VRI is committed to advancing the interests of the law enforcement and homeland security communities. VRI participates in select media, non-profit, government and industry events that help our country become stronger, safer and more prepared.
The strategy of “we fight over there so we don’t have to fight here” is a historically repeated tenet of American defense policy, recently embodied in the so-called “Bush Doctrine” and conceptually continuing with every drone attack, each poppy field sprayed, conflict zone police officer trained and Antiretroviral drug our government helps distribute to AIDS-plagued countries, etc.
But what about non-state actors such as corporations, non-profits and individuals? Should such organizations take a similar tack regarding certain threats to its lives, assets and reputations that may originate or otherwise develop overseas?
Let’s consider identity theft:
For the past 11 years, Identify Theft has been the number one consumer complaint to the United States Federal Trade Commission (FTC) and commonly used as a means to other crimes including credit card fraud, benefits fraud, bank fraud, etc. (please see: http://www.fas.org/sgp/crs/misc/R40599.pdf for “Identity Theft: Trends and Issues”).
Making your personally identifying information available to others – in the physical world or online, intentionally or otherwise – can expose its unauthorized access, transmittal, storage and potentially damaging use by anyone anywhere. But how much is what you do where you live and on the internet targeted and taken advantage of by the high and low tech scams of identity thieves and other malfeasants outside of your home country? How does the dynamic differ when you are in various public places? Traveling abroad? When using different computers, smartphones and networks?
While there are no reliable public statistics on the percent of identity theft that crosses physical borders, the fact that not all countries formally recognize identity theft as a crime and/or have the societal mandate to reduce or capability to prosecute identity theft creates clear safe-haven jurisdictions for criminals to operate.
Two recent New York cases illustrate the international nature of identity theft :
The indictment of 111 people in Queens last fall on various identity theft and related charges – investigated by the NYPD in Operation Swiper – was called by prosecutor Richard Brown “by far the largest and certainly among the most sophisticated identity theft/credit card fraud cases that law enforcement has come across.”
Both local residents and tourists were targeted by indicted bank tellers, restaurant workers and others who recorded customer account numbers for purposes of manufacturing fake credit cards and giving them to criminal “shoppers” who in turn purchased over $13 million of consumer electronics and luxury goods to be fenced in China, the Middle East and Europe. All of this was allegedly organized by five separate criminal enterprises with ties throughout the world. Correspondingly, Operation Swiper required translations of documents and communications in Arabic, Russian, Bengali, Farsi, Mandarin and Spanish. Interestingly, it has been reported that several of the indicted individuals aided the investigation by bragging about the spoils of their alleged crimes on Twitter and Facebook.
The 2010 U.S. federal indictment of Czech Republic and Belarus resident Dmitry Naskovets illustrates how a large scale and fragmented scheme can be perpetrated against United States citizens from outside its borders (the indictment is available at: http://www.wired.com/images_blogs/threatlevel/2010/04/naskovets-dmitry-indictment.pdf)
Naskovets’ Russian language “CallService.biz” (website hosted in Lithuania) was, according to U.S. Attorney Pheet Bharra, “essentially an online bazaar for dangerous identity thieves” and “especially dangerous because it allegedly was specifically designed to bypass the usual security measures that bank and business customers have come to rely on online.”
Basically a for fee service marketed to criminals, CallService.biz allegedly provided over 2,000 English and German speaking individuals to make thousands of “confirmation calls” authorizing or verifying fraudulent transactions and shipments for “carders” (i.e. those who buy, sell and trade stolen account numbers), “drop handlers” (i.e. those who manage the shipping of illegally purchased goods) and “Pin Cashers” (i.e. those who use the stolen numbers to withdraw cash from the legitimate customer’s credit lines, bank accounts, etc).
The FBI worked with counterparts in the Czech Republic, Belarus and Lithuania to investigate the case and extradite the accused. Interestingly, electronic communications again provided key evidence (instant messages about the registration of the illicit website and a $35,000 wire transfer from a stolen account belonging to a victim in Westchester County, NY).
Both of these cases show multiple perpetrators coordinating operations across borders to harm Americans. While these are exactly the types of large cases that law enforcement pursues to achieve the greatest return on investment, the thousands of people victimized by each of these operations are only a small percentage of the over 10 million people who have their identities stolen each year. While reliable stats are hard to come by, the individual miscreants and small-time gangs’ operators who shoulder-surf (i.e. physically watch someone enter account information or social security numbers), dumpster-dive (get account info from discarded mail, etc.), take numbers from merchants by threat of violence, or function as the “carders”, “drop handlers” and “Pin Cashers” for whom Naskovets made a market, cause tremendous damage one nibble at a time. It is also worth noting that only 1 in 10 reported identity theft cases happen online (an important caveat being that statistics are difficult to track and identity theft is believed widely underreported.)
For information on what you should do to lower the likelihood of identity theft or if you are a victim, please see: http://www.ftc.gov/bcp/edu/microsites/idtheft/ or http://www.justice.gov/criminal/fraud/websites/idtheft.html. For information on what your organization should or must do to help combat identity theft as the custodian of other people’s personally identifying information (the “Red Flag Rule”), please see http://www.ftc.gov/bcp/edu/microsites/redflagsrule/index.shtml.
VRI would be happy to help you or your organization conceive and implement the best strategy to minimize the likelihood and impact of identity theft.
Now let’s consider kidnap and ransom (K&R):
Also believed to be widely under-reported (and thus difficulty to quantify statistically), Kidnapping for illicit material gain is deemed by many analysts to be more frequent and widespread and less targeted at particular prominent /wealthy individuals than at any time in modern history.
With a roughly estimated 100,000 kidnappings per year worldwide (depending on who you believe, a small or large majority of such incidents happening in Latin America with other hotspots being the Middle East, Africa, and certain former Soviet Republics; the 100,000 estimate itself notably being an extrapolation from the less than 25,000 incidents that are reported annually to police worldwide), the estimated $5 billion in annual K&R demands equates to an average ransom per incident in the tens of thousands as opposed to the hundreds of thousands or millions of dollars.
Whether it’s a pre-mediated kidnapping targeting a particular individual (or company through such individual) or a random-victim “express kidnapping” looking to make a relatively quick buck, criminal organizations – many participating in the drug trade – utilize K&R both as a weapon against rivals and as a way to secure money from third party individuals, NGOs and corporations.
For the last ten years, the K&R epidemic of western Mexico’s Sