There's enough from this morning's 2013 Techno Security and Forensics Investigation Conference to split into multiple blog posts. I'll focus this one on the keynote that was given this morning. The presentation was Protecting the US Financial System from Transnational Criminals and it was given by A.T. Smith, Deputy Director, US Secret Service (USSS).
Some interesting statistics with respect to US currency:
- Currently over $1T US Federal Reserve Notes (FRN) in circulation worldwide
- 2/3 of FRN in circulation outside the US
- 75% of all $100 notes outside the US are counterfeit
- Overall, 1/10,000 of those notes are counterfeit
With respect to data, 1,1116 TB of data (yes, over 1 petabyte of data) was captured in seized media in 2012. Keep in mind that the US Secret Service strategically focuses on criminal financial violations. Cases that involve national security get turned over to the FBI.
Again, I definitely see this as an area where data professional can get engaged. Large amounts of data... that's what we do.
One of the problems we face with regards to criminal financial violations: In Eastern Europe it is "in fashion" to be a young hacker. Many hackers are out of work / make little money. Example of this hacking culture: Dmitry Golubov. He was busted, only sentenced to 6 mo (due to "connections"), and didn't serve most of it. He then ran for office and won. And he founded a political party. In short, successful hackers in Eastern Europe are the rockstars. Magazines follow them. They date models, etc. So it's easy to understand the motivation behind these young hackers.
This is hard to compete against. It's like why the lottery is so successful.
In all, 96% of data targeted - payment card info, PII, email addresses. 73% of the victims are in the US. The attacker numbers show that Romania is a hot spot. However, in second place is the United States:
- 33.4% Romania
- 29% United States
- 14.8% unknown
- 4.4% Ukraine
- 3.9% China
When the USSS looks at financial cyber crime, here's the hierarchy they see:
Malware developers -> hacker -> major dump vendors
As a result, the US Secret Service targets malware developers first.
Some of these cases are big. For instance: BadB case - Vladislav Horohorin.
- Maksym Yastrzemskiy
- Albert Gonzalez
- Aleksandr Suvorov
- Lin Mun Poo - hacked Federal Reserve - had 413,000 credit cards for sale when arrested
In short, we've got to get better. They're making money hand-over-fist.