In this week’s Financial Crime Wave, Europol takes down the world’s largest distributed denial of service site, with offered hacking services on the cheap, U.S. regulators feel more pressure from Congress to empower, aid banks on financial crime compliance, easing up on the fine-prone mindset, as agencies levy new anti-money laundering actions, and more.


Europol takes down world’s largest marketplace for selling DDoS kits, responsible for an estimated four million cyberattacks

European authorities arrested the administrators of the DDoS marketplace this week as a result of Operation Power Off, a complex investigation led by the Dutch Police and the UK’s National Crime Agency with the support of Europol and a dozen law enforcement agencies from around the world. The administrators were located in the United Kingdom, Croatia, Canada and Serbia. Further measures were taken against the top users of this marketplace in the Netherlands, Italy, Spain, Croatia, the United Kingdom, Australia, Canada and Hong Kong. The illegal service was shut down and its infrastructure seized in the Netherlands, the US and Germany. was considered the world’s biggest marketplace to hire Distributed Denial of Service (DDoS) services, with over 136 000 registered users and 4 million attacks measured by April 2018. The orchestrated attacks targeted critical online services offered by banks, government institutions and police forces, as well as victims in the gaming industry. It used to be that in order to launch a DDoS attack, one had to be pretty well versed in internet technology. That is no longer the case. With, any registered user could pay a nominal fee using online payment systems or cryptocurrencies to rent out the use of stressers and booters. Fees on offer were as low as EUR 15.00 a month, thus allowing individuals with little to no technical knowledge to launch crippling DDoS attacks, (via Europol).

Cybercrime has soared to a trillion-dollar annual problem, with more criminals turning to online attacks as simple as some might shop online: analysis

Cybercrime, including phishing, ransomware and other online attacks, generates an estimated $1.5 trillion in revenue every year for an array of criminal and nation-state groups, according to a new report released Friday. The research, conducted by Surrey University criminologist Michael McGuire and commissioned by security firm Bromium, reveals that if cyber crime was a country, it would have the 13th highest GDP in the world. According to McGuire’s “conservative estimates”, illicit and illegal online markets generate $860 billion a year, theft of trade secrets generates $500 billion, data trading generates $160 billion, crimeware-as-a-service generates $1.6 billion and ransomware generates $1 billion.

“The findings of Dr. McGuire’s research provide shocking insight into just how widespread and profitable cybercrime has become,” said Bromium’s CEO Gregory Webb. “The platform criminality model is productising malware and making cybercrime as easy as shopping online.” The proceeds of cyber crime, meanwhile, amount to an estimated $80 billion to $200 billion a year, according to previously reported findings of the report, (via the New Statesman).

In wake of ransomware attack that hit city of Atlanta last month requesting $51,000, city has spent more than $2 million

In devastating aftermath of a city-wide ransomware attack, experts debate the thorny issue of to pay or not to pay cyber extortionists – particularly when the requested funds were in the tens of thousands of dollars and after weeks of being put back in the proverbial Stone Age, the current costs tally in the millions of dollars. In short, last month, Atlanta’s city government was hit with a ransomware attack that caused courthouse documents and services like payment processing to become inaccessible. The ransom demand was approximately $51,000 but according to the city’s Department of Procurement, Atlanta has spent much more than that on efforts to rectify the situation. It appears that firms Secureworks and Ernst & Young were paid $650,000 and $600,000, respectively, for emergency services while Edelman was paid $50,000 for crisis communication services.

Overall, the funds seemingly applied to the ransomware attack response add up to approximately $2.7 million. It’s unclear whether Atlanta paid or tried to pay the ransom, but evidence suggests city officials didn’t attempt to or were unsuccessful. The affected services are still not fully up and running and ahead of the ransom deadline, the attackers took down the communication portal that would have been used to pay the fee. The question of whether to pay a ransom or not isn’t always an easy one to answer. Agencies like the FBI typically discourage paying these types of ransoms, with one reason being it might encourage attackers to keep doing what they’re doing. But not everyone agrees with that reasoning, (via Engagdget).

