Could Blockchain Technology Enhance Communications in Major Law Enforcement Actions?

Complex Cases Present Complex Challenges

On December 2, 2015, a married couple opened fire at a holiday party in San Bernardino, California killing 14 people and injuring 22 others. Both attackers were killed in a gun battle with police. A massive investigation conducted by numerous local, state, and federal agencies found that the attackers were planning a terror attack before the tragedy.

On October 1, 2017, a shooter opened fire on a crowd of concertgoers at the Harvest Music Festival on the Las Vegas strip killing 58 people and leaving 851 injured. The 10 minutes of shooting is now known as the deadliest mass shooting in United States history. A multitude of local, state, and federal authorities participated in the subsequent investigation.

On November 13, 2015, at least seven simultaneous terrorist attacks took place throughout Paris killing 129 people, including 89 in the Bataclan concert hall. More than 350 people were injured as well. At least 7 terrorists were involved in these organized multifaceted attacks which included mass shootings, hostage takings, and suicide attacks. The subsequent investigation involved national and international intelligence and law enforcement agencies.

We also see more and more cases where multiple local, state, and federal law enforcement agencies band together to investigate violent gang members, human traffickers, serial killers, and child abductions, for prosecution in state and federal jurisdictions.

First Responders in Major Events

The initial response to tragic events will involve multiple local, state and federal government agencies guided by unique regulations and procedures. Many cases result in long and complicated investigations and trials where the evidence collected is fiercely challenged in judicial proceedings. Even when the perpetrators do not survive the attacks, the public will demand a full investigation to unravel the evidence, determine motives of the attackers, identify and prosecute co-conspirators, and prevent occurrences in the future.

Case Management Systems

Many investigative agencies and prosecuting authorities have developed their own record keeping procedures to satisfy rules and regulations for the respective agencies. Others may make use of high quality case management software to manage the flow of information. Nothing is wrong or incorrect with the wide variety of systems, but the systems are not necessarily compatible with each other. Some of the compatibility limitations can be identified and addressed through training and practice for major catastrophes.

Can Blockchain Shared Ledger Technology Assist in the Process?

Without being involved in large scale operations, it may be hard to grasp the complexity of gathering, managing, and distributing the enormous amounts of data collected in these matters. Even criminal investigations of lesser magnitudes can result in thousands of pieces of data collected by different investigative agencies. Managing the data is critically important to comply with existing rules, regulations, and laws governing the proper collection of evidence and the resulting admissibility of evidence. Government authorities are also responsible for disclosing evidence to opposing counsel prior to trial, to include evidence that could benefit defendants. Failure of compliance can result in evidence being excluded, mistrials, and overturned convictions. Judicial authorities often have to referee disputes between government and defense counsel over the admissibility or concealment of evidence. Improper management of the data can also fuel unfounded conspiracy theories that survive long after a case is concluded.

Can Blockchain shared ledger technology knit together the roles of investigators and prosecutors while maintaining the separation of responsibilities?

Present time, multiple-agency investigations are the norm in significant government investigations. There is nothing inherently wrong with different agencies using their own procedures to document their work, and this should not be changed. In the United States, we have never had, nor should we have, only one police force to serve the public. Also, to ensure a proper balance of duties, the investigative agencies report the result of the investigations and prosecuting authorities make decisions about persons charged or not charged with crimes. However, investigators need the input of prosecutors as the case unfolds, and prosecutors need the input of investigators for charging and trial considerations. All are responsible for the proper collection and disclosure of evidence to defendants and their attorneys.

During multiple agency investigations, we see that the investigative results can be siloed inside each agency until communication procedures are developed with the other participants in the investigation. Eventually, the job of gathering and forwarding information to prosecuting authorities gets done, but is there a better way?

Enter Blockchain technology and the permissioned shared ledger system. We know that the Blockchain system with Bitcoin and other cryptocurrencies is designed for participants who do not know or have to trust each other. In this un-permissioned system, anyone can be a participant and anyone can view the Blockchain ledger. This model would not work for multi-jurisdictional responses to events as described above.

