In this week’s Financial Crime Wave, criminals look to be impersonating authors on Amazon to make dirty money look clean and monetize stolen credit card data, a look at a record $2 billion bank fraud in India involving a celebrity jeweler, U.S. authorities double down on cyber defense, attack strategies, and more.
Are criminals impersonating authors on Amazon to cleanse illicit funds, monetize stolen credit card data?
One Amazon author of books related to the commodities space noticed some oddities in his account after seeing books on the site in his name selling for more than $500 – that he never wrote, and getting stuck with a potential tax bill for the tome flying off virtual shelves to the tune of tens of thousands of dollars. Patrick Reames had no idea why Amazon.com sent him a 1099 form saying he’d made almost $24,000 selling books via Createspace, the company’s on-demand publishing arm. That is, until he searched the site for his name and discovered someone has been using it to peddle a $555 book that’s full of nothing but gibberish.
Reames is a credited author, although none of them made anywhere near the amount Amazon is reporting to the Internal Revenue Service. Nor does he have a personal account with Createspace. But that didn’t stop someone from publishing a “novel” under his name. That word is in quotations because the publication appears to be little more than computer-generated text, almost like the gibberish one might find in a spam email. Reames said he suspects someone has been buying the book using stolen credit and/or debit cards, and pocketing the 60 percent that Amazon gives to authors, (via KrebsonSecurity).
Regulator probing Swiss banks on AML related to $1 billion Venezuelan corruption investigation
Swiss financial watchdog, the Financial Industry Markets Association (Finma), said on Wednesday it is investigating several Swiss banks over whether they followed anti-money laundering rules amid a widening $1 billion graft probe involving Venezuela’s state oil company. A U.S. federal indictment this month accused five former Venezuelan officials of soliciting bribes to help vendors win favorable treatment from Petroleos de Venezuela (PDVSA) and stashing the money in banks, including in Switzerland.
While Finma did not name the banks under scrutiny. A 2015 U.S. indictment in the case said several accounts with Credit Suisse in Switzerland were subject to forfeiture. The regulator has been cracking down on Swiss banks’ links to corruption in South America. This month it forced private bank PKB to turn over 1.3 million Swiss francs ($1.39 million) in ill-gotten gains from business linked to Brazilian groups Petrobras and Odebrecht, part of proceedings against more than a dozen Swiss banks, (via Reuters).
A look at North Korea’s growing criminal cyberattack strategies: targets, tactics and what they do with the money
North Korea has been stepping up its cyber incursions in recent years for many reasons, including stealing proprietary technology to fuel nuclear goals, get intelligence on enemies and, similar to most other criminal syndicates, also just to get money – a critical resource for the heavily sanctioned, rogue and recalcitrant regime. The countries posing the greatest cyberthreats to the United States are Russia, China, Iran and North Korea. Like its counterparts, Kim Jong Un’s regime engages in substantial cyber espionage. And like Russia and Iran, it launches damaging cyberattacks that wipe data from computer disks and shut down online services. But the North Korean cyberthreat is different in two ways. First, the regime’s online power did not grow out of groups of independent hackers. Even today, it seems unlikely the country has hackers who operate independent of the government.
Second, North Korea’s cybercrime efforts – all seemingly state-sponsored – steal money that is then used to fund its cash-strapped government. One reason for North Korea’s apparent lack of independent hackers is that most North Koreans do not have internet access. North Korea’s cyber warriors work primarily for the General Bureau of Reconnaissance or the General Staff Department of the Korean People’s Army. By 2015, the South Korean military estimated the KPA employed up to 6,000 cyber warfare experts. North Korean hackers operate from facilities in China and other foreign countries where their government sends or permits them to work, (via GovTech).
DOJ to create new cyber task force to counter growing real world, virtual threats
The U.S. Department of Justice (DOJ) at the request of Attorney General Jeff Sessions, will create a “Cyber-Digital Task Force,” which will analyze the many ways that the Department is fighting the growing global cyber threat, and will also identify how federal law enforcement can more effectively detect and prevent large scale attacks by organized criminal and terror groups, rogue nation states and low-level opportunists. The decision comes as 2017 experienced record data breaches, ransomware and business email compromise attacks. The Task Force will be responsible for issuing a report to the Attorney General by the end of June.
The Attorney General has asked the Task Force to prioritize its study of efforts to interfere with our elections; efforts to interfere with our critical infrastructure; the use of the Internet to spread violent ideologies and to recruit followers; the mass theft of corporate, governmental, and private information; the use of technology to avoid or frustrate law enforcement; and the mass exploitation of computers and other digital devices to attack American citizens and businesses. However, the scope of the Task Force’s report is not limited to these categories and will involve multiple government agencies related to the county’s national security, (via DOJ).
