Following this week’s U.S. identification of an international crime ring involving traders acting on market sensitive company information obtained illegally through hackers, Michelle Weatherhead, BAE Systems Applied Intelligence Head of Cyber and Financial Crime Solutions Australia, discusses some of the ways corporations, organisations and law enforcement agencies are tracking financial fraud.
“Globally, we are seeing a convergence of cyber and financial crime, with criminal gangs and hackers becoming more sophisticated in the manner and coordination of their attacks, successfully carrying out massive operations netting large amounts of money and valuable IP, and in the process potentially damaging public trust in major corporations’ ability to defend themselves,” Michelle says.
“Other high profile examples showing a convergence of cyber and financial crime have included the recent Ubiquiti Networks heist, where the company reported it lost $46.7 million to a scam where criminals impersonated employees and initiated fraudulent wire transfers, and the so-called “Carbanak” campaign, reported as one of the largest cyber criminal heists in history, where it is alleged that up to US$1 billion may have been stolen.
“Often, the biggest hurdle to forming an understanding of the true nature of a collaborative cyber-financial crime is that cyber criminals typically steal data and then sell it to fraudsters, meaning you have two separate actors, which limits our theoretical ability to correlate the intelligence.
“New technology is allowing us to bring together scores of ‘key risk indicators’ – behaviours that when viewed separately are not suspicious at all, but when brought together into a single view, may point to someone or something that needs further investigation.
“This means we are better enabled to catch unauthorised trading activity where there may not be a specific crime being investigated, and we may not necessarily even know a crime has actually been committed.
“Key risk indicators that together may point to suspicious activity might include a high volume of trades booked to the same counterparty, or same product, over a short space of time; increased communication frequency between two or more traders; abnormal behaviour such as someone accessing their trading system while on holidays; and large trades executed ahead of a news announcement, indicating a trader may have access to information others do not.
“Additionally, analysing ‘open source intelligence’ and ‘big data’ including communications such as chat rooms and emails for evidence of collusion, and publicly available information such as company news feeds and correlating this back to trading activity, allows us to identify indicators of potential market manipulation.”
In Australia, the Australian Prudential Regulation Authority (APRA) is looking at market manipulation and insider trading, and severe sanctions may be put in place for companies not actively monitoring these types of risks.
“The challenge in the past has been the siloed nature of the types of data that may indicate issues. Similarly, relevant data sets can be large, complex and difficult to interpret,” Michelle says.
“By bringing together all the available data into a single view, we can make connections and flag suspicious behaviour for further investigation, helping law enforcement agencies and corporations tackle financial crime head on.
“In particular, companies have the best chance of preventing invasive and targeted cyber attacks such as these when they have a full view of cyber and fraud risks, and use this intelligence as part of an integrated counter-fraud and cyber security approach,” Michelle says.