The FBI operates international offices in 78 countries through its International Operations Division to coordinate domestic and foreign investigations and support partner agencies. The document discusses the FBI's Cyber Division which works with cyber agents, cyber action teams, and private/government partners to combat cybercrime threats. Specifically in Ukraine, the FBI works with the SBU and MVD to investigate JabberZeus coders and pursue related spin-off investigations in both countries. The FBI aims to understand, resource, and prosecute cyber threats like account takeovers while informing network defenders.
4. International Operations Division
• Offices in 78 countries
– Partnerships with foreign governments
– Coordinate domestic and foreign
investigations
– Joint Investigations
• Temporary Duty Assignments
– Investigate Crimes affecting the USA
– Support partner country investigations
and special events
5. US Embassy Kyiv
• Liaison with local agencies
– СБУ, МВС and others
• Strategic Outreach
– UISGCON, Universities, etc...
5
8. Cyber Action Team
“Small, highly trained teams of FBI agents, analysts, and
computer forensics and malicious code experts who travel
around the world on a moment’s notice to respond to cyber
intrusions. Along the way, they gather vital intelligence on
emerging threats and trends that helps us identify the
cyber crimes that are most dangerous to our national
security and to our economy.”
8
9. Cyber in Ukraine
• СБУ
– JabberZeus
• Ukrainian Coders
– Spin-off Investigations
• In the USA and Ukraine
• МВС
– ACH and Western Union
• Money mules
• Reversals
– Child Pornography
9
10. Corporate Account Takeover
• Relevance
• Definition and mitigation
– How the scheme works
– What to do about it
• The FBI’s approach to the problem
– Understand the threat
– Apply appropriate resources
– Prosecute the actors
– Inform the network defenders
11. Account Takeovers
• Credentials are stolen
• Money Mule networks activated
• Fraudulent ACH transfers initiated
• Money is ultimately wired overseas
12. Scope of the Scheme
• Attempted transactions: $85 million
• Actual losses: $40 million
• Mule network: 2400 and counting
• Transaction destinations: 355
13. Money Mules
• Small army
– 2,400 and counting
– Some likely witting
• Recruited through “Work at Home” Ads
– Also via Monster and CareerBuilder
• Hired as “Financial Managers” or “Payment
Processors”
• Open bank accounts in true names
• Receive ACH transfers
– Cash out
– Wire the money to account in
• Russia, Ukraine, Moldova
• Usually Western Union or Moneygram
14. Work at Home
Scope Group, Inc.
Founded in 1990 in New York