Financial Crime: Business As Usual?
September 22, 2020
DarkCyber noted “HSBC Moved Vast Sums of Dirty Money after Paying Record Laundering Fine.” The article makes clear that banks do what banks do: Move money. Why? To make money, earn bonuses, and become a master of the banking universe.
Is anyone surprised? The authors of the write up seem to be. We noted this passage:
The FinCEN Files investigation found that HSBC’s highly profitable branch in Hong Kong played a key role in keeping the dirty money flowing. Although providing only a partial view of HSBC’s suspicious activity reports, the records show that between 2013 and 2017, HSBC’s U.S. compliance staff, who are charged with monitoring customer activity, filed reports lacking crucial customer information on 16 shell companies that had processed nearly $1.5 billion in more than 6,800 transactions through the bank’s Hong Kong operations alone. More than $900 million of that total involved shell companies linked to alleged criminal networks…
Institutions have processes. Once processes kick in, the paper pushing and the employees keep the wheels turning. The “work” is following the “rules” in order to complete tasks. Changing work processes in a large organization is difficult, often impossible. Quibi makes videos few watch. Facebook sells targeted ads across borders based on free flowing data. Successful organizations are successful because individuals find ways to generate profit from tasks others find giant money losers.
The write up hits the problem right between the eyes, stating:
Compliance officers said that the bank did not give them enough time to meaningfully investigate suspicious transactions and that branches outside the U.S. often ignored requests for crucial customer information. They said they were treated as a second-class workforce within the bank, with little power to shut down problematic accounts.
The exposition about the HSBC big bank is a reminder that institutions are, supercharged with online systems, smart software, and people who follow prescribed work procedures. In these efficient organizations, making money is the driver.
Regulators, compliance officers, and employees are unable to take meaningful action. Is it a surprise that “The Risk Makers: Viral Hate, Election Interference, and Hacked Accounts: Inside the Tech Industry’s Decades-Long Failure to Reckon with Risk” reaches an obvious conclusion: Money is the driver.
Consider the question, “What’s gone wrong?”
The answer is, “Nothing.” The system is what regulators, employees, and people want it seems.
Observations:
- A new definition of “crime” may be needed to embrace the reality of institutional behavior
- Regulatory authorities struggle to deal with corporate entities which are more impactful than governments
- Individuals appear willing to skirt social norms in order to feather their nest and craft a life outside of certain institutions.
Intriguing challenges for the institutions, their employees, and the governments charged with enforcing rules, laws, and mandated behaviors.
Stephen E Arnold, September 23, 2020
Another Swiftian Moment? Who Is Working for Whom?
September 21, 2020
I spotted “It’s Ridiculous. Underfunded FTC and DOJ Can’t Keep Fighting the Tech Giants Like This.” The information in the write up may be one of those spontaneous search engine optimization ploys or the work of super-intelligent smart software. To my inexperienced eyes, the write up seems to be semi accurate.
The idea is that “US regulators don’t have enough money to properly check the tech giants.” I would suggest that the revolving door, free logo bedecked mouse pads, and nifty briefings with edible food are also among the reasons.
The write up asserts:
The Federal Trade Commission and Department of Justice’s antitrust division have a combined annual budget below what Facebook makes in three days. The FTC runs on less than $350 million per year, the DOJ’s antitrust division on less than $200 million. Facebook made $18 billion last quarter alone. The funding disparity between the tech giants and their regulators leads to an unbalanced fight, current and ex-staffers said: The agencies can’t investigate the tech giants to the extent they’d like.
The write up did not mention taxes, but is that significant? Of course not.
The write up also does not point out that the demographics of staff in some Federal agencies may suggest that the contest between enforcers and the enforced is a bit like the Barcelona soccer team taking on a group of under 12s in a match.
The write up may be getting close to the resource disparity. The larger question may be, “Who is working for whom?”
Stephen E Arnold, September 21, 2020
TikTok Ticks Along
September 18, 2020
US President Donald Trump allegedly banned Americans from using TikTok, because of potential information leaks to China. In an ironic twist, The Intercept explains “Leaked Documents Reveal What TikTok Shares With Authorities—In The U.S.” It is not a secret in the United States that social media platforms from TikTok to Facebook collect user data as ways to spy and sell products.
While the US monitors its citizens, it does not take the same censorship measures as China does with its people. It is alarming the amount of data TikTok gathers for the Chinese, but leaked documents show that the US also accesses that data. Data privacy has been a controversial topic for years within the United States and experts argue that TikTok collects the same type of information as Google, Amazon, and Facebook. The documents reveal that ByteDance, TikTok’s parent company, the FBI, and Department of Homeland Security monitored the platform.
Law enforcement officials use TikTok as a means to monitor social unrest related to the death of George Floyd. Floyd suffocated when a police officer cut off his oxygen attempting to restrain him during arrest. TikTok users post videos about Black Lives Matter, police protests, tips for disarming law enforcement, and even jokes about the US’s current upheaval. TikTok’s user agreement says it collects information and will share it with third parties. The third parties include law enforcement if TikTok feels there is an imminent danger.
TikTok, however, also censors videos, particularly those the Chinese government dislikes. These videos include political views, the Hong Kong protests, Uyghur internment camps, and people considered poor, disabled, or ugly.
Trump might try to make the US appear as the better country, but:
““The common concern, whether we’re talking about TikTok or Huawei, isn’t the intentions of that company necessarily but the framework within which it operates,” said Elsa Kania, an expert on Chinese technology at the Center for a New American Security. “You could criticize American companies for having an opaque relationship to the U.S. government, but there definitely is a different character to the ecosystem.” At the same time, she added, the Trump administration’s actions, including a handling of Portland protests that brought to mind the police crackdown in Hong Kong, have undercut official critiques of Chinese practices: “At a moment when we’re seeing attempts by the administration to draw a contrast in terms of values and ideology with China, these eerie parallels that keep recurring do really undermine that.”
Where is the matter now? We will have to ask an oracle.
Whitney Grace, September 18, 2020
Passport Report: Useful Guidance for Governments and Bad Actors?
September 15, 2020
The consulting firm Bearing Point is an interesting outfit. Marketing, of course, is job one. DarkCyber noted “BearingPoint Study Assesses the Digital Maturity of Passport Services in Countries around the Globe.” The document provides the firm’s assessment of government processes related to digital work flows. Not surprisingly, the report finds opportunities for improvement across the 20 countries surveyed.
A passage DarkCyber noted states:
No examined countries currently assessed to be at level five.
Surprising? No, the object of the study is to sell consulting services for online passport application services.
However, the report provides some useful insights for bad actors interested in figuring out what type of false documents to purchase via an illegal channel. That’s right. The report is a compendium of ideas for bad actors; for example:
The study covers twenty countries selected from across Europe and other regions. The countries included in the study are Australia, Austria, Belgium, Brazil, Canada, Denmark, Estonia, Finland, France, Germany, Ireland, the Netherlands, New Zealand, Norway, Romania, Singapore, Sweden, Switzerland, the UK, and the USA. Of the countries included in the study, eleven offered a partial or full online passport application service. Australia, Brazil, Estonia, France, Switzerland, and the USA were assessed at level three in the service maturity assessment. Level three represents a partial online application service in which citizens can submit application details (all data required excluding the passport image) online, in advance of attending an appointment to complete the application. The critical efficiency at this level is minimizing the volume of data inaccuracy associated with paper applications and capturing the data in advance of attending a public office, which leads to a reduction in data errors and also provides a more efficient service. Finland, Ireland, New Zealand, Singapore and the UK were assessed at level four. This represents a passport service that offers citizens an entirely online application process, though some offline interaction may be required. Passport services at this level offer online services for handling problems with the application, for example, resubmitting a photo digitally if the initially submitted photo did not meet specified standards.
The countries with what appear to be business processes in need of digital enhancement are countries like Romania and Sweden. Sweden?
The report could be used as a shopping guide for false documents which may be used to enter a country illegally. On the other hand, the report is designed to help Bearing Point sell consulting services.
Interesting information if the data are accurate.
Stephen E Arnold, September 15, 2020
US and Cyber Proactivity
September 15, 2020
Kinetic assaults on the United States still pose a great risk, but even greater threats exist in digital spaces. Hacking, malware, viruses, and more could potentially damage the American way of life more than a physical attack. The Star Tribune reports that, “Military’s Top Cyber Official Defends More Aggressive Stance” on attacks taking place in the Internet. General Paul Nakasone defends the more aggressive stance, because the military has become more proactive in order to defeat sophisticated threats.
