The US National Association of Corporate Directors published in July a technical briefing, developed in partnership with Broadridge, which seeks to help boards assess their business’s use case with tools, such as the decision tree below, for blockchain adoption, adapted from one developed by the US Department of Homeland Security. It appears to be an excellent, concise yet easy to understand to the subject matter.
On 9th August, the US Congressional Research Services published a report that looks at the current and the proposed, or possible, future export control system in the US. It remarks that the US export control system is split between several different licensing and enforcement agencies. Exports of dual-use goods and technologies — as well as some military items — are licensed by the Department of Commerce, munitions are licensed by the Department of State, and restrictions on exports based on US sanctions are administered by the US Treasury. Administrative enforcement of export controls is conducted by these agencies, while criminal penalties are issued by units of the Department of Homeland Security and the Department of Justice.
A news release from the EU courts on 19th September gave notice that, in the absence of substantial grounds to believe that the person who is the subject of that warrant is at risk of being deprived of rights following the withdrawal from the EU of UK, a warrant must be executed while the UK remains a member of the EU. The case, C-327/18, involved 2 warrants issued by the UK in 2016 and challenged by the suspect in Ireland, where he has been in custody since February 2016.
On 15th September, Europol published this report which aims to provide a comprehensive overview of the current, as well as anticipated future threats and trends of crimes conducted and/or facilitated online. Its key findings include –
- Ransomware remains the key malware threat in both law enforcement and industry reporting;
- Cryptomining malware is expected to become a regular, low-risk revenue stream for cybercriminals. The use of exploit kits (EK) as a means of infection continues to decline, with spam, social engineering and newer methods such as Remote Desktop Protocol (RDP) brute-forcing coming to the fore;
- New legislation relating to data breaches will likely lead to greater reporting of breaches to law enforcement and increasing cases of cyber-extortion;
- Payment Fraud – the threat from skimming continues and shall do as long as payment cards with magnetic stripes continue to be used; the abuse of PoS terminals is taking on new forms: from manipulation of devices to the fraudulent acquisition of new terminals; and telecommunications fraud is a well-established crime but a new challenge for law enforcement.
- The Darknet market ecosystem is extremely unstable. While law enforcement shut down 3 major marketplaces in 2017, at least 9 more closed either spontaneously or as a result of their administrators absconding with the market’s stored funds; and the almost inevitable closure of large, global Darknet marketplaces has led to an increase in the number of smaller vendor shops and secondary markets catering to specific language groups or nationalities.
- Islamic State (IS) continues to use the internet to spread propaganda and to inspire acts of terrorism – law enforcement and industry action has pushed IS sympathisers into using encrypted messaging apps which offer private and closed chat groups, the dark web, or other platforms which are less able or willing to disrupt their activity. While IS sympathisers have demonstrated their willingness to buy cyber-attack tools and services from the digital underground, their own internal capability appears limited.
- West African and other fraudsters have evolved to adopt emerging fraud techniques, including those with more sophisticated, technical aspects, such as business email compromise.
- Phishing continues to increase and remains the primary form of social engineering. Although only a small proportion of victims click on the bait, one successful attempt can be enough to compromise a whole organisation.
- Many of the classic scams, such as technical support scams, advanced fee fraud and romance scams still result in a considerable number of victims.
- Cyber-attacks which historically targeted traditional financial instruments are now targeting businesses and users of cryptocurrencies.
- While Bitcoin’s share of the cryptocurrency market is shrinking, it still remains the predominant cryptocurrency encountered in cybercrime investigations.
- A combination of legislative and technological developments, such as 5G and the redaction of WHOIS, will significantly inhibit the attribution and location of suspects for law enforcements and security researchers.
Out-Law on 17th September reported that documents sought by the Financial Reporting Council (FRC) from Sports Direct in connection with an FRC investigation into Sports Direct’s auditor must be handed over. Sports Direct had claimed that the documents need not be handed over as they were protected by legal professional privilege (LPP). However, the High Court has now ruled that the production of documents to a regulator solely for the purposes of a confidential investigation by the regulator into conduct of a regulated person does not infringe privilege.
The National Police Chiefs Council reported on 19th September that a new national unit will assist police forces to use alternatives if the UK loses access to current EU data sharing and cooperation tools, such as the European Arrest Warrant or Europol systems. Contingency plans agreed by all chief constables will see UK law enforcement revert to use of international police tools through Interpol, bilateral channels and Council of Europe conventions to enable extradition of suspects, trace missing people and share intelligence about crime and terrorism. A small team led by the NCA and National Police Chiefs’ Council (NPCC) have reviewed the UK’s use of EU instruments and the operational risks posed by their loss as well as identifying alternative non-EU tools and processes for using them.
PYMNTS.com on 18th September reported on recent Federal Trade Commission action where it had it shut down websites where consumers could buy fake financial and other documents – such as pay stubs, income tax forms, and medical statements – which can be used to facilitate identity theft, tax fraud, and other crimes. It refers to a case involving a company, Innovative Paycheck Solutions and its website FakePayStubOnline.com through which a customer could buy a fake stub for as little as $40 or a fake tax return for $150 or more. Visitors could also customise their documents and to edit real bank statements. Another company named is Integrated Flight Solutions and its website NoveltyExcuses.com, as well as websites run by George Jiri Strnad II, such as iVerifyMe.
If you want to understand the implications of the US withdrawal from the JCPOA, the EU and Iranian reactions, and for companies now caught between 2 sets of opposing laws, you could do worse than listen to this podcast where an expert from UK Finance is interviewed.
The Trace on 18th September carried an fascinating article on the smuggling of guns from the US to Mexico. It says that whilst federal law prohibits the ATF and local law enforcement agencies from releasing the results of crime gun traces, firearm trafficking patterns are hidden from public view. However, it says, leaked records reviewed by The Trace tell 2 clear stories: high-volume gun traffickers often depend on a single retail gun dealer for most of their wares, and rarely do those gun sellers face consequences. The data reviewed by The Trace represents only a slim fraction of the total number of US-purchased guns recovered by Mexican authorities. Every year, the ATF conducts 10,000 to 20,000 traces of guns found at Mexican crime scenes, 70% of which were originally sold by American retailers. One expert is quoted as saying that a relatively small number of retailers in this country are disproportionately involved in selling guns later used in firearm-related violent crime in Mexico. Under US federal law, gun dealers only have to notify the ATF of very specific purchasing patterns: namely, if a single person buys more than 1 handgun from the same licensed dealer within 5 business days. In states along the south-west border — Texas, New Mexico, Arizona, and California — dealers also have to alert the ATF if they sell more than 1 rifle or shotgun to the same person within 5 business days.