War on Cybercrime
Here are three ways in which the National Cyber-Forensics & Training Alliance is cracking down on cybercrime:
CyFin. The expanding landscape of cyber schemes that impact financial services firms include stock manipulation; electronic funds transfer fraud; ACH-related scams; use of money mule networks; and the use and abuse of a growing number of telecommunication (mobile banking, SMS texting) utilities. The NCFTA has combined several ongoing and increasingly overlapping initiatives into an umbrella initiative, termed CyFin, to reflect the broader topic of financial crimes over the Internet and the increased tendency of international organized cybercriminals to rapidly “siphon” victim accounts via social engineering techniques, malware and keystroke loggers. Under CyFin, refined information-sharing and triage tools have been developed and teams of dedicated analysts and investigators have been assigned. Financial services organizations, online merchants, anti-virus companies, payment/payroll processors and telecommunications providers are partners in the effort, with federal and international law enforcement regularly enlisted for support.
Digital Phishnet. Developed to better collect and develop intelligence regarding the highest priority and most sophisticated phishing (identity theft) schemes, the digital phishnet initiative seeks to rapidly refer such matters to appropriate law enforcement and industry stakeholders for victim mitigation and subject neutralization. It exploits threat intelligence received from some 300 companies regarding attempts to compromise computers through malicious code, usually delivered as part of an e-mail message purporting to come from legitimate sources, such as a trusted bank or merchant. Cybercriminals often seek to directly solicit credentials from consumers through social engineering techniques, appearing to come from legitimate sources.
Reshipping. This initiative involves developing intelligence regarding the concealment of the true recipients of merchandise purchased with stolen payment credentials. Shipping fraud, reshipping and the credit-card fraud associated with it currently cost the U.S. economy almost $1 billion per year. NCFTA in partnership with key shippers, UPS, FedEx and the U.S. Postal Service, as well as key federal law enforcement partners, agreed to establish an information-sharing protocol and legal framework whereby information such as Internet Protocol (IP) addresses involved in shipping fraud will be centrally collected at the NCFTA and made available to these entities for e-channel mitigation through authentication controls. A secure Listserv was established through which partners from e-commerce, government, and domestic and international law enforcement could share timely threat/incident intelligence. This group has more than 300 participants worldwide.
A program spearheaded by Microsoft Corp. is designed to provide a trusted way for researchers to report stolen credit-card numbers and other data they’ve found in the dark corners of the Internet. Establishing that link is important because when a researcher finds stolen data, it can be hard to convince a bank or law enforcement that the information is legitimate. The lost time can mean the difference between someone’s identity being used for fraud and stopping a fraud before it occurs
The Microsoft program could greatly help researchers deal with data they’ve found online and submitted to affected companies, said Dan Clements, former president of CardCops, which specializes in tracking down stolen payment card numbers online.
Clements said the speed of the new program — how quickly it leads to notifications for affected institutions and consumers — will be key to whether it is successful. The new program is being managed by the National Cyber-Forensics & Training Alliance, a nonprofit organization that focuses on cybercrime and has law enforcement agencies as members. The American Bankers Association and eBay Inc. are also taking part in the program and banks, retailers and Internet security firms will be added over time.
Clements said that one weakness of Microsoft’s program is that it won’t allow people to anonymously submit what they’ve found, which could discourage whistleblowers from coming forward. He cited an example from Card- Cops that involved an insider at an e-commerce company who discovered his company was hacked and lost 50,000 credit-card numbers. The employee said management threatened to fire him if he disclosed the breach. Clements said CardCops allowed the employee to disclose the breach anonymously and sent the information to the banks and the government.
— By Jordan Robertson