Mariola Marzouk, Financial Crime and Fraud Strategist at BAE Systems Applied Intelligence
The battle between financial institutions and cyber criminals is a constant one, where the attackers often have the upper hand.
Governments are trying to stem the tide through cyber assessment frameworks and regulations, but criminals and their associates are responding with sophisticated counter measures to preserve their lucrative business.
A well structured ecosystem of partners appears to be the criminal’s strongest weapon, impenetrable to law enforcement agencies that are suffering from a shortage of skills and technical resources – it took the FBI all of two years to infiltrate The Dark Markets forum where some 2,500 criminals were trading stolen financial information and more.
Bringing hackers to justice is a greater challenge than arresting them, not to mention recovering the stolen funds. The evidence needed in court might be overseas, deleted or encrypted. Moreover, lawyers may lack the knowledge and skills in translating complicated technical information to make a jury understand the intricacies of such cases.
In a case called ‘malware-enabled money laundering’, an Eastern European gang used malware to transfer almost £1m from five compromised bank accounts through 166 ‘mule’accounts. The money was later withdrawn at various currency exchanges across London. While the Metropolitan police did manage to infiltrate their operations and prosecute those responsible, only £190,000 has ever been recovered.
Fighting cybercrime is not a lost cause. Far from it. Financial institutions and governments can disrupt the organised gangs by putting the compliance departments at the frontline and arming them with the knowledge, tools and support they need to prevent hackers from moving the illicit money around.
This might embrace a number of ploys, such as utilising unsuspecting citizens,recruited as money mules with lucrative home employment offers, or criminals compensating each other with stolen credit/debit cards. Using prepaid cards is also popular, as they offer a cheaper alternative to hiring money mules and can be readily purchased anonymously. Further, criminals can use synthetic identities to pass the KYC (Know Your Customer) screening and thus apply for reloadable prepaid cards that have the same use as debit, ATM or credit cards.
The list of scams is seemingly getting longer as the cyber gangs tap into more ways to exploit financial institutions. On the plus side, there are anti-financial crime technology vendors innovating with machine learning, AI(Artificial Intelligence) and blockchain, but also growing public private collaboration initiatives with cyber threats as one of the key focus areas.
What the compliance departments can do now to take control over the cyber threats is to create an ecosystem of partners embracing counterparties, law enforcement and technology vendors. Such collaboration will not only enable information, resource and capability sharing, but also deliver a powerful collective response to cyber crimes by blocking the ‘dirty money’ flow.