A Shared Ledger System

In a closed and permissioned Blockchain system, the participants share the same ledger and collectively approve of new additions to the ledger. So each addition of data will be seen by all participants as the Blockchain ledger is being built. At the end, all participants will have an immutable, time-stamped, and un-hackable ledger of all data points in the case. Logically, the participants would be representative(s) from each agency and prosecuting authority. The approved participants could then monitor the investigation as events are unfolding.

If a shared ledger system is implemented, it would be incumbent on each participant to develop reliable procedures to transfer information from their respective investigation to the Blockchain shared ledger in a timely manner. There should be no need for the participating agencies to peer into the entire files of their counterparts. The various agencies may be reluctant to share their entire files that may contain non-pertinent and agency-specific information.

The resulting agreed-upon shared ledger would show the origin and disposition of information gathered by each participant, to include evidence gathered, chain of custody, email and text communications, computer and smart phone analyses, photographs, interview results, other leads generated, etc., all in an unalterable and time-stamped chronology.

A shared ledger system would not solve all communication and evidentiary problems such as non-cooperation between participants or the unauthorized disclosure of information, i.e., leaks. Those issues are left to the professionalism of the people involved.

Challenge to Blockchain Developers and Users

So here are some challenges that Blockchain developers and potential users may want to consider:

Can a closed and permissioned Blockchain system be designed for use by law enforcement agencies and prosecuting authorities?

Can a shared ledger system satisfy judicial requirements for the collection and disclosure of evidence?

Can robust shared ledger software and hardware be developed in a cost effective manner?

Can a shared ledger be beta-tested for efficiency and effectiveness?

Would shared ledger technology be compatible with existing record management systems of the participants?

Can it be demonstrated that Blockchain technology will improve collaboration between existing data management systems within various agencies?

Can Blockchain technology prevent identity theft schemes that may be used to impersonate participants?

Can Blockchain technology prevent the unintentional or intentional spillage of classified information into the shared ledger?

Are Federal grants available to assist with the testing and adoption of new technology for data management?

Conclusion: It seems that emerging Blockchain technology may offer improvement to data management challenges as seen in major law enforcement actions. But could this be done in a cost effective manner and adapted to systems already in place? If not, the technology will face an uncertain future if the costs exceed limited governmental budgets. Blockchain technology will have to demonstrate its worth as a cost effective improvement in a very demanding environment.

Cryptocurrencies, Blockchain and Fraud, Uncategorized

Synthetic Identity Theft – What Blockchain Users Need to Know

Main Points for Consideration:

  • Traditional Identity Theft schemes steal the identity of a known person to impersonate the victim.
  • Synthetic Identity Theft uses a Social Security Number for form a new, but fake person.
  • Synthetic identities can satisfy known loan underwriting procedures.
  • Synthetic identities create additional risk factors for Blockchain systems.
  • Synthetic identities can be formed before being included into a Blockchain system.
  • Synthetic identities may be used to impersonate known participants.

Advances in Blockchain technology can develop platforms to protect individuals’ identities from theft and also help businesses authenticate participants. But how can Blockchain provide assurances that the identities are valid in the first place? Answers may be found by understanding the threats of Synthetic Identity Theft, and how to mitigate those threats.

In a more traditional identity theft scheme, a perpetrator will steal Personally Identifiable Information (PII) to impersonate the victim. But Identity Theft has evolved into a hybrid form known as Synthetic Identity Theft where a perpetrator is not trying to impersonate the victim. Instead of stealing and impersonating the identity of actual persons, a new persona is invented by the perpetrator. This is accomplished by using a Social Security number to create a completely fictitious personal profile.

Synthetic Identity Theft – How It’s Done

Identity thieves obtain Social Security numbers using familiar techniques like Phishing schemes; forming phony websites to collect PII from victims; using corrupt internal employees who have access to PII; and even buying stolen SSANS obtained from data breaches. The fraudster will add a name, date of birth, and address to create new PII for a fictitious person. The new identity is then used establish records in public databases, credit files, phone and utility records, and social media profiles, etc. Afterwards, the perpetrators can monitor the payment history, credit score and public persona of the fake person. The new accounts established by the fraudster can be immediately used for financial fraud schemes, or, used as sleeper accounts that lay dormant for long periods of time. The dormant accounts can be sold on the black market to other criminals.

