FBI on ACH Fraud InvestigationsAgent Russ Brown on How Banks Can Help Law Enforcement
"Throughout our investigation, from the beginning, we've found that the criminal entities behind the ACH fraud are very sophisticated," Brown says. "They're very well educated on the technical side of the house, very talented in working with computers, and they're very focused on their end goal of obtaining money."
In an exclusive interview, Brown discusses:
- How the private sector has assisted in this international investigation;
- What banking institutions can do to protect themselves and their customers from account takeover;
- How institutions can assist law enforcement in solving these crimes.
"The private sector has a lot of independent researchers and people who continuously analyze malware and do reverse engineering and keep up on the technical trends, and that is a big part of their job," Brown says. "When they find things, they report this to law enforcement and the government and make it well known as to their findings. This is a key factor in how we conduct our investigations."
Brown, a Unit Chief within the FBI's cyber division, has worked for the FBI for 14 years. He has extensive experience investigating and overseeing cyber criminal cases.
TOM FIELD: Russ, there's been a lot in the news about the FBI's role in the recent investigation that led to scores of arrests related to the Zeus malware and ACH fraud and money mules. What can you tell us about what you found during this investigation?
RUSS BROWN: Tom, through the investigation from the beginning we found that the criminal entities behind the ACH fraud are very sophisticated, they are very well educated on the technical side of the house, they are very talented in working with computers, and they are very focused on their end goal of obtaining money. They are very coordinated where they reach out to resources. They need to get the job done. So by all means, they are very talented, sophisticated actors who make this job their living.
International CooperationFIELD: Now, I know that this is still on ongoing investigation. There are things you can't talk about. What can you tell us specifically about the willingness of different countries and law enforcement agencies to share information? Because that part of the investigation seems sort of unprecedented.
BROWN: Well, this highlights our ongoing relationship and development with international [agencies], especially in the cyber field. It is very important to be able to have an international cooperation since the computer realm easily knows no boundaries. It can go worldwide, and by having these partnerships with other countries, we can share information and develop investigations on actors across borders. It is very important in this day and age to be able to do that.
Private Sector's RoleFIELD: Now you spoke about the international partners. How did the private sector, including security researchers and even the banking industry, help you in the investigation?
BROWN: The private sector and the banking industry both have been very key in this investigation, as well as cyber investigations ongoing. The private sector has a lot of independent researchers and people who continuously analyze malware and do reverse engineering and keep up on the technical trends, and that is a big part of their job. When they find things, they report this to law enforcement and the government and make it well known as to their findings. So this is a key factor in how we conduct our investigations. As well as the banking industry, maintaining their network connections, their logs, watching for fraudulent behavior, and being in tune with the technical aspect of banking online and their systems.
How Banks Can Prevent ACH FraudFIELD: So, Russ, based on what you've learned from working this investigation, what would you recommend to financial institutions to be able to prepare themselves and their customers to ward off corporate account takeover attempts?
BROWN: The best thing is to stay current with information technology security methodologies. The FS-ISAC and the FBI and other law enforcement have been working together to come up with guidance and best practices to stay ahead of the game, and stay current with criminal activity. The financial sector, if they follow some of the products that have been put up by the FS-ISAC, that's a really good first start. As well as looking online just to know what the current technologies are, using strong authentication for banking, watching for anomalous and fraudulent behavior, and really staying current and educating their customers. A big part of this is educating their customers so the customers know when there is something out of the ordinary and they can quickly contact the bank as well.
Customer AwarenessFIELD: You know that's a point I want to follow up with you because I know that the FS-ISAC and the FBI and other organizations released a couple of documents last week about corporate account takeover, and education is huge. What do you find to be the areas that most need to be reinforced with business customers, the ones that really become the victims?
BROWN: I think if they are able to go through the documents, there are numerous points in there. It really focuses on three different areas of protection, detection and response to these activities. There is guidance in those documents that will assist customers and educate them to ward off the account takeover attacks.
How to Assist Law EnforcementFIELD: Russ, a final question for you. You said that financial institutions have done a good deal to assist law enforcement. What would you advise financial institutions in ways that they can maximize their ability to help law enforcement and investigations such as these?
BROWN: First and the most important thing is to watch what is going on inside of their institutions. Look for that anomalous behavior. If something is reported as being fraudulent, immediately stop the transaction. Have a plan in place to coordinate with the appropriate people on who to contact and what to do. Keep the records of the transactions and anything that happened around; create a timeline of the events so that when it is reported to law enforcement, we can make the best attempts at tracing who committed the offense.
FIELD: And Russ, who is the best first contact that a financial institution should make in wanting to reach out to law enforcement?
BROWN: Probably their local [police]. They want to make sure that you get a police report documented ... and then reach out to whoever they have the best relationship with at the next level -- if it is federal, local, state -- and move forward. There are numerous areas where they can report the incidents to various law enforcement agencies and it will be worked from that point on.