Open Source Intelligence Investigation
Fraud and cybercrime in the cybersphere and new economy have become focal points in the context of contemporary information security. This is due in part to technological developments and the increasing dependence of organizations on IT, and also to intensified networking and digitalization. This state of affairs contributes to the fact that we face a marked increase in security incidents, criminal activity, modern and more sophisticated attacks, and more systematic and successful methods of attack.
Today’s attacks – more targeted and individually tailored to their victims – are planned well in advance and carried out in a strategic, organized way. They represent a constant and ubiquitous threat: this customized computer crime – which flourishes as a commodity in the context of professional, organized services, such as _Attack as a Service_– operates on a constant and uninterrupted basis.
The organizations concerned are faced with a daunting challenge and have only limited options in terms of prevention against such attacks (if only due to time constraints, as the application of security patches is often neglected and takes too long). An appropriate and effective system of security measures and checks can enable these organizations to protect themselves from known, potential and probable attacks.
This means that detective and reactive forms of security should gain in importance. They enable companies to react quickly and effectively in the event of an attack and to dampen, mitigate or entirely avoid the damage that would otherwise result to their business.
A second wave of cyber-attacks: In the shadow of the ransomware WannaCry, criminals have infected hundreds of thousands of computers with a discreet but significantly more lucrative bug: Adylkuzz. Although the ransomware WannaCry has gained headlines worldwide, a second computer worm has been spreading nearly unnoticed: Adylkuzz. “This attack is more dangerous than WannaCry because it runs in the background, and many victims don’t realize they have been infected.” It has therefore attracted much less attention than WannaCry.
However, there is a parallel story. While the whole world talks about WannaCry, another worm has been quietly spreading using the same methods: Adylkuzz. This parasite operates discreetly and makes no demands of its host. Instead, it appropriates their computing power to create a different kind of cryptocurrency called Monero.
It should not be forgotten that companies – in the context of fraud, cybercrime and economic crime – are vulnerable not only to external threats in the form of hacking, DDoS, malware, ransomware, e-fraud, etc., but also to the internal threat posed by their employees who are willing to commit economically criminal acts. Changes in values, increasing individualization of employees, declining company loyalty in the face of ever-more demanding employers, complex and specialized products, and complicit networks are all factors that make internal criminality and the urge for personal enrichment more compelling.
Of course, the term “employees” should also be understood to include management, in particular because they are so often the ones guilty of internal fraud. See also: NZZ and KPMG Forensic Fraud Barometer for the last year:
Not surprisingly, when it comes to economic crime, those in leadership roles represent the greatest danger due to their position and freedom to act within the company: in 58% of all cases, management employees were solely responsible for the criminal acts in question; in a further 21% of all cases, management employees were jointly culpable with their subordinates.
In an attempt to explain the increasing incidence of fraud, one could also consider the cybersphere as an additional source of motivation (source: selected excerpts from an interview with the well-known philosopher Peter Sloterdijk in Tagesanzeiger):
These days, personal comparisons on the internet (cf. Facebook, Twitter, Instagram, Snapchat, etc.) have become more virulent when compared directly with the more privileged, and since the internet breaks down any social immunity, those who are less well-off are often consumed by an urge to compete with the better-off. The range of opportunities for advancement may have expanded significantly in modern times, but that is precisely why so many people in today’s society feel as if they are losing out: if there are countless chances, but one has not been able to take them, then this perception of marginalization is magnified (and the motivation to defraud may be greater).
The global financial services sector seems to be particularly affected by internal employee crime. Internal fraud and the corresponding compliance regulations and standards have once again become the subject of heated debate and reinforcement, above all in the heavily regulated financial services sector.
The rules to protect company value – in the context of economic and cyber-criminality, corruption, etc – have multiplied in the last few years, and the trend shows no signs of stopping. At the same time, prosecution and liability are being pursued on a transnational scope, as one can now systematically scrutinize the internal digital lives of organizations and companies.
It has been generally observed that while security is widely valued in a broad array of life’s settings, the available means to ensure that security are often neglected. This is particularly true if one has no experience of the potential risks; the prevention is tied to a certain amount of effort in the form of money, time or a change in habitual behavior. This is recognizable in enterprises that deal with the reality of such threats only when they are actually confronted with novel forms of fraud, even though they may have been warned that the company was vulnerable to such threats.
Due to growing digitalization and automation, criminals have increasingly shifted their focus to IT systems. Vulnerabilities in internal countermeasures are open to abuse by internal or external attackers, often resulting in the theft of significant quantities of data or otherwise used for unauthorized purposes. In addition to the term computer criminality, cybercrime has gained a great deal of significance. The distinction between the two lies in the fact that cyber criminality is seen as criminal activity carried out explicitly with the aid of the internet.
Criteria for the criminality of cyber-activity:
In such cases, it is normally assumed that the act results in an unfair or illegal advantage to the perpetrators.
The original – and still important – duty of the information security representative is their deployment in cases of internal inquiries, inspections, audits, investigations, etc.
The Federal Office of Security in Information Technology (BSI) indicates that a cybercrime investigation – as a responsibility of information security – should consist of:
Methodical data analysis on data carriers and in computer networks for the clarification of suspicion or actual discovery of fraudulent behavior.
In the context of data mining, data matching, data analysis, environment analysis and analysis of internal countermeasures, the following information should be obtained:
The role of the InfoSec representative:
Although cyber criminality is largely the domain of international, geographically decentralized organizations, the costliest known attacks have often involved insiders, as well.
The contribution of internal employees to such attacks typically include:
In order to combat fraud and cybercrime in all its forms, a procedural structure is required. This structure can be divided into the three classical areas of fraud defense: prevention, detection and reaction.
Such activities can often be integrated into existing organizational structures (InfoSec and compliance management are the obvious choices). Existing interfaces can be used to generate synergies. Prerequisites for such integration include:
The following topics should be addressed within the three classical areas of fraud mitigation:
In order to ensure the best protection against fraud and cybercrime, special attention should be paid to the following:
Our experts will get in contact with you!
Our experts will get in contact with you!
Further articles available here