CONTINUE TO SITE »
or wait 15 seconds

Article

Casing out financial cyber crime: A federal agent's point of view

At BAI Retail Delivery, FBI Special Agent Patrick Geahan described five types of cyber attacks and one mistake that can cost an organization millions.

November 20, 2014 by Suzanne Cluckey — Owner, Suzanne Cluckey Communications

The last session on the last day of an industry conference is not a presenter's dream time slot. But if you happen to be an FBI agent with expertise in cybersecurity speaking at a banking conference, you'll probably draw a larger-than-usual crowd. And your audience will be very, very interested in what you have to say.

This was the case at BAI Retail Delivery, where FBI Special Agent Patrick Geahan shared intelligence on the evolving cybersecurity landscape and emerging threats, and preemptive measures organizations can take to stop cyberthieves.

Three tenets of information security

Geahan began by identifying the three tenets of information security, i.e., the things an information security professional must keep in mind when planning a security strategy.

Confidentiality. This applies to both the data an organization holds and the data it has access to, which today increasingly includes that of a partner companies.

"When I left the private sector 10 years ago, it was unheard of — or at least exceedingly rare — for two companies to give each other network-based access to each other's infrastructure," Geahan said. "When we used to stand up joint ventures ... they had their own computers, they had their own networks, they had their own data.

But today, Geahan said, companies simply use the increasing bandwidth available to set up a "network tunnel" to share information, which is certainly a faster and more convenient means to share information — but it's also the means for cybercriminals to gain access to that information, as well.

"What that means for you folks is that your weakest security link isn't necessarily in your building or in your infrastructure. It might be someone that's connected to you," Geahan said.

The best example of this is the recent Target hack, which occurred not within that company's system, but within that of a heating contractor that had a VPN connection to the Target network.

Integrity. This applies to information on the disk or thumb drive, in transit, and at the physical plant.

Geahan said that in banking, cyberthieves often target data in transit using a "man-in-the-middle" attack.

"That's when you think that you're sending data from you to one other person, but somewhere in between, it's being intercepted."

Geahan said he'd recently been involved in a case in which a financial officer had accidentally downloaded a piece of malware that then sat on the system and watched for him to log into banking systems.

"And when he did, it scraped those credentials and sent them off to the bad guys," he said. Ultimately, it cost the charity nearly $1.5 million in fraudulent wire transfers.

Availability. This involves the implementation of backups and redundancy, security features and the physical plant.

For banks, Geahan said, attacks on availability can take the form of distributed denial of services that prevent customers from accessing their accounts. "None of your customers is going to be real happy if they need money and can't get it if your systems are down."

Five types of attacker

Geahan went on to describe the five most common types of cybercriminals, their tactics, and their motives:

Competitors. These tend to be "quiet" (i.e., difficult to detect), long-term attacks by hackers looking for proprietary knowledge or potentially embarrassing information about a company and its officers.

Hacktivists. these attacks usually have some kind of political purpose and are often not meant to go undetected, hence they are often "noisy, public and short" in nature

Foreign services ("advanced persistent threat"). This includes anyone who attacks on behalf of a foreign power, government or intelligence agency targeting anyone they might compete with in their home market. 

A tell-tale sign of this type of attack is a spike in server traffic to a destination that can't be explained.One large company discovered massive amounts of server traffic to a Montana dentist's office and discovered that a third-party hacker had used that address as a "front." This is why it's as important to look not only at what's coming in to the server, but also at what's going out from it, Geahan said.

Opportunists. In general, these are a foreign service intermediaries carrying out APT attacks. The hacker scans the Internet for a vulnerable server and uses it for cover in an attack on a third party.

Organized crime gangs. These exploits are usually brief and almost always very expensive for the victim. "One of the most common attacks were seeing right now — and by 'right now,' I mean I've done seven interviews [with victim companies] in the past two weeks — are attacks on financial organizations at corporations," Geahan said.

One common exploit is carried out by means of an email to someone on the financial side of the corporation, usually someone two or three levels down from the CFO who is responsible for putting together wire transfers and sending them out.

This individual might receive an urgent email from the CFO (purportedly) with instructions to immediately wire a large sum ($160,000 on average) to another party in order to prevent some dire consequence, Geahan said — "like the lights going out."

There are two reasons why this attack succeeds, he said: 1) the organization has insufficient financial controls (or they're being ignored); and 2) the email recipient wouldn't dare second-guess a C-level executive. And the attack can be carried out in a matter of minutes — particularly if the company is a bank's trusted customer who sends out wire transfers frequently.

In one case, an employee sent a $500,000 wire transfer based on an email from the CFO — despite the fact that she normally had no communication with him. Investigators asked why she had sent the transfer based on one highly unusual email from the CFO.

"Her answer was very telling," Geahan said. "It was 'I didn't think I could question the CFO.'"

While financial organizations currently are mostly immune from liability for this type of attack on a customer, Geahan expects this to change in the not-too-distant future, based on new rules that will come from either Congress or bank regulators, so FIs would be well advised to take steps now to catch this type of fraud.

One way to beat the bad guys

While people are generally the weakest link in a network security system, they are also the strongest, Geahan said. Criminals are working constantly on new forms of malware and no virus detection system can filter out every potential piece of malicious code.

The most reliable solution to cybercrime is education, empowerment and training — teaching employees to identify the signs of fraud and to start asking questions when they seem them — even if it means second-guessing the CFO.  

"That's going to beat [malicious] technology every time," Geahan said.

About Suzanne Cluckey

Suzanne’s editorial career has spanned three decades and encompassed all B2B and B2C communications formats. Her award-winning work has appeared in trade and consumer media in the United States and internationally.

Related Media

Security
Examining biggest ATM security issues and 4 strategies to prevent them
Security
Banking privacy: 5 benefits for banks, customers
Security
Protecting an ATM's hardware, software by slowing down criminals
On-Demand Webinar
A Masterclass in ATM Security: Global Best Practices and Trends
Presented by Diebold Nixdorf

Software
Top 10 ATM software solutions
Software
Examining the past, present and future of XFS
Commentary
ATM features: 5 to include
Special Report
2024/25 ATM & Self-Service Software Trends
Presented by KAL ATM Software GmbH
Recent Posts
DC AG sues Bitcoin ATM operator Athena Bitcoin for allegedly exploiting scam victims
NCR Atleos earns #5 rank in fintech rankings
SEC to revamp cryptocurrency policies amid Trump's pro crypto push
Metropolitan Commercial Bank named as an SBA loan provider
Chase selects Nova Credit for cash flow underwriting


©2025 Networld Media Group, LLC. All rights reserved.
b'S2-NEW'