RSA Conference 2023 ― San Francisco ― Forming a partnership with law enforcement is essential to proactively respond to financially motivated cybercrimes, the United States Secret Service (USSS) expert asserted on Monday.
Matt O’Neill, Deputy Special Agent at the USSS Criminal Investigation Division and Head of the Global Investigative Operations Center (GIOC), stressed the importance of building a relationship with the government in advance while referring to the staggering speed of attacks.
Cybercrimes, which are currently associated with spear phishing and ransomware, have achieved a higher level of sophistication both in quality and pace and have developed highly coordinated networks worldwide, according to the USSS. To address these challenges, the agency has been leveraging partnerships with private companies.
“We cannot just hope that we arrest these guys downstream,” O’Neill elaborated in a panel discussion on modern bank heists at the RSA Conference. “They are too good, and they are too fast, so we leverage our partnerships with the payment industry.”
The investigator cited a case where the Secret Service seized a cybercriminal named Ghaleb Alaumary. Alaumary, who had been money laundering 40 to 50 million dollars a month for business email compromise (BEC) actors and was pursued as one of the top-tier targets by U.S. law enforcement, was arrested in February of 2021 after years of cooperative efforts between public agencies and third parties abroad. Seven months later, Alaumary was sentenced to 140 months in federal prison for conspiring to launder illicit assets, including an enormous online banking theft by North Korean threat actors.
“Almost everything that we are going to talk about is not waiting until the problem happens to build these relationships,” said O’Neill. When a company has developed a relationship with law enforcement, the chances of being notified by the public sector increase, which leads to a successful defense against threats.
“Identify an agent in your area, whether it is secret service and FBI (Federal Bureau of Investigation),” mentioned O’Neill. “If at all possible, get their personal number because these things happen at 11 o’clock at night and 1 o’clock in the morning. You do not have time, whether it is BECs or ransomware. You do not have time to wait until Monday.”
Ronald Green, chair of the USSS, also joined the discussion and emphasized that the public private partnership requires both parties to participate. Although private firms can connect to many public institutions without paying any costs, those firms should not “just sit there like a sponge and absorb everything.”
“They are going to put things out. You should put things in, too. We need to work on this together,” added Green. “It takes a network to defeat a network.”
The cover photo of this article was taken by Dain Oh.