BID Daily Newsletter
Jan 7, 2016

BID Daily Newsletter

Jan 7, 2016

FinCEN's Battle With The Cyber Gods

You may not have known it but the supreme god of the Olympians, Zeus, was apparently also very sexually busy--even by the standards of the Greek Gods. He was said to have sired Aphrodite, Athena, Apollo, Artemis, Hermes, Dionysus, Perseus, Hercules, Helen of Troy, the three Graces and all nine Muses. Perhaps that makes sense from a literary point of view when you consider he had to be aggressive to overthrow his father and win against his brothers (Poseidon and Hades) to capture the thrown. At least, that's what we learned when we were assigned to read about mythology way back in junior high.
You may have forgotten Zeus' track record, so you may not have made the connection as to how the bank credential-stealing virus named Zeus, identified in 2011, counts the "GameOver Zeus" malware as a descendant. The fine folks at FinCEN, however, were quite aware. They even say Suspicious Activity Reports (SARs) filed by financial institutions helped crack a case where $7mm was fraudulently wired out of an account at a FL regional bank.
It's just one example given by FinCEN's director at a recent meeting of financial security types. She describes FinCEN as the US "financial intelligence unit" responsible for collecting and analyzing such data and then getting it out to more than 300 law enforcement and regulatory agencies. The goal is to actively fight money laundering and the financing of terrorism.
The sheer scope of the task is remarkable: FinCEN says it collects 55,000 filings per day, coming from more than 80,000 financial institutions and 500,000 individual foreign bank account holders. The filings, mandated by BSA, include SARs as well as the reporting of cash transactions exceeding $10,000. There are now 190mm records in the database and FinCEN handles 30,000 daily searches from law enforcement and regulators.
It seems like a lot, but FinCEN has managed to sort through the reports and develop leads on various kinds of cyber threats. They have surfaced malware that targets banks; ransomware; and "distributed denial of service" attacks that overwhelm a website or computer server. Of particular interest is "spear phishing," where criminals steal a company's wire-transfer information, then send the authenticated data to the company's financial institution in order to wire money to overseas accounts. The FBI says more than $1B has been stolen this way since 2013.
The director of FinCEN has two particular bits of advice. One is for banks to share information internally across their business lines. For example, employees who work to combat cyber threats may also be able to help with BSA and AML compliance.
The second piece of advice is for banks to add computer information, such as IP addresses or bitcoin wallet addresses, to SARs and file them voluntarily with regulators when a cyber-attack occurs. In this case banks have a long way to go as less than 2% of SARs contain any IP information. The director also urges banks to use the safe harbor granted in Section 314(b) of the USA PATRIOT Act to share information on cyber-attacks with other financial institutions.
Taking these steps may not make bankers seem like the God of Thunder, but it may keep you from getting shocked by a cyber bolt now and again. In the meantime, FinCEN plans to keep searching the data high and low as it tries to track down the evil-doers and blast them into rubble.
Subscribe to the BID Daily Newsletter to have it delivered by email daily.