Global Security Advisor Proposes ‘Moon-shot’ Fight Against Cybercrime

/

LIVE FROM THE ACFE GLOBAL FRAUD CONFERENCE

Dick Carozza, CFE
Editor, Fraud Magazine

Marc Goodman, a global security advisor, believes the anti-cyber crime community should mount a campaign against online criminals similar to President John F. Kennedy’s challenge to land a man on the moon.

“He made a bold declaration. … We don’t have anything like that for cyber security; yet we’re handing over every aspect of our lives over to these machines with no concept of protection. … We’re all going to have to do that,” he said. “And you folks from the ACFE have the right skill sets, the right knowledge, the right network to make that happen. I invite you to join me in that fight.”

Over the last 20 years, Goodman built his expertise in cyber crime, cyber terrorism and information warfare. He’s worked with Interpol, the United Nations, NATO, the Los Angeles Police Department and the U.S. federal government.

He founded the Future Crimes Institute to inspire and educate on the security and risk implications of newly emerging technologies. He also serves as the global security advisor and chair for policy and law at Silicon Valley’s Singularity University — a NASA- and Google-sponsored educational venture dedicated to using advanced science and technology to address humanity’s grand challenges.

“Technology can be awesome,” Goodman said. “It’s had a tremendous impact on the world. … But there’s a significant downside to technology and the ways bad guys use it. …

“All the technology change is leading to a paradigm shift in crime and in fraud. Crime used to be an easy affair; it was a good start-up business. You could go out and get a knife or a gun, hide in a dark alley and say ‘stick ‘em up.’ … But eventually criminals could only rob so many people in a day. New technology helps criminals rob more people,” Goodman said.

In the Target breach last December more than “one-third of America had its information compromised. … Now one person can rob 100 million people.” Also, Target had to spend $214 for each one of the accounts hacked. He said a recent Center for Strategic and International Affairs study said that the annual global cost for cyber crime is $400 billion — about 1 percent of the U.S. GDP. 

He then shared some cyber crime developments. Here are just a few:

  • Innovative Marketing Solutions, a company in Kiev, set loose a popup box that told computer users that they had a virus, and for $49 they could download malware protector software that would solve their problems. However, users actually never had infected computers until they paid their money and downloaded the software. Before the FBI and Interpol shut them down, the business ripped off $500 million.
  • When we’re browsing on the Internet, we only see the “surface web” — underneath is the “Web Profunda” or “Deep Web,” which is 500 times larger than the web we know. “About 50 percent is involved with crime and fraud,” Goodman said. The Deep Web site, “Silk Road,” sold drugs, guns, fake IDs and hits for hire, among other nefarious goods and services. Before the site was taken down, 20 percent of all American drug users had purchased their drugs on the site, he said.
  • Most flashlight apps on phones steal contact information.
  • Those who think they’re calling their banks often are shunted via malware to criminal call centers that request, and often receive, personally identifiable information.
  •  Fraudsters are hacking pacemakers, insulin pumps and vehicle computer systems.

Goodman said that personally we should:

  • Use different passwords for every system.
  • Always use a VPN when connected to public networks.
  • Always encrypt our data.

Corporations should:

  • Implement open-source intelligence programs. Go into the Dark Web.
  • Place adults in charge of risk, fraud and security.
  • If something is really important, don’t put it in a computer.
  • “Red team” and test your assumptions; find problems before hackers do.
  • Hackers are already in the system; hunt them out.

“Technology runs the world,” Goodman said. “ … When it fails, what’s our backup plan? We don’t have one.” He said we owe it to our children’s children to not leave them a scary cyber world.

Find more conference coverage at FraudConferenceNews.com.

The Wolf of Wall Street: From the Prosecutor’s Seat

/

LIVE FROM THE ACFE GLOBAL FRAUD CONFERENCE

When did Jordan Belfort, “The Wolf of Wall Street,” make the majority of his money committing fraud? According to former U.S. Attorney Joel M. Cohen, Belfort’s fraudulent activities picked up dramatically in 1994, after he was charged with securities fraud and barred from brokering by the Securities and Exchange Commission (SEC).

Former U.S. Attorney Joel M. Cohen, who led the prosecution against Belfort, shared his viewpoint of the case against Belfort and his company, Stratton Oakmont, Tuesday during the final part of a two-part session. FBI Special Agent Gregory Coleman, who led the investigation, shared his account of events during Part One yesterday.

Cohen said he first became aware of the case when he took over as a federal prosecutor in the Eastern district of New York in Brooklyn in 1997. Coleman, who had been investigating the case for more than six years and had previously worked with five other federal prosecutors, went to meet with Cohen to walk him through the status of the case. “Much of the investigation into Belfort up to that point was in Greg’s head,” Cohen recalled. “He knew everything about him and what he was up to. My predecessor left me one box of some files, but Greg came in my office and rolled out a 14-foot-long roll of paper that showed a long flow chart of funds.”

