Threats Without Borders - Issue 155
Cyber-Financial Crime Investigation Newsletter, Week ending November 5, 2023
Last week, I introduced the article “Why The Police Don’t Care About Computer Crime” published in the Summer 1997 edition of the Harvard Journal of Law and Technology. I can’t stress enough that this was written by Mr. Goodman 26 years ago.
https://jolt.law.harvard.edu/articles/pdf/v10/10HarvJLTech465.pdf
Many investigators tell me, “What’s the point of even trying to run down some of these scams, they all end up at some technological roadblock”. True, investigating cybercrime makes you a near-permanent resident of dead-ends on the wrong side of town. Goodman predicted this:
“The introduction of widely available, highly sophisticated, computer-based encryption programs may mean the demise of incriminating evidence in many cases”
Putting politics aside, and separating the work from the man, one of the most forward-thinking and dedicated champions of technology and cybercrime investigation in the last twenty years was James Comey. Yes, James Comey - former Director of the FBI from 2013 - 2017. Many in the bureau still have fond memories of Comey and consider themselves one of "Comey’s Homies”.
I can no longer separate fact from fiction when it comes to the man’s politics and his battle with former President Trump. But I know this, he was passionate about moving law enforcement forward in the field of cyber and went to battle with complete dedication.
You’ll find many examples of him speaking out to advance the cause, but his greatest success was introducing the phenomena of “Going Dark”. In 2015, he opened his speech to the Senate Judiciary Committee:
“Thank you for the opportunity to testify today about the growing challenges to public safety and national security that have eroded our ability to obtain electronic information and evidence under a court order or warrant. We in law enforcement often refer to this problem as “Going Dark.”
Many times, law enforcement has legally obtained the digital device, or the digital file, but can’t access the data because the technology platform has enabled an encryption mechanism that renders it unreadable. And many technology providers even refuse to assist law enforcement in doing so. The courts have granted the authority to search and seize, under a lawful warrant, but the evidence is unattainable due to the technology companies' use of encryption. More eloquently explained by Mr. Comey, “The technology companies are placing the offender above the law”.
He was cautious to explain law enforcement is not seeking new authority, just the ability to exercise what it has already been granted.
“We would like to emphasize that the Going Dark problem is, at base, one of technological choices and capability. We are not asking to expand the government’s surveillance authority, but rather we are asking to ensure that we can continue to obtain electronic information and evidence under the legal authority that Congress has provided to us to keep America safe.”
I urge you to read his testimony before the Senate and listen to his 2014 speech before the Brooking Institute.
2015 testimony before the U.S. Senate Judiciary Committee: https://www.fbi.gov/news/testimony/going-dark-encryption-technology-and-the-balances-between-public-safety-and-privacy
2014 appearance at the Brooking Institute: https://www.brookings.edu/articles/watch-fbi-director-james-comey-on-technology-law-enforcement-and-going-dark/
Some news…
A coalition of 40 nations, led by the U.S., has agreed to never pay the ransom again. Ah, when the last time the United States government was facing the decision to either pay the ransom or lose their business? “As long as there is money flowing to ransomware criminals, this is a problem that will continue to grow,” said a government bureaucrat who has never sat in the room with a small business owner as they see their life’s work crashing around them. I agree that ransom payments should be paid only as a last resort, but the government has no idea how often that last resort becomes reality. https://www.itpro.com/security/ransomware/coalition-of-nations-agree-to-end-ransomware-payments-to-hackers
This lady lives a life of crime - including involvement in a scam that cost a Pennsylvania bank over $200,000. In fact, the judge in the case opined “she’s not good at all” and predicted she will be back before him or another federal judge in the future. STILL, she was only sentenced to a year in prison and three years probation. Stealing from banks is awesome, apparently. https://www.pennlive.com/news/2023/11/woman-sentenced-after-continued-involvement-in-pa-bank-scam-scheme.html
Slashnext believes phishing attacks are up 1,265%. Is that true? I don’t know, but I’m certainly not going to bet against it. The State of Phishing 2023 report is a good summary of the attack vector and well worth your time. https://slashnext.com/wp-content/uploads/2023/10/SlashNext-The-State-of-Phishing-Report-2023.pdf
Can you find the island of Tokelau on a map? Yeah, I couldn’t either until I read this article. I also didn’t know that it was the country assigned the .tk top-level domain. You certainly should have seen that before since it’s a favorite of cybercrime offenders. https://www.technologyreview.com/2023/11/02/1082798/tiny-pacific-island-global-capital-cybercrime/
California man sentenced to 110 months in federal prison for defrauding victims out of more than $5 million by pretending to sell bonds for large-scale construction and other projects. And he didn’t pay his taxes on those illegal earnings either! https://www.justice.gov/usao-cdca/pr/westwood-man-sentenced-more-9-years-prison-long-running-surety-bond-scam-caused-more-5
The Federal Trade Commission took action against personal finance app provider Brigit, alleging that its promises of “instant” cash advances of up to $250 was deceptive and they locked users into a monthly membership that couldn’t be canceled. https://www.ftc.gov/news-events/news/press-releases/2023/11/ftc-action-leads-18-million-refunds-brigit-consumers-harmed-deceptive-promises-about-cash-advances
Cool Job
VP - Fraud at id.me https://boards.greenhouse.io/idme/jobs/5696183003?
Cool Tool
If you spend a lot of time in web meetings you know exactly the value of this app. Particularly if you take meetings on a laptop from different locations - with different lighting. Hand Mirror - a one click camera check. https://handmirror.app/ (Mac only)
Irrelevant
Overcome Imposter Syndrome. https://psyche.co/guides/how-to-move-beyond-imposter-syndrome-and-thrive
I’m aware that not all emails sent to the (at)substack email address are making it through. I respond to every email received. If I didn’t respond to you its because your message never made it through. Replying back to the email that delivered the newsletter seems to work best. And we are still seeing certain email providers drop the delivery email each week. Try the Substack app on your smartphone to ensure delivery.
Thanks for reading. See you next week.
Matt
“ROCK BOTTOM WILL TEACH YOU MORE THAN MOUNTAIN TOPS EVER DID.” - I’m still waiting to see the mountain top.
Sturgeon’s Law - “90% of everything is crap” - Theodore Sturgeon
Legal: I am not compensated by any entity for writing this newsletter. Obviously, anything written in this space is my own nonsensical opinions and doesn’t represent the official viewpoint of my employer or any associated organization. Blame me, not them.