The Cyber Financial (CyFin) Program was established in 2007 to disrupt cyber threats to the financial services industry, specifically spam-driven securities fraud and money laundering. We continue to collaborate with the brokerage sector in addition to the banking, insurance, and payments sectors and the travel services industry. We focus on threats which use technical means, such as botnets, malware, phishing and social engineering, to achieve economic and/or strategic gain. These incidents often involve account intrusions, ATM and point-of-sale (POS) intrusions, fraud, human trafficking, identity theft, illicit travel, money laundering and, at times, attacks on financial infrastructure and terrorist financing. Our team of experienced intelligence analysts uses diverse skills, such as complex link analysis and strategic foreign languages, to disseminate intelligence on these threats. This intelligence has enabled industries to prevent billions of dollars in economic loss, and it has assisted law enforcement in the disruption of major cyber threats.
CYFIN HAS FOUR MAIN LINES OF EFFORT:
The ATM and Point-of-Sale (POS) initiative enables financial institutions, merchants, and law enforcement to mitigate, prevent, and disrupt the theft of card data. We have an effort in which issuers share information on locations from which card data is stolen so that acquirers, issuers, networks, merchants, and law enforcement can detect and remediate breaches much earlier and reduce economic loss. This information has enabled financial institutions, merchants, and law enforcement to confirm some of the largest breaches. The NCFTA issues intelligence reports on a weekly and annual basis. We also collect and analyze information from financial institutions and local, state, and federal law enforcement on incidents which involve the use of skimmers and enable them to collaborate on cases which involve the same suspects.
The Banking, Brokerage, and Insurance Initiative enables financial institutions to mitigate, prevent, and disrupt account intrusions, bank fraud, identity theft, securities fraud, and money laundering. In 2007, we established the Program to address spam-driven securities fraud and money laundering. We continue to do so and have efforts to specifically address the intrusion and misuse of business email accounts (i.e. business email compromise), the use of false and stolen identities to bust out credit (i.e. synthetic identity fraud), real-time payments. We use critical foreign languages and complex link analysis to build intelligence on robust services which launder funds for organized cybercrime groups in Asia Pacific (APAC), Central and Eastern Europe (CEE), and West Africa. We also address criminal and state-affiliated threats to the infrastructure of the financial services industry. The NCFTA issues intelligence reports and hosts webinars and working groups to focus on these topics on a regular basis.
The Human Trafficking Initiative enables airlines, financial institutions, and law enforcement to mitigate, prevent, and disrupt transactions and travel related to human trafficking. The NCFTA issues intelligence reports on an ad hoc and quarterly basis.
The Travel Fraud Initiative enables airlines, other travel services, and law enforcement to mitigate, prevent, and disrupt actors who use stolen cards or points to buy tickets to travel. The NCFTA has collaborated with the European Cybercrime Centre (EC3) and Europol in the Global Airline Action Day to do so on a global scale. The NCFTA also has a channel through which such intelligence is shared on a daily basis.
- Law enforcement arrested three Ukrainian members of FIN7, which is a group which has used malware to steal card data from major hotels and restaurants. Our intelligence analysts disseminated intelligence on this group to industry and law enforcement. The US Department of Justice said, “The indictments are the result of an investigation conducted by the Seattle Cyber Task Force of the FBI and the U.S. Attorney’s Office for the Western District of Washington, with the assistance of the Justice Department’s Computer Crime and Intellectual Property Section and Office of International Affairs, the National Cyber-Forensics and Training Alliance, numerous computer security firms and financial institutions, FBI offices across the nation and globe, as well as numerous international agencies.”
- A US District Court sentenced a Russian national to 70 months in federal prison and ordered him to pay more than $4.1 million in restitution for breaching two companies and debit card fraud. Our intelligence analysts and financial institutions which are our members disseminated on this actor to assist law enforcement in this effort.
- Law enforcement arrested 76 individuals who were involved in business email compromise (BEC), seized $2.4 million, and recovered $14 million. Our intelligence analysts and financial institutions which are our members disseminated on this actor to assist law enforcement in this effort. The US Department of Justice said, “Multiple private sector partners were also instrumental throughout this investigation, including…the National Cyber-Forensics and Training Alliance (NCFTA).”