Securities regulator slaps tatters of Yahoo with $35 million penalty related to 2014 data breach

In 2014, Yahoo suffered a breach that exposed the personal data of 500 million users, one of the largest identification information punctures of all time, but they refused to tell anyone and the news didn’t break until late 2016. For failing to disclose the incident and inform anyone affected, the company formerly known as Yahoo! – now Altaba, consisting of the parts that didn’t merge with Verizon to become Oath – has agreed to pay the U.S. Securities Exchange Comission a $35 million fine. Yahoo’s information security team found out that Russian hackers had made off with personal data days after the December 2014 breach. The thieves made off with usernames, email addresses, phone numbers, birthdates, encrypted passwords and security questions, according to the SEC’s order.

Despite having that information, Yahoo’s senior management didn’t properly investigate the incident or disclose it to investors and affected users. In fact, the breach was only made public two years later when the corporation was in the process of closing an acquisition deal with Verizon. But Yahoo wasn’t primarily fined for misleading affected users, however — it’s for the two years of quarterly and annual reports the company filed that didn’t confess the breach or its business and legal implications. Yahoo even hid the incident from auditors and outside counsel that would have told the company whether it was obligated to include the intrusion in its filings to begin with, (via Engadget). To read the SEC order, please click here.


Will Congress, regulators pull back on AML exam toughness, penalties, with an eye toward innovation?

Rep. Blaine Luetkemeyer (R-Mo.) today pledged that “we’re going to work hard to make sure [the S. 2155 regulatory reform measure] gets through” the House “as quickly as possible.” In remarks during the American Bankers Association’s Government Relations Summit, Luetkemeyer noted that while the bill does not offer a wholesale repeal of the Dodd-Frank Act, it will help make “productive changes” to the 2010 law.

In addition to S. 2155, Rep. Blaine Luetkemeyer (R-Mo.) also highlighted a number of other legislative efforts currently ongoing in the house. These include reforming AML rules by streamlining reporting requirements and ensuring that banks can use technology to more efficiently report important information to regulators and law enforcement. He also noted that “we’re getting very close” on introducing legislation that would put in place a national data breach notification standard, (via the ABA).

New Zealand to capture more sectors in updated AML rules, including gatekeepers

Does a new AML regime in New Zealand coming into force in October, which will start capturing accountants, attorneys and other gatekeepers, have a silver lining in the form of a deeper relationship with customers, fostering deeper business and compliance connections? Some say both seemingly dichotomous goals can coexist, (via Nicola Hankinson).

As deadline hits, NYDFS launches online portal for AML/CFT regulation compliance certifications

On April 9, the New York Department of Financial Services (NYDFS) announced the launch of a new online portal that regulated entities may use to securely file certifications required under New York’s risk-based anti-terrorism and anti-money laundering regulation. This regulation took effect January 1, 2017, and regulated entities must file their first certification of compliance by April 16 and annually thereafter.

The regulation requires regulated entities to maintain programs to monitor and filter transactions for potential Bank Secrecy Act/anti-money laundering violations, and ban transactions with sanctioned entities. The announcement states that filing through the online portal is preferred over alternative filing mechanisms. (via Buckley Sandler).


OCC, CFPB hit Wells Fargo with $1 billion penalty tied to putting auto insurance for customers on automatic, mortgage chicanery

The Consumer Financial Protection Bureau, the US government’s top consumer watchdog, and the government’s chief banking regulator, have penalized Wells Fargo with a $1 billion fine on Friday for improperly charging thousands of customers for auto insurance they didn’t need — it’s the agency’s second-largest fine in its history and its first enforcement action since Mick Mulvaney took over as acting director in November.

While Wells Fargo would certainly rather avoid the penalty, it’s not going under because of it, either: The bank is expected to make $3.7 billion from the Republican tax bill this year, which is nearly four times what the CFPB fined them, (via Vox).

OCC, Fed ding individuals, banks on AML compliance

The U.S. Treasury’s Office of the Comptroller of the Currency released a trio of individual enforcement actions and two personal cease-and-desist orders against top officers and a board member of Merchants Bank of California related to past financial crime compliance failings. You can read the individual actions here.

