Few have witnessed the developments in cybercrime unfold over the past 20 years as closely as Jeff Lanza. The former FBI agent has followed the progression of white-collar crime since the 1980s and has seen first-hand how investigations went from being all about catching gangsters operating in the physical world, to catching online hackers in just a matter of years.
Now ahead of Lanza’s appearance as a keynote speaker at PrivSec Global, we take a look back at his career to date and how he is doing his bit to tackle a whole new generation of threats.
Earlier in his career, Lanza was involved in a lengthy FBI investigation that resulted in the prosecution of persons responsible for transporting women to the United States to work in massage parlors. He has written two critically acclaimed books, Memoirs of a Sex Slave Survivor, and Pistols to the Press and has lectured at Harvard and Princeton universities.
After retiring, Lanza has made multiple TV appearances on platforms such as CNBC to discuss the evolving threat of cybercrime. He is now one of the world’s most sought-after cybersecurity experts.
Starting his career as an FBI agent in 1988 owing to his keen interest in what he describes as “catching the mob”, Lanza began investigating organised crime groups, which was the primary focus of FBI and law enforcement investigations throughout the 1980s. In the 1990s, Lanza, along with the FBI, turned their attention to tackling drug trafficking and exploitation.
In the 2000s, Lanza was well placed to witness the genesis of cybercrime as we have come to know it today. Following the events of 9/11, counterterrorism as a global surveillance initiative was born and US law enforcement agencies were given greater surveillance powers to execute a form of “preventative law enforcement” to reduce potential threats on a transnational scale.
Additionally, with the rapid development of the internet, global criminals began taking advantage of sectors such as banking, HR and retail stores moving their services online. This attracted a new wave of intrusion attacks designed to take advantage of the vulnerabilities in unformed digital systems.
“I have seen Russian gangsters paying millions of dollars for cyberattacks and since then criminals started turning into hackers for this cyberwarfare. There’s a list of 30 most wanted cyber criminals committing cybercrime around the world available on the website of the FBI.”
Lanza retired from the FBI in 2008 but has continued to work as a spokesperson for the bureau to advise businesses on how they can make their cyber defence systems impenetrable against a continuously evolving threat.
In the 2010s, systems became tighter and preventative measures became necessary, making it more difficult for hackers to access computer networks themselves. As a result, intrusion attacks evolved to eventually bypass the monetisation of stolen information; hackers were now going directly to bank accounts and transferring the money into other accounts by using malware to steal login credentials – this became known as wire transfer fraud.
The money would likely be sent to countries like Cyprus that have little to no money laundering oversight. CEOs and company bosses became easy targets for this type of crime, known as “spoofing the boss” in law enforcement, says Lanza.
One of the most destructive hacking attacks in history was the Bangladesh Bank cyber heist in 2016, Lanza explains in a recent cybersecurity webinar. Wire transfer fraud was used to steal Bangladeshi money controlled by the Federal Reserve Bank in New York through stolen credentials. The criminals transferred over 100 million US dollars to foreign accounts with very little of it being recovered, Lanza said.
As we stand, cybercrime activities such as wire transfer fraud remain an issue, but to a lesser extent as older forms of cybercrime become less profitable and preventative measures become more vigorous.
The 2010s, however, brought a cultural shift, in which the onus of preventing a large portion of white-collar crime was placed, in part, on the connected citizen. Lanza uses his credibility within the field of cybersecurity to inform businesses and internet users on how they can take advantage of the preventability of cybercrime by implementing air-gap backup and immutability strategies.
In recent years, the responsibility of business owners to prevent cybercrime such as ransomware attacks in their company has become significant in the corporate world, particularly for large companies and banks but also in healthcare institutes and schools.
“Cybercriminals have become more and more sophisticated in the last decade,” Lanza said at LockPath’s Ready Summit.
“It’s up to individuals and businesses to ensure they are not an easy target for cybercrime, by taking the necessary precautions online and implementing strong information security programs in their organizations.”
As Lanza explains, ransomware is not new; the first case occurred in 1989. However, it has accelerated in the past few years due to the decrease in profitability of other forms of cybercrime and the traceability of wire transfer fraud. But the “real crime” behind ransomware that companies are facing today, says Lanza, is the loss of money related to downtime and being out of business until security systems are retrieved.
Because of this, businesses began backing up their data to avoid paying a ransom if the situation occurred. As a result, hackers progressed to deleting or encrypting backup files so companies could not recover quickly without paying ransom.
Today, Lanza is following the progression in cybercrime as the continuous struggle between cyber security and mutating cybercrime reaches an unprecedented level during the economic and social disruption caused by COVID-19.
Remote workers have become easy targets for hackers as malware can be more easily installed on a device using a public or unsecure network and can then be transferred across all company networks. Additionally, with hospitals in crisis and under less control of IT specialists, hackers are looking to make the most profit through optimum damage by targeting institutions that rely on computers for patient safety.
However, as reported by the Economic Times, “paying cyber criminals for data doesn’t ensure that you will have your systems back,” says Lanza. “In many of my cases at FBI, I have seen that hackers create honey pots to lure the company in paying ransom and then exploit their mainframe to even gain access to more critical data which resides down their mainframe system.”
Lanza encourages businesses to take a preventative approach by taking advantage of the preventability of crimes such as ransomware by tidying up their “security hygiene” and training their employees to recognise potential threats.