Threats Without Borders - Issue 214
Cybercrime Investigation Newsletter, week ending December 22, 2024
Last week, we began a new series on the Domain Name System (DNS) and how to use that information to enhance our investigations. However, I need to pause this series for a week to discuss another topic that has been trending on social media. We will resume the DNS series next week.
The dust-up began when Interpol spoke out about the use of the term “pig butchering” to describe various forms of relationship-based financial scams. The organization is urging the use of the term "romance baiting" instead of "pig butchering" to describe online relationships and investment scams. The organization argues that the term "pig butchering" is dehumanizing and stigmatizing to victims, discouraging them from seeking help. Interpol believes the term "Romance baiting" focuses on the perpetrators' actions and emphasizes the emotional manipulation used to gain victims' trust.
I prefer and advocate for the term “financial grooming” but support Interpol’s reasoning.
Longtime readers know I was an early opponent of the term pig butchering. I have been vocal on LinkedIn, Reddit, this newsletter, and anywhere else I have seen the term used.
What has that gotten me? Conflict. Contempt. Criticism. I’ve been accused of not grasping the seriousness of the crime and showing my “lack of experience” dealing with victims. It’s the literal Chinese translation, so they say. The crime needs to be dealt with head-on and the ugly language gets people’s attention, so they say. Victims appreciate the straightforwardness, so they say. The term is intended to reflect negatively on the attackers, not the victims, so they say. We’re out here in the trenches battling scammers while the word committee debates semantics, so they say.
A user on Reddit called me “the language police” and asserted that I didn’t have a right to demand that they use or not use certain words. My favorite retort was from a young person on LinkedIn who accused me of “mansplaining.” Ok. Fine. I’m a man, and I was explaining my opinion. You got me.
My response to those who refuse to acknowledge the negativity of the term or who argue, "It's a nasty crime, and we have to shock people to get their attention," is to ask them to imagine that a loved one was just manipulated into giving away their life savings and has been left shaken, broken, and in severe financial distress. Now, the very people who are supposed to help come along and refer to them as nothing more than a lowly, dirty, slovenly beast that was too stupid to realize its impending slaughter. That's exactly what you’re doing when you tell a victim of financial grooming that they are part of a "pig butchering" fraud. It's absolute callousness.
Unfortunately, individuals with notable name recognition in the financial fraud investigation sector have established personal brands using this term and argue for its continued use. Thus, backing away from it would compel them to acknowledge their mistake. Even worse, industry organizations and associations, like the International Association of Financial Crime Investigators and the National White Collar Crime Center, have promoted these people and their usage of the term through publications, podcasts, and speaking opportunities.
While it's true that those who continue to use the term have every right to do so, it is equally valid for the rest of us to scrutinize their motivations and draw our conclusions about it.
Pig-butchering is a horrible, dehumanizing term, and we need to stop using it in the context of human victimization.
This is a hill, and I’m standing on it.
