Embed Size (px)
Citation preview
“An Insider’s Guide: Investigations in the Dark New Digital Age”Don Aviv (PCI, CPP, PSP)
President - Interfor International
LEADERS IN CORPORATE INTELLIGENCE SINCE 1979
Interfor International is a global investigations and security consulting firm offering comprehensive intelligence services to the legal, corporate and financial communities across Asia, the Americas, Europe, Australia and Africa.
• Interfor’s investigations provide comprehensive background information about new business relationships, prospective partners in mergers and acquisitions, venture capital investments and much more.
Due Diligence
• From breach of contract to price fixing cases, we conduct all aspects of the litigation process- including pre-trial intelligence gathering, discovery, trial preparation, international asset search & cross border, and witness location.
Litigation Support
• Specializing in asset investigations for law firms, corporations, family offices, banks and bankruptcy trustees, Interfor has developed unique techniques to identify, trace, freeze and recover hidden assets.
Asset Search & Recovery
• To keep our clients’ personnel, assets, intellectual property and trade secrets safe, Interfor offers a full range of physical & cyber security and threat management consulting services.
Physical & Cyber Security
1. Who is the Modern Fraudster?
2. Trends in Global Investigations
3. Internal Hacking and Asymmetric Cyber Warfare
4. Investigations Powered by Social Media Research
5. Preventing Fraud against Corporations
Who is the Modern Fraudster?
• Corporate Insiders◦ Disgruntled Employees
◦ Desperation
• Lone Wolf ◦ Criminals
• Hacktivists
• Criminal Networks
• Nation States
• Terrorist Groups
How do they do it?
• Tech-savvy
• Social Engineering
•Acts remotely
•Utilizes Offshore Banking
• Travel-heavy Lifestyle
•Utilizes Cryptocurrencies
• A conservative estimate of 3.6 terabytes of data have been stole to date
• Last year, experts identified over 600 million lines of malicious code circulating in cyberspace
• In nearly 90% of cases, hackers rely on computer bugs that have existed since 2002
• Law Firms: Since 2012, 9 major law firms have been hacked. 64 mid-sized law firms have been hacked as well.
• Creativity & exploitation of human weaknesses
Tools of the Cyber Criminal
How are they targeting YOU?
• $$$
• Theft of Trade Secrets/IP
o Dark Web Market
• Kompromat – Cyber Extortion
• Mischief
• Social Engineering (direct & remote)
• Extortion
• Malware & Ransomware
• Targeted Hacks (spear phishing/social engineering)
• Scams such as CEO Spoofs (dragnet approach)
• Insider Breach: Accidental or Malicious?
Tools of the Cyber Criminal
What Methods?
Why?
The Rise of Cyber Warfare
Targeted Attacks vs. Dragnets• CEO Phishing • Private Equity Scams
Cyber Extortion & Bitcoins• Bitcoins, TOR and
anonymous email
Trends in Asset Investigations
Modern Fraud & Cross-Border Investigations
• Step 1: Find the Fraudster• Lifestyle (Family, Friends, other Victims)• Corporate Holdings and Affiliations• Income• Property Holdings• Banking Relationships
Trends in Asset Investigations
Hunting Tools: Reverse Social Engineering
Social Media Investigations
Social Media Investigations
Social Media Investigations
Cyber Fraud: CEO Spearphishing
Cyber Threat Case Studies
KEY ELEMENTS OF ADVANCED DUE DILIGENCE
How to assess trustworthiness, reputation and morality – where possible & practical
• Identifiers• Suspected Red Flags• Corporate Affiliations, Interrelationships• Criminal Record, Sanctions Lists• Litigation, Judgments, Liens, Bankruptcy• Financial Profile• Company: Ultimate Principals
The Rise of Tech-driven Investigations & Artificial Intelligence
Cheap and Fast – Big Data• Automated web crawling and
learning - Aggregators• Technology-enabled red-flagging
of issues• Good for repetitive screening of
public sources
Problems• Lack of true analysis• False positives and negatives• Fraudsters know how to create
fake data & impersonate others• Omits non-public sources• Commonality of names, erroneous
underlying data
The Case for Human Intelligence
Investigation as a Craft: Art & Science• Stolen Identity: Singapore Case Study
Local Knowledge and Relationships - CRITICAL
Deep Dive Analyses• Assessments of key players • Interviews with neighbors, friends• Reputation inquiries with business associates, former
secretaries, disgruntled employees
The Future of Due Diligence: Intelligence CyborgsIntegrate AI into the Intelligence Value Chain
• AI alone is like a self-driving car• Process Automation complemented by Hand Searches• Old School Methods and Curious Minds supported by powerful Technology
Will AI Kill Classic Investigations?• Investigations are judged on what they MISS• AI cannot assess character and reputation of business partners, potential
investees and debtors • Technology cannot replace boots on the ground
Vulnerabilities of Your Company
Weak Cyber Protections
No Detection or Early Warning
Systems
Excessive Amounts of Unsecured
Mobile Devices
Insider Threats from Disgruntled
Employees
No Data Security Plan to Avoid Fraud
Preventing Fraud Attacks
• Conduct a comprehensive asset inventory
• Conduct ongoing risk assessments
• Engage senior management
• Make security part of workplace culture
• Constantly test security policies and procedures
Frequent password updates
Simple Steps
https://haveibeenpwned.com
Double verification for wire requests
NO PUBLIC WIFI!!!!!
Vulnerability tests – Red teaming
Clean devices for travel to high cyber-risk locations (China, Russia, Israel, India … US?)
Thank you for attending!
Questions?