The Federal Reserve last week issued an AML enforcement action against Hua Nan Commercial Bank Limited and Hua Nan Commercial Bank Limited New York Agency for a host of financial crime compliance deficiencies, particularly in the areas of customer risk assessments and suspicious activity monitoring and reporting, continuing a focus by state and federal regulators on Asian banks and their U.S. operations. To read the action, click here.

With upcoming deadline on AML action two months away, Wells Fargo expected to ask for regulatory extension: sources

Wells Fargo is preparing to ask its chief regulator, the U.S. Treasury’s Office of the Comptroller of the Currency for an extension to a deadline to meet an enforcement action related to lax anti-money laundering controls at the bank detailed in a late 2015 enforcement order. The Wall Street Journal, citing people familiar with the matter, reported the bank’s wholesale business, which provides services to large corporations, is having a hard time meeting a consent order from November of 2015. The consent order stems from problems related to how the bank ensures the proper identification documents of new and existing customers. It has a June 30 deadline to meet the consent order. If it fails to meet the deadline, it could be hit with another enforcement action, people familiar with the matter told The Wall Street Journal.  The bank, during the past few months, has been talking to the OCC about meeting the consent order, noted the report.

According to The Wall Street Journal, at the time of the action in November of 2015, Wells Fargo had more than 100,000 customer accounts that had to be verified, while thousands more needed specific work. The latest problems come just a few days after the OCC and the Consumer Financial Protection Bureau slapped a $1 billion fine on Wells Fargo tied to its auto unit, in which the bank was forced last year to apologize for giving 570,000 customers car insurance they didn’t want or ask for. An internal review by Wells Fargo found that around 20,000 customers may have defaulted on their auto loans and lost their vehicles partly because of the cost of the auto insurance that they didn’t request but was tacked on to their loans, (via Pymnts).

Deutsche Bank dealing with internal strife, $35 billion transfer error as it retools financial crime compliance unit

Even as Germany’s largest bank works to bolster financial crime compliance spending and staffing, the beleaguered operation is still roiling amid a weeks-long leadership tussle that claimed the scalps of the chief executive, two of his top lieutenants and tainted its chairman – and now has inadvertently transferred 28 billion euros ($35 billion) to one of its outside accounts, another reputational black eye, Bloomberg News has revealed. While the blunder was quickly reversed and caused no financial harm, it’s a stark reminder of the vulnerability of even the most sophisticated financial firms.

For Deutsche Bank, the mistake comes at a delicate time as the new CEO, Christian Sewing, seeks to convince investors the bank can now return to growth. His predecessor, John Cryan, had already tackled an improvement in controls that had failed the lender in the past. The routine payment that went awry last month was one that Germany’s biggest lender unintentionally sent to an exchange as part of its daily dealings in derivatives, a person familiar with the matter said. Chief Regulatory Officer Sylvie Matherat said in an interview with German media that the bank will bolster its department for compliance, regulatory issues and fighting corruption by another 400 people by year-end, making it 3,000-strong, (via Bloomberg).


Russia using private security forces, secret private aerial corps to ferry forces to Syria, evade sanctions

Private Russian military contractors, an amorphous group that allows boots on the ground against foes while not requiring the same accounting as official soldiers, are being sent on clandestine flights to Syria, an analysis of plane-tracking data reveals.

Moreover, the circuitous trail of documents and opaque and complicated ownership reveals how aircraft from the West end up in the hands of those on U.S. blacklists, a major concern for any banks and corporates involved, (via Reuters).


Brazil’s Odebrecht case, which some have dubbed the largest case of grand graft ever, rumbles on

Take a look at some of the still-rumbling aftershocks related to what the U.S. Department of Justice called “the largest foreign bribery case in history.” After Brazilian multinational Odebrecht admitted guilt in a cash-for-contracts corruption scandal in 12 nations, it vowed to change its ways.

