Gary Warner on LinkedIn: Lockbit 3.0 is claiming to have breached the U.S. Federal Reserve Bank… (2024)

Today I was writing a piece for my Cybercrime & Doing Time blog about a curious number I saw while reviewing a UN Office of Drugs and Crime report about Chinese money-laundering. The report mentioned that China had removed 8.36 million fraud related domain names. That number seemed RIDICULOUSLY high to me! So, I dug in, with some help from my friends at CAUCE - the Coalition Against Unsolicited Commercial Email. What I found was that they PROBABLY meant websites instead of domain names, but as John Levine and I searched through the Chinese Ministry of Public Security website, I found some fascinating facts about China's role both as the source of so much of this online fraud, but also what it looks like when a totalitarian state declares war on fraud, as they just did TODAY. China announce today a month-long "National Anti-Fraud Action" which will use a "Five-In" approach, meaning that Chinese citizens will see and be encouraged to spread anti-fraud educational messages in five areas: Community, Rural Areas, Families, Schools, and Businesses. The push is to help people learn how to not become a Tool or Accomplice to the fraudsters while setting off "a new wave of anti-fraud among the whole people and the whole society." I would LOVE to get my hands on these training documents if anyone in my network can help! (Which of you secretly work for the Chinese MPS? Please reach out, haha!) #Cyberfraud #China #OrganizedCrime #CryptoScam #InvestmentScam #Myanmar #PigButchering #OperationShamrock To see more details, please visit my Cybercrime & Doing Time blog for the story: "Millions and Millions of Fraud Domains: China attacks Illegal Gambling and Telecom Fraud" at:

24

10 Comments

I know what I’m doing tonight! I’ve been anticipating the arrival of this book for months, so this may be an all-night reading evening!Update: just finished — Geoff White! Truly enjoyed the new book! While there are certain crypto stories that “must be told” and have been told ad nauseum, I appreciated Geoff’s insistence in diving deeper into some of the cases that have NOT been well-covered. He doesn’t just regurgitate the well-known facts of the famous cases. He puts his investigative journalism hat on and gets the interviews and details that no one has yet revealed. I was honored to be interviewed as one of his subjects, but I was thrilled by the fact when I didn’t know an answer, Geoff would sometimes ask “Who would?” and many of those people are quoted in the book as well.While there are some crypto stories — after all a key premise of the book is that crypto enables money-laundering at unfathomable scale — I appreciate the pre-crypto build up. Geoff teaches us the fundamentals of the three stages of money laundering starting with Pablo Escobar, Miami’s Cocaine Cowboys and the Din sisters. Having covered the basics, he then shows how money laundering can be the breakthrough charges in otherwise unchargeable offenses as he examines the role money laundering plays in human trafficking and sexual abuse with BackPages and their nest of shell companies, trying to hide their money from Visa, AmEx, and MasterCard. Welcome to Video introduces crypto and the laziness in OpSec that the ease of crypto can lead to.But this is not a #Crypto book. It is clearly a #MoneyLaundering book. I especially appreciated how he used the evolution of West African Organized Crime and the role of the #BlackAxe in #BEC and money laundering. His insights into the TRUST network that such orgs create that makes global money laundering truly possible was a key insight. His praise for Ireland’s approach and the great work the #Garda and their Economic Crimes team is doing is something I strongly agree with! No one does Money Mule tracking better than Michael Cryan and his team, but Geoff puts it in the context of the overall placement / layering / integration structure so clearly. If people take that away from the book, maybe we will finally see the rest of the world care about money mules the way Ireland does!In the end, as I was reading the Axie Infinity hack story, I thought back to Geoff’s RSA Conference presentation. I’ve told many of the stories in this book myself in presentations and in my blog - but Geoff is not just an excellent investigative journalist. He’s a master story teller. In many of the stories I learned facts I didn’t know, but even when I did know all the facts, it was just a pleasure to read the story the way Geoff told it. What are you waiting for? Go buy your own copy right now!!!#bookreview #aml #moneylaundering #cybercrime #Cryptocurrency #bitcoin

66

3 Comments

We know that fraudsters are opening TONS of US bank accounts to link them for money laundering via Zelle/CashApp/Venmo etc. Ever wonder how much they charge for their services? This is an ad from a Chinese money laundering company (oops! High risk payment processor, I meant...). The name translates to "918 Bet Paradise" (918 博天堂) - though many of their dozens of websites render it 博天堂918(中国)有限公司 - 918 Bet Paradise (China) Technology Company. (918 is a Chinese "number pun" for "good luck." 9(jiu)1(yao)8(ba) sounds like the words for "good luck" 加油吧.) According to the ad, as of June 10th they were charging 40% for Zelle transfers. The same as Money Gram or Western Union. (The number displayed is the amount that the person using their services KEEPS, not what they pay.) The fee on CashApp is only 30%.The fee on Venmo is 55%!What do my #AML friends think this tells us? Is it a statement of supply and demand? or does it have more to do with chance of success or burning the account being used? I'd love to hear your thoughts and opinions. On the right are some common Gift card exchange rates. Why is a Best Buy card only worth 40% of face value while a Target is 62% and a Steam is 70%?

