As the fight against cyber crime intensifies, IT security companies are increasingly immersing themselves in the underworld alongside law enforcement agencies, in attempts to broaden their understanding of emerging trends and stop the cycle of fraud as early as possible.
This is according to Daniel Cohen, head of business development for EMC's security entity RSA in Israel. He says solutions include anti-fraud operations for a range of financial institutions across the globe and, although their names could not be revealed, South African banks are also among the company's clients.
The company conducts various anti-fraud operations and intelligence-gathering initiatives across numerous global platforms.
Two members of RSA's cyber crime intelligence unit, identified only as Gabriel and Hadar, are tasked with learning the ins and outs of the cyber criminal underworld.
The two work as undercover agents, monitoring the cyber underground, entering cyber crime forums and engaging fraudsters to gain new insights into new crime vectors and methods.
But to cut it as an agent for any anti-fraud operation, according to Gabriel, depends on the right mix of personality traits. "It's a combination of things, including your past experience and also your personality. Some people are more detail-oriented than others and others are more analytical, and both are valuable."
While some people in the team have studied psychology and criminology, a lot of the work is about being able to cope in the moment when you're trying to stop the fraudsters.
Hadar adds that understanding and using the terms, slang and methodology of the underground is an important part of building social capital on those platforms. "If you don't know how to interact with the people on the forums, you could easily ruin or 'burn' your identity and lose credibility."
Tightening the net
According to the cyber intelligence agents, a lot of their work entails one-on-one interactions with fraudsters, or even group conversations with fraudsters, with the intention of retrieving sensitive information to pass on to RSA's customers.
Gabriel says: "We get on the forums, start talking to people who are offering to sell us credit card details or other stolen information, and then when we agree on an amount of money, they give us the card details and we get in touch with the relevant bank to alert them that details have been compromised.
"In other cases, we use the underground forums and networks to gain an understanding of new malware attack methods and vectors in order to better protect clients. A lot of the innovations and new ideas come out of Russia, but once they catch on, they spread quickly," he says.
But it's not always smooth sailing, adds Hadar, and - since fraudsters also want to stay ahead of law enforcement and security companies that are infiltrating their platforms - the degree of suspicion has heightened in recent years.
"Sometimes you'll get asked if you're a policeman and they'll be persistent. Our first instinct in that case is usually to try and brush it off, hopefully until they drop their guard again.
"Maybe I'll joke and tell them that the police don't pay me enough to do this, or just dismiss it in a disbelieving way. You have to be spontaneous in a lot of your reactions," he says.
Hadar highlights the paradox which underlines all their interactions with fraudsters. "For any stolen information to change hands before payments are made, fraudsters need to trust others on the forum to actually pay for everything sold on there."
Share