Nakasone stated that instead of having a “reactive, defensive posture” that military is meeting foreign adversaries online. Instead of waiting to be attacked, the military investigates potential threats and takes necessary action to stop them. Two examples of taking offensive action are:
“As an example, Nakasone cited a mission from last October in which Cyber Command dispatched an elite team of experts to Montenegro to join forces with the tiny Balkan state, which was targeted by Russia-linked hackers. The “hunt forward” mission not only helped defend an ally but was also an opportunity for the U.S. to improve its own cyber defenses before the 2020 election, Nakasone wrote. Cyber Command and NSA worked before the 2018 U.S. midterm election to protect against Russian meddling, he said, creating a task force that shared information about potential compromises and other threats, including how to counter trolls on social media.”
Arguably this prevented interferences in the US midterm elections and the plans are to prevent more possible threats for the 2020 presidential election.
Cyber Command was established in 2010 to defend against cyber attacks on the Department of Defense’s classified and unclassified networks. Cyber Command’s offensive strategy has changed from its original purpose to “proactively hunt for adversary malware on our own networks rather than simply waiting for an intrusion to be identified.” Cyber Command also shares information on malware as its discovered so its less of a threat.
Inaction often leads to attacks that could be avoided. If Cyber Command does nothing, then when an attack occurs people are upset. However, if Cyber Command is on the offensive it is seen as unnecessary aggression by certain parties. It is a catch-22, but also not.
Whitney Grace, September 15, 2020
Nvidia Arm: An Artificial Intelligence Angle. Oh, Maybe a Monopoly Play Too?
September 14, 2020
As the claims, rumors, and outrage about Nvidia’s alleged acquisition of ARM swirl, DarkCyber noted an interesting story in ExtremeTech. “Nvidia Buys ARM for $40 Billion, Plans New AI Research Center” states:
According to Nvidia CEO Jensen Huang,
We are joining arms with Arm to create the leading computing company for the age of AI. AI is the most powerful technology force of our time. Learning from data, AI supercomputers can write software no human can. Amazingly, AI software can perceive its environment, infer the best plan, and act intelligently. This new form of software will expand computing to every corner of the globe. Someday, trillions of computers running AI will create a new internet — the internet-of-things — thousands of times bigger than today’s internet-of-people. In the same letter, Jensen notes that Nvidia will build a “world-class” AI center in Cambridge, where a state-of-the-art ARM-based supercomputer will conduct research. [Emphasis added by DarkCyber]
Assume the deal goes through. Assume Nvidia creates a new AI research center. Are there some implications of this type of move? Who knows, but it is often helpful to identify some potential downstream consequences:
- Nvidia becomes the de facto supplier of silicon for supercomputers
- Amazon, already keen on Nvidia, ramps up its efforts to boost Sagemaker and allied technologies in the AWS environment
- Google and Microsoft have to do some thinking about their approach to next-generation silicon
- IBM may be inspired to do more than issue Intel style news releases about creating stable silicon using fabrication techniques outside their competencies at this time
- Chinese and China-allied semiconductor companies will have to shift into a higher gear and amp up their marketing
Will the deal, if it takes place, create the semiconductor equivalent of a Facebook monopoly?
That’s a possibility. Those US regulators are on the job, ever vigilant, just like those on Wall Street.
Stephen E Arnold, September 17, 2020
Digital Currency Now Becoming Visible
September 14, 2020
Did you think your Bitcoin was beyond the long arm of tax law? Sorry to break it to you, but it is not. Not only does the IRS now ask about cryptocurrency transactions on the front page of form 1040, the agency has acquired a list of digital currency users, we learn from the article, “IRS Sends Fresh Round of Tax Warning Letters to Cryptocurrency Owners” at Bitcoin.com News. Cointracker’s Chandan Lodha suspects the IRS built this mailing list from a subpoena of Coinbase data, though the agency has subpoenaed several other exchanges and is using blockchain analytics software. So much for secret transactions. Writer Kevin Helms reports:
“Several tax service providers revealed on Tuesday that their clients have received a warning letter from the IRS similar to those the agency sent to about 10,000 crypto owners last year. There are three types of letters. The first type, Letter 6173, specifies a date by which the taxpayer must respond or their tax account will be examined by the agency. The other two, Letter 6174 and 6174-A, only remind taxpayers of their tax obligations. The Taxpayer Advocate Service, an independent organization within the IRS, has said that the IRS letters violate taxpayers’ rights. … The IRS letter proceeds to advise cryptocurrency owners that if they did not accurately report the cryptocurrency transactions on the federal income tax return, they should ‘file amended returns or delinquent returns.’ The agency warned: ‘If you do not accurately report your virtual currency transactions, you may be subject to future civil and criminal enforcement activity.’”
