評論
打印
Banks and fraud
銀行與騙子
Hacking back
黑客歸來
Bankers go undercover to catch bad guys
銀行業者為抓壞蛋化身臥底
Funny, you don't look like a banker
搞笑,你看起來并不像銀行業者
FIVE years ago MI5,Britain's security service, sent a document to British firms, giving warning that Chinese spies could be seeking to “exploit vulnerabilities such as sexual relationships” among Western businesspeople. Moneymen are obvious targets for honey traps, but they can set them too—as they are increasingly doing to catch cyber-fraudsters.
5年前,英國的安全部門軍情五處向英國的公司發送了一個預警文件:中國間諜可能正尋找西方商人可利用的弱點,如性關系。顯而易見,美人計是沖著經融家來的,但銀行家們也可以使用反間計,正如他們為了抓住網絡間諜所做的那樣。
A midsized American bank has taken a leaf out of Ian Fleming's book with a project, known internally as “Honey Banker”, to smoke out fraudulent payments. It has created a coterie of non-existent bankers, with fake e-mail addresses and biographies, whose details appear on bogus web pages not linked to the rest of the bank's website. If a transfer request comes in to one of these aliases, it is likely to be from a fraudster. The bank blocks the sender's internet address, pending further investigation.
美國一家中型銀行仿照Ian Fleming書中的一個計劃,行內稱為“蜂蜜銀行家”,類似為取蜂蜜而用煙將蜜蜂熏趕出蜂巢那樣查出欺詐性付款。這一計劃創造了一個不存在的銀行家的小群體,他們使用虛假的郵箱地址和生平事跡,他們的詳細資料刊登在虛假的網頁上,且這些網頁沒有鏈接到其他的銀行網站。如果有人將轉會申請提交給其中一個化名銀行家,他就有可能是個騙子。銀行就會封鎖申請者的網絡地址,以等待進一步調查。
Though not yet widespread, this sort of counter-intelligence tactic is becoming more common as banks look for creative ways to ensnare the online scammers, says Aaron Glover, a fraud expert at SunTrust, another American bank. Some banks have hired professional spies, as HSBC did when it employed a former head of MI5.
就職于另一家美國銀行SunTrust的防騙專家Aaron Glover說,這種反間諜策略盡管還未被廣泛使用,但隨著銀行尋找創造性的方法來誘捕網絡騙子,這種策略正變得越來越普遍。正如匯豐銀行以前聘請軍情五處的前負責人那樣,一些銀行已經聘請了專業的間諜。
The amount a fraudster can steal depends on the number of “mule” accounts—set up by paid or cajoled accomplices—that he has to divert funds into. This number is constrained by account-opening restrictions, including requirements that accounts have to be opened in person. East European crime rings will pay mules to fly toAmerica, where they can set up accounts as non-resident aliens. Other fraudsters will persuade gullible Americans to open accounts in their own name and hand over the details, after convincing them that they have been picked as “secret shoppers” to rate bank service. Even so, “scammers have a finite supply of mule accounts,” says Mr Glover. “The more of them that can be identified and shut off using undercover operations, the less room [criminals] have to operate.”
詐騙者能夠竊取的數量取決于洗錢賬戶的數目,這些賬戶由收買的或誘騙的共犯開設的,而詐騙者必定會將資金轉入這些賬戶。賬戶數目受到開戶條件的限制,包括必須由本人人親自去開戶。東歐的犯罪團伙花錢雇傭洗錢者飛往美國,并使用偷來的身份證以非定居的外國人身份開設賬戶。其他詐騙者將勸說易被騙的美國人去以他們自己的名義開戶,在說服他們之后,他們就被選為用來評價銀行服務的“神秘顧客”。 Glover先生說,“即使如此,詐騙者擁有限量供應的洗錢賬戶。臥底行動若能辨識并關閉越多的洗錢賬戶,那么詐騙者所能運作的犯罪空間就越少。”
Banks are also using similar strategies to infiltrate the dark recesses of the internet in which criminals buy and sell stolen financial data. A fraud investigator at a large American bank says that since the massive theft of credit-card data last year from Target, a retailer, his bank has become a more active participant in “carder forums”, where card numbers are hawked for between $20 and $100 apiece, often in batches of 1m or more. Two recent sales were dubbed “Tortuga” and “Eagle Claw”.
銀行也使用類似的策略滲透到互聯網的黑暗角落,罪犯在這里購買和出售偷來的財務數據。一個美國大型銀行的欺詐調查員說,自從去年從一個名為Target的零售商店那里發生大量盜用信用卡數據的事件后,他所在的銀行變得更加活躍的參與 “持卡人論壇” ,在這里人們叫賣信用卡號從每個20美元到100美元不等,通常一次性交易一百萬串卡號或更多。最近的兩次交易代號為“龜島”和“鷹爪”。
Some banks scour the forums in the hope of gathering intelligence on which of their cards have been compromised, so they can cancel them before they are sold on—as opposed to waiting for suspect transactions to appear on statements. A few banks are even believed to have bid in black-market bazaars to buy the details of cards they suspected they issued themselves, but could not identify for certain because details were concealed until purchase, in order to learn more about where and when data breaches occurred.
一些銀行搜索著論壇,希望收集到關于他們的卡已經被盜用的情報,這樣一來就可以在這些卡在黑市上交易之前注銷它們,而不是一味的等待出現可疑交易的報告。有人認為,一些銀行為了更多的了解數據泄露是何時何地發生的,甚至在黑市上競購那些疑似本行發行的卡的詳細信息,但他們不能完全確定,因為這些詳細信息在競購到手之前都是保密的,。
This subterfuge partly reflects the need to be more proactive in the face of rampant cyber-fraud. But there is a regulatory motive, too.America's Financial Crimes Enforcement Network, the arm of the Treasury tasked with fighting illicit finance, has been broadening its definition of money laundering, bankers say. This raises the prospect of large fines for inadequate anti-money-laundering controls for banks that aren't deemed to be doing enough to combat these scourges. Some bankers may feel they have as much to fear from the agencies that regulate them as from the criminals who infiltrate them.
這一策略一定程度上反映了更積極的面對猖獗的網絡詐騙的必要性。但也有治理的目標。銀行家說,財政部負責打擊非法金融的武器,既美國金融犯罪調查合作局,已經放寬了洗錢的定義。這使得銀行可能被認為在應對反洗錢控制方面做的不足而面臨高額罰款。一些銀行家可能會覺得,管理銀行的機構與入侵銀行的罪犯一樣令人擔憂。
