-in-penalties-for-record-keeping-failures-.html
The Google Cyber Action Team (CAT) released a new issue of their “Threat Horizons” report. It’s a good read and worth the few minutes to consume it. https://services.google.com/fh/files/blogs/gcat_threathorizons_full_jul2023.pdf
Marshall University received a 45 million dollar grant from the state of West Virginia to create a cutting-edge cybersecurity institute and training center. I’ve met some Marshall alums and they are all top-notch forensic investigators. Kudos to everyone involved! https://www.marshall.edu/wamnewsletter/2023/08/marshall-receives-45-million-from-state-for-revolutionary-cyber-security-institute/
Five Pennsylvania state corrections officers have been charged for stealing from their union. Uh-Oh, looks like some corrections officers are going to get corrected. The men were leaders of the Pennsylvania Corrections Officers Association when they used the organizations credit cards for thousands of dollars of personal purchases. https://www.pennlive.com/crime/2023/08/former-pa-corrections-officers-union-leaders-charged-with-theft.html
I received some flack a while back when I called for the death of some POS that victimized an 88 year-old in an investment scam. Well, people targeting families who just lost their loved ones should be hung also. The caller tells the distraught survivor they need to make an immediate deposit for insurance purposes. In the documented case the the caller told the victim that “she owed $5,000 but that she could pay an initial installment of $2,500. He told her she could use Zelle or Apple Pay to make the payment.” I’m surprised they didn’t also ask for gift cards. https://www.yahoo.com/news/despicable-funeral-home-scam-preys-140041800.html
The FBI is cracking down on DDOS attacks. We’ll see. https://techcrunch.com/2023/08/12/fbi-ddos-for-hire-cyberattackers/
Irrelevant
Seinfeld 24/7/365. https://watchseinfeld.net/
Cool Job
Fraud Strategy Manager - Pipe. https://pipe.com/job/5620964003
Cool Tool
Know someones public IP address? See if they are torrenting. https://iknowwhatyoudownload.com/en/peer/
Multi-element threat intelligence search. https://metadefender.opswat.com/
I’ve been obsessed with Internet speed lately. Crazy. Is it the ISP’s greatest fraud? What exactly am I paying for and what do I get. I’m currently paying for Gigabit (1000 megabytes-per-second) speed service but I can never get service faster than 400 mbps. Is the router the problem? Am I paying for service that the ISP can never actually provide?
Test your speed: https://speed.cloudflare.com/
Thank you for opening the email and reading this weeks issue. I know that you probably have 100 other things competing for this 5 minutes and I appreciate that you spent it here.
Matt
Ringelmann Effect: Members of a group become lazier as the size of their group increases. Based on the assumption that “someone else is probably taking care of that.”
Legal: I am not compensated by any entity for writing this newsletter. Obviously, anything written in this space is my own nonsensical opinions and doesn’t represent the official viewpoint of my employer or any associated organization. Blame me, not them.