For corporates battling cyber, stronger together
Siemens and eight partner companies signed a joint charter at the Munich Security Conference that calls for greater cybersecurity, (via DotMed).
In U.S. government, cyber safety needs to improve
U.S. GAO urges government agencies to strengthen cyber defenses, including better gauging how units are adopting digital hygiene standards, (via HPN).
Staggering true costs of U.S. cyber incursions
Cyberattacks cost the U.S. anywhere from $57 billion to $109 billion, including entities with malicious intent based in Russia, China, Iran and North Korea. (via Pymnts).
U.S. arrests virtual currency exec
Homeland Security has arrested the chief executive of Bitcoin Inc., a company not the currency, for a virtual currency transaction from 2016, charging him with violating money laundering laws, (via The Merkle).
How crypto exacerbates alphabet soup of crime
An analysis of the convergence of crypto coins, TNOCs, TBML, and more, (via Coin Telegraph).
With sanctions, corruption and mismanagement crippling Venezuela’s economy, country creates crypto currency
Venezuela, as some pundits say the country is on the brink of collapse, has officially launched an energy-backed cryptocurrency in a bid to inject some life into the region, which has seen its official currency, the bolivar, become nearly worthless in less than a year. Venezuela’s government on Tuesday launched the world’s first sovereign cryptocurrency, the petro, to help its collapsing economy. Presale began with one token going for $60. The government is trying to sell $2.3 billion worth. Some investors say it’s innovative, though, and could draw investment from Middle East, Europe and Asia.
But many economists argue that the petro won’t solve Venezuela’s many problems, including food shortages, plummeting oil production and a mass exodus. It’s unclear how much demand the petro will draw. The U.S. Treasury Department warned in January that investors who buy the cryptocurrency “may be exposed to U.S. sanctions risk.” In August, the Trump administration hit the Maduro regime with financial sanctions that prevent any bondholders with business in the United States from buying new Venezuelan government bonds, (via CNN).
Thai authorities take hardline on crypto coins
Thailand bans banks from handling, transacting with crypto currencies, (via VNA).
Should banks jump into gun control fray?
A look at how banks potentially could control guns sales if Washington does not, an analysis of solutions in the wake of the mass shooting at a high school in South Florida, (via the New York Times).
As tax season heats up, new scams abound
IRS is warning filers of a new scam by fraudsters involving illicit groups filing false, overinflated tax returns on behalf of individuals, then calling them up and acting as federal agents to pressure them to return some or all of the money, accusing the victim of filing a fraudulent return, (via NBC).
Fraudsters impersonate regulators to scam traders
Finra warning investors to watch for new wrinkle as scammers attempt to impersonate regulators while making fraudulent investment pitches, (via Finra).
More focus on data, culture of control in 2018: EY
A strong focus on governance, data quality and analytics and instituting a true “culture of compliance” are some of the key issues regulators will be giving extra attention, according to Ernst & Young in the firm’s “2018 Global Regulatory Outlook,” (via EY).
Nearly $2 billion bank fraud tied to billionaire celebrity jeweler called ‘largest’ in India’s history
In recent revelations by Punjab National Bank executives and government investigators, they have uncovered that a lone middle-aged manager, later aided by his young subordinate, engineered fraudulent transactions totaling about $1.8 billion from 2011 to 2017. The bank says it is still investigating how they were able to do so and go undetected for so long. The accounts given by current and former executives suggest an answer as simple as it is alarming: no one was paying attention.
The still unraveling story of how the fraud happened – which includes the alleged misuse of the SWIFT interbank messaging system and incomplete ledger entries – points to a breakdown in checks and balances, and standard banking practices, they said. The apparent failure of anyone to notice the largest fraud in Indian banking history until this January reveals a “rot” in the state financial sector that goes beyond one lender, (via Reuters).
Quick primer on the PNB fraud
Everything you wanted and needed to know about the $1.8 billion PNB-Nirav Modi fraud, what some are calling India’s largest ever bank fraud, (via Quartz).
Risks, rewards of debunking de-risking in hearing
Congress tackles drivers of “de-risking,” looks at how banks can better manage risks to keep businesses, products and jurisdictions in the formal banking system, so as to not lose potential AML intelligence streams, (via Congress).
U.K. hits casino with hefty AML penalty
United Kingdom casino regulator hits William Hill with multi-million dollar AML penalty, (via the Guardian).
Is pro-business Trump now pro-AML as well?
In more than $600 million penalty against U.S. Bank, Trump Administration reveals they will not go softly on enforcement when banks flout AML rules, (via The Examiner).