I've noticed that blogs by their nature tend to focus on pointing out problems, this blog included. But I think it's also important to identify progress and celebrate victory in a society that appears to approach every topic from a negative angle. So here goes!
In the past, we've reported on all kinds of complications and issues in the cooperative efforts necessary to catch bad actors intent on defrauding folks in the payments space. This includes the sometimes difficult efforts of government and law enforcement to work together across borders. In the past few months, though, we've seen some significant accomplishments with respect to industry collaboration to address payments-related crimes.
First, we reported some time ago that a rift between the European Union and the FBI had resulted in the European Parliament's rescinding the FBI's access to the wire transaction data of SWIFT—short for the Society for Worldwide Interbank Financial Telecommunication. In late June 2010, the European Union, via the European Council, signed with little fanfare a new five-year contract with the United States, allowing U.S. authorities to continue sharing European bank data for the purpose of counterterrorism. The key to the renewal was the promise of stronger controls over data privacy and the presence of a third-party overseer to make sure that data provided to U.S. authorities were accurately maintained and procedures existed to manage redress if a person's private data was abused. This five-year deal ensures that the global fight to address the financial aspects of terror activities can proceed aggressively.
Second, we've spent some time in this space talking about the growing problem of corporate account takeovers over the Internet, in addition to traditional identity theft forays, particularly from foreign sources. We've also described the complexity of U.S. and foreign law enforcement authorities working together to apprehend instigators of such schemes. In the last few weeks, however, we've been delighted to see a spate of successes by European and U.S. authorities—often working together—that will send a message to perpetrators who may believe that they are free to conduct crime in cyberspace.
In partnership with Slovenian Criminal Police and the Spanish Guardia Civil, the FBI announced in July that a two-year investigation into European-based fraud activity had resulted in the arrest of the operators of the Mariposa Botnet, quickly followed by the arrest in Slovenia of the Botnet's creator, who was code-named "Iserdo." All parties lauded the value of the strong law enforcement partnerships present in this effort.
In August, U.S. and French authorities worked together to arrest a notorious cybercriminal owning the moniker of "BadB." Otherwise known as Vladislav Horohorin, BadB had been targeted by the U.S. Secret Service for some time. He was arrested by French authorities while traveling in France. If extradited to the United States, Horohorin faces up to 12 years in prison.
In September, U.S. and British authorities made what seems to be well-coordinated announcements concerning the wide-ranging arrests of Eastern European cybercriminals engaged in hacking and account takeover activities of British and U.S. small businesses. U.K. officials announced that the Metropolitan Police's e-crime Unit arrested in a predawn raid 11 individuals on charges of fraud and money-laundering activities that netted close to $40 million dollars. This announcement was followed by an announcement from the New York U.S. Attorney's office that they had issued 60 arrest warrants and made 20 arrests for U.S.-based perpetrators involved in similar account takeover schemes. At least 37 of the individuals involved were so-called "money mules," hired by overseas criminals to open bank accounts and deposit funds stolen from businesses, then wire the funds overseas after keeping a nice fee. This effort featured extraordinary cooperation among the U.S. Attorney's Office for the Southern District of New York, the FBI, the New York Police Department, the Department of State Diplomatic Security Service, the New York Office of Homeland Security Investigation, and the U.S. Secret Service. The gang appears to have stolen at least $4.2 million from small businesses and security brokers in the United States.
At any rate, our hats are off to the various law enforcement authorities who successfully participated in these actions. We look forward to more such efforts as a growing deterrent to those who use cyberspace as a playground for financial crime. Mr. Horohorin may have plenty of company during his stay in the United States.
By Rich Oliver, Executive Vice President of the Atlanta Fed and Director of the Retail Payments Risk Forum