But Brazil’s authorities are still wrestling with an encrypted computer system used to run the firm’s illicit payment system, giving more insight into the knotty and twisted nature of corruption and how far firms will go to hide it, (via the BBC).

Business, data analytics firm Dun & Bradstreet hit with FCPA violation

Dun & Bradstreet Corp. this week to pay more than $9 million to resolve U.S. graft offenses under the Foreign Corrupt Practices Act arising from potentially illicit payments made by two Chinese subsidiaries.

The subsidiaries, according to government investigators, “used third-party agents to make unlawful payments to obtain data vital to Dun & Bradstreet’s business as a provider of business financial information,” the U.S. Securities Exchange Commission, said, (via the FCPA Blog).

A look at how a corrupt political cabal tried to steal $1.5 billion from Angola and how a savvy bank and new U.K. seizure power stopped them

The dramatic events surrounding the fraudulent transfer of hundreds of millions of dollars from Angola to London involving top British banks have the elements of a gripping movie – in this case with major criminal plot being a twist on the “advanced fee” schemes people receive daily in the email inboxes. Think “Nigerian Prince” pilfering, but on a massive industrial scale. There’s news of clandestine meetings, midnight flights on chartered jets, political intrigue and twists, including corrupt politicians and the cops heroically swooping in on the looted cash. It is not, of course, a movie, but a real example of how billions can be looted and laundered from Africa and elsewhere annually through British banks.

This time round, however, British law enforcement moved swiftly, using new powers, and delivered a stunning blow to the fraudsters. In this tale, formerly beleaguered British Bank HSBC plays the hero, not the villain, as it has in the U.S. paying $1.5 billion a few years ago for helping criminals, narco gangs and sanctions evaders launder money. It’s also a huge plus for the UK’s legislative system, showing just how effective the Criminal Finances Act will become in the fight against money laundering and other financial crime — and importantly, that UK agencies will be quick to use it to combat crime and net fraudsters. The Act proved to be a somewhat stunner in the case and helped save the day, (via KYC 360).

Anti-corrupt survey notes improvements in key jurisdictions, but more must be done

In the latest edition of the Jones Day Anti-Corruption Regulation Survey, respondents noted critical improvements in major financial centers, but also stated clearly much more needs to be done in terms of bolstering compliance program effectiveness and using enforcement tools properly to dissuade recalcitrance. In 2017 and 2018 to date, there has continued to be an increasing awareness among multinational companies of the significance of anti-corruption regulations in foreign countries and the potential risks of violating these regulations or of being associated with companies or individuals that have violated such regulations.

A number of countries made significant changes to their anti-corruption regulations in 2017 and 2018 to date, including, among others, Argentina, China, Italy, Mexico, Saudi Arabia, the United Arab Emirates and the United States. Furthermore, since the beginning of 2017, there have been other significant developments in several countries related to anti-corruption, especially with respect to enforcement, such as in Brazil, Hong Kong, Japan, the Philippines, Saudi Arabia and South Africa. Other countries included in this Survey have pursued proposed amendments to anti-corruption regulations, the restructuring of anti-corruption enforcement bodies and enhanced coordination with the anti-corruption authorities of other jurisdictions, (via JD Supra).

Virtual currencies

Vietnam authorities vowing to crack down on crypto scams in wake of more than half a billion-dollar fraud

Vietnamese authorities are following in the footsteps of U.S. and other countries in attempting to better prevent large-scale frauds related to purported virtual currency initial coin offering (ICO) scams, where criminal groups dupe investors into giving money to a product that doesn’t exist – in the latest case with a group garnering more than half a billion dollars. The Vietnamese government has weighed in on a $658 million alleged cryptocurrency scam in the country, with Deputy Prime Minister Vuong Dinh Hue urging six ministries to “quickly consider and tackle” the issue.

The scam apparently entailed fraudulent initial coin offerings (ICO) by a company in Ho Chi Minh City. According to a Bloomberg report, Prime Minister Nguyen Xuan Phuc also reiterated the illegality of Vietnamese financial institutions going anywhere near cryptocurrencies. ICOs are a form of fundraising in which “investors” pay for new virtual coins issued by a company, which will supposedly be useful at some point. In the U.S., the Securities and Exchange Commission (SEC) is busily trying to crack down on scammy ICOs, although it is adamant that not all of the offerings are fraudulent. China has banned ICOs outright, (via Fortune).

