It’s not just the frequency of new cyber-attacks or the persistent polymorphous nature of the attack vectors themselves that is astonishing. We are now beginning to see the way in which cyber is transforming our entire lawless ecosystem into a new, fascinating and frightening display of criminal behavior not hiding within the shadowy confines of the dark web, but rather right out front in broad daylight.
One stunning example is the way that e-commerce is being used to launder stolen capital. As Internet innovation has become a global reality, criminals have elected to simply use the web as a front for every form of online fraud from illegal Internet gambling payments to terrorist funding to illegal drug transactions.
So, not only are we faced with an onslaught of asymmetrical Cybersecurity battles, the benefit distribution system on the back-end has re-engineered its entire payment process through online portals whose legitimacy is impossible to determine. This technological evolution has rendered the entire global effort to set-up and maintain anti-money laundering entities almost completely useless.
Just over a month ago, an investigation uncovered an international network of seven online dummy stores that were pretending to sell household goods, but were instead being used as a multi-national front to conceal illegal Internet gambling payments. Another investigation late last year revealed a small town in England that had become the International hub for online porn and poker companies with transactions in the tens of millions of dollars virtually hiding in plain sight.
That site like all of the other money laundering sites was beautifully designed and was developed by a popular website-design-as-a-service operating freely on the dark web. It openly advertises itself as a “gorgeous free highway for online money laundering”. Any micro-merchant on the planet can now set up a website that purports to sell say, home decorating accessories while in reality only manages electronic cash transactions in and out of online merchant banks. Activity that would be highly regulated in the physical and even the electronic world becomes fully unregulated in the cyber universe.
Combined with the growth of the FinTech industry, we now have hundreds of online financial services companies which aggregate payments for these small retailers, creating a complex and opaque system that completely obscures visibility into the actual identity of the underlying merchant by the larger banking entity. And the traditional banking sector further exacerbates the problem by determining the country of origin for a merchant’s operation by looking only at where the company is registered, rather than also determining where the firm’s website resides.
The resulting smokescreen enables online criminals to proceed with their business entirely undetected.
Some of the worst cases relate to terrorism financing. The Charlie Hebdo attack in Paris was funded by $50,000 obtained through the sale of fake Nike running shoes which never existed.
Mexican drug lord El Chapo’s drug distribution process relied and still does on prepaid debit cards which are loaded and then used to make fake purchases at fake Mexican online sites selling fake gardening equipment. El Chapo understands that if you want to sell to a large audience, you want to enable them to use the most convenient payment methods. El Chapo’s message is simple: If you want to buy this drug, you need to buy the lawn machine.
And of course, not unlike our response in the Cybersecurity domain, there are several companies working hard to combat this threat by employing the latest big data, artificial intelligence and machine learning technologies with the goal of uncovering this class of fraudulent merchants.
So far, it’s fraudulent merchants’ one, technology combat companies zero.
Because it is almost impossible to identify the source of these pipelines in a way that is similar to the problems in identifying attribution for a cyber-attack, this phenomenon will transform the entire way that merchant banking is conducted, and it won’t be pretty. Updating banking controls and regulations to accommodate the data required to mitigate some of this activity will impact the speed and agility of merchants to conduct business internationally. Soon, our banking system will look a lot like the TSA controlled airline boarding process. It probably won’t stop the bad guys either.
9/11 transformed the travel industry. Cyber-crime is transforming the banking industry. China’s adoption of quantum computing will soon transform the Internet. What’s next? And why does it seem like we are always surprised? The U.S. Congress has done nothing to address either the problems of an asymmetrical Cyber-war which is quickly spinning out of control or the Internet-fueled cyber-crime processes that support illegal online operations.
In the 1920’s young men in search of quick and easy fortune flocked to organized crime as an obvious way to amass start-up funding. The requisite skills were rapid reflexes, muscle and moxie. The illegal eco-system was physical and geographical, and law enforcement was able to ultimately prevail based on roadblocks, informants and lots of bullets.
Today’s Internet-based transform enables a much different set of skills yet depend on the same human natures to engage. Law enforcement, handcuffed by a politically sensitive set of engagement rules and forced to operate with limited battle space intelligence, cannot compete. Increasingly, the current state of Cybersecurity is looking more and more like an event horizon.
As technological innovation continues to race ahead undaunted by the now proven facts of cybersecurity risk, it seems we stand on the edge of the earth’s biggest fault line and instead of gazing in awe at the impending disaster, we decide to start building our next home upon the exact spot where we are presently standing.