AML CHALLENGES
Encrypted communications and financial transactions may still
be subject to legally compelled production and criminal
investigations. 25
Man-in-the-middle attacks
The European Banking Authority recently called for stronger
encryption to secure communications for payment services and to
prevent both manipulation by, and misdirection of communications
to, unauthorized parties through man-in-the-middle attacks. 26
In a man-in-the-middle attack, a cyber-attacker intercepts a
user’s online communications. Through this interception, the cyber-
attacker might gather information as it is transmitted over the net-
work. Computer and handheld device users are vulnerable to such
attacks. Encryption can provide an effective safeguard against man-
in-the-middle attacks. 27
International cybercriminal groups have used man-in-the-middle
attacks to intercept corporate payment requests, with the ultimate
goal of having payments made into accounts that they control.
One such cybercriminal group included 49 suspects in Belgium,
Cameroon, Georgia, Italy, Nigeria, Poland, Spain and the U.K. The 49
suspects allegedly used man-in-the-middle attacks to divert inter-
national fraudulent payments totaling 6 million euros over a
relatively short period of time. European law enforcement
made this investigation public following arrests of the 49 sus-
pects, searches of 58 properties and seizures that included
computers, disks, telephones, handheld devices, credit cards,
SIM cards, memory sticks, forged documents and bank
account documents. 28
The FBI has warned of internet scams that similarly involve
financial losses from man-in-the-middle attacks, including the
email-related international Business Email Compromise
(B.E.C.) scheme and Operation Romeo and Juliet, which
involves victims who are targeted when they subscribe to
online dating services. 29
Vulnerable Wi-Fi hotspots expose personal and work devices
to significant cyberattacks and financial losses. Yet, public
awareness of this vulnerability is relatively low. Use of unse-
cure Wi-Fi hotspots can expose users to man-in-the-middle
attacks that allow cybercriminals to invade personal privacy,
including location-based tracking, message interception and
conversation eavesdropping. 30
Related cyberthreats include man-in-the-browser attacks,
which can put online ban