Tag Archives: States

FBI fights business email compromise with global crackdown

The United States Department of Justice this week announced the arrests of 74 individuals alleged to have committed fraud by participating in business-email-compromise scams.

The arrests are the result of an international enforcement effort, coordinated by the FBI, known as Operation Wire Wire, which was designed to crack down on email-account-compromise schemes targeting individuals and businesses of all sizes.

Business email compromise (BEC) is a growing problem, accounting for the highest reported losses, according to the FBI’s “2017 Internet Crime Report.” Criminal organizations use social engineering to identify employees who are authorized to make financial transactions, and then send fraudulent emails from company executives or foreign suppliers requesting wire transfers of funds.

Some schemes are directed at individuals in human resources or other departments in an effort to collect personally identifiable information, such as employee tax records. Others target individual victims, especially those involved in real estate transactions and the elderly.

In January, according to the Department of Justice, the U.S. federal agencies worked with international law enforcement on Operation Wire Wire to find and prosecute alleged fraudsters. The six-month coordinated effort involved the U.S. Department of Homeland Security, the U.S. Department of the Treasury and the U.S. Postal Inspection Service, and it resulted in 42 arrests in the United States, 29 in Nigeria and three in Canada, Mauritius and Poland. Law enforcement recovered $14 million in financial wire fraud during the operation, and they seized close to $2.4 million.

‘Nigerian princes’ turn to BEC

The techniques and tactics of Nigerian criminal organizations have become more sophisticated, according to Agari Data Inc. The email security company captured and analyzed the contents of 78 email accounts associated with 10 criminal organizations — nine in Nigeria — and reported increased BEC activities against North American companies and individuals between 2016 and 2018.

The research involved 59,692 unique messages in email communications originating from 2009 to 2017. According to the findings, business email compromise represented the largest attack vector for email fraud at 24%, even though many of these criminal groups migrated to BEC attacks, starting in 2016. Previously, these groups had focused predominantly on “romance” fraud schemes.

Business email compromise often overlaps or has similarities with cyberfraud schemes involving romance, lotteries, employment opportunities, vehicle sales and rental scams. In some cases, money mules “hired” using romance schemes or fraudulent employment opportunities may not be aware of the BEC scams. Mules receive the ill-gotten funds stateside and transfer the monies to difficult-to-trace, off-shore accounts set up by criminals.

Since January, up to $1 million in assets has been seized domestically, and 15 alleged money mules have been identified by FBI task forces and charged “for their role in defrauding victims.”

BEC schemes are hard to detect, because they do not rely on victims downloading malicious email attachments or clicking on fake URLs. Instead, this type of cyberfraud uses identity deception — 82%, according to Agari — email spoofing or corrupted email accounts, accessed via malware or credential theft. Researchers found 3.97% of intended targets who responded to the initial emails used in business email compromise became victims.

‘Aha, now I get it!’ Microsoft is building technology to put numbers in perspective – The AI Blog

When people in the United States ask Microsoft’s search engine Bing how big Syria is, they learn the country is 71,498 square miles and about equal to the size of Florida. When they ask Bing how many calories are in a serving of ice cream, they learn that a scoop contains 137 calories, which is equal to about 11 minutes of running.

These two-part answers supplied by Bing are early, real-world examples of a technology being developed inside Microsoft’s research labs to help us make sense of the jumble of numbers we increasingly encounter in the digital world.

“We want to reduce the number of times that people read a number and can’t make sense of it. And we want to do that by providing some context, or an analogy, or perspective, that puts it in more familiar terms usually related to their everyday experience,” said Jake Hofman, a senior researcher in Microsoft’s New York research lab.

The need for a new way to understand numbers stems from the overwhelming abundance of data now available to help us make decisions about everything from federal budgets to personal health and environmental conservation, noted Dan Goldstein, a principal researcher in Microsoft’s New York research lab.

“The solution is a relatively low-tech one. Using perspective sentences is very simple and they help a lot,” he said. “What we’re finding is creating them is a difficult challenge because it requires not only understanding the proper numbers to compare the numbers to, but also understanding what people are familiar with, what kinds of comparisons people like, what kinds of things people can easily imagine.”

On the road to AI

The examples on Bing today are only available for a few specific subjects and required human input to develop. Ultimately, the Microsoft researchers aim to build a service that automatically generates perspectives for any number and communicates them with the ease of a skilled storyteller or teacher. This service would be able to pass a test for general artificial intelligence posed in 1950 by the British computer theorist Alan Turing.

“You would be very sure you were talking to a machine if it says 248,572 square miles as opposed to roughly the size of Texas when you asked it how big France was,” said Goldstein. “To pass the Turing test, you have to talk like a human; someone who can explain something in a way that is personalized to the audience.”

The road to this generalized, automated technology that takes raw numbers from sources such as email, social media feeds and search results and puts them in a personalized context is filled with hurdles. To clear them requires a deep understanding of the nuance and complexity of what makes humans human.

Microsoft’s New York research lab, where Hofman and Goldstein are based, is well suited to clear this hurdle, noted David Pennock, a principal researcher and the lab’s assistant managing director. The lab brings together social scientists and computer scientists to study not just computers, but people and how people behave with computers.

