fintech innovation and emerging financial crime typologies:...

1

Who can it be now?

FinTech Innovation and Emerging Financial Crime Typologies: Emerging Risks and How to Disrupt Them

Anti-Financial Crime Symposium – Nordics

25 October 2018

2

Moderator:

Rajeev Ahya - Financial Crime SME, ACAMS

Panel Members:

Rose Bernard - Senior Intelligence Development Analyst, Digital Shadows

Juho Hasa - Tax Auditor, Finnish Tax Administration

Johan Landström - Co-Founder / Head of Lab, Acuminor AB

3

Ask questions via slido.com

Event code: #nordics

4

Monitoring Cryptocurrencies

Juho HasaTax AuditorFinnish Tax Administration


25 October 2018

5

How do we obtain the relevant Data?

Legal background to retrieve third party data:

Tax Act on Assessment Procedure (TAP)

Tax audit can also be carried out solely for the

purpose of collecting data that can be used for

any other investigation, even related to another

taxpayer. 21. Act: Third Party Audit

6

How do we obtain the relevant Data?

Legal background to retrieve third party data (continued):

Tax Act on Assessment Procedure (TAP)

The Filer must identify information in addition to

the name with personal ID number and / or

corporate ID number, or if this information is not

available, other identification and contact

information must be provided. 22. Act: Special rulesconcerning theinformation

7

Sources of Data

Finnish Companies

• Increased likelihood of False Identity

• BTC FIAT Conversion Transactions

• BTC Purchase of Goods & Services

through payment of bills of bills

Finnish Banks

• Strong chance of correct identification

• €-deposits to, and withdrawals from, foreign

exchange platforms

8

Sources of Data (Continued)

Open Sourced

Intelligence – OSINT

• Data leaks (Mt. Gox)

• Internet Forums, Social Media etc.

Debit Cards

• Foreign issued cards used in Finland

• BTC Prepaid Debit Cards (Xapo)

9

Hiding the Assets

Mr. X ran a Payday

Loans Business

The business was highly

profitable. However,

obligations related to

bookkeeping and taxes

were not complied with

Convicted on

bookkeeping and

tax crimes – Fined

€400,000 in

unpaid taxes

Fined

€400,000

10

Hiding the Assets (Continued)

Before officials could seize funds,

Mr. X transferred € 80,000 to a

cryptocurrency marketplace called

Bitstamp and bought bitcoins leaving

enforcement authorities helpless

Knowing our strong legal

background and ability to source

information and data, the enforcement

authorities approached us to assist in

the matter

11

Hiding the Assets (Continued)

We requested exchange of information

from Bitstamp and received transactions

completed through his account and also

his bitcoin addresses

After conducting blockchain

analysis we found out that he had also

used the cryptocurrency exchanges

Bittrex and Poloniex who we then

contacted for further information

12

Bitstamp

Start of the Operation

Private Wallets to

hold and transact

with the funds

Bittrex and

Poloniex used in an

attempt to hide the origin

of the funds *Graph is simplified in order to provide a better overview

13

Hiding the Assets

Mister X has profited from

the overall value increase

in cryptocurrencies and

according to our analysis

his Bitcoin portfolio is now

valued at over € 1 million

However no notable

usage of cryptocurrencies

against Fiat-currency

is found

• P2P trades in cash?

• Bitcoin debit cards?

• New Bitcoin deposits to

Bitstamp in late 2017 &

2018

Next phase is to

do a seizure of his

assets that are in

bitcoin form

14

The Right Tools to Utilise the Data

Priorities

Keep the tax system

convincing (new phenomena)

through audits and other

taxation monitoring activities

Provide knowledge and

information to National and

International authorities

through cooperation1 2

Resource Tool

A relatively large amount of data Data scientists for combining

and enriching the data

Maintaining situation awareness by following

trends and knowledge obtained from the media

Blockchain analysis tools

15

Discussion and Question Time

Thank you

17

In the middle of nowhere

Johan LandströmCo-Founder – Head of LabAcuminor AB


25 October 2018

19

Private BTC exchange through:

Protecting from volatile course changes by

using Crypto trading platforms and OTC providers

such as Poloniex, Kraken and Genesis

NOTE: Poloniex, Kraken and Genesis

are legitimate actors

Cashing out to FIAT on days with lower

course swings and in accordance to business.