Synthetic Identity Theft Schemes – Where Are They Found?

Fictitious synthetic identities are often used to attack internet-based business transactions. As an example, the automobile industry uses internet-based sales for purchasing vehicles without face-to-face interactions with a sales person. Some dealerships have been victimized by perpetrators forming fake identities used to satisfy standard loan underwriting requirements. Financing arrangements were completed with fake personas and vehicles were delivered to other locations where the vehicles were used in other criminal activity.

These schemes have impacted government operations including Veterans’ benefits, Social Security benefits, Medicare and Medicaid programs, Health Care systems, and private medical insurance systems. For example, synthetic identities have been used to obtain health insurance policies from private insurance companies. Also concerning is the potential use of fake synthetic identities by terrorist groups to launder money through established government financial systems and/or cryptocurrencies. The laundered money can fund terrorists for living expenses, safe houses, renting cars, international travel, and purchasing restricted goods.

Fraudulent identity profiles have also been found in the mortgage process, auto insurance claims, staged accident schemes, schemes involving the IRS, Small Business Administration, FEMA, and other government entities. Within the health care industry, the government is encouraging the digitalization of medical records, and these records are based on the PII of patient. This creates more opportunities for the theft of PII.

Anyone’s Social Security number can be stolen, but certain demographic groups are specifically targeted. SSANs of minors are more likely to be stolen because the younger a child is, the longer the fraudulent identity can be used. The SSANs of elderly people, college students, and indigent people are also targeted. The fraudsters have been known to solicit financially destitute people to buy their identity.

Synthetic Identity Fraud is a Worldwide Problem

In 2017, the World Bank released a study concluding that more than 1.1 billion people in the world lack access to vital government services because they are unable to prove their identity. The World Bank Group’s Identification for Development (ID4D) initiative launched a High Level Advisory Council to advance the realization of robust, inclusive and responsible digital identification systems as a sustainable development priority.

The United States Federal Deposit Insurance Corporation (FDIC) recently estimates there are 10 million unbanked or underbanked households in the country. The FDIC defines unbanked as those adults without an account at a bank or other financial institution and are considered to be outside the mainstream for one reason or another. Many people are squeezed out of normal banking systems because of poor credit. Others choose not to participate in government systems to avoid regulation, oversight, and excessive fees.

Why is This a Concern for Blockchain Technology?

The World Bank ID4D recommends efforts to provide reliable digital identities to 1.1 billion people who want to participate in the economy, but lack provable identities. Similarly, unbanked people choosing to use alternative financial instruments, think cryptocurrencies, also desire a safe and reliable system to conduct financial transactions.

Blockchain technology is envisioned as the record keeping system for new digital identities and/or established identities. And it may be safe to assume that the immutable Blockchain distributed ledger can make it more difficult to use a stolen identity. But vexing questions continue to appear: Prior to the adoption of a Blockchain ecosystem, could a criminal or terrorist form a fake Synthetic identity only to be added to the Blockchain ledger? If so, the Blockchain may then become a hiding place for persons intent on doing harm.

Also, once a permissioned Blockchain system is formed with approved participants, could a synthetic identity be formed to impersonate a participant? If so, could a fake participant cause harm to the information being added to the Blockchain?

These possibilities may not be surprising to persons who use ledgers for normal accounting and business purposes. The ledgers can accurately record numbers and information. As accountants and auditors will certainly attest, ledgers can also accurately record falsified information. The ledger system cannot guarantee the integrity of the information before entries are made, and neither can Blockchain. Only people can determine the integrity of other people.

Mitigating Synthetic Identity Theft:

Synthetic Identity Theft schemes can defeat known preventative measures such as credit checks, locking down credit, changing passwords, two-factor authentication because the schemes do not necessarily involve obtaining credit. The fight against Synthetic Identity Theft will be waged by combining known preventative measures with improved Artificial Intelligence (AI) to study behavior, and Biometric verification, such as voice, face, fingerprints, and DNA to verify the identity of actual persons. As such, maintaining a balance between Security and Privacy will always present challenges.

