Threats Without Borders - Issue 154
Cyber-Financial Investigation Newsletter, Week ending October 29, 2023
In 1997, Marc Goodman graduated from Harvard’s John F. Kennedy School of Government with a Master’s of Public Administration degree. In fulfillment of that degree, he published an academic article in the Harvard Journal of Law and Technology titled “Why The Police Don’t Care about Computer Crimes”. Mr. Goodman was not just a student interested in a novel challenge facing law enforcement, he was also a Sergeant with the Los Angeles Police Department.
Check that date - 1997.
I don't recall when I first became aware of this article, but I’ve been carrying it around for seemingly ever. It’s been a note in every note-taking app I’ve used for years, and I have cited it as a source several times.
You should take 15 minutes and read it. Although published as an academic article, it’s an easy to read piece of writing. You’ll find it published in several locations and different formats so if you don’t like the official version - Google it for another.
Why is this article still relevant 26 years later? Goodman’s explanation of why Law Enforcement fails at effectively tackling cybercrime is still applicable today. Consider some of these observations:
“At a time when most police departments cannot keep up with the the hectic pace of constant 911 emergency calls, the thought of dedicating scarce resources to the "fuzzy" concept of computer crime is very hard to sell to most police chiefs. Rapes, murders, drive-by shootings, auto theft: and drugs are all higher on the priority list than computer crime.”
And
“Other reasons why police departments have been very slow to respond to digital crime issues include lack of computer savvy and the fear of technology, or "technophobia”. Rank-and-file officers are not alone in their lack of understanding of high-technology issues. The problem also affects higher-ranking officers. The majority of senior law enforcement officials have been neither formally nor informally trained in the use of computers.”
Again, this was 1997.
I’ll be exploring the challenge of policing the Internet and controlling the criminal use of technology in the next few issues. Mr. Goodman’s thoughts have aged well - including his summation:
“Unless police departments start planning and training now, it may be impossible to keep up with the criminal elements of society as they plan their future misdeeds. To protect society from these new cybercrimes, it is necessary for law enforcement agencies not merely to meet the expertise of their criminal counterparts, but rather to exceed their knowledge and skills. Training and equipment must be acquired soon. If not, the U.S. criminal justice system will fall perpetually behind in its efforts to enforce and prosecute a whole new class of criminal activities.”
And financial institution fraud investigators, this can very well apply to your field also. How about this re-write of the previous summation: "To protect financial institutions from these new cybercrimes, it is necessary for security investigators not merely to meet the expertise of their criminal counterparts, but rather exceed their knowledge and skills."
I urge you to give the article a few minutes of your time to set the tone as we explore this topic.
https://jolt.law.harvard.edu/articles/pdf/v10/10HarvJLTech465.pdf
Reader responses from the image posted in last week’s issue (Issue 153)
Hi Matt,
the lady at the top of this newsletter is Mina Chiang of Humanity Research Consultancy, a non-profit against modern slavery. The LinkedIn post with the picture is https://www.linkedin.com/posts/anti-modern-slavery-consultancy_humantrafficking-collaboration-gasa-activity-7121128515013341185-exEm
No affiliation, I just like sleuthing.
-Jonas from Austria (the country without Kangaroos as he kindly pointed out)
Matt,
In reference to the picture you posted. It’s not the police believe “scam isn’t a real crime”. The problem is the prosecutors don’t believe scams are real crime.
This is what it’s like trying to open a case with the U.S. Attorney’s office:
-Tim from Philadelphia (still hurting over the Phils)
I know - no politics - but is it politics if it’s the… Damn…no politics.
Some News…
Never give up ground because something will fill the void. And for Internet spaces, the emptiness is usually filled by fraudsters. One of the first rules of running corporate social media is once you claim a username you never abandoned it or someone will take it over to imitate you. Many companies are learning this the hard way as they leave social media spaces like X (formerly Twitter). Scammer are taking advantage of their absence by pretending to be them! https://nltimes.nl/2023/10/24/scammers-posing-customer-service-agents-x-companies-leave-platform
500 letter carriers of the U.S. Postal Service were victims of robbery last year with criminals stealing both mail and “arrow keys” to get access to mailboxes. Wow. The Postal Service hopes to turn that trend around and has made 600 arrests since May of this year. https://www.pennlive.com/crime/2023/10/more-than-600-arrested-as-postal-service-cracks-down-on-thefts-attacks.html
A favorite topic of the Tw/oB Newsletter - DDoS. Cloudflare released their Q3 Dedicated Denial of Service attack report and guess what? The DDOS business is booming! In fact, HTTP DDoS attack volume increased by 65% quarter-over-quarter with a staggering figure of 8.9 trillion HTTP DDoS requests mitigated by the company. https://blog.cloudflare.com/ddos-threat-report-2023-q3/
Multi-Factor Authentication (MFA) is the answer - until your MFA provider gets pawned. Password manager 1Password released an update on their security incident resulting from an exploit of Okta. https://blog.1password.com/files/okta-incident/okta-incident-report.pdf
The SEC charges the Chief Information Security Officer (CISO) of Solarwinds with fraud for “intentionally misleading” investors. The complaint alleges he was aware of the companies cybersecurity risks and vulnerabilities, but failed to resolve the issues or, at times, sufficiently raise them further within the company. https://www.sec.gov/news/press-release/2023-227
Cool Job
Threat Analyst, Cybercrime - Tesla. https://www.tesla.com/careers/search/job/threat-analystcybercrime-210945
BSA/AML Officer - Deel. https://jobs.ashbyhq.com/Deel/e3715e18-917b-4830-ba2d-38e1f94d5784
Cool Tool
Python tool for investigating suspicious websites - it pulls the “last modified” time stamp from embedded image files allowing you to know when the image was added to the site. The site is either equal to, or older than that time stamp. More images = better dating. https://github.com/Lazza/Carbon14
Irrelevant
Apple kills the 13 inch Macbook Pro and introduces a Space Black finish. Yes, Please!
https://www.macworld.com/article/2111544/m3-macbook-pro-release-date-price-specs.html
Thank you for making it this far! Please consider sharing the newsletter with others as it’s the only way we grow.
See you next Tuesday.
Matt
Skitt’s Law – “Any post correcting an error in another post will contain at least one error itself” or “the likelihood of an error in a post is directly proportional to the embarrassment it will cause the poster.”
Have a response: Reply to the delivery of the newsletter.
Legal: I am not compensated by any entity for writing this newsletter. Obviously, anything written in this space is my own nonsensical opinions and doesn’t represent the official viewpoint of my employer or any associated organization. Blame me, not them.