Skip to main content

Insights Digital & Analytics

Criminals Don't Operate in Silos and Neither Should We

SABA SHARIFF-v2
Saba Shariff August 17, 2018
mobile hero image

One of the world’s most lucrative professions has been around for centuries, and thanks to today's digital and highly connected world has never been more profitable. This year, this industry is expected to generate more than $1.5 Trillion in profits. People in these careers are technically savvy, highly motivated and can work from just about anywhere. If you’re an employer, you might think they’re the ideal employee.

The only problem is that the people in this profession are criminals.

In 2018, it’s a good time to be a cybercriminal because crime pays - crime pays big. Today, there is more data to steal, more victims and organizations to target, and more money to be made from doing so than ever before. Cybercrime is the second most reported crime globally.

These individuals and organizations are highly sophisticated and are collaborating to maximize their profits. These criminals don’t operate in silos - and to fight them most effectively, neither should we.

The first instances of cybercrime in the 1970s and 80s focused on hacking into computer networks - many individuals were acting just for the thrill of it or being a nuisance with a Denial of Service attack. More often than not, in the news media these acts were characterized as the work of a “lone hacker” - some guy in a hoodie, working out of their basement. Why is that? Why is this is the picture of the cybercriminal?

Cybercrime is big business, with more than 80% originating from an organized criminal activity. Canadian banks, whose deposits total almost $2 trillion, make for one of these criminals’ favourite targets.

These days, as much as banks and other financial institutions are concerned about the competitive threat posed by the likes of Google, Apple, Facebook, and Amazon – what they should really be worried about is competing against CRIME Inc.

Crime Inc. consists of well funded, highly entrepreneurial individuals. The take home for a high earner in this field is as much as $167k per month. Large cybercrime multinationals can make profits totaling over $1 billion per year.

I use terms like profits and multinationals when describing these organizations because they really are run like global businesses.

Much like any corporation, they consist of various teams working together, teams whose tasks are divided into specialized roles. They even use the same tools you and I use to communicate, like Skype and Jabber.

One team may specialize in acquiring and distributing credit card information, and another will focus on using social engineering techniques against call center employees. These criminals are great team players. They share knowledge and intelligence, they transact with each other - they do data breaches and account takeovers in teams, they share hacking tips, vulnerabilities and scams with each other.

They mimic the techniques of legitimate organizations, setting up websites where you can acquire their “wares”, offering disclaimers for purchases and even technical support.

They’ll even run training programs for that budding cybercriminal who wants to learn how to hack or infiltrate a website.

When these groups succeed, the impacts are massive. The US Department of Justice recently arrested three high ranking members of the cybercrime group known as Fin7. Fin7 is accused of stealing more than 15 million credit cards across 47 different states. Those arrested were Ukrainian nationals, and their teams operated out of the UK, Australia, and France. A true Cybercrime multinational.

One of the scariest things about Crime Inc is how closely it resembles those it’s looking to attack.

If cybercrime was still just that lone hooded hacker, it would be easier to spot and fight. However, it’s no longer about that guy in a hoodie - it’s about sophisticated groups that are working together in sync and across borders, unfettered by the rule of law, highly motivated to maximize their profits.

Effectively fighting the cyber fraudster means first knowing how they operate. We’ll focus on what's known as account takeovers.

There are three main steps involved:

Step 1: Acquire credentials and other personal information
Data breaches are an epidemic. In 3 short years from 2014 to 2017, there was a 50% increase in the number of breaches reported and a tripling in the number of records exposed. In fact, since 2013, a total of 9.7B data records have either been lost or stolen.

Every breach, no matter the size, results in critical customer and account information being stolen, putting millions and millions of pieces of our data into the hands of criminals.

Beyond breaches, we – as customers – make it easy for criminals to do their jobs. We’re all digital creatures, and many of us readily share our personal details across various social networks. Our child or pet’s first name, where and when we were born, the street we grew up on … you know, the helpful answers to all those two-factor authentication questions.

All of this information is a goldmine for cyber fraudsters.

Step 2: Access accounts 
Once they’ve acquired credentials and personal information, criminals use that data to gain access to lucrative customer accounts. They’ll test stolen credentials on websites and mobile applications - such as online banking. This happens so often that an estimated 60% of login attempts at banks come from criminals.

They can take the information stolen from one site and use it to access our account on another because so many consumers (i.e., you and me) re-use the same or similar passwords on multiple sites. Before you start feeling too bad about that, in 2017, cyber group OurMine, was able to hack Facebook CEO Mark Zuckerberg's Twitter and Pinterest accounts. They did this after decrypting his LinkedIn password, which was leaked in a separate data breach. OurMine claimed Zuckerberg had used the same credentials on all three social media sites.