“There’s an extra piece that is important for AI, which is taking the result of the complex algorithm that does all its magic and then actually putting it in a presentable form for people,” said Pennock. “If you want to run a data-driven company, yes you want all the great data; yes, you want to run all the right experiments; and yes, you want to make decisions based on your data. But ultimately, you need it in a form that is presentable to a person who in the end makes the decision.”

Numbers in the news

Hofman and Goldstein started down this road on October 30, 2012. The researchers remember the day because it fell the day after Superstorm Sandy slammed the East Coast. They fought snarled traffic to reach an off-site meeting where they had a brainstorming session on new research directions.

“We proposed the idea of trying to make numbers in the news make sense to the average person,” said Hofman. “Everyone nodded and said, ‘Yeah, that sounds like a good idea.’ We had no idea how good of an idea it was, or wasn’t, or how hard of a problem it was to solve.”

To begin, the researchers recruited people to participate in an online experiment designed to quantify the value of perspectives for the comprehension of unfamiliar numbers. Some participants generated perspective sentences for numbers taken from news articles and others took a series of randomized tests to determine if the perspectives improved recall, estimation and error detection.

For example, a news article noted that “Americans own almost 300 million firearms.” That fact alone might be difficult to estimate or believe if never seen before, and recall even if seen in the past. The researchers found comprehension of U.S. gun ownership improved with the perspective that “300 million firearms is about one firearm for every person in the United States.”

The finding that perspective sentences help people understand numbers in the news prompted the researchers to begin teasing apart why perspectives work. Does merely the repetition of numbers increase memory? Do perspectives add fodder for our brains to noodle over and associate with, leading to more stuff to pull on when it comes time for recall? Do perspectives stake mental flags?

What’s more, are some perspectives better than others? Take the area of Pakistan, for example, which is 307,373 square miles. What comparative rank or measure best helps people understand how big – how much land – 307,373 square miles is? Perhaps, how long it would take to drive across? Or how big it is compared to U.S. states? If comparing to states, which state? Is twice the size of California more helpful than five times larger than Georgia?

“How do you figure out which of those is better? How do you do that in a principled way?” said Chris Riederer, who interned with Hofman and Goldstein while pursuing his Ph.D. at Columbia University and co-authored a paper that describes this phase of the research. “Essentially, what we did is we ran a big survey.”

Study participants compared country sizes and populations to the sizes and populations of various U.S. states. The results show that familiar states combined with simple multipliers, even if less precise, are best. For example, people in the U.S. grasp the area of Pakistan more easily when expressed as roughly twice the size of California than the technically more accurate five times larger than Georgia.

These findings were used to generate the country-area perspectives live on Bing today. Ask the search engine, “How big is Pakistan?” and you’ll learn the square-mile fact along with the pre-computed comparison to California.

Bing and beyond

Bing’s question and answer team is working on additional perspectives to increase comprehension of everything from gas mileage to planet sizes. Bing’s food and drink team deployed perspectives that express calories in terms of minutes of running, protein and sodium in percent of the daily recommendation, grams of sugar in teaspoons of sugar and milligrams of caffeine in cups of coffee.

The decision on how to express each perspective – calories in minutes running versus walking, for example – involves brainstorming over email between the Bing and research teams as well as analysis of data from search logs and surveys, explained Christina Ntouniaoglou, a program manager for Bing’s food and drink team.

“I was thinking it is walking. Why would it be running? There are people who cannot really run. But the survey proved that people actually like the running part, so we went with that,” she said.

The next challenge, said Hofman, is to build a system that automatically creates perspectives so that people can more easily use all the data we have access to today to make informed decisions.

“Computers have lots of facts in lots of databases, but they don’t really know how to rank those facts as more or less useful, or comprehensible, to humans,” he said. “That is the last remaining hurdle – big hurdle – that we need to clear in this project.”

Hofman and Goldstein are applying the latest advances in machine learning, a branch of artificial intelligence, and data analysis to clear this hurdle. Their eyes are fixed on the goal of a generalized service that operates as a plug-in to browsers, email programs and text editors that automatically generates relevant, personalized perspectives for any numbers the users encounter or write.

“If we were infinitely wise and infinitely good at calculating, it wouldn’t really matter how numbers are expressed, it would all be the same to us. But the fact is, some things really cause people to go ‘Aha, now I get it,’” said Goldstein. “This is new territory; looking at how to communicate numbers in a way that gives people insight and memory and comprehension.”

The half decade Hofman has spent on the research project, he said, has already planted perspectives in his brain.

“I am always in the background thinking, ‘Am I presenting this in the most comprehensible way?’”

Related:

John Roach writes about Microsoft research and innovation. Follow him on Twitter.

SAVE Act attempts to bolster election security

Two senators introduced a new election security bill with the aim of providing assistance to states in order to protect against cyberattacks on voting infrastructure.

The bipartisan bill — the Securing America’s Voting Equipment (SAVE) Act — was put forward by Senators Susan Collins (R-Maine) and Martin Heinrich (D-N.M.). The aim of the bill, according to Collins, is to “assist states in protecting the integrity of their voting systems. 