NYAG’s office launches inquiry into virtual currency exchanges to gauge compliance, transparency, accountability

The New York Attorney General’s Office (NYAG) has launched a “Virtual Markets Integrity Initiative” to improve the transparency and accountability of major cryptocurrency trading platforms and to better protect virtual currency investors by querying areas including operations, internal controls, use of automated bots, actual assets and anti-money laundering (AML) processes. The AG’s Office has sent letters to 13 virtual currency exchanges so far, including Coinbase, Bitstamp, Binance and others, also attempting to uncover potential conflicts of interest, cyber defenses and ability to withstand or recover for power or data outages.

The questionnaires ask the platforms to disclose information falling within six major topic areas, including (1) Ownership and Control, (2) Basic Operation and Fees, (3) Trading Policies and Procedures, (4) Outages and Other Suspensions of Trading, (5) Internal Controls, and (6) Privacy and Money Laundering. Among other areas of interest, the questionnaires request that platforms describe their approach to combating suspicious trading and market manipulation; their policies on the operation of bots; their limitations on the use of and access to non-public trading information; and the safeguards they have in place to protect customer funds from theft, fraud, and other risks, (via the NYAG).


A look at the history of financial crime through the most notorious, and expensive, frauds of all time

Enron, Cendant, and WorldCom are examples of massive companies torn apart by financial fraud and scandal, but the creativity of fraudsters, large and small, continue to this day. Some are, in fact, fueled by the fervor and froth of new technologies, like virtual currencies and the blockchain. Individuals, not just corrupt corporates, can commit these crimes as well, like a pastor and a self-proclaimed financial planner who recently defrauded 29 mostly elderly people out of $3.4 million, according to an SEC complaint. Other classic cases throughout history include fraudsters trying to sell the Eiffel Tower and the Brooklyn Bridge – and successfully duping people into believing they bought them!

But the time machine also has vital lessons for compliance professionals and everyday consumers, right from the real-life person behind the term “Ponzi scheme,” a phrase used now when someone tells too tall a tale and promises returns that sound too good to be true – and eventually are, much to investors’ chagrin. The lesson: be careful of businesses, and their hucksters, promising the world, because it all could come crashing down, bringing punishment to the criminals, losses to the consumers and even liability for banks if investors feel a lax AML program fostered the fraud, (via Business Insider).

With creative criminals using unassigned social, identification numbers, then disappearing, compliance teams end up chasing ghosts in the machine

A low and slow means of fraud is costing banks hundreds of millions of dollars in losses typified by a frustrating game where investigators are literally chasing shadows in an effort to collect debt from individuals who don’t really exist – think of synthetic identity fraud, but with a twist of letting the crime build to with a slow burn, duping banks into larger loans and losses. Criminals with time, resources, and patience are cashing out after using existing or unassigned Social Security or credit profile numbers (CPNs) to create fraudulent credit profiles and slowly build up credit–and debt–in those accounts. “It’s not a quick form of fraud,” said Ian Gray, cyber intelligence analyst at Flashpoint. “It’s slow and requires a certain amount of work, but if you’re able to build up $15,000 in credit tied to a Social Security number, it will benefit you [as a criminal].”

Noteworthy is recent activity on popular cybercrime forums advertising the availability of ghost profiles, which Gray said could be just a rebranding of a relatively new label given to this type of fraud called synthetic identity theft. Ghost profiles are established using real Social Security numbers, likely belonging to adolescents or elderly people who are less likely to have active credit profiles. It’s unknown how criminals are in possession of the SSNs, especially unassigned numbers created by the Social Security Administration. Synthetic identity theft and the creation or purchase of ghost profiles is a departure for criminals proficient in identity theft, who have for years purchased personally identifiable information stolen in breaches, including payment card data, from Deep & Dark Web (DDW) markets, (via Flashpoint).


