Investigators Team Up to Battle Cross-Border Financial Crime
Today’s modern criminals have evolved with the times, adapting to advances in technology at a far quicker pace than both policy makers and law enforcement agencies. Organized groups, gangs, and other criminals have applied principles of risk management to their illicit tradecraft.
The FBI reports that there were 4,251 bank robberies in 2016—a 45 percent decrease compared to 2004. Criminals realize there is more money to be made with less risk of violence, arrest, and imprisonment by leveraging technology to further their criminal enterprises and schemes. Why rob a bank—risking physical harm and stiff penalties—when you can engage in identity theft or identity fiction and rob banks, financial institutions, and credit card companies with little fear of exposure? There is greater potential reward with decreased risk.
In 2013, criminals working with computer experts in more than 20 countries stole $45 million from thousands of automated teller machines over a 10-hour period. This figure represented more than the total losses from the physical robberies of banks that year.
Advancement in technology enables progress, accelerates global commerce, and improves our daily lives. However, it also facilitates faster, more anony-mous criminal activity. Financial crimes have become increasingly sophisticated and dispersed among transnational criminal organizations (TCOs), which have reinvented themselves by leveraging ubiquitous technology and exploiting the gaps inherent in open societies and the global economy. Their influence is damaging, widespread, and formidable.
TCOs are made up of individuals, groups, and associations that operate via illegal means, primarily motivated by desire for increased wealth and power. Their influence usually extends beyond physical or national borders and is facilitated by weak barriers to technology.
Former U.S. President Barack Obama classified and defined significant TCOs as posing a hazard to U.S. national security because some of these groups have the reach and scope to “threaten the stability of international political and economic systems,” according to an executive order.
TCOs pose a greater challenge to law enforcement than single bad actors for a variety of reasons, including their ability to form along racial and ethnic lines to exclude or collaborate with others.
TCOs follow different pathways to success, but all share one common theme: The governments of these organizations’ countries of origin are often unwilling or unable to deter these criminal enterprises.
One example of inefficient government action is Armenia. Armenia’s past political turmoil led to an increasing amount of centralized, organized crime in the country.
This structure of Armenian organized crime is described as a “basic system of relationships and access among various sectors of society.” Unlike other criminal enterprises, there is no “head of the organization.” This makes dismantling Armenian organized crime incredibly difficult. For example, in 2010, the Mirzoyan-Terdjanian Organization (an Armenian-American organization) began to commit medical fraud in five states using stolen identities to cheat the complex Medicare system. The group funneled the money made in the United States into bank accounts in Armenia. The members traveled to and from Armenia to plan and orchestrate this scheme. There were 70 total members of this organization, but no leader. They were eventually caught in the United States and charged with multiple felonies, including money laundering in Armenia.
Due to the rapidity of globalization, increased technology, and the ability to adapt to ever-changing political, environmental, and technological conditions, TCOs are better able to leverage their power and influence to spread illicit activities around a set location or across the globe faster and with greater adverse impact.
Another crucial element that allows TCOs to be successful is anonymity. This is especially true for cybercrimes or crimes where transactions or communications are online. By using the Internet, TCOs can communicate rapidly and anonymously. They can also communicate almost anywhere, making it difficult to identify members of these organizations.
Many times, members of these organizations are unaware of the true identities of the people they work with. These types of TCOs are prevalent in Eastern European countries that used to be part of the Soviet Bloc. One example involves credit card fraud or identity fraud. Low-level operators in these organizations steal credit card information through hacking, phishing, or card skimming. Once the data is retrieved, another group encodes the information onto separate cards and sells them online. These transactions are hard to track through the Internet and the Dark Web. The key point here is that the leaders of the organization can put maximum distance between themselves and the physical place where the crimes are being committed.
Given TCOs’ large numbers of followers, low cost, and widespread access to advanced technology, as well as the nature of transnational crime itself and TCOs’ willingness to use any means to further their cause, these insular groups prove especially challenging to catch and prosecute. And they are using their resources to target financial institutions.
The common underlying factor and motivation for most financial crimes is simple: greed. According to Verizon’s 2019 Data Breach Investigations Report, 71 percent of data breaches were financially motivated, and 39 percent of breaches were conducted by organized criminal groups.
Cybercrime has a direct impact on the public’s trust in institutions and the ability of the public and private sectors to safeguard assets and vital interests. In 2016, the economic costs resulting from cybercrime and attacks ranged between an estimated $57 billion and $109 billion. Just as important is the potential damage caused by these attacks across their targets and linked firms, thereby creating a spillover effect and extending economic harm.
Stock prices drop when a company experiences a significant cyberattack or data breach. The 7 September 2017 announcement by Equifax of the massive cybersecurity breach compromising as many as 147 million Americans caused its stock price to drop by more than 34 percent. The company also incurred more than $300 million in expenses related to the breach. Credit card issuing companies such as TransUnion and Experian, both associated with Equifax, also felt the negative spillover effect of the linkage. Market reaction was negative in the aftermath of the breach and executives from both companies were urged to testify before Congress—thus opening the business up to public scrutiny and additional regulation.
