The following is an excerpt from a piece I published in the newsletter in October 2023. I recalled it after reading a current online conversation about what law enforcement “should be doing” to address financial crimes.

In 1997, Marc Goodman graduated from Harvard’s John F. Kennedy School of Government with a Master’s of Public Administration degree. In fulfillment of that degree, he published an academic article in the Harvard Journal of Law and Technology titled “Why The Police Don’t Care about Computer Crimes”. Mr. Goodman was not just a student interested in a novel challenge facing law enforcement, he was also a Sergeant with the Los Angeles Police Department.

Check that date - 1997.

I don't recall when I first became aware of this article, but I’ve been carrying it around for seemingly ever. It’s been a note in every note-taking app I’ve used for years, and I have cited it as a source several times.

Take 15 minutes to read it. Although published as an academic article, it’s an easy-to-read piece of writing. You’ll find it published in several locations and different formats, so if you don’t like the official version, Google it for another.

Why is this article still relevant 28 years later? Goodman’s explanation of why Law Enforcement fails to effectively tackle cybercrime remains applicable today. Consider some of these observations:

“At a time when most police departments cannot keep up with the the hectic pace of constant 911 emergency calls, the thought of dedicating scarce resources to the "fuzzy" concept of computer crime is very hard to sell to most police chiefs. Rapes, murders, drive-by shootings, auto theft: and drugs are all higher on the priority list than computer crime.”

And

“Other reasons why police departments have been very slow to respond to digital crime issues include lack of computer savvy and the fear of technology, or "technophobia”. Rank-and-file officers are not alone in their lack of understanding of high-technology issues. The problem also affects higher-ranking officers. The majority of senior law enforcement officials have been neither formally nor informally trained in the use of computers.”

Again, this was 1997.

I recall that after my initial post on this topic, I received an email from a law enforcement investigator who was upset by my perspective and unaware of my previous career. If you weren’t aware, cops don’t like criticism from non-cops, especially from someone who writes a half-assed newsletter on the Internet. I recall my response was something like, 'I appreciate your concern, but find me on LinkedIn.'

Mr. Goodman’s thoughts have aged well - including his summation:

“Unless police departments start planning and training now, it may be impossible to keep up with the criminal elements of society as they plan their future misdeeds. To protect society from these new cybercrimes, it is necessary for law enforcement agencies not merely to meet the expertise of their criminal counterparts, but rather to exceed their knowledge and skills. Training and equipment must be acquired soon. If not, the U.S. criminal justice system will fall perpetually behind in its efforts to enforce and prosecute a whole new class of criminal activities.”

And financial institution fraud investigators, this can very well apply to your field also. How about this re-write of the previous summation: "To protect financial institutions from these new cybercrimes, it is necessary for security investigators not merely to meet the expertise of their criminal counterparts, but rather exceed their knowledge and skills."

IBM just published the 2025 Cost of a Data Breach Report and revealed the average cost for an American organization to identify, respond, and recover from a data breach is $10.2 million.

I’d say that is worthy of our attention and focus.

I encourage you to take a few minutes to read the article and consider how your organization is preparing to address cyber-financial crimes.

https://jolt.law.harvard.edu/articles/pdf/v10/10HarvJLTech465.pdf

The News…

Does your organization have Multi-Factor Authentication enabled for critical accounts? If not, consider consulting your insurance provider. In February 2024, the City of Hamilton in Canada suffered a major ransomware attack, which disrupted nearly all municipal services for weeks. The attackers demanded $18.5 million to unlock the systems, but the city opted not to pay and instead worked to recover and rebuild. This reconstruction has cost over $18 million and is still ongoing. The insurance company identified the lack of multi-factor authentication as a "root cause" of the breach, leading to the denial of about $5 million in claims million. https://www.cbc.ca/news/canada/hamilton/cybersecurity-breach-1.7597713

People with absolutely no idea how the Internet or AI LLMs work are shocked that their chats with the service were found in publicly searchable Google results. https://arstechnica.com/tech-policy/2025/08/chatgpt-users-shocked-to-learn-their-chats-were-in-google-search-results/

