I attended the RedTeam27 vendor session at the Keystone conference and heard Jason Bartolacci mention using brake fluid to wash checks. I knew of using acetone, alcohol, hairspray, and some other chemicals to remove the ink, but I had never heard of brake fluid before.

I collected an assortment of ink pens, a bottle of DOT 3 brake fluid, and a blank check.

1 - Promotional Pen 1 - liquid ink

2 - Promotional Pen 2 - liquid ink

3 - Promotional Pen 3 - liquid ink

4 - Pilot G2 - gel ink

5 - Pentel Energel - liquid and gel ink hybrid

6 - Signi Uniball - “water and fade resistant” gel ink

7 - Papermate Profile - liquid ink

8 - Pilot Precise V 5 - gel ink

9 - Sharpie S-Gel - gel ink

The liquid ink begins to run almost immediately. This image was taken after one minute.

Fifteen minutes later, the writing from the liquid ink pens has mostly disappeared.

After 30 minutes, the Energel is also gone. The gels are beginning to blur but remain legible. The Signo Uniball is holding up like a champ.

At this point, I removed the check and hung it up to dry. After an hour of drying, the Sharpie S-Gel ink bled into the surrounding paper but remained otherwise intact. The gel inks faded but stayed visible on the check. The Signo Uniball 207, which claims to be ‘water and fade resistant’, performs as advertised.

The check dried a little crunchy, and the preprinted ink slightly faded, but it could definitely be repurposed and passed, especially through mobile deposit. One thing is certain: you definitely don’t want to use a promotional pen to sign financial documents.

And for law enforcement, add the unusual possession of brake fluid to your red flags of check fraud.

Share Threats Without Borders

Speaking of Checks…

I offered a credit card to my mechanic after a recent vehicle repair, and he noted, “we still take credit cards, but there will be a 3% additional fee applied. Do you happen to have a check?” I replied that I didn’t, but I’d return in 15 minutes with one in hand.

One of my favorite restaurants is also adding a fee to credit card purchases and requests cash or check payments.

And on Wednesday, I received an email from the college where I’m an adjunct instructor stating that moving forward, a 2.5% to 3% fee would be applied to all credit card transactions.

The excessive fees that credit card companies are charging merchants are forcing us back to using paper checks.

I hate to regress back to shuffling paper and keeping a checkbook, but on the other hand, I’m not really keen on paying an extra 3% for every purchase that I make.

So, I’ll now be carrying a few blank checks in my wallet.

And all of this plays right into the hands of the criminals.

The News

The Archetyp Market has been taken down by International law enforcement. “Archetyp Market operated as a drug marketplace for over five years, amassing more than 600,000 users worldwide with a total transaction volume of at least EUR 250 million. With over 17,000 listings, it is one of the few darknet markets that allowed the sale of fentanyl and other highly potent synthetic opioids, contributing to the growing threat posed by these substances in Europe and beyond.” https://www.europol.europa.eu/media-press/newsroom/news/europe-wide-takedown-hits-longest-standing-dark-web-drug-market

Telegram is okay for fraud, but you probably shouldn’t use it as a communication tool, especially if privacy is important to you. An investigation reveals that a Russian network engineer controls thousands of Telegram IP addresses and manages its servers. The company, Global Network Management (GNM), to potentially tracking users even if they utilize Telegram's end-to-end encryption features. The investigation also underscores Vedeneev's ties to Russian intelligence services and his company's provision of infrastructure to sensitive agencies, raising concerns about user privacy and security. https://www.occrp.org/en/investigation/telegram-the-fsb-and-the-man-in-the-middle

The Securities and Exchange Commission (SEC) has withdrawn its proposed rules that would require investment companies and advisers to develop written policies addressing cybersecurity risks and reporting significant incidents. Many groups opposed the rules, arguing that they would divert resources from real threats and provide adversaries with valuable information. https://www.sec.gov/rules-regulations/2025/06/cybersecurity-risk-management-investment-advisers-registered-investment-companies-business