Common traits prevalent among today’s financial criminal organizations are sophistication and resiliency. Criminals continuously adapt to changes in technology and advances made by law enforcement to mitigate their illicit activities. The agility of TCOs’ technological transformation is a seemingly insurmountable obstacle for law enforcement.
However, transnational cyber criminals are not beyond the reach of law enforcement. International law enforcement operations require more time and resources than domestic operations. But even if law enforcement cannot immediately apprehend cyber criminals, it is able to disrupt their operations by targeting their associates, infiltrating criminal infrastructure, and sharing information with companies to enable them to protect their systems.
Organizations around the world handle cybercrime investigations differently, with varying levels of partnership and international cooperation. Within the United States, the Secret Service has been investigating cybercrime since Congress enacted the Comprehensive Crime Control Act of 1984. As payment methods have changed over the years—from coin and paper currency to checks, credit cards, and online transactions—the scope of the Service’s financial investigations has expanded.
In fiscal year 2018, financial crime investigations resulted in 970 arrests worldwide and prevented more than $400 million in potential losses and $312 million in actual losses to the financial system.
To combat these crimes, the Secret Service takes a proactive approach, using advanced technologies to capitalize on the power of task force partnerships. Today, computer experts, forensic specialists, investigative experts, and intelligence analysts provide rapid response and critical information in support of financial analysis, infrastructure protection, and criminal investigations.
These task force partnerships consist of members from the public and private sectors, including academia. Each organization leverages its skill sets and agency resources towards a common goal—to investigate, apprehend, and impede the criminal activity of these organizations. These task forces meet regularly, share information, and cross-train with each other at various conferences and workshops geared towards professional development and sharing of best practices. Using the task force model enables law enforcement to rely on a very powerful tool—the ability to reach back across many disciplines and jurisdictions for investigative assistance.
Secret Service investigations have resulted in the arrest and prosecution of cyber criminals involved in the largest known data breaches, including those of NASDAQ, Dow Jones, Euronet, TJ Maxx, and Heartland Payment Systems. Between 2013 and 2018, Secret Service cybercrime investigations resulted in more than 2,122 arrests, associated with approximately $3 billion in cybercrime fraud losses and the prevention of more than $9.8 billion in potential cybercrime fraud losses. Through work with partners at the U.S. Department of Justice (DOJ), local U.S. Attorney’s Offices, and the Computer Crime and Intellectual Property Section (CCIPS), the Secret Service continues to bring major cyber criminals to justice.
The Secret Service has a network of international offices and partners closely tied with foreign and domestic law enforcement to counter transnational crime, including with INTERPOL, the Organized Crime Drug Enforcement Task Forces Fusion Center, and European Cybercrimes Center (EC3).
The Secret Service working groups reflect broader, multilateral efforts, such as partnering with the Dutch and Wiesbaden Working Groups to combat the growth of transnational organized crime in Eastern Europe.
On a rotating basis, the Secret Service provides these working groups with special agents who possess unique cyber capabilities. These temporary assignments allow for the development of meaningful and long-term relationships with essential foreign partners. The one-on-one communication and trust earned reaps benefits when information or assistance is needed in a timely fashion. The best time to meet your foreign counterpart is not the first time you need something from them.
These trusted partnerships enable the Secret Service to target transnational suspects involved in the distribution and operation of counterfeit U.S. currency, botnets, criminal networks offering bulletproof hosting and the sale of malicious software, and the large-scale theft of personally identifiable information (PII).
The U.S. government has displayed its commitment to combating TCOs through various instruments of its national power, namely via diplomatic channels and by leveraging existing international relationships and creating new ones to help build the capacity and collaboration needed for long-term sustainable progress against these criminal enterprises.
An example of this collaborative information-sharing approach is the Five Eyes intelligence network (comprising Australia, Canada, New Zealand, the United Kingdom, and the United States), one of the strongest intelligence alliances in the world. There are a few reasons why only these five countries are in the network: they all have similar intelligence gathering strategies, they all agree on relatively the same techniques and laws in gathering intelligence, and they have the same standards of intelligence quality.
The use of effective partnering and information sharing with foreign law enforcement enables the United States to better combat the illicit activities of TCOs. American law enforcement agencies have arrested and extradited transnational criminals responsible for hundreds of millions of dollars in financial losses to U.S. businesses and consumers.
The private sector has joined the fight in a substantial way through the creation of sector-based Information Sharing and Analysis Centers (ISACs). These centers collect, analyze, and disseminate relevant and timely information required to secure critical infrastructure, including financial institutions. The information is shared among private-sector stakeholders and with government officials.
An effective tool to combat the impact of transnational crime that targets payment systems and financial infrastructure is the Secret Service’s development and use of the Electronic Crimes Task Force (ECTF) model.
