AML CHALLENGES
To succeed in today ’ s global business and political climate , financial institutions must be attentive to political ambitions and financial motivations behind cyberattacks
Microsoft ’ s president recently called on world governments to develop and adhere to global cybersecurity rules — essentially a modern-day “ Digital Geneva Convention ”— that would deter cyberattacks by nation-states .
On the encryption of cybercriminal communications and financial transactions , responses may include forced decryption , 44 subpoenas and search warrants , 45 detentions 46 and prosecutions , 47 although information privacy and civil liberties groups , like the EFF and the ACLU , 48 have raised significant objections . To look into ransomware related news and prevention tools , online search terms like “ cyber extortion ,” “ digital blackmail ” and “ cyber shakedown ” may be helpful . 49
On man-in-the-middle and man-in-the-browser attacks , responses may include cybersecurity solutions , such as virtual private network ( VPN ) services , 50 multi-factor authentication , digital signing and timely security updates to operating systems , applications and antivirus protection . 51
To succeed in today ’ s global business and political climate , financial institutions must be attentive to political ambitions and financial motivations behind cyberattacks . Cybersecurity risk management must be responsive to such evolving realities and to tools and methods — such as encrypted cybercrimes , ransomware and man-in-the-middle attacks — that may be deployed by nation-state actors , unscrupulous business competitors , proxies , drug cartels and terrorist groups .
Miguel Alcántar , CAMS-FCI , compliance advisor , Oakland , CA , USA , alcantar @ aya . yale . edu
44
Dan Terzian , “ Forced Decryption as a Foregone Conclusion ,” California Law Review Circuit , Vol . 6 , May 2015 , http :// www . californialawreview . org / wp-content / uploads / 2015 / 05 / TERZIAN _ 27 . pdf
45
John M . Cauthen , “ Executing Search Warrants in the Cloud ,” FBI , October 7 , 2014 , https :// leb . fbi . gov / 2014 / october / executing-search-warrants-in-the-cloud
46
David Kravets , “ Man jailed 16 months , and counting , for refusing to decrypt hard drives ,” Ars Technica , February 12 , 2017 , https :// arstechnica . com / tech-policy / 2017 / 02 / justice-naps-man-jailed-16-months-for-refusing-to-reveal-passwords /
47
Orin Kerr , “ The Fifth Amendment limits on forced decryption and applying the ´ foregone conclusion ´ doctrine ,” Washington Post , June 7 , 2016 , https :// www . washingtonpost . com / news / volokh-conspiracy / wp / 2016 / 06 / 07 / the-fifth-amendment-limits-on-forced-decryption-and-applying-the-foregoneconclusion-doctrine /? utm _ term =. 7462c3b87571
48
“ Brief of Amici Curiae Electronic Frontier Foundation and American Civil Liberties Union in Support of Movant-Appellant and Reversal ,” United States Court of Appeals Third Circuit , No . 15-3537 , April 6 , 2016 , https :// cdn . arstechnica . net / wp-content / uploads / 2016 / 04 / effamicus . pdf
49
Cheryl Tang , “ Are All Ransom Attacks Considered Ransomware ?,” Imperva . com , June 22 , 2017 , https :// www . imperva . com / blog / 2017 / 06 / are-all-ransom-attacks-considered-ransomware /
50
Max Eddy , “ The Best VPN Services of 2017 ,” PCMag , July 19 , 2017 , http :// www . pcmag . com / article2 / 0,2817,2403388,00 . asp
51
“ Protecting Online Customers from Man-in-the-Browser and Man-in-the-Middle Attacks ,” Arcot , http :// www3 . ca . com /~/ media / Files / whitepapers / protection-from-mitm-mitb-attacks-wp . pdf
ACAMS TODAY | SEPTEMBER – NOVEMBER 2017 | ACAMS . ORG | ACAMSTODAY . ORG 23