Conclusion: The intention of raising these issues Synthetic Identity theft is not to discredit the Blockchain infrastructure. Instead, and just like any other new technology, it is imperative to understand risk factors as the technology is developed and implemented. Identifying and understanding risk factors should result in strong measures to mitigate the risks. Blockchain developers and end users will certainly need to develop and improve counter-measures to mitigate Synthetic Identity Theft threat vectors.

Cryptocurrencies, Blockchain and Fraud, Uncategorized

Cryptocurrencies, Fraud Schemes, and Money Laundering

  In many presentations I have done to explain Bitcoin and other virtual currencies, the most difficult part for people to understand is how a virtual currency, which cannot be seen or held in our hands, can represent value.   In fact, critics of buying and trading in virtual currencies maintain that virtual currencies will never be a reliable form of commerce.  I am not promoting or demoting the idea of virtual currencies, but it is now unmistakable that virtual currencies have gained worldwide acceptance.  One can argue that virtual currencies will never replace fiat currencies, which is probably true.

Discussion Points to Consider:

  1. Currently, there are about 2000 virtual currencies
  2. Anyone can create a virtual currency
  3. Bitcoin was the first cryptocurrency and is the most well known
  4. Cryptocurrencies are easily converted to and from government-approved currencies (Fiat Currencies)
  5. Cryptocurrencies appear in multiple fraud schemes
  6. Cryptocurrencies are used to launder proceeds from criminal activity

Although virtual currencies have been in existence since the late 1990’s, they lacked reliability and acceptance for conducting financial transactions.  The release of the Bitcoin ecosystem in 2009 disrupted the financial systems in the world’s first virtual currency using cryptology to provide advanced anonymity, and the Blockchain to solve the “double spending” problem.   Thus, Bitcoin became the first convertible, de-centralized, math-based, cryptocurrency.  Bitcoin became convertible to and from fiat currency, de-centralized because transactions could be conducted Peer-to-Peer without government oversight, based on the mathematical solutions of increasingly complex algorithms, and concealed by cryptology.  The structure of Blockchain technology proved that an owner of Bitcoin could not double spend the same Bitcoin.

                What Are Virtual Currencies?

Virtual currencies can be described as a Digital Representation of Value functioning as a Medium of Exchange that does not have Legal Tender status.  All that is required to hold value is Trust and Adoption.  Bitcoin gained in prominence because of the ease of use and semi-anonymity, but government regulators in the United States and around the world have wrangled Bitcoin into a heavily regulated world of banking.  Bitcoin rivals such as Monero and Zcash now offer better anonymity.  Ethereum is another virtual currency which serves as the basis of Smart Contracts (digitalized contracts) for use in commerce.

What is Blockchain Technology?

Blockchain is described as a Distributed Ledger where all transactions are agreed on by Nodes, or participants.  Once approved, the transaction is time-stamped and added as a new Block to the previous Block.  Each new block is individually identified by a unique hash code and is digitally tied to the previous block by incorporating a portion of the hash code.  In this manner, the Blockchain provides an irreversible record of all transactions in ascending chronological order. 

The Blockchain used in the Bitcoin platform is open to the public, meaning that anyone can freely obtain the software program and become a Node in a Non-Permissioned environment.  Nodes can then “Mine” for Bitcoin for their own use or earn Bitcoin fees for approving transactions of other users of Bitcoin.  In this Public format, the Nodes have no need to know or trust each other.  Hybrid forms of Blockchain have been formed to create a Permissioned and Private system where the Nodes know and trust each other.  In both Non-Public and Public Blockchains, each transaction is recorded on a ledger, but the identity of the person or persons behind the transaction is not disclosed.  This is accomplished by using Public Keys to record the transactions, and Private Keys that allow entry into the Blockchain.  Therefore, the identity of the person or persons conducting the transaction remains anonymous.

How are Cryptocurrencies Used in Fraud Schemes?

Cryptocurrencies are emerging as a payment of choice in many fraud schemes.  More and more, we see bad actors avoid government oversight of financial institutions by demanding payment from victims in the form of cryptocurrencies.  And why shouldn’t they? Cryptocurrencies provide anonymity, speed, and worldwide acceptance for the transfer of funds from victims to the perpetrators.  Four main areas of concern are; (1) cryptocurrencies being used in Securities Fraud matters; (2) cryptocurrencies being stolen directly from victims; (3) cryptocurrencies used as payments in Ransomware and Extortion schemes; and (4) using cryptocurrencies to pay for illegal products and services on the Dark Web.

