The FBI operates international offices in 78 countries through its International Operations Division to coordinate domestic and foreign investigations and support partner agencies. The document discusses the FBI's Cyber Division which works with cyber agents, cyber action teams, and private/government partners to combat cybercrime threats. Specifically in Ukraine, the FBI works with the SBU and MVD to investigate JabberZeus coders and pursue related spin-off investigations in both countries. The FBI aims to understand, resource, and prosecute cyber threats like account takeovers while informing network defenders.

1. The FBI Overseas
Ajeet Singh
Assistant Legal Attaché
Kyiv, Ukraine
5 October 2012

2. Overview
• International Operations Division
• Cyber Division
• Partnerships
– Private - Government
• Combatting Cyber Crime in Ukraine
– SBU
– MVD
2

3. Where are we?
3

4. International Operations Division
• Offices in 78 countries
– Partnerships with foreign governments
– Coordinate domestic and foreign
investigations
– Joint Investigations
• Temporary Duty Assignments
– Investigate Crimes affecting the USA
– Support partner country investigations
and special events

5. US Embassy Kyiv
• Liaison with local agencies
– СБУ, МВС and others
• Strategic Outreach
– UISGCON, Universities, etc...
5

6. Technical and Investigative
Support
6

7. Cyber Division
• Constantly Evolving
• Cyber Watch
• Computer Intrusions
– Cyber Agents
– Cyber Action Team
• Outreach
– US Agencies - NCIJTF
– International Agencies - Cyber ALATs
– Private Sector - Infragard
7

8. Cyber Action Team
“Small, highly trained teams of FBI agents, analysts, and
computer forensics and malicious code experts who travel
around the world on a moment’s notice to respond to cyber
intrusions. Along the way, they gather vital intelligence on
emerging threats and trends that helps us identify the
cyber crimes that are most dangerous to our national
security and to our economy.”
8

9. Cyber in Ukraine
• СБУ
– JabberZeus
• Ukrainian Coders
– Spin-off Investigations
• In the USA and Ukraine
• МВС
– ACH and Western Union
• Money mules
• Reversals
– Child Pornography
9

10. Corporate Account Takeover
• Relevance
• Definition and mitigation
– How the scheme works
– What to do about it
• The FBI’s approach to the problem
– Understand the threat
– Apply appropriate resources
– Prosecute the actors
– Inform the network defenders

11. Account Takeovers
• Credentials are stolen
• Money Mule networks activated
• Fraudulent ACH transfers initiated
• Money is ultimately wired overseas

12. Scope of the Scheme
• Attempted transactions: $85 million
• Actual losses: $40 million
• Mule network: 2400 and counting
• Transaction destinations: 355

13. Money Mules
• Small army
– 2,400 and counting
– Some likely witting
• Recruited through “Work at Home” Ads
– Also via Monster and CareerBuilder
• Hired as “Financial Managers” or “Payment
Processors”
• Open bank accounts in true names
• Receive ACH transfers
– Cash out
– Wire the money to account in
• Russia, Ukraine, Moldova
• Usually Western Union or Moneygram

14. Work at Home
Scope Group, Inc.
Founded in 1990 in New York

15. Emarket Solutions, Inc.

16. Welcome Aboard
“Congratulations on your
Joining Scope Group, Inc.”
“Financial Manager”
“..you’ll get your first task
Within 5 business days…”

17. The Task
“Please review transfer
details:”
$9,815
“Withdraw the funds”
“Transfer via Western
Union (Money Gram)”

18. Protection, Detection, and Response
• Strong authentication
• Anomalous/fraudulent transaction
detection
• Out-of-band transaction authentication
• Defense-in-depth
• Avoiding reliance on signature-based
intrusion detection & anti-virus systems
• Customer education and awareness

19. Federal Bureau of Investigation
Assistant Legal Attaché
Ajeet Singh
Ajeet.Singh@ic.fbi.gov