“Our bill seeks to facilitate the information sharing of the threats posed to state election systems by foreign adversaries, to provide guidance to states on how to protect their systems against nefarious activity and, for states who choose to do so, to allow them to access some federal grant money to implement best practices to protect their systems,” Collins said on the Senate floor.

Collins said that she knew of “no evidence to date that actual vote tabulations were manipulated in any state” during the 2016 U.S. election, but noted that the FBI and Department of Homeland Security (DHS) found 21 states had election systems probed by Russian hackers.

“Our democracy hinges on protecting Americans’ ability to fairly choose our own leaders. We must do everything we can to protect the security and integrity of our elections,” Sen. Heinrich said in a public statement. “The SAVE Act would ensure states are better equipped to develop solutions and respond to threats posed to election systems. Until we set up stronger protections of our election systems and take the necessary steps to prevent future foreign influence campaigns, our nation’s democratic institutions will remain vulnerable.”

Requirements of the SAVE Act

According to the announcement, the SAVE Act would require the Director of National Intelligence to designate security clearance to the chief state election official — usually the secretary of state — and share all “appropriate classified information with those state officials to protect election systems from security threats.”

The SAVE Act would also classify state-run election systems as critical infrastructure and require the DHS to work with states to ensure election security.

Prior to the 2016 U.S. presidential election, the DHS offered to aid states with election security and Jeh Johnson, former secretary of Homeland Security, claimed 18 states had accepted that offer.

The SAVE Act would also call for the creation of the “Cooperative Hack the Election” program which would essentially be a bug bounty program for electronic voting systems.

The DEFCON team, which has offered to help election officials test voting equipment, did not respond to requests for comment at the time of this post.

Mike Pittenger, vice president of security strategy at Black Duck, said he thought a bug bounty program would help “build more secure voting machines, assuming the bounties are attractive,” but wanted more information on the SAVE Act.

If we are talking about vote integrity, the major shortcoming of any electronic voting system is an independent, auditable record.
Mike Pittengervice president of security strategy at Black Duck

“The other point to remember is that security is ephemeral. A secure application can become a ripe target overnight if a new vulnerability is disclosed and not remediated. We saw this with Equifax. How can we ensure that every device is updated?” Pittenger told SearchSecurity. “I do worry about designating this as critical infrastructure, however, if it requires that all states and local governments use electronic voting, even if a variety of choices are available.”

At the DEFCON conference in July, Barbara Simons, former president of the Association for Computing Machinery and president of Verified Voting, a non-partisan and non-profit organization promoting laws and regulations that support accuracy, transparency and verifiability of elections, said risk limiting audits are an essential part of ensuring election results but are very difficult with electronic voting systems and are much more effective with paper ballots.

While the SAVE Act calls for audits of election systems for states that receive federal grant money, there are no stipulations for auditing actual election results.

“If we are talking about vote integrity, the major shortcoming of any electronic voting system is an independent, auditable record. With paper voting, someone could miscount ballots or ‘stuff the ballot box.’ It’s not perfect, but when an election is over we can match the records of individuals who registered, and rescan and recount the paper ballots,” Pittenger said. “With electronic voting, we have an electronic audit trail, but any competent criminal would cover their tracks.”

Aligning IT with business still a struggle for enterprises

One of the very first telephone networks to exist in the United States connected 19th century farmers and homesteads with barbed wire. Predating the invention of the telephone in the 1870s, barbed wire sprawled across the prairie as landowners built their homes, and it was able to conduct signals that allowed far-flung and isolated families to talk to one another and feel like they belonged to a community.

The barbed wire telephone system had its challenges, not least of which was stampeding cattle knocking it down. But the people who built it understood a fundamental truth that technology, to be successful, must also support their business need, in this case, to bring people together.

In this issue of Network Evolution, a similar theme of aligning IT with business needs runs throughout. Here, we focus on three critical areas: hardware management, enabling unified communications (UC) and the integration of network management and security.

The hardware underpinning enterprise networks in 2017 has come a long way from barbed wire. Today, for example, more organizations are comfortable putting applications and network functions in the cloud. But deciding what stays on-premises and what goes to the cloud requires communication, and aligning IT with business units, to determine what’s best for the organization.

The call for alignment is not new. The Information Technology Infrastructure Library framework (ITIL) on IT governance to accomplish aligning IT with the business was first established in the 1980s. Now in its third version, ITIL v3 focuses on integrating IT services into all business units.

ITIL v3 itself is a decade old, which means the concept of IT as a business enabler took root well before the unified communications and collaboration market really took off. And yet, IT managers still don’t always know which UC applications are on the network, and enterprise users are unsure which collaboration tools really help them complete the work most important to the organization.

Security could very well be the most important area where aligning IT with business needs is critical. As network attacks continue to increase, network and security teams must possess a singular vision to protect the system, users and information. Yet the two departments more often work in siloes without understanding the roles each performs.

Education is one way for network professionals to understand the importance of aligning IT with business. In this month’s Subnet, one network specialist explains his journey of continuing education and its impact on his career development and why that journey never really stops.