Home Cyber Crime
Money attracts crime, it has since ancient times and always will.
Financial crimes aren’t going to go away. Financial crimes seem to have found a new avenue to ill-gotten gains , through the use of the internet and computers, commonly called cyber crime.
The 2018 World Economic Forum at its annual general meeting noted that Fraud and financial crime was a US trillion-dollar industry. No one would doubt that its much bigger now.
A cyber crime is a criminal activity that involves the use of a computer, computer network, or other digital device to commit an illegal act.
Cybercrime can take many forms, including computer intrusions, online fraud, identity theft, and denial-of-service attacks. Cyber criminals often use malware, phishing, and other techniques to gain unauthorized access to sensitive information or to disrupt computer systems.
In Australia, cyber crime is defined as crimes directed at computers or other information communications technologies (ICTs), such as computer intrusions and denial of service attacks, or crimes where computers or ICTs are an integral part of an offense, such as online fraud.
How does cyber crime get into your company and your computer network?
Once your business is connected to the internet, you have opened the front door to cybercrime and given fraudsters , forgers, money launderers and others the means to perpetrate a crime against your business, its employees, its service providers or its clients.
Most people think that access to your computer network by criminals is through weak passwords, not keeping your software up to date, opening links provided in emails and similar. These are true.
But there are other ways in to your network. For example, an employee might provide access to the bad guys. Why would they do that? Consider the following example which is based on a real event in Victoria.
The criminals obtain a list of people working in financial services businesses. For example, investment managers / advisers. (Artificial Intelligence might scan LinkedIn, a industry conference, a industry membership database or break into a media subscription service.
Then they contact local investment industry employees offering free Friday night drinks at a night club for say, 3 hours.
Investment industry people turn up but to enter, they have to have there vehicle licence scanned (supposedly for safety / security reasons).
Then, some will be photographed in comprising positions with other people.
Now the criminals have comprising photos / videos, and your home address, they can blackmail your employee to providing access to your computer network and your clients and service providers (e.g. custodians). Who wants their partner to see them ‘playing-up’ or worse having sex with a stranger?
Or their children, parents and siblings to lean of the same (which they eventually will).
The rapid development of artificial intelligence has lead to its use by criminals to committee financial crimes.
Many people are familiar with the terms malware, ransomware, spyware, adware, Trojan viruses, phishing and denial of service attacks.
Cyber criminals are increasing using artificial intelligence to commit crimes. These are just some of the ways Cyber criminals are using artificial intelligence.
A. MORE CONVINCING PHILHING EMAILS
Artificial intelligence programs like Googles Bard can be used to write more believable messages to send to potential victims.
It was estimated by Security Magazine in 2019, that more than three billion fake emails are sent worldwide every day. If cyber criminals are able to improve their message, more victims will be convinced that they are legitimate.
B. AUTOMATED INTERACTIONS
These days, your first contact with large businesses like banks and insurance companies and government bodies like, the ATO is likely to be with artificial intelligence, before you get to speak to a human.
These days, your first contact with large businesses like banks and insurance companies and government bodies like, the ATO is likely to be with artificial intelligence, before you get to speak to a human.
Criminals can use the same tools to create automated interactions with large numbers of potential victims, at a scale not possible if it were just carried out by humans. They can impersonate legitimate services and clients over the phone and on email, in an attempt to elicit information that would allow them to steal property. For example, every time you use a voice assisted program like Apple Siri, your voice is being recorded and sent to a Apple database so that Apply can send you more targeted advertisements or news articles.
Other voice assistant programs include, Cortana ( a Microsoft program), DataBot, Talk for Me and Braina (short for artificial brain).
If a cyber criminal can get access to a person’s voice, they can produce a convincing deepfake, which could be used to direct your employee to do something like transfer a client’s money. The voice doesn’t have to be the client’s. It could be the client’s legal representative, the client’s accountant, lawyer, service provider like a custodian.
C. DEEPFAKES
Artificial intelligence can be used to create what known as a deepfake of a person. (Deep refers to a convincing / believable replica of a person’s voice, handwriting style, signature and face.
Deepfake technology in audio and video can be very convincing. For instance, a deepfake act called deepfake act called Metaphysic, recently demonstrated the technology’s potential when they unveiled a video of the judges on America’s got talent sing opera. It was very very convincing. It is available on YouTube.
A lot of cyber criminals won’t go to such lengths to create a deepfake. But the ability to use Artificial Intelligence to mimic the way a person would respond to texts, write emails, leave voice notes or make phone calls is freely available using Artificial Intelligence. So is the data to train it, which, for example, can be gathered from videos on social media.
From the point of view of your financial services business to first risk is that criminal convinces you or are staff member, that they are a client or represent one and trick you or an employee into participating in a crime.
The second risk is that a criminal creates a deepfake of you. This deepfake can be exploited to interact with friends and family, convincing them to hand criminals information on you. Gaining a better insight into your life makes it easier to guess passwords or pins
The criminal convinces a staff member, that they are you (by email or telephone) and they are tricked into participating in a crime.
D. BRUTE FORCING
Artificial intelligence help cyber criminals execute another criminal technique called “brute forcing”. This is where many combinations of characters and symbols are tried in turn to see if they match your passwords. These combinations of possible passwords are run at thousands per minute.
A simple password like “Iloveyou”, will take few seconds to discover by Artificial Intelligence software. Complex password like, i3l5o1vU&7*$#W12Fg, might take a month or so to discover, quicker if the criminals discover you have two different passwords, or variations or the same one. For example, Iloveyou and iloveYOU12.
That’s why long, complex passwords are safer; they are harder to guess by this method.
ASIC have publicly announced that they will be conducting surveillance of AFSL holders on how they protect AFSL holders from cybercrime.
Policies that include cover for cybercrime and other financial crimes are becoming harder to find and like almost all insurances. Having strong policies and procedures that reduce the risk of cybercrime on your business could help you obtain cover.
Many service providers to AFSL holders are scrutinising holders’ policies and procedures for weaknesses. This is because they don’t want their business and other clients to be subject to a cyber attack made through your business.
Some may not want to deal with your firm if they believe that your policies and procedures are not up to the appropriate standard. For instance, if an institutional superannuation fund requires you to use their custodian and that custodian sees unacceptable risk to them in engaging with your firm, you will lose that client.
We can assist you on many levels to protect your business from cyber-attack and other financial crimes such as fraud.
After we understand your business, we can act as the hub in meshing together policies and procedures that include the beneficial use of artificial intelligence while protection against cyber criminals.
As we have written in other parts of this website, artificial intelligence is a tsunami of rapid change that is already changing the way financial services businesses operate.
One of our advantages is we have created financial service companies from scratch and made them successful. That means creating over 300 policies, procedures and registers that work within an environment like yours.
The replacement of jobs with artificial intelligence and defending against cyber attack will change job descriptions and existing policies and procedures. Because we understand the inner workings of businesses like yours, we are better able to make necessary adjustments that will work efficiently. Other consultants simply can’t.