77

9 Comments

This week's #TwentyTargets: CryptoScam edition is once more reminding us that while many of these scams start using the Chinese #PigButchering playbook, there are many other paths into #cryptoscams. Please take some time to consider whether you could help us to terminate these domains which are largely operated by Chinese organized crime groups who have conscripted #HumanTrafficking victims to work as #Cyberslaves.As you review the "False Claims" slide that accompanies each of the twenty targets for takedown, you'll see that many of them have messages from #Facebook groups where someone is sharing the address of the #InvestmentScam website followed by a "?ref=username." These are examples of crypto scams that are being pushed on social media in large groups that seem dedicated to helping investors find groups that really work. The person advertising the site has been told that they will receive a commission each time they successfully sign up someone using their referral code. While these groups are a never-ending stream of crypto scam website addresses, we've begun to see a new trend. People (often posting in Chinese, or posting from +62 Indonesia telephone numbers) are asking for people who can help launder USDT through their financial and crypto addresses. Chinese money-laundering rings (called Motorcades 車隊) and USDT to Fiat exchange (卡接回U) services are constantly needing people who will use their own accounts to convert USDT. (This system is sometimes called USDT Running Points (USDT跑分.) According to the UN Office on Drugs and Crime, crypto investment and gambling scammers are paying as much as a 40% commission to get their USDT cleaned back into fiat! Typical message examples: * I need 80 Binance users - Daily salary is $50 * Monetizer for USDT ERC20 deal - wallet to wallet or MT103 transfer needed urgently * 尋求代購USDT（茶水費燙嘴），或是你手頭上有U我們高價收，先款後U一筆一回（可同台交付）* 40000 rmb available in alipay need usdt * selling 4000K usdt Telegram is also overflowing with channels dedicated to USDT-to-Fiat money laundering. Many of the channels will contain the "USDT running points" in their Chinese channel name, such as "星辰支付宝博彩口令洗资USDT跑分" (Xingchen Alipay gambling password laundering USDT running points) with 3152 subscribers. Another channel we found is actively recruiting "Internet police, fraud investigators, mobile phone and bank employees" anyone who can access accounts - claiming that the "demand is huge" for their services. Another is recruiting people to process "gambling and p*rnography" payments through their Alipay account. The "Running points" channels are similar to our crypto investment scams, often offering a 4% daily return on investment (which works out to an annual rate of something like 1460% interest?) But they provide the scammers access to their Alipay accounts, linked to Chinese bank accounts, as part of the process. #MoneyLaundering #USDT #ElderFraud #RomanceScams #AML

11

1 Comment

Oh my! Someone asked me about the #TwentyTargets today and I realized I totally failed to post our Week 23 lists here! So sorry! This week on the #OpioidSales side of our Twenty Targets for Takedown, we have been using Reverse Image Search as a primary means of finding sites that are selling Schedule II Opioids without a prescription in violation of U.S. law. The Drug Enforcement Agency defines Schedule II drugs as those with "a high potential for abuse, with use potentially leading to severe psychological or physical dependence." In addition, we add the complication that a very large number of drugs sold online are not FDA controlled and have been found to often contain #Fentanyl, even when described as being something else. While the Intelligence for Good #TwentyTargets project is particularly focused on the removal of these illegal websites from the Internet, our forensic drug chemistry partners at UAB are working hard on mapping out the chemicals used in the various fentanyl creation processes while our computer forensics team works to identify vendors who promote the sale of such chemicals. In today's Financial Crimes Enforcement Network, US Treasury advisory on detecting potential Fentanyl sales, several reminders are present. "Over 107,000 American died from drug overdoses in [calendar] 2023, with 74,000 of those deaths involving synthetic opioids, principally illicitly manufactured fentanyl." They also remind us that "Counterfeit prescription medications containing illicit fentanyl are designed to look identical to real prescription medications, including OxyContin, Percocet, and Xanax, and are often deadly." What are you working on today? Is it something that kills 200 Americans per day? This why we continue to go after these websites, ESPECIALLY the ones selling drugs known to be crafted as look-alikes that contain fentanyl! Please consider contributing some time this week to learning about this problem and helping us to kill these domain names and their associated websites!The full advisory asks Financial Institutions to watch for suspicious activity related to potential Fentanyl precursor sales -- especially those involving parties in Mexico or China. Please be sure to read their advisory and watch for ways your brand can implement the #RedFlags that they provide and flag such transactions and accounts appropriately in the SARS system by including the key term "FENTANYL FIN-2024-A002": ( see https://lnkd.in/eGJQMbs4 )

12

The Empire Market indictment is very interesting. 4 million transactions totaling $430 Million changed hands between vendors and buyers in the marketplace. The "Autoshop" portion was a feature where people could choose in advance to pay a fixed fee for stolen credit card "fullz" that matched their shopping requirements (most often by brand). When a card matching their needs was offered for sale, Autoshop allowed them to instantly buy the new card.

27

Want to have a position that can change the world? This might be it! I hope my network will consider applying! We can complain about Meta or we can change Meta. Here’s your chance!

4

I was saddened to learn that the politicians who throw disinformation and false, inflated propaganda around have won this round. Stanford University will be closing the Stanford Internet Observatory as the political, legal, and personal attacks and threats against the brave researchers, like director Renee DiResta, who dare speak the truth, continue to impose cost on the researchers and the University.Thank you to Joseph Menn for bringing this important story to light, and thank you to Alex Stamos for creating the center in the first place. The same monsters that Chris Krebs had to deal with at CISA seem to delight in spreading lies and attacking anyone that tries to stop them.As a subscriber, I’m sharing a free link to the article as I felt it definitely worth sharing.https://wapo.st/3RuAlA5

35

2 Comments

Congratulations, Elissa! And THANK YOU to the FS-ISAC for offering this scholarship to such talented students!

9

1 Comment