AlixPartners looking for insight in new AML survey

Want to get your voice heard and help the rest of the compliance community related to anti-money laundering and sanctions trends, regulatory focal points and vulnerabilities? Then feel free to give your opinion in AlixPartners’ 2018 Global Anti-Money Laundering and Sanctions Compliance survey, (via AlixPartners).

Money laundering

A look at how Chinese gangs are laundering drug money through Vancouver real estate

A growing connection between China and Canada is fostering more dangerous street and prescription pills, fueling an opioid epidemic and creating new challenges for banks to uncover the tainted criminal funds flowing through their institutions. Criminal syndicates controlling chemical factories in China’s booming Guangdong province are shipping narcotics, including fentanyl, to Vancouver, washing the drug sales in British Columbia’s casinos and high-priced real estate, and transferring laundered funds back to Chinese factories to repeat this deadly trade cycle, a Global News investigation shows.

The flow of narcotics and chemical precursors — and a rising death count in western Canada caused by synthetic opioids — is driven by sophisticated organized crime groups known as Triads. The Triads have infiltrated Canada’s economy so deeply that Australia’s intelligence community has coined a new term for innovative methods of drug trafficking and money laundering now occurring in B.C. It is called the “Vancouver Model” of transnational crime. The story features ACFCS strategic advisor, Garry Clement, (via Global News Canada).

Insider abuses

India’s investigations bureau files case against former UCO Bank chairman in scam siphoning nearly $100 million in loans

The Central Bureau of Investigation (CBI) said on Saturday it has filed a case against a former chairman of state-run UCO Bank and several business executives alleging criminal conspiracy that caused a loss of 6.21 billion rupees ($95.17 million).  Police said officials at the bank had colluded with private infrastructure firm Era Engineering Infra Ltd, and investment banking firm Altius Finserve Pvt Ltd, to siphon bank loans.

CBI said in a statement that Arun Kaul, the bank’s chairman between 2010-2015, had helped clear the loan. The case reveals yet another banking fraud in India since February when two jewellery groups were accused of using nearly $2 billion of fraudulent bank guarantees, in what has been dubbed the biggest fraud in India’s banking history. That case put the banking sector under a cloud, with the CBI unearthing a string of other bank frauds since then, (via Reuters).

Mobile threats

Android fibs on phone security

Many top Android phone manufacturers have been caught lying about when the systems on phones are actually updated against pressing security threats, with the phone stating it is “updated” to the latest available patches, when in fact they are not, (via the Hacker News).

Video game laundering

A look at how microtransactions and in-game currencies can be used to launder money

More video games are allowing the real and virtual financial worlds to intersect, with many games allowing gamers to buy in-game currency with real world money – and in some cases allow them to trade the currency and pull it out in another part of the world. When you think of money laundering, it’s easy to picture nail salons, shell corporations, or offshore bank accounts. But as new technologies like cryptocurrency are emerging, so too are new methods for turning ill-gotten gains into taxable income. The most obvious methods aren’t always the best, though. As bitcoin continues to thrive, policy-makers, police, and prosecutors are investing more resources into combating illegal schemes. In response, there is rising suspicion that enterprising criminals are turning to more innovative solutions, such as laundering money using massively multiplayer games.

A good majority of EVE’s players are rightfully convinced that real-money trading—selling in-game currency (ISK) for real money—is a major problem. But others have taken the matter further, claiming that criminals ranging from one-man operations to Russian crime syndicates buy and sell ISK as a way of cleaning dirty money. The issue is also a major deal in simulated virtual world experiments like Entropia Universe, which once sold a virtual space station and other pieces of digital real estate for millions of real world dollars, (via PC Gamer).


Are stodgy, crotchety regulators holding back broader regtech adoption?

Are the U.S. fintech and regtech sectors lagging behind other countries due to old-fashioned regulators resisting change by stubbornly holding on to a system that keeps them employed, in control and with banks fearing their enforcement touch? Some say yes, (via FT).

Corporate Transparency

Can bolstering beneficial ownership globally lower tensions that could lead to war?

Improving U.S. AML defenses, requiring collection, publication of beneficial owners can prevent criminals from gaining power to destabilize regimes we might later have to fight, (via AEI).


Former FCC broadband advisor arrested on $250 million fraud charges, allegedly tricking investors by crafting fictitious contracts

Authorities have arrested a former broadband advisor picked by the Federal Communications Commission (FCC) to push high-speed internet access in rural on multi-million-dollar fraud charges. During her time with Alaska-based fiber optic cable provider Quintillion, former CEO Elizabeth Pierce allegedly raised more than $250 million from investment firms in New York using forged contracts from other companies. By using bogus documents, she convinced other investors that Quintillion had already secured backing from elsewhere, leading them to believe their investment was stronger than it actually was.

It appears that Pierce wanted to raise money to build a fiber optic system that would better connect Alaska with other states in the US. She has been vocal about Alaska’s need for high-speed internet, which is why she was recruited by FCC Chairman Ajit Pai for the Broadband Deployment Advisory Committee (BDAC) in April last year. According to the charges, Pierce’s alleged crimes spanned from May 2015 to July 2017. She abruptly left Quintillion just one month later, and the BDAC a month after that. Pierce was formerly charged on Thursday and if found guilty could be sentenced to a maximum of 20 years in prison, (via Engadget).


Non-profit educational group creates blockchain playbook to help governments embrace tech, cut through hype

ACT-IAC, a non-profit educational group that strives to help governments better utilize technology, has taken a first stab at crafting a roadmap and how-to manual designed to help practitioners better understand the technology’s potential, cut through hype and jargon and ultimately deliver better value for taxpayers with the unveiling of its first-ever Blockchain Playbook for the federal government earlier this month. The white paper builds off the Modernization, Migration and Management shared services framework employed by the General Services Administration, which is used to guide agencies toward successful outcomes and reduced risk when pursuing technology upgrades.

Developed by a broad team of agency technologists and outside experts and building off of the Blockchain Primer, released by ACT-IAC last fall to demonstrate the public sector pertinent capabilities that blockchain offers, the playbook seeks to serve as a guide rail for agencies curious about exploring and potentially deploying distributed ledgers in a calculated way. The playbook offers a five-stage roadmap for navigating blockchain’s unique potential benefits and pitfalls within an agency context, including an initial assessment, gauging organizational readiness and how to select the best technology, (via Forbes).

National Security

Russia spying could be happening in everyday routers

US and UK warn that Russia has been hacking routers worldwide, as intelligence agencies fear that the campaign had been going on for months, just the latest update in a relationship between Russia and nearly all of the rest of the civilized world growing more acrimonious each day, (via Engadget). The U.K. is also preparing for retaliatory cyberattacks from Russia after the joint missile strike in Syria, (via Engadget).

Technology firms

Tech firms unite to fight rising cyber scourge

Nearly three dozen major tech companies are uniting to fight the rising scourge of global criminal, nation-state, and hacktivist cyberattacks, with a roster of big names, including Dell, Facebook, HP and Microsoft, a group creating accountability for stronger defenses by signing the “Cybersecurity Tech Accord,”  (via Engadget).


Sanctions reactions take hold in Russia, with billions on the line

Russia’s ruble, Rusal, Sberbank take hits as US sanctions bite, targeting officials and businesspeople around President Vladimir Putin in an aggressive response to alleged Russian meddling in the 2016 U.S. election. The impact of the new measures could threaten Russia’s fragile economic recovery, which was only just beginning to take hold after a wave of sanctions against Russia introduced in response to its annexation of Crimea in 2014, (via Reuters).

Investor lawsuits

Foreign bank dodges investor suit tied to faulty AML controls

A federal appeals court has declined to revive a proposed class action brought by investors accusing Deutsche Bank of concealing weaknesses in its anti-money-laundering controls that allowed its Moscow traders to launder $10 billion out of Russia. In a decision on Friday, a three-judge panel of the 2nd U.S. Circuit Court of Appeals said the investors failed to show that the bank intentionally deceived shareholders about its controls or recklessly ignored signs of suspicious trading in Moscow, (via Reuters).