Some of the information detailed in Coleman’s roll of paper was a trend called “cockroaching.” Cockroaching is what happens when a firm gets pushed down and crushed (or closed) and the employees (the cockroaches) scurry off to other firms. Belfort used these cockroaches that he already had relationships with to use his services to continue to commit pump and dump schemes without any regulation. “Belfort became a more powerful force after the SEC put him out of business,” Cohen said. “He had an even greater ability to manipulate stocks.”

When Coleman and Cohen decided to officially prepare an indictment they opted to attack the top of the scam rather than the players at the bottom. As I mentioned in Monday’s post, they went after the money Belfort was hiding in Geneva. What I didn’t cover yesterday was what Cohen said was a major hurdle in the investigation: getting the Swiss government to cooperate under something called “dual criminality.” In order for the Swiss to help with the investigation, the case had to fall under dual criminality, meaning both nations had to consider the offense a crime. Unfortunately, Switzerland didn’t technically consider securities fraud a crime… yet. Cohen and Coleman worked hard to convince them that their laws in fact did prohibit this activity, just in a different way.

With the necessary documents from the Swiss, as well as surveillance, Coleman and Cohen convinced Belfort in just 36 hours to admit to his almost decade-long frauds. “This guy woke up every day and committed fraud,” Cohen said.

Cohen closed by expressing his disappointment with how the 3-hour movie ended its provocative tale of Belfort. In the closing scene, Belfort, played by Leonardo DiCaprio, is shown years after his crimes speaking in front of a group of people. The person who introduces him to the podium is played by none other than Jordan Belfort. He also conveniently stands in front of a sign displaying the name of Belfort’s current speaking company, “Straight Line.” As if that isn’t enough, Cohen played a clip of DiCaprio in real life giving a gushing endorsement of Belfort’s motivational speaking skills. As Cohen said, I guess one more person has been fooled by the self-proclaimed “Wolf of Wall Street.”

For even more conference coverage, visit FraudConference.com.

Freeh Lauds ACFE for Professionalism and Reputation

/

LIVE FROM THE ACFE GLOBAL FRAUD CONFERENCE

Dick Carozza, CFE
Editor, Fraud Magazine

“What’s critical about your organization and reputation,” said former FBI Director Louis Freeh during the Monday Working Lunch, “is the interaction and interconnectivity that you bring between the government and the private anti-fraud community and establishment. That did not exist for many years for the most of the history of the FBI.”

Freeh said during his FBI tenure he often had ACFE members accompany him and become heavily involved in investigations. Now as chair of Freeh Group International Solutions, LLC, a Pepper Hamilton LLP group, he continues to closely work with Certified Fraud Examiners (CFEs).

Freeh, during his keynote, shared some of the lessons he learned during his FBI tenure and extolled the virtues of ACFE members. 

“One of the biggest things that has changed is the technology that is available to investigators,” he said. “I just spoke at the second circuit [judges’] conference in New York. And the theme of all the judges in that circuit was the impact of technology on being a judge and particularly focusing on cyber crime, cyber technology and cyber terrorism. There were a number from leading technology companies giving insights as it impacts judges — judges who have to explain complicated cases to juries but also have to understand the provenance and integrity of evidence, which now comes from different platforms.”

Freeh reminisced about the state of technology in 1975 in the New York City FBI office. “In one case, we had … to surreptitiously record an organized crime guy’s conversation so we called our lab and we asked for the best cutting-edge technology they had. So they sent up a pair of shoes. The microphone was embedded in the shoes! Probably they were 12 ½ quadruple E shoes. And the first statement by the subject on the tape was, ‘John, what’s the matter with your feet?’ ”

Though technology is now light years from 1975 microphone shoes, some things have not changed, Freeh said. “The most important ‘value add’ that [ACFE members] bring to the anti-fraud community and the law enforcement community is … incredible experience and depth. 

“It’s not a coincidence that two of your largest government communities [with ACFE members] are the IRS and the FBI. Because the synergies and the ability to share information there is unprecedented in our history,” he said. “You bring, I know from my own investigations, and sitting on boards, tremendous credibility because of your education, your certification, your reputation is just a sterling contribution to the anti-fraud community and the efforts that you bring on behalf of private clients and corporations,” Freeh said. 

“Many of you work for the government by contract or otherwise and that information and that relationship is a very, very special one. It evolved over a long period of time. And the Bureau has evolved over a long period of time,” he said. 

“The disability that the Bureau, and most government agencies have, is that they tend to react to external changes and tend to train, equip and pass statutory authorizations as a result of things that are coming to them from the outside as opposed to proactive, inside innovative thinking,” Freeh said.

He said the first FBI bureau investigators in 1908 — Treasury Department employees — weren’t gunslingers or bank robbery investigators; they were accountants. “They had no weapons; they had no authority to arrest anybody. That didn’t come until 1933. But it evolved due to the necessity of dealing with financial crime.” Then more outside changes influenced the FBI to investigate bank robberies, organized crime and narcotics, he said. 