Step 3: Commit the crime
Step 3 is Payday. Once criminals have access to accounts, they can commit all sorts of bank fraud. This includes everything from draining accounts of available funds to using those accounts that are in good standing to get new credit at the same or other banks. Sometimes they even use the compromised accounts as “mule” accounts to move funds in and out in order to avoid investigation.

Make no mistake about it; the Crime Inc juggernaut is going after that $2 trillion in deposits.

So what do you do when you come up against Crime Inc? Well, if we were to keep score of the battle between Crime Inc and the Banks, it might not look so good. When it comes to agility and perhaps motivation, you could say that criminals have the advantage. It’s never been harder for a bank to figure out whether you are who you say you are, and whether you’re one of the good or bad guys.

Fortunately for us, banks have a couple of things working in their favour, and for the last couple of years, my team and I have been working alongside some of Canada’s biggest banks to redefine the playing field and tip it in favour of the good guys.

We’ve been asking ourselves: how can we help banks address the problem and disrupt how fraud and cybercrime are detected today?

So here's what we’ve come up with - we make it so painful and hard for the fraudsters that it’s no longer worth it for them.

We’ve focused on two distinct advantages or strengths that banks can rely on:

  1. Collaboration
    Let’s start with collaboration. Much like fraudsters, we know that there is strength in numbers. Collaboration amongst banks requires first concluding that fighting fraud isn't a competitive advantage - while doing it alone can certainly be a disadvantage.

    Collaboration in the fight against Cybercrime starts with sharing vital fragments of information to piece together the first signs of fraud.

    It can be as simple as working together to find and isolate ‘patient zero’. After a breach or account takeover attempt, this means simply sharing compromised credentials or details on flagged accounts, which helps out as many in the network of good guys as possible.

    By sharing vital data like this, we can limit the impact across organizations, effectively creating a Canadian Shield against fraud.
  2. Artificial Intelligence (AI) and Machine Learning
    Second and equally, if not more powerful is the use of AI and Machine learning. Monitoring billions of transactions by millions of customers requires a robust and relentless data processing capacity and the ability of artificial intelligence to ingest and learn from the data in real time. AI and ML are essential tools for leveraging the network effect across institutions.

    With all the breaches, improving or replacing passwords with some other method of authentication won’t address the root problem. The crux of the matter is detecting and decoding the hundreds or thousands of data points that signal who the actual user is. A single organization would have a hard time collecting enough information to correctly distinguish a valid user from a fraudster every time.

    While fraud mitigation professionals have long used business rules and analytics to identify fraud, the issue is that traditional analytics are limited by having focused on data sets that are sometimes too narrow.

    Cross FI uses of data can provide a valuable resource to feed machine learning. When it comes to machine learning, the best way to train models is with supervised learning - and that requires high-quality data, ideally gathered from disparate sources. Machine learning works best when the problem is correctly defined, and the right features are gathered. By collaborating with the banks, we’re able to add their human intelligence and expertise – drawn from decades of fighting fraud – to our machine learning solutions.

    The reality is, financial threats across the globe are increasingly sophisticated, highly organized and richly supported. Massive amounts of data from myriad sources must be analyzed for insights into the behaviour and activity of fraudsters. Innovative technology, in large part, has made significant inroads in fraud detection. However, it’s the collaboration of people, data and machine learning that offers the best defense against such multifarious, and even nefarious, challenges ahead.

Fraud follows the money, and when the channel dries up, criminals leave. So we need to work more collectively to plug as many holes as we can. We have two great tools at our disposal to do so.

Fighting fraud is hard. Fighting it alone is even harder. When you’re up against this group, why would you do it alone?

 

 

SABA SHARIFF-v2

Saba Shariff

Saba Shariff is an acknowledged leader at Symcor Inc., a leading provider of business processing and data management services, supporting major banks, insurance, retail, and telecommunications companies in Canada. As Head of New Product Development and Innovation, Saba leads a passionate team of professionals in designing new and exciting ways to solve real customer problems and leverage data to both improve today's services and discover new ones. With over 20 years of experience in IT and Product, Saba is a frequent public speaker in the private and public sector on topics such as Collaborations or Partnerships in Canada, and Breaking Stereotypes in Business Technology Management. In her spare time, Saba enjoys being active while managing the joys and tribulations of raising a teenage son.

Topics: Insights Events