The other day, UK police raided a property where they found £114 million ($150 million) of cryptocurrency. The raid was part of an AML investigation, but I was particularly struck by this comment from Deputy Assistant Commissioner (DAC) Graham McNulty
“There is an inherent link between money and violence.”
Of course, that’s obvious. You only need to see any movie to know that money is the key to driving people into crisis and violence. The extended quote from DAC McNulty was as follows:
“There is an inherent link between money and violence. Violence is used to extort, blackmail, burgle, control and exploit. It’s used to protect criminal profits and maintain control of territories.
“Cash remains king, but as technology and online platforms develop, some are moving to more sophisticated methods of laundering their profits. But we have highly trained officers and specialist units working day and night to remain one step ahead.
“These officers not only work to disrupt and seize funds being transferred digitally, they continue to deprive criminals of hard cash.”
Cool. But …
Criminals always work one step ahead of the system. That’s their secret sauce: break the system by being one step ahead of how the system thinks. I was struck by this over the years of meeting hackers and criminals – I’ve met a few – and they always say the same thing: “we don’t think like you”.
People who commit crime prey on those who don’t. They are predators. They are predators of trust and predators of fear. Those who prey on trust use social engineering to suck you in and scam you. The obvious example today is the social friend. This leads to lots of scams, with the main one being the romance scam. People get sucked into a world where they believe they have developed a relationship, but the person they are having a relationship with does not exist and is just manipulating emotions to get money.
As if that could be me?
Think about it … how trusting are you of online connections?
There are many other examples. My favourite is of the ethical hacker, Jamie Woodruff, who recounts a story of watching a bank’s head office for weeks – he was paid by the bank to do this – and discovered that pizzas arrived every Friday morning at 11:00. How to break the bank? Arrive on Friday morning at 10:55 dressed as the pizza guy. Security waved him straight through and hey-ho, off we go.
Then we can move to fear. Obviously, if someone says they will kill your family unless you do this, then you do it. But that’s a rarity. The more obvious fearful scam is
A little role-playing. You’re in the office, it’s 4:15 p.m., and you receive a message from your company’s VP of Finance. An urgent transfer of funds is required to finalize an agreement with a major partner, and the transfer must be sent by the end of the day. How do you respond?
Known as a CEO scam, everything looks bona fide as an internal request by a senior executive for urgent action. How many employees would check the details, the trail, the electronic signatures and proof points? Or how many would act on the fear of reprisal if they fail to do what their boss asks in a timely fashion?
Preying on trust and fear is easy in our networked world whilst we lack proper authentication and identities. But what happens if we have verified identities, like those blue ticks on twitter profiles?
Should email addresses have blue ticks? Should social media profiles have blue ticks? How would the fraudsters create their own ticks?
The fraudster is always one step ahead of the detective and two steps ahead of the victim. They prey on trust and fear. Just be alert.