Not a security issue, but finally, the iPad gets multitasking. https://arstechnica.com/gadgets/2025/06/apples-craig-federighi-on-the-long-road-to-the-ipads-mac-like-multitasking/

Erie Insurance is deep in the trenches attempting to recover from a “security incident”. https://www.erieinsurance.com/newsroom/press-releases/2025/erie-insurance-network-outage

The Dutch police have identified 126 individuals linked to the Cracked.io hacking forum, including an 11-year-old. The forum was used for trading stolen data, hacking tools, and fraud tutorials, and is believed to have targeted at least 17 million US computer users. "According to Dutch police, most of those identified have now received a formal warning via email or post about their use of the site. In addition, police say they have summoned 20 individuals to a police station for a face-to-face conversation, intended to steer them away from future cybercriminal activity.” OH NO, the dreaded sit-down talk. I wonder how that goes… “cybercrime is baaaaad”. Better yet, I’d like to see the recidivism rate. https://www.bitdefender.com/en-us/blog/hotforsecurity/dutch-police-cracked-io-hacking-forum

Harry Coker Jr., the second-ever National Cyber Director, discusses his time in office, highlighting key accomplishments such as implementing a collaborative and transparent approach within the interagency, improving relationships with the Office of Personnel Management, and addressing decades-old weaknesses in internet security. https://therecord.media/coker-interview-no-economic-security-without-cybersecurity

DFIR

Phill Moore directs you where to find cached screen shots in Windows 11. https://thinkdfir.com/2025/06/13/cached-screenshots-on-windows-11/

Cool Job

Two truly cool jobs this week:

Senior Manager of Cyber Operations - Dutch Bros. Someone, please get this job and then tell me how awesome it is. The only downside is you have to move to the desert, which isn’t for me. https://dutchbros.wd1.myworkdayjobs.com/en-US/DBShops/details/Senior-Manager-of-Cyber-Security-Operations_REQ-16125-1

Director of Risk Management - Philadelphia Phillies. https://www.teamworkonline.com/baseball-jobs/philadelphia-phillies/philadelphia-phillies/director-risk-management-2124680

Cool Tool

Investigate those short links before you click. https://redirectdetective.com/

Kali Linux 2025.2 was released with the addition of 13 new tools. https://www.kali.org/blog/kali-linux-2025-2-release/

Reader Mail

I agree with your assessment of training from the NW3C. Not only is the material great but also the contacts I made with other investigators from all over the country. Unfortunately, budgets cut will force them to more classes online and take them away from what they do best, live classes that bring us all together. - Jim

Issue 238 for reference.

Irrelevant

Your humble writer is irrationally fearful of snakes and fully supports Florida’s effort to rid itself of these horrible creatures. Florida has killed 20,000 tons of snakes since 2013. https://phys.org/news/2025-06-eradicate-invasive-pythons-florida-stunning.html

Sign Off

A recent thread on a tech forum asked, “What is your fallback job if AI takes away your career?” I was surprised by how easily people give up, almost as if they are secretly hoping their job becomes obsolete so they have an excuse for no longer working. I think I’m fairly safe since AI would view it as a waste of its ability to replace me.

Thank you for reading another issue, and I hope you'll return next week.

Don’t forget to send your feedback to matt[@]threatswithoutborders[.]com

Matt

Published every Tuesday, Threats Without Borders offers original commentary and educational pieces related to cybercrime investigations and information security topics. We also summarize and comment on news articles concerning active threat intelligence for the financial industry. The newsletter interests everyone tasked with cybersecurity or involved in preventing or investigating technology-enabled fraud, theft, or money laundering.

Legal: I am not compensated by any entity for writing this newsletter. Obviously, anything written in this space is my own nonsensical opinions and doesn’t represent the official viewpoint of my employer or any associated organization. Blame me, not them.

cybercrime cybersecurity fraud investigation osint cyficrime