I was reading about the use of cryptocurrency for laundering money when I came across the term “chain-hopping”. This is an attempt to obfuscate the final location of funds injected into the cryptocurrency system by rapidly transferring the balance from one cryptocurrency to another. The point is to move the funds from a coin with a public blockchain such as Bitcoin or Ethereum to one that is private such as Monero or Zcash.
Blockchain intelligence companies such as Chainanalysis have created a business model around tracking cryptocurrency transactions. The bad guys hope that jumping through several chains will confuse the companies software, or at least create enough smoke to delay the investigation. And most law enforcement doesn’t even know what a blockchain is, let alone trace a transaction.
I immediately drew the correlation to the fraudulent movement of money through gift cards. The bad guys have their victims initiate the money transfer through easily recognized and usable cards such as *****Dot or ******Play but need to quickly distort the transfer flow to conceal the final withdrawal.
The flow usually goes something like this: Victim initiates the process through a *****Dot card and gives the bad guys the numbers. The bad guy transfers the balance to One V****** cards. The balance from those cards is then transferred to a ****bird card where it is withdrawn from a corner store ATM.
Every one of those financial networks requires a search warrant to release information. Law enforcement is stymied, confused, and exhausted by the process.
Card-hopping, the same intent as chain-hoppin, just a different form of currency.
Uber Chief Security Officer fails at, well, security
Former Uber CSO Joseph Sullivan has been indicted for his actions in an attempt to cover-up a hack that compromised the records of 57 million Uber customers. When Sullivan learned of the hack, he orchestrated a “six-figure payment” to the attackers in exchange for their silence. His scheme resulted in the businesses failure to report the breach to the FTC and the affected Uber users. Obviously, the U.S. Attorney for the Northern District of California found this objectionable. https://www.justice.gov/usao-ndca/pr/former-uber-chief-security-officer-face-wire-fraud-charges-0
There’s a bigger question
This Pennsylvania man has pled guilty to failing to remit payroll taxes for four years and is facing up to five years in prison and restitution. The IRS estimates he owes them a bit over one million dollars. Fine. But what did he do with the money he never paid? He withdrew it from his employees paychecks so it’s not like he just wasn’t withdrawing the funds at all. The money went somewhere. It seems like there is bigger crime here than just failing to remit payroll taxes. https://www.pennlive.com/news/2022/01/pa-businessman-admits-not-remitting-payroll-taxes-and-will-have-to-pay-1m-to-irs.html
Malicious insiders
Are dangerous even when they are no longer insiders. Even when they should know better. Like when they were once Acting Inspector General for the Department of Homeland Security. Yes, the former head of DHS - OIG has been indicted for stealing department licensed software and files he then used to create his own firm upon retirement. https://www.justice.gov/opa/pr/former-acting-inspector-general-us-department-homeland-security-pleads-guilty-scheme-defraud
Nothing is unbelievable,
But this is just unbelievable. The pictures and videos coming out of California detailing the massive scope of the rail car burglary problem are astonishing. It’s like modern day stage coach robbery. If you didn’t get a product you ordered for Christmas - it’s probably laying along the tracks in Los Angeles. https://www.latimes.com/california/story/2022-01-16/rail-theft-soars-los-angeles-pilfered-packages-littering-tracks
And a first person account with video:
The Rest…
The FTC issued a warning about a cryptocurrency payment scam. https://www.consumer.ftc.gov/blog/2022/01/new-crypto-payment-scam-alert
This security researcher found an unsecured database that contained over 600,000 entries of credit reports and collection records for a Florida business. https://www.websiteplanet.com/blog/transcredit-leak-report/
Florida IT Director makes a hard call when faced with a ransomware infection, “Shut it down and piss people off”. https://www.cnn.com/2022/01/16/politics/florida-hospital-ransomware/index.html
AML trends for 2022: https://www.jdsupra.com/legalnews/aml-trends-for-2022-1160204/
Know what a “rug pull scam” is? Well now you do. https://financialpost.com/fp-finance/cryptocurrency/rug-pull-scams-raked-in-over-us2-8-billion-in-crypto-in-2021-report-finds
Cool Tools
Use CSV better. https://www.convertcsv.com/
Cool Jobs
SR. IT Security Analyst - Hershey Entertainment and Resorts (good company and good people)
Special Agent, Investigations - National Insurance Crime Bureau
“Done is better than perfect” - someone who gets more done than me
Irrelevant
This guy mastered the art of mashed potatoes and got a PhD out of it. https://www.cbc.ca/documentaries/the-nature-of-things/q-a-four-years-and-20-000-potatoes-later-this-man-has-a-phd-in-mashed-potatoes-1.6288705
Homophones are hard
Throes - A severe spasm of pain; a condition of extreme difficulty
Throws - to propel through the air with force
Thanks for opening the Email. Please consider sharing this newsletter with friends and colleagues to help us grow.
See you next Tuesday.
Matt