In the webinar We Asked, You Answered: Unveiling 2020 Online Research Trends According to FinCrime Specialists, we discussed the findings of our recent survey of financial crime investigations. The survey revealed many surprising findings in terms of the typical scope of investigations and, especially, challenges the analysts conducting them encounter.
Webinar attendees submitted the questions below, the answers to which may be relevant to other financial crime investigators. We will continue to update this page as the webinar series continues on this topic.
Attendees and new viewers may also be interested in the follow-up tradecraft training webinar which will demonstrate how to conduct secure, effective financial crime investigations using the dark web. Registration is now open.
Harnessing the Power of the Dark Web
How do you get financial institutions to buy into dark web accessibility?
Dangerous organizations and individuals operate in the shadows; in online terms, this means the dark web. So, for many financial crime investigators, the dark web is a critical component of their online research. It’s important to remember, though, that accessing the dark web comes with a unique set of risks, both to the integrity of the investigation and to the analysts and organizations behind it.
For IT managers, this means giving analysts the tools they need to conduct investigations securely and efficiently, while meeting all of your audit and control requirements.
Many financial institutions have restrictions around accessing certain websites due to security reasons. How do you suggest incorporating other web investigations?
No matter where investigations take you online, it’s important that analysts still adhere to the policies of their organization. Unfortunately, many of these policies run contrary to functions analysts need to engage in, including accessing risky sites on the open, deep and dark web.
There are a couple ways around this that can satisfy both parties. The first is a DIY approach, where IT builds and maintains “dirty” computers and connections analysts can use and abuse without bringing risk back to the corporate network. Additional features of these environments can deliver “managed attribution” (see more in the Tradecraft and Terminology section), so digital fingerprints don’t tip off targets that they’re under investigation. The problem with the DIY approach is often the weight of its overhead — it’s a lot for IT to keep maintain and introduces inefficiency in analyst workflows.
The second is a SaaS option. Using a SaaS solution offloads not only risk but also upkeep. For example, Authentic8’s Silo Web Isolation Platform gives you the browser isolation and user misattribution needed to conduct secure, compliant financial crime investigations through a cloud-based solution. It helps improve the efficiency of investigations, gives analysts the tradecraft tools they need and still puts audit and control in the hands of IT.
How can I increase my dark web capabilities for dark web investigations? Is there a website that can be accessed without going onto the dark web to obtain knowledge of dark websites?
OSINT and the open web are great places to start dipping your toe in the dark web (seriously, just Google “dark web forums”). Open-web searches can point you to sites that are of interest to you and give you marketplace analysis of forums, databases, etc. across the dark web.
Also, combining OSINT with intel collected from the dark web is needed to give the full scope of evidence related to an investigation.
How and where do you get training for the dark web?
Training not only allows you to be better at your job, it allows you to be faster, so you can work through more cases and produce better quality investigations.
To what extent should investigators conduct open source search, including dark web?
Each organization is different in terms of the documentation you should provide to law enforcement/FinCEN in a suspicious activity report. My personal preference is the more information you can acquire the better. It means someone can quickly pick up and continue the case to completion and thwart criminal activity as swiftly as possible.
How reliable are dark web sources?
Reliability of dark web sources is never guaranteed. Like with any investigation, the validity of collected evidence needs to be verified. This can be done by cross-referencing dark web information with open web data or information from other sources. For example, individuals will sometimes reuse usernames across websites on dark web and the open web (I’ve found people that use the same name on Instagram that they do on a dark web forum). Humans are creatures of habit — dark web users are no exception.
And remember, especially if investigators have inadvertently given away their identity, they could be receiving disinformation from a knowing target. Always verify intelligence to make sure you haven’t been duped.
Improving Financial Crime Investigations
What are the top resources (websites, tools) available to financial crime investigators?
Authentic8 experts in financial crime investigations and cybersecurity compiled the Tools, Tips & Techniques Booklet for Analysts highlighting nearly two dozen databases, tools and intelligence sources that can improve the quality and efficiency of investigations. This is a great one-stop-shop to learn about the latest resources and how to leverage them.
You can find more resources below in this blog in the Resources Shared During This Webinar section.
Investigation Tradecraft and Terminology
How do you manage your digital fingerprint on the web?
VPN is a good first step, but not the safest, best answer to managing your digital fingerprint. While VPN can change the location of your browser, it largely leaves other items unchanged, such as your browser type and version, operating system, etc. Changing these items can help you blend in with the rest of site visitors and not tip off the webmaster that their site is being used in an investigation.
When conducting online investigations, do you want to appear as a ninja lurking in the shadows or do you want to appear undercover and be able to engage with your investigation targets to glean intelligence? I’ll assume it’s the latter.
If you’re not using purpose-built managed attribution tools (i.e., to disguise your digital fingerprint) and simply blocking cookies or other tracking mechanisms, it becomes a dead giveaway that you have something to hide. A purpose-built tool like Authentic8’s Silo for Research ensures that the means by which you manage attribution while conducting various actions on target sites (accessing, translating, screen grabbing) doesn’t compromise the ends of your investigation.
What is a user agent string?
A user agent string is essentially the device that you’re appearing as online. As mentioned above, you want to blend in while conducting online research in various ways (geography, browser, OS). Knowing how to properly disguise your user agent string is key to the success of your investigation.
Authentic8’s Silo Web Isolation Platform
How does Authentic8’s Silo for Safe Access compare to Silo for Research?
Check out this side-by-side comparison of the two products of the Silo Web Isolation Platform. Essentially Silo for Research comes with all the features of Silo for Safe Access to provide access to web-based apps with security, identity and data policies embedded directly in the browser, plus loads of additional features for managed attribution.
Resources Shared During the Webinar
In case you missed it, here’s some of the resources I mentioned during the webinar (additional ones linked throughout this blog):
- 2020 Financial Crimes Investigation Survey Report includes the stats covered in the webinar and many, many more
- 21 OSINT Research Tools for Threat Intelligence provides a brief overview of (your guessed it) 21 widely used tools for OSINT research
- gs.statcounter.com is a great resource to give you insight to common browsers used in different parts of the world to help manage attribution
- social-searcher.com aids social media research by letting you search by username, keyword, etc.
- domaintools.com is my go-to for whois lookups
- OSINTframework brings together a trove of OSINT sources, broken down by category
- bellingcat.com is a source for investigative journalism that specializes in fact checking and OSINT
- The Social Dilemma Netflix documentary is one of the scariest movies to come out in 2020 — highly recommend watching (or you can look out for my fan blog of horror, coming soon).
To hear a recording of the ACFCS webinar, register for the on-demand version here.