How are Cryptocurrencies used in Securities Fraud Schemes?

 Currently, one of the hottest investment markets involves high-risk Initial Coin Offerings (ICOs), and these ICOs often result in significant losses to unwary investors.  Certainly, there are legitimate ICOs to consider.  However, regulators have found that many are ripe with fraudulent misrepresentations that can result in significant losses to investors.  ICOs can provide a means for startups to avoid high costs of regulatory compliance found in Initial Public Offerings (IPOs).   ICOs involve crowdfunding centered around cryptocurrencies and sold to investors as Utility tokens or Asset-based tokens.  Tokens are promoted as Future Functional Units of Currency.  A holder of utility tokens can exchange value for a good or service in the future while asset-based tokens are backed by an underlying asset.  Some ICOs can fall outside of existing regulations and escape normal monitoring by government regulators.  We have seen cases where scammers will use ICOs in Pump and Dump schemes and Advance Fee schemes.

Investors in Bitcoin are at risk from Market Manipulation of Bitcoin prices.  Bitcoin, known for volatile price changes, is vulnerable to current-event price swings where illicit actors take advantage of news events to manipulate the prices.  Regulators are scrambling to keep pace as increasingly complex investments are expanding across national borders. 

Question: How do you steal cryptocurrencies?   Answer: Steal the Private Keys.

The Public Keys allow access to the Blockchain ledger to record transactions, but the Private Key unlocks the currency.  Therefore, the sophisticated thieves target the computers and smart phones of the owners to learn how the cryptos were purchased, which bank accounts were used to transfer fiat currency, passwords, security questionnaire answers, contacts with other persons transacting in cryptos, websites visited to buy and sell cryptos, and above all, the identity of the Private Keys.  If Private Keys are found, the criminal can permanently transfer the currencies into their own wallet.

Third-party repositories of Private Keys can become hacking targets.  Also, willing buyers and sellers will find one another in on-line forums to meet in person to buy and sell cryptos.  People carrying cash and/or their Private Keys are then susceptible to robbery, referred to as Stage Coach robberies. 

Ransomware and Extortion attacks are directed to large and small businesses, health care organizations, governmental entities, or other businesses holding sensitive information.  Bitcoin is the most common method of transferring the extortion amount, but other cryptocurrencies offering more complete anonymity are also used.

The Dark Web is the part of the internet accessible only by special programs and are available to anyone.  The Dark Web is used by actors to sell stolen goods, sell Malware and other cyber infections, stolen identities, stolen credit cards, pornography, illegal drugs, and actually any other tool of criminal activity. Cryptocurrencies such as Bitcoin, Monero, and ZCash are used to buy and sell illegal items or services. Tumbler and mixing services are also found on the Dark Web.

What About Money Laundering with Cryptocurrencies?Sophisticated criminals are often burdened by their own success, that is, hiding the money from regulators and investigators can be difficult.  Everybody loves cash but spending too much cash only tips-off authorities monitoring cash transactions.  Cryptocurrencies make it possible to easily hide, transfer, and clean the illicit money.

Money laundering is usually explained in three steps: Placement, Layering, and Integration.  Placement means that the dirty money is placed into the financial system, usually the Federal Reserve financial system in the United States.  Layering means the money is transferred through multiple accounts to confuse the financial trail.  Integration means that the dirty money is then transferred into legitimate accounts and businesses to distribute cash and/or purchase expensive assets.

Cryptocurrencies are purchased using the approved (Fiat) currency of a country.  The purchases of cryptocurrencies can be done through government-approved exchanges, or through unregulated exchanges.   

Current emerging money laundering threats with cryptocurrencies are found in multi-national exchanges, online gambling sources, and mixing/tumbling services. Online gambling is gaining legal acceptance in the United States and other countries and offers multiple, diverse opportunities to cleanse the dirty money. Mixing and tumbling services will take individual cryptocurrency transactions and tumble them through multiple wallets to obliterate the trail of transactions. Mixing and tumbling services are not necessarily illegal, however, nefarious operations abound on the Dark Net.  

Conclusion:  Criminal actors now have assortments of tools to bounce illegally obtained fiat currencies through multiple cryptocurrency transactions, multiple wallet addresses, and multiple countries in blizzards of transactions at a very high rate of speed.  Moving and hiding proceeds from criminal fraud schemes has become faster, more efficient, and harder to detect than ever before.  So, the cat and mouse game continues.  While authorities become better at identifying and following cryptocurrencies, the bad actors adjust and adapt to advances made by the good guys. 

Forensic Accounting Issues, Uncategorized

Cyber Attacks: Effective Employee Training

Computer Fraud Button.jpg

IBM recently announced the results of research worldwide data breaches and reports the average cost of a data breach is $3.86 million. The average cost for each stolen record containing sensitive and confidential information is $148.00.
In my previous blog we discussed the variety of ways that business cyber systems are attacked and compromised, and in these discussions, we emphasize the use of e-mails to penetrate the cyber defenses by our adversaries. In general, the actors will compromise cyber defenses by using social media and/or computer intrusions. Most of the cyber defense recommendations I have read will recommend “Training the Employees”, but how do we train our employees to protect the businesses? So here are some suggestions for training employees to spot suspicious e-mails, attachments, or apps.
First, I would recommend briefing your employees on the current trends in cyber crime in businesses. We discuss those trends in the previous blog – but the current trends are Business Email Compromise and Email Account Compromise scams, Ransomware, Theft of Personally Identifiable Information (PII), and Theft of Data by outside actors and/or by corrupt insiders. One common denominator running through each of these attack vectors is the careless use of emails that allow penetration by the bad actors. The cyber criminals are always looking for weaknesses in your IT system such as outdated software, outdated or absence of anti-virus and anti-malware software, weak passwords, and any other wormhole into your system. But one common denominator running through the threat vectors is the use of Phishing and Spear Phishing attacks to convince someone to respond to a spoofed email or open an attachment containing malicious code to infect your system.
From my experience, the best scenario to training your employees is a small group setting led by someone with actual experience in working cyber fraud cases. You don’t want the discussion leaders to just regurgitate what they find on the internet. Have everyone in the room silence their phones. The meeting should be in a quiet setting so that everyone can speak and be heard in a normal conversational manner. PowerPoint presentations are not required but acceptable if people are comfortable enough to interact and ask questions. Early or mid-morning times are great, as is lunchtime, but not while people are eating lunch while the discussions are ongoing. The training should be in the range of 45 minutes to 1.5 hours with cushion for additional time for questions and answers if needed. The afternoon hours can work but people tend to lose interest after lunch or close to quitting time. I would also recommend ongoing training to stay up-to-date on emerging threats or employee turnover.
Prior to training session:
1. Discuss date, time, location
2. Discuss Media Requirements
3. Discuss length of time
4. Evaluate any prior training to minimize duplication
5. Discuss nature of the business to tailor presentation to actual needs
Here is a suggested outline for a training session:
I. Introductions
II. Case Examples relating to your business environment.
III. Current Threat Vectors
a. BEC and EAC Scams
b. Ransomware
c. Theft of PII
d. Theft of Data (outside actors and corrupt insiders)
IV. Methods used by Adversaries
V. What is an E-mail
VI. What is Phishing and Spear-Phishing
VII. What is Malware
VIII. What is Spoofing
IX. How to Identify possible Spoofing
X. Recommended Protective Measures
a. Discuss several options and suggestions from list
XI. Conclusion
a. Be aware of organization’s footprint facing the internet
b. Have a response plan
c. Consider cyber-crime insurance
d. Encourage Employees to suggest protective measures
Conclusion: Cyber defense is often considered a technological problem however, it is also a human problem. Creating effective defenses in your business will be dependent on the buy-in by employees. Can you motivate your employees to practice good cyber hygiene? Will they comply with rules and regulations in place to prevent cyber intrusions? The answers to these questions may be the difference between an expensive attack or effective prevention of the attack in the first place.