The News…
The Financial Crimes Enforcement Network (FinCEN) issued an alert warning the public about fraud schemes that abuse FinCEN's name, insignia, and authorities for financial gain. The alert provides guidance on how to identify and avoid these scams, and it also provides typologies and red flag indicators to help financial institutions detect, prevent, and report potential suspicious activity. https://www.fincen.gov/news/news-releases/fincen-warns-fraud-schemes-abuse-its-name-insignia-and-authorities-financial
We need to draw a very clear line with these ransomware groups. Kids, the elderly, and donuts…hands off! The Play ransomware gang has claimed responsibility for a cyberattack on Krispy Kreme, which disrupted the company's online ordering system. Krispy Kreme detected unauthorized activity on November 29 and took measures to contain and remediate the breach, but the gang claims to have stolen sensitive data from the company's network, including private and personal information. The attackers plan to publish the stolen data, although the exact date is not specified. https://www.bleepingcomputer.com/news/security/krispy-kreme-breach-data-theft-claimed-by-play-ransomware-gang/
Cryptocurrency platforms have suffered significant losses, amounting to over $2.2 billion, due to cyberattacks in 2024, as reported by blockchain research firm Chainalysis. Notably, the number of attacks has surged, with North Korean hacking groups emerging as the primary perpetrators of these thefts. These attacks serve as a means to evade international sanctions and finance North Korea’s ballistic missile programs. https://therecord.media/cryptocurrency-platforms-2-billion-stolen-2024-chainalysis
Email Bombing. It’s more than just a spam campaign. https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/email-bombing-why-you-need-to-be-concerned/
The Google Threat Analysis Group (TAG) published its Q4 Bulletin. https://blog.google/threat-analysis-group/tag-bulletin-q4-2024/
Invest more in compliance and less in commercials. The U.S. Office of the Comptroller of the Currency (OCC) has ordered USAA Federal Savings Bank to correct a range of longstanding regulatory deficiencies that amount to unsafe and unsound practices. The order includes parts of prior orders issued in 2019 and 2022 for which USAA was not yet in compliance and directs the bank to improve management of compliance, fraud and third-party risks, as well as risk governance. https://finance.yahoo.com/news/us-regulator-orders-usaa-federal-190819314.html
Two men from New York are accused of scamming at least nine residents of Pennsylvania out of $288,000 in June. These scammers presented themselves as employees of corporations and government agencies, convincing their victims that their accounts and funds were at risk. Many of the victims were elderly and received emails and phone calls from individuals claiming to be security or customer service representatives for companies like PayPal and Amazon. The scammers misled the victims into believing that their accounts were compromised, unauthorized purchases had been made, or that there was a pending transfer. To further deceive their victims, they provided a phone number to call, and when the victims dialed it, they were connected to a co-conspirator pretending to assist them. https://www.pennlive.com/news/2024/12/two-new-york-men-accused-of-scamming-pa-residents-out-of-at-least-288k.html
An interesting study from the United Kingdom: Cybercrime victimization among older adults: A probability sample survey in England and Wales. https://journals.plos.org/plosone/article?id=10.1371/journal.pone.0314380
Cool Job
Cybersecurity Engineer - In-N-Out Burger (cool job, sorry about it being in California) https://talent.innout.com/en_US/careers/JobDetail/Cyber-Security-Engineer-III/7303
Investigations Manager - Disney Cruise Line. https://www.disneycareers.com/en/job/-/-/391/74723875872
Cool Tool
Ghost jobs exist; the listing exists, but the actual position not so much. https://ghostjobs.io/
Holehe - python tool that checks if an email address is linked to an account at over 120 online services. https://github.com/megadose/holehe
Check if a crypto-wallet has been linked to suspected criminal activity. https://tools.cybertrace.com.au/walletscan
DFIR
Forensic Focus interviews FBI Special Agent and digital forensic expert Alexis Brignoni. https://www.forensicfocus.com/interviews/alexis-brignoni-special-agent-and-digital-forensic-examiner-fbi/
Irrelevant
Legalese - An MIT study explains why laws are written so we cannot understand them. https://news.mit.edu/2024/mit-study-explains-laws-incomprehensible-writing-style-0819
Sign Off
I want to express my deepest gratitude for being a valued part of this journey. Your support and active engagement mean the world to me, and I am truly honored to have you as a reader. There is no shortage of newsletters, and I never take for granted that you give me a few minutes of your time each week. While I may not receive any monetary compensation for writing the newsletter, the connections and relationships I’ve built over the years are the true rewards.
I wish you a Christmas filled with love and joy, and I hope the holiday season brings you peace and happiness. Thank you for reading the newsletter each week, and here’s to a wonderful year ahead. Merry Christmas!
Matt
Published every Tuesday, Threats Without Borders offers original commentary and educational pieces related to cybercrime investigations and information security topics. We also summarize and comment on news articles concerning active threat intelligence for the financial industry. The newsletter interests everyone tasked with cybersecurity or involved in preventing or investigating technology-enabled fraud, theft, or money laundering.
Legal: I am not compensated by any entity for writing this newsletter. Obviously, anything written in this space is my own nonsensical opinions and doesn’t represent the official viewpoint of my employer or any associated organization. Blame me, not them.
cybercrime cybersecurity investigations dfir osint aml cyficrime fraud investigations