Mondays and Fridays in many cases

Family members Mobile payments

Deposits to prepaid cardsPre-paid cards – legally and illegally obtained

Both FIAT-only and BTC-TO-CARD since it is

still difficult to purchase groceries with Crypto

20

Layering through ever increasing multiple steps...

Constantly

changing behavior

Bank account OSP

(validates ID through

the Bank) Online

gambling establishment

Cash out through

E-Wallet E-Wallet

connected with Prepaid

MC Card use/cash

withdrawal Avoiding detection is

vital within CaaS as well

for private criminals

Criminals follow

trends and ongoing

investigations, so

switching of payment

brands/options is a

frequent occurrence

21

Drivers: Complexity and fragmentation

Who is

responsible

for what and

when

Institutes & classic players

BanksStock market entities

Payment networkproviders

E-money competitionE-walletsVouchers

Pre-paid debitOSPs

Closed loop currencies

Fin-techCrypto currencies -

FXSmart Contracts

Crowd...Multi-walletsGig-economy

22

Source: Copenhagen FinTech. https://copenhagenfintech.dk/about/fintech-startup-scene/

23

Success Factors

Get to know criminal modus operandi

Use external indicators from criminal behaviour and map against internal environments

The use of mobile payments in black market trading of bitcoins in Sweden

• Regular, multiple, and small incoming mobile payments from various private individuals

• Fewer large, outgoing mobile payments to private individuals, can be reoccurring persons

• Fewer large, outgoing payments to established brokers

Measure everything:

Early detection and

identification of

customer segments

misusing products

GDPR is not

a problem

Use new technologies to

gain insight but don't

over trust the models

You will have to be able

to explain the findings

Cooperation and

exchange of

information – Cheap

and very effective

(necessary)

Education

& Training

24


Thank you

26

Financial crime and the evolution of the Carbanak Group

Rose BernardSenior Intelligence Development AnalystDigital Shadows


25 October 2018

27

Overview• ATM theft has come a long way in a very short time

• The Carbanak Group has been targeting financial institutions

since

at least 2013

• In that time, they have continually adapted their tools, techniques,

and procedures (TTPs) to ensure that they are successfully

stealing as much as possible from vulnerable entities

• The group exploit both technical and human vulnerabilities

in successful intrusions

• What does this mean for financial institutions now?

28

Carbanak Group (aka Anunak) are a Russian language criminal group targeting

financial institutions, ATM systems, and point-of-sale service providers

Who are The Carbanak Group?

The group have been active since at least 2013 and in the past five years have

been responsible for the theft of over USD 1 billion

The group’s activities can be divided into 5 phases of targeting, including the

direct targeting of ATMs, Cash Out campaigns, and the exploitation of the

SWIFT communication network

The group combines social engineering tactics with custom made malware and

open source tools

Despite the arrest of a member in March 2018, the group’s profile is unlikely to

change in the immediate future

29

Phases of Activity

Targeting

ATMs

Phase

1

ATMs,

accounts, SWIFT

Phase

2

Point of

Sale systems

Phase

3

Banking trojans,

the hospitality sector

Phase

4

SWIFT

Phase

5

30

• Phishing lures

• Weaponised

documents

• Metasplot

• Mimikatz

• Spearphishing

emails

• Compromised

credentials

• Custom

malware

• Carberp/

Carbanak

Tools, Techniques, and Procedures

31

Key Takeaways

Organised and sophisticated groups use a mixture of technical and physical solutions

Human error is often the initial entry vector

From there groups can move laterally within a network

Technological solutions should be part of an in-depth holistic strategy that also includes training for employees

Criminals will often change tactics – employees are the first line of defence

32


33

Conclusion and Key TakeawaysImportance of Data and cooperation in its mutual exchange

Be creative - There are ways of using existing data effectively withinlegislation

No Silos > Lateral approach > A holistic view in Anti-Financial Crime

Technology is only as smart as those who operate it – Train your personnelto identify emerging risks

The threat is ever changing, empower your colleagues to think freely in their approach to individual threats...

Think like the criminal to stay ahead of the criminal

Thank you

fintech innovation and emerging financial crime typologies:...

Documents