The newsletter has picked up several new subscribers since this topic series started, so let’s level set and ensure we’re all on the same page.

The idea for this series came after I posted this image:

The picture shows Mina Chiang from the group Human Research Consultancy explaining why law enforcement is losing the battle with cyber-financial criminals.

We then looked at the article titled “Why the police don’t care about computer crime” published in 1997 by Marc Goodman. He predicted the problems LE would have policing the Internet - twenty-six years ago! https://jolt.law.harvard.edu/articles/pdf/v10/10HarvJLTech465.pdf

We considered some of the technical problems faced by cybercrime investigators including the use of anonymization techniques and encryption. Former FBI Director James Comey coined the problem “going dark”.

We then examined the proposition of 1980s street philosopher Doughboy as he exclaimed “They don’t know, don’t show, or just don’t care about what’s going on in the hood?”. Of course, he speaking about the decay of America’s cities and law enforcement’s response to crime in low-income neighborhoods. We applied the same concept to the response of law enforcement leaders to the astronomical rise of Internet-facilitated crime.

Last week’s issue considered that “maybe” the leaders of America’s police agencies really "don’t know". This week, we’ll consider the more appropriate consideration, they "don’t show".

Financial Institutions should be particularly involved in the conversation since they are at the end of the line - literally picking up the tab for law enforcement's failure.

Let us consider the last proposition first: Law enforcement leaders just don’t care about Internet crime. Law enforcement leaders absolutely care about the hundreds of thousands of Americans victimized every year! The financial loss is too great to ignore and I can’t bring myself to accept the idea the thousands of executives leading our law enforcement agencies have become so callous they can summarily write off such a huge amount of victimization. I’ve been in the community for twenty-five years now - not caring is not the problem.

This brings us to our final consideration: they know about the problem, and they care about the problem, but they can’t acknowledged it by showing their empathy…or sympathy. Why? Why can’t they show? Because recognizing the problem means they must do something about it. And some have no idea what to do!

But more often, they do not have the budgets and personnel to do something about it.

And we circle back to Marc Goodman. The summation of “Why the police don’t care about computer crime” still holds true today. State and local law enforcement leaders don’t have the budget to do something about it. They don’t have the personnel with the expertise to do something about it. They don’t have the backing of the politicians to do something about it.

So they don’t show. Because showing requires action.

( And for any law enforcement leader that wants to start addressing the issue, but has no budget for training - start here: https://www.nw3c.org )

Some News…

The U.S. Department of Justice has charged the world’s largest cryptocurrency exchange, and it’s CEO, with multiple crimes stemming from an investigation of international money laundering. The complaint alleges Binance facilitated the laundering of “Billions of dollars” allowing dirty money to flow into Cuba, Iran, and Russia. Here is the actual complaint filed in the Western District of Washington: https://www.documentcloud.org/documents/24173394-binance-vs-usa-indictment?responsive=1&title=1

Miles Kellerman explains the role nested accounts play in financial crime and how they factor into the prosecution of Binance. https://mileskellerman.substack. com/p/binance-and-the-trojan-horse

Longtime Tw/oB readers are aware of the adversarial relationship between your humble editor and most attorneys - although I’ve done better over the past few months to not hurt their generally over-senstive feelings, or at least cause another mass-unsubscribe incident. Unfortunately for any attorney within New York City, the Cl0p ransomware group attacked the local bar association is leaking the stolen information. The Bar Association claims only the names of the membership have been leaked but they also agree that 1.8TB of data was exfiltrated by the threat group. 1.8 Tera-Bytes of data???? Yeah, that’s a lot more than just “names”! https://www.scmagazine.com/brief/nyc-bar-association-breach-exposes-over-27k-members-data

In other New York news, retailers of the Empire State claim to have collectively lost 4.4 Billion dollars to shrink in 2022. The police chief of Syracuse claims his agency has seen a 55% increase in shoplifting incidents since 2021. The governor vetoed a bipartisan bill last week that would have created a task force to combat the crime. Of course she did! https://nypost.com/2023/11/26/business/ny-retailers-blast-hochul-over-theft-which-has-cost-stores-4-4-billion/

This lady is claiming responsibility for getting Omegle shut down. Seems so. https://www.bbc.com/news/technology-67485561

Infostealer malware has been ravaging Windows users for some time and now the threat groups are bringing the fun to macOS. The most prominent form is Atomic Stealer which is popularly known as AMOS. Malwarebytes reports, "AMOS is now being delivered to Mac users via a fake browser update chain tracked as ‘ClearFake’. This may very well be the first time we see one of the main social engineering campaigns, previously reserved for Windows”. https://www.malwarebytes.com/blog/threat-intelligence/2023/11/atomic-stealer-distributed-to-mac-users-via-fake-browser-updates

It’s not too often that you get to list “farmer” as the profession of someone accused of bank fraud. Not only did this agriculturalist commit bank fraud, he did it in a big way…to the tune of half-a-million dollars. https://newschannel20.com/news/local/central-illinois-farmer-sentenced-for-bank-fraud

eSentire is a little late to the party but it’s a good reminder of the dangers of QR codes. https://www.esentire.com/blog/the-rise-of-qr-code-phishing-attacks-and-best-practices-for-interacting-with-qr-codes

Cool Job

Financial Crimes Investigator - TruMark Financial Federal Credit Union. https://www.trumarkonline.org/our-story/careers/

Cool Tool

Profile search - by name, username, or email. https://lullar-com-3.appspot.com/

Irrelevant

Bonhoeffer’s Theory of Stupidity: We have more to fear from stupid people than evil ones. https://bigthink.com/thinking/bonhoeffers-theory-stupidity-evil/

I trust that everyone had their fill of turkey and football and is now ready to focus for the next few weeks until our next holiday break. Remember - we take holidays off, the criminals don’t. And the holiday season is prime time for fraud and cyber attacks.

Thank you for reading this weeks issue of Threats Without Borders! See you next Tuesday.

Matt

G. I. Joe fallacy - the tendency to think that knowing about a cognitive bias is enough to overcome it.

Published every Tuesday, Threats Without Borders offers original commentary and educational pieces on cybercrime investigations and information security topics. It also summarize and comments on news articles concerning active threat intelligence for the financial industry. This curated newsletter will be of interest to anyone who tasked with cybersecurity or is involved in the prevention or investigation of technology-enabled fraud, theft, or money laundering.

Legal: I am not compensated by any entity for writing this newsletter. Obviously, anything written in this space are my own nonsensical opinions and doesn’t represent the official viewpoint of my employer or any associated organization. Blame me, not them.