Money-Muling Pays in Cyber UnderworldCisco Report Suggests Banks Should Know Their Enemies
And let's not kid ourselves. We are all fighting eFraud in one form or another: Phishing attacks launched on our e-mail accounts, malware that infects our hard-drives with keyloggers, and malicious text messages that hit our smart phones, asking us to enter account details that will later be used to drain our checking or savings accounts. All are perpetrated via electronic means, exploiting the cybersphere that has helped to make our world more connected and intelligent.
But eFraud can only go so far. It can't, for instance, put tangible dollars in the hands of the cybercriminals behind those malicious attacks. That's why cyberattacks often include more than eFraud. Social engineering, trafficking, money laundering and money-muling are often married to eFraud. And according to research included in the Cisco annual report for 2010, cyberthieves are doing an ever-better job of bringing all of those pieces together, weaving a well orchestrated, international business model that nets big profits.
When the money is moved to a payment system and overseas by human beings, it's hard for financial institutions and law enforcement to trace.
"In reality," says Patrick Peterson, a Cisco Fellow and chief security researcher, "the threats are coming from the malware. We have lost a lot of data-protection battles, and today information is readily available in criminal forms. The challenge for criminals is not getting the information, but figuring out, 'How do I take those details and turn that into cash in my pocket?"
So, eFraud is the threat. But criminals have had a hard time moving funds from U.S. accounts, for instance, to overseas accounts, especially if those overseas accounts are in eastern Europe or Asia, Peterson says.
That's where money mules come in. They launder the funds, and their networks are posing big problems for international law enforcement. "The money mules are the critical link for monetizing malware," Peterson says. "Cybercriminals often partner with organizations that specialize in money mules."
Money mules bridge the gap between eFraud and cash, and they're getting very good at it.
On the other end of the spectrum is law enforcement, which, unlike criminal organizations, often has difficulty collaborating across borders. Some of that is changing, however. Where 2010 was a watershed year for eFraud or cybercrime, 2011 is expected to be a watershed year for law enforcement. "We expect to see more laws in all countries against cybercrime, and we are already seeing more cooperation among international law enforcement," Peterson says. "The days of being able to escape to another country are over."
The success last October of Operation Trident Breach, which led to the arrest of 116 money mules and cybercriminals for their connection to cyberattacks on U.S. bank accounts that spanned four years, proves international law enforcement agencies and governments are making headway. But that's only headway. As the skill of money mule networks and cyberattacks improves, law enforcement faces daunting challenges, especially when crossing multiple borders is required.
Peterson is optimistic, saying so-called public-private partnerships among the security industry, government and banking will fuel anti-cyberterrorism efforts. "It's a partnership that's offering practical advice by making people more aware," he says.
I'm a bit more pessimistic. It's the money mule piece that concerns me. I agree law enforcement is getting a handle on the eFraud part of the equation, at least from a tracking standpoint. But when it comes to the actual people being hired to move the money, I don't think we have such a grasp. Even Peterson allows that the human part of the chain will be the most difficult to track.
"The ability for law enforcement to move from A to B to C is pretty good," he says. "But when the money is moved to a money payment system and overseas by human beings, it's hard for financial institutions and law enforcement to trace."
So, where do we go from here? Well, a lot of it will come down to the banks. Knowing their friends from their foes will be critical in 2011. How adept they are at catching suspicious account activity and suspicious account-holders will make all the difference.