The assertion that these letters violate taxpayers’ rights rests on the right to privacy described in the IRS’ own Taxpayer Bill of Rights (PDF). We do not suggest anyone count on that claim to keep them out of trouble, however. The agency has helpfully published guidelines for those who must report cryptocurrency transactions, as discussed in this article.
Cynthia Murrell, September 14, 2020
Yo, Kafka: Check Out This Bureaucratic Play
September 9, 2020
“Beijing Floats a Plan to Protect Chinese Companies from American Cyber Bullying” is an interesting news report. Let’s assume that it is accurate with nothing lost in translation. The write up states:
In a speech Tuesday, Chinese State Councillor Wang Yi proposed a set of international rules intended to increase trust and refute the Trump administration’s strategy to limit the reach of Chinese-made technologies. Wang said the “Global Initiative on Data Security” is a recognition that data protection techniques are increasingly politicized at a moment when “individual countries” are “bullying” others, sometimes “hunting” foreign-based companies.
The political questions are outside the scope of DarkCyber. The semantic issues are getting into the research team’s area of interest.
What’s important is that this is a content object which may be weaponized. Who is bullying whom? Has security become the equivalent of accosting a person of improper behavior? What’s hunting mean?
Worth noting.
Stephen E Arnold, September 9, 2020
Amazon: Employee Surveillance and the Bezos Bulldozer with DeepLens, Ring, and Alexa Upgrades
September 4, 2020
Editor’s Note: This link to Eyes Everywhere: Amazon’s Surveillance Infrastructure and Revitalizing Worker Power may go bad; that is, happy 404 to you. There’s not much DarkCyber can do. Just a heads up, gentle reader.
The information in a report by Open Markets called Amazon’s Surveillance Infrastructure and Revitalizing Worker Power may be difficult to verify and comprehend. People think of Amazon in terms of boxes with smiley faces and quick deliveries of dog food and Lightning cables.
Happy Amazon boxes.
The 34 page document paints a picture of sad Amazon boxes.
The main point is that the Bezos bulldozer drives over employees, not just local, regional, and national retail outlets:
A fundamental aspect of its power is the corporation’s ability to surveil every aspect of its workers’ behavior and use the surveillance to create a harsh and dehumanizing working environment that produces a constant state of fear, as well as physical and mental anguish. The corporation’s extensive and pervasive surveillance practices deter workers from collectively organizing and harm their physical and mental health. Amazon’s vast surveillance infrastructure constantly makes workers aware that every single movement they make is tracked and scrutinized. When workers make the slightest mistake, Amazon can use its surveillance infrastructure to terminate them.
Several observations:
- Amazon is doing what Amazon does. Just like beavers doing what beavers do. Changing behavior is not easy. Evidence: Ask the parents of a child addicted to opioids.
- Stakeholders are happy. Think of the the song with the line “money, money, money.”
- Amazon has the cash, clout, and commitment to pay for lobbying the US government. So far the President of the United States has been able to catch Amazon’s attention with a JEDI sword strike, but that’s not slowed down Darth Jeff.
Net net: After 20 plus years of zero meaningful regulation, the activities of the Bezos bulldozer should be viewed as a force (like “May the force be with you.”) DarkCyber wants to point out that Amazon is also in the policeware business. The write up may be viewed as validation of Amazon’s investments in this market sector.
Stephen E Arnold, September 4, 2020
Maps with Blank Spots
September 2, 2020
We noted the “real” news outfit story “Blanked-Out Spots On China’s Maps Helped Us Uncover Xinjiang’s Camps.” The how to is interesting. We learned:
Our breakthrough came when we noticed that there was some sort of issue with satellite imagery tiles loading in the vicinity of one of the known camps while using the Chinese mapping platform Baidu Maps. The satellite imagery was old, but otherwise fine when zoomed out — but at a certain point, plain light gray tiles would appear over the camp location. They disappeared as you zoomed in further, while the satellite imagery was replaced by the standard gray reference tiles, which showed features such as building outlines and roads. At that time, Baidu only had satellite imagery at medium resolution in most parts of Xinjiang, which would be replaced by their general reference map tiles when you zoomed in closer. That wasn’t what was happening here — these light gray tiles at the camp location were a different color than the reference map tiles and lacked any drawn information, such as roads.
After reading the article, DarkCyber wonders what other interesting sites are missing?
Stephen E Arnold, September 2, 2010
-
- Subscribe to Beyond Search
Feature archive
News archive
-