The FBI has seized $2.4 million in Bitcoin from a cryptocurrency address linked to a new Chaos ransomware operation. The seized funds are believed to be linked to cyberattacks and extortion payments made by Texas companies. The Chaos ransomware group is thought to be a rebrand of the BlackSuit ransomware team, which originated from the infamous Conti ransomware gang. https://www.bleepingcomputer.com/news/security/fbi-seizes-24m-in-bitcoin-from-new-chaos-ransomware-operation/

A former compliance executive at Flagstar Bank, Ross Marrazzo, has filed a lawsuit against the bank's ex-CEO, Alessandro DiNello, alleging that DiNello was aware of a client's money laundering activities and failed to report it. Marrazzo was terminated from his position after he raised concerns about DiNello's actions and was denied a severance package. https://www.bankingdive.com/news/ex-flagstar-ceo-alessandro-dinello-accused-of-illegal-conduct/756595/

This Iowa woman was “actively participating” in a scheme to steal and launder over $1 million in a multi-state fraud scheme. https://www.thegazette.com/crime-courts/manchester-woman-charged-in-fraud-scheme-resulting-in-loss-of-over-1-million/

DFIR

Two former FBI digital forensics experts explain what really happened to the “missing” parts of the Epstein jail surveillance video. https://www.forbes.com/sites/larsdaniel/2025/07/27/missing-epstein-video-digital-forensics-experts-reveal-what-really-happened/

Educate Your People

The 2025 Unit 42 Global Incident Response Report (Social Engineering Edition) is released, and it confirms what we know: the bad guys are attacking people, and it works.

The report covers incidents investigated by Unit 42 (Palo Alto Networks) between May 2024 and May 2025. Thirty-six percent of the incidents were determined to have begun with a social engineering tactic.

Furthermore, attacks initiated through social engineering resulted in data exposure in 60% of cases, compared to a 44% exposure rate for at-large attacks.

https://unit42.paloaltonetworks.com/2025-unit-42-global-incident-response-report-social-engineering-edition/

Share Threats Without Borders

Feedback

Matt, you made me laugh with the bank security camera meme. The joke at my bank is that we’d be better off installing Ring doorbell cameras. But hey, the executives have a coffee machine that fresh grinds the beans. - Chaz

Review for those who missed Issue 244

Send feedback to matt @ threatswithoutborders.com

Cool Job

Global Investigations Manager, Disney. https://www.disneycareers.com/en/job/-/-/391/84149019456

It might be worth moving to California for this job. Global Security Operations Manager, Apple. https://jobs.apple.com/en-us/details/200613685/global-security-operations-manager

Cool Tool

Python tool using Google's Gemini API to uncover the location where photos were taken through AI-powered geo-location analysis. https://github.com/atiilla/geospy

Web based Instagram viewer - no login to Insta needed. https://insta-stories-viewer.com/

Irrelevant

Crypto beginners guide; What is a Spot Bitcoin ETF? https://www.coingecko.com/learn/what-is-a-spot-bitcoin-etf

Sign Off

Thank you for opening and reading the newsletter again. There are now 1,297,045 newsletters written about fraud and cybercrime, so I appreciate that you give me a few minutes of your attention.

Like, Comment, Share, Subscribe. Email me.

Matt

“BE HAPPY FOR OTHER PEOPLE WHO ARE HAPPY.”

Published every Tuesday, Threats Without Borders offers original commentary and educational pieces related to cybercrime investigations and information security topics. We also summarize and comment on news articles concerning active threat intelligence for the financial industry. The newsletter interests everyone tasked with cybersecurity or involved in preventing or investigating technology-enabled fraud, theft, or money laundering.

Legal: I am not compensated by any entity for writing this newsletter. Obviously, anything written in this space is my own nonsensical opinions and doesn’t represent the official viewpoint of my employer or any associated organization. Blame me, not them.

cybercrime cybersecurity fraud financial crime investigations osint aml