He said that after 9/11, counter-terrorism has become the necessary, but totally, consuming preoccupation of resources and programs and statutory authority. “Now, finally after the recession, the programs and the focus on serious global economic crime and cybercrime have been resuscitated,” Freeh said.    

You can find more coverage from the ACFE Global Fraud Conference at FraudConference.com.

The Top 5 Ways to Network at the ACFE Global Fraud Conference

/

AUTHOR’S POST

Mandy Moody, CFE
ACFE Social Media Specialist

There is one opportunity that we are most proud to offer at the ACFE Global Fraud Conference: a place, a time and a setting best suited for professional networking. From catching up on the latest fraud trends to visiting about career changes and personal milestones, the networking that takes place at the conference is second to none.

Below are the top five ways for you to take advantage of the exclusive networking opportunities next week in San Antonio:

  1. Welcome Reception: Sunday, June 15 from 7-9 p.m. in the Anti-Fraud Exhibit Hall. Get a sneak peek at the latest and greatest anti-fraud services and products while connecting with new and old friends. Also, enjoy some snacks and drinks. Be sure to check out the 25-year member presentation at 8 p.m. on the Exhibit Hall stage.
  2. Attendee Networking Reception: An Evening in the Wild West: Tuesday, June 17 from 6-8 p.m. at The Majestic Theatre. Tickets are $75 person (available at the registration desk) and well worth the investment. Along with food and drink there will be a photo booth and live entertainment. Cowboy boots welcome, but not required.
  3. Industry Networking Tables: Gather with attendees from your industry during the General Sessions at reserved tables throughout the room.
  4. Networking Lounge: Connect with attendees facing similar challenges during a dedicated Networking Break for your group or industry. The Networking Lounge will host meeting times for designated industries. Visit the Exhibit Hall to view times and sessions.
  5. Online Networking: Join the 25th Annual ACFE Global Fraud Conference LinkedIn Group or follow the conference on Facebook and Twitter. You can follow #fraudconf on Twitter for the latest coverage and visit FraudConferenceNews.com for articles, photos and videos. Also, download the conference app to view the attendee list, send private messages or set up meetings.

I look forward to seeing you soon in San Antonio! Don’t forget your business cards!

Adding Structure to the Use of Unstructured Data

/

GUEST BLOGGER

Jeremy Clopton, CFE, CPA, ACDA
Senior Managing Consultant, Forensic and Valuation Services
BKD, LLP

In the age of big data, it should come as no surprise the ACFE’s 2014 Report to the Nations ranks proactive monitoring and analysis of data as the most effective anti-fraud control, with respect to both duration and median loss. What may be surprising is the type of data being monitored and analyzed.

Unstructured data (things like external emails and social media) is becoming a larger portion of the big data pie every year. In a 2005 report, Gartner Research indicated that unstructured data comprised about 80 percent of all available data in an organization. Fast forward a few years, and that percentage is likely much higher. The challenge we face as investigators is how to best use this unstructured data in our investigations. The solution begins with the collaboration between data analytics and digital forensics, as referenced in my post in February on that topic.

As highlighted in a recent article posted on venturebeat.com, the Detroit Crime Commission (DCC) has embraced this collaboration as well. The article and accompanying video cover the general framework of how the DCC is using analytics of both structured and unstructured data for fighting crime. While the article is focused on a specific software solution, it contains valuable information about the DCC’s mindset and reasoning behind the use of what they call big data analytics. This information is applicable regardless of software choice, industry or location. Some key conceptual takeaways from the article include:

  • Network analysis and relationship mapping. Using information gathered from online sources, the DCC identifies criminal enterprises and their members, as well as how the various organizations interact. Applying this to occupational fraud, identifying the network and relationship map for key vendors, employees and customers may help in uncovering corruption and kickback schemes.
  • Analyzing both unstructured and structured data. Rather than relying solely on criminal databases and arrest records, DCC uses information from online posts to supplement their structured information and gather intelligence not otherwise available. Applied to occupational fraud, the analysis of email communications, text messages and chat sessions may provide information regarding unknown relationships or activities not identifiable in the transaction detail.
  • Data visualization. The video accompanying this article shows a great example of using data visualization to uncover relationships and “see the data” more quickly than traditional methods. The old saying that “a picture is worth a thousand words” is truer than ever in data analytics. Using data visualization helps identify trends, patterns and relationships not readily identifiable in reading through large volumes of data. This technology can truly help an investigator see the issues in the data.

The application of data analytics in law enforcement is a great example of leveraging big data. The DCC’s success using these concepts underscores the importance of proactive monitoring and analysis of data for fraud detection and prevention. 

Follow Jeremy on Twitter @j313 or at BKDForensics.com.