Security

RSAC 2023: How Federal Law Enforcement and Businesses Can Help Foil Financial Fraud

When they work together, businesses and the federal agencies can reduce cybercriminals’ effectiveness and recover the money they steal.

Bob Keaveney

Bob is the managing editor of BizTech magazine.

When was the last time you had a cup of coffee with an agent from your local field office of the FBI or Secret Service?

If you said “never,” you have a new item to add to your to-do list. Speaking this week at the RSA Conference, one of the largest cybersecurity events of the year, which runs through April 27 in San Francisco, Matt O’Neill, deputy special agent in charge of cybersecurity with the U.S. Secret Service, argued that business leaders should be proactive about developing such relationships.

Why? For one thing, he said, they will need the agencies’ help in the wake of a ransomware or other cyberattack, and it’s better to have a pre-existing relationship during a crisis.

“The key is not waiting until you’re hit with an attack to start trying to build those relationships,” O’Neill said. “Identify an agent in your area, Secret Service or FBI, and not just at the general number. You need to know a person, you need to go out and have coffee with them, have dinner with them. If at all possible, get their personal cell number. Because when you’re in the middle of a ransomware attack, you don’t have time to wait until Monday.”

O’Neill spoke with Ron Green, chair of the Secret Service’s Cyber Investigation Advisory Board and chief security officer at MasterCard, about the evolving threats against financial institutions and other companies that manage financial transactions on behalf of consumers.

Click the banner below to receive exclusive industry content when you register as an Insider.

How Federal Law Enforcement Help Businesses In a Cyberattack

They also talked about the role that federal law enforcement plays when it comes to combating cybercrime. While it is best known for protecting presidents and other dignitaries, the Secret Service was founded in the 19th century to combat counterfeiting and was part of the U.S. Treasury Department until 2003. That’s when a post-9/11 government reorganization created the Department of Homeland Security, under which the Secret Service now resides.

The Secret Service does not engage in cyberdefense, O’Neill said, but rather investigates cybercrimes and tries to recover stolen funds.

In the midst of an attack, O’Neill said, it’s a common mistake for businesses to wait too long to contact federal law enforcement, fearing federal law enforcement will take an interest in regulation noncompliance or other missteps that led to the breach.

DIVE DEEPER: How the cybersecurity industry responds to the growing ‘identity crisis’.

That’s not true. “We’re not interested in double-victimizing the victim,” he said. “We’re not going to come in and say, ‘Oh you’re not PCI-compliant.’ Our interest is in helping you, going after the bad guys and taking their ill-gotten gains.”

Delay also often means that the bad guys get away with the loot. While businesses are busy trying to figure who in the organization was responsible for the breach instead of alerting authorities that it happened, criminals are moving the money around and slinking out of sight. After about 72 hours, the government’s recovery rate for stolen funds is about 1 percent, he said, but if they’re alerted within 24 hours or even earlier, they can often recover substantially more.

The hours after an attack is detected “are the Super Bowl of finger-pointing,” he said. “But if you wait until you’ve made that determination to make that contact, a lot of times, the money is long gone.”

Our interest is in helping you, going after the bad guys and taking their ill-gotten gains.”

Matt O’Neill Deputy Special Agent for Cybersecurity, U.S. Secret Service

Emerging Financial Fraud Cyberthreats

Financial services organizations are confronted with a dizzying array of evolving threats, Green and O’Neill said, including many old threats joined by new ones. It’s still common for threat actors to sell personal information about consumers in massive quantities. For example, as part of one investigation, he said, the Secret Service was able to purchase information on 10 million consumers, including Social Security numbers, bank account routing numbers and much more, for just $3,000 on the dark web.

Criminals use the information themselves or sell it to others as part of the growing field of Cybercrime as a Service, in which criminals can purchase kits of materials needed to run their own scams.

Also emerging are so-called global cash-outs, in which criminals use manufactured payment cards encoded with stolen consumer data to steal money from ATMs. Because such operations can be shut down quickly, they are a challenge to scale: The criminals need large numbers of co-conspirators to act simultaneously.

WATCH: Is your institution prepared for quantum computing?

Green said MasterCard’s relationship with the Secret Service helped it be part of an effort to foil a large global cash-out attempt, in which hackers planned to disable cash limitations placed on ATM withdrawals.

“Because the agency was able to share that information with us, before they got all the pictures of money being withdrawn from ATMs and so forth, they were able to just come to us and say, ‘Hey can you guys actually stop that?’” Green said. “And we can.”

Another emerging tactic is SIM swapping, which scammers are increasingly relying on to overcome multifactor authentication protocols. “A lot of folks don’t understand how rampant that is,” O’Neill said.

Keep this page bookmarked for articles and videos from the event, follow us on Twitter @BizTechMagazine and join the event conversation at #RSAC.