Lawsuit tied to massive fraud, insider abuse at bank inches forward

A lawsuit alleging the theft of €8 billion by Woori Bank, specifically accusing former chief executive Lee Kwang-Goo as the ringleader and with Deutsche Bank allegedly confirming the plaintiff’s position, is working its way through the legal systems of South Korea and the United States, (via Euromoney).


Hacker group breaches casino through its internet-connected fish tank thermometer

A story about a hacking group truly using a fish tank to go phishing is making corporates rethink their cyber risks. Internet-connected technology, also known as the Internet of Things (IoT), is now part of daily life, with smart assistants like Siri and Alexa to cars, watches, toasters, fridges, thermostats, lights, and the list goes on and on. But of much greater concern, enterprises are unable to secure each and every device on their network, giving cybercriminals hold on their network hostage with just one insecure device. Nicole Eagan, the CEO of cybersecurity company Darktrace, told attendees at an event in London on Thursday how cybercriminals hacked an unnamed casino through its Internet-connected thermometer in an aquarium in the lobby of the casino.

According to what Eagan claimed, the hackers exploited a vulnerability in the thermostat to get a foothold in the network. Once there, they managed to access the high-roller database of gamblers and “then pulled it back across the network, out the thermostat, and up to the cloud.” Although Eagan did not disclose the identity of the casino, the incident she was sharing could be of last year, when Darktrace published a report [PDF], referencing to a thermometer hack of this sort on an unnamed casino based in North America, (via The Hacker News).


Latvia scrambles to clean money laundering taint from ‘financial center’

Eurozone member Latvia is scrambling to reform its banking sector after US authorities accused its third largest lender of large-scale money laundering with connections to North Korea’s nuclear weapons development program, with regulators penalizing some banks and shutting down others. Desperate to restore credibility, Riga is eliminating deposits in US dollars, cracking down on dealings with shell companies that may be used to facilitate money laundering and setting limits on the number of non-resident depositors that banks can serve.

The dream of the Baltic state of 1.9 million people to become a regional financial hub is quickly turning into a nightmare after authorities shrugged off repeated calls by international organizations such as the IMF and OECD that it needed to tighten banking regulations to prevent it being used for money laundering by foreign clients, the vast majority of which hailed from Russia and other countries from the former Soviet Union. The US allegations against ABLV Bank were a rude wakeup call that has stirred the nation’s authorities into curbing the practices which landed the bank, Latvia’s third largest bank despite having few local clients, in trouble and prompted its liquidation in February, (via Economy Next).

Domestic policy

Does the United States need a Department of Cybersecurity?

Recent sanctions are unlikely to change the behavior of the Putin administration, whose country has been directly linked to meddling in U.S. elections. Along with the Russians, the Chinese, North Koreans, Iranians and newly derived nation states use cyber techniques on a daily basis to further their efforts to gain advantage on the geopolitical stage. In March of this year, the US Cyber Command released  a vision paper called “Achieve and Maintain Cyberspace Superiority.”  What is needed, though,  is a sixteenth branch of the Executive — a Department of Cybersecurity — that  would assemble the country’s best talent and resources to operate under a single umbrella and a single coherent policy.

By uniting our cyber efforts, we would make the best use of limited resources and ensure seamless communications across all elements dealing in cyberspace. The department would act on behalf of the government and the private sector to protect against cyberthreats and, when needed, go on offense. As with physical defense, sometimes that means diplomacy or sanctions, and sometimes it means executing missions to cripple an enemy’s cyber operations. We have the technological capabilities, we have the talent, we know what to do — but unless all of this firepower is unified and aimed at the enemy, we might as well have nothing, (via Tech Crunch).


Judge hits serial embezzler with five-year prison term on $7 million spree

A judge has sentenced the former chief financial officer of a U.S. customs broker and international freight forwarder to five years in prison for embezzling nearly $7 million from his employer over an eight-year period, chiefly funneling the money to himself to buy lavish luxuries and a beach house, (via AP).