ECTFs create a framework for international law enforcement agencies to share expertise and resources to combat electronic crimes such as identity theft, network intrusions, and a range of financial crimes. The Secret Service maintains a network of 40 ECTFs, including 38 domestic task forces and two international task forces in London and Rome. Participants in ECTFs include approximately 500 academic collaborators; more than 2,500 international, federal, state, and local law enforcement investigators; and more than 4,000 private-sector partners.
In fiscal year 2018, ECTFs’ investigations resulted in computer forensic examinations totaling in excess of 726 terabytes of information.
Additionally, agents assigned to the network intrusion program responded to approximately 271 suspected incidents of malicious cyberactivity nationwide. The program identifies, mitigates, and facilitates the remediation of network intrusions, unauthorized access, malicious hacking, and other network-based crimes.
To protect financial infrastructure from criminals, the Secret Service has adopted a multipronged approach that includes providing computer-based training to enhance the investigative skills of special agents through the Electronic Crimes Special Agent Program; establishing a Computer Emergency Response Team in coordination with Carnegie Mellon University; maximizing partnerships with international law enforcement counterparts through overseas field offices; collaborating through an established network of ECTFs; and providing computer-based training to state and local law enforcement partners to enhance their investigative skills at the National Computer Forensics Institute (NCFI) in Hoover, Alabama.
The NCFI is the only federally funded training center in the United States dedicated to instructing state and local officials in digital evidence and cybercrime investigations. The institute opened in 2008 with a mandate to provide state and local law enforcement, legal, and judicial professionals with a free, comprehensive education on current cybercrime trends, investigative methods, and prosecutorial challenges.
NCFI students receive the same equipment and software as Secret Service special agents, which allows both the local officer and the federal agent to operate on common systems. Graduates of the NCFI return to their respective agencies and apply their newly acquired skills and equipment to investigating computer-based crimes. Additionally, these graduates are offered the chance to participate in the Secret Service’s ECTF Program.
Since its inception, NCFI has trained more than 6,700 state and local officials, prosecutors, and judges on current cybercrime trends, investigative methods, and prosecutorial challenges. This training allowed forensic investigative partners to conduct more than 46,900 computer forensic exams and analyze approximately 4,500 terabytes of information.
Combating TCOs remains a major challenge for law enforcement for a variety of reasons. TCOs are founded for economic rather than political purposes. Therefore, as an organization, a TCO’s lifeblood is profit. At first glance, a TCO does not always appear as great a risk or threat to government as traditional terrorist groups. Crime is often viewed through the lens of being solely a domestic problem. Local law enforcement is often tasked with stemming the TCO’s influence instead of viewing the TCO as a threat to national security, therefore incorporating the capacity and capability of both law enforcement and national security organizational structures, as well as their respective approaches and legal frameworks.
Although the tactics and victims of TCOs may vary, their economic impact remains devastatingly consistent. The United Nations Office on Drugs and Crime (UNODC) estimates the financial gain of TCOs to be approximately $870 billion yearly.
Law enforcement, government officials, and private sector agencies have a vital role to play in the safeguarding of the public good; however, the role of the individual in this joint effort cannot be understated. Public awareness is extremely important in this endeavor. According to the Verizon Data Breach Investigations Report, cyberattacks are largely opportunistic and will target large or small organizations, succeeding most when the target is unprepared.
UNODC has launched various campaigns to educate the public on the global impact of TCOs, ranging from efforts against human trafficking, smuggling of migrants, organized crime, and counterfeiting. One familiar, yet effective, mantra is the U.S. Department of Homeland Security’s “If you see something, say something.” That phrase covers all types of suspicious activity from sneaking into a facility to unusual transactions on financial accounts.
The biggest challenge when facing transnational crime organizations is interagency and international cooperation. Many of these TCOs originate in poor countries where governments lack the skills and resources to stop advanced crime networks. When these TCOs start operating in the United States, they become even harder to combat.
Public engagement with law enforcement cannot be understated or undervalued when addressing this challenge. The public must see the value in joining law enforcement in this effort in ways that are safe yet relevant. Information channels must be created and maintained with the safety of the citizen in mind to foster a level of trust necessary for the public to provide timely and relevant information and investigative leads to law enforcement officials.
The evolution of financial crime and the increased sophistication of cyber criminals and transnational criminal organizations have placed high demand and pressure on law enforcement to adequately track these criminals and deter such activity.
Advances in information technology, the adaptation of cyber criminals, and the transnational nature of payment systems, banking, and the global marketplace require a strategic approach to combating this complex problem of ever-evolving TCOs.
Michael Breslin serves as the director of strategic client relationships, federal law enforcement, for LexisNexis Risk Solutions. He is a retired federal law enforcement senior executive with 24 years of law enforcement and homeland security experience. He served as the deputy assistant director, U.S. Secret Service Office of Investigations, with oversight of 162 domestic and foreign field offices.