Maybe the pen is mightier than the sword, or so it seems in the worlds of crime and, lately, politics. What with the Russians hacking the election and Hillary’s emails, cyber security has been on the front page for months. The theft of millions of Yahoo! personal accounts and the shenanigans of banks everywhere make headlines, but countless less notorious larcenies take place every minute and have since the start of e-commerce.
There is little law enforcement can do for the everyday case. Unlike an old-school armed robbery or breaking and entering where a gun or a crowbar is the tool of choice, the variations of e-thievery are limitless and much more subtle. They don’t leave a pry mark or a bullet hole. At most they leave a vapor trail to an electronic address that no longer exists. The outrageous Nigerian prince bank account solicitations which, remarkably, meet with some success or the cloning of account information for scam purchases are “low rent” methods. Others are far more sophisticated, relying on virtual identities, Internet banks, the default human tendency to trust, and the fact that we don’t actually talk to each other.
A recent matter for a client had me speaking with the fraud unit director of a purely Internet bank. She confirmed a scheme where stolen individual identities were used to create employee accounts for fake companies using real federal employer ID numbers that were also obtained using a hijacked identity. The fake company set up a payroll service contract with an accountant, temporarily hijacked real money to fund the payroll, withdrew the payroll in cash using debit cards issued by Internet banks and then returned the money to the hijacked account before the account holder noticed that under federal rules certain electronic transfers can be reversed. No one actually meets anyone else in this transaction. Innocent identities are used but not their money, so most people don’t notice. The only trail is electronic, and the only one hurt is the accountant or the payroll service company he or she contracts with.
I’ve had several of these cases over the years, and I can’t get law enforcement interested. When it happened in southern California a few years ago, the city cops said it was a county problem. The county said to call the feds. The feds said it was a local matter, and since it was under a million, they weren’t interested. It was $70,000! Another time it was only $40,000, but that’s real money in my world. If you tried using your 9mm to take $700 from a 7-11, you’d be doing 7 to 15 courtesy of the state.
From a cop’s perspective, particularly local ones, these cases are essentially unsolvable without the kind of work that non-geeks generally find tedious. Plus, it’s not sexy. Internet crime doesn’t bleed or leave a broken window. It has a digital finger print but not a human one. There is no DNA to test. There is no accountant with a gambling problem. There is no “dye pack’ that explodes because no one presented a robbery note to a terrified teller. What is stolen, money, is fungible. It all looks alike and with the Internet it is just zeros and ones anyway. It happens before you know it. Even if you can “follow the money,” you’ll end up with nothing the district attorney can prosecute. The local county attorney has a lot more immediate things to worry about than charging some Balkans-based Internet scammers. Anyway, it is a lot easier to fish for kiddie porn perverts on the Internet instead of financial criminals, and the cases are easier to prove.
We can change our passwords, encrypt our electronic commerce and firewall everything, but can we or, more importantly, should we change our default human setting of basic trust in fellow man? So many of our natural alarm bells come from a sense we get when we interact with others face to face or even over the phone. We know who seems shady. But there is no eye contact in e-commerce; no bricks and mortar housing a helpful teller; just account numbers, ID numbers, and maybe faceless emails from fictitious places we’ll never visit. Even when the deal is real, how do we really evaluate the bona fides of those we have only met electronically? How do we know if a promise is real? The key stroke may not be mightier than the sword, but we may need to recalibrate the human experience to accommodate it.
Question: Why would the Russians prefer Trump?
Russell Ethridge is a prominent attorney in the Detroit area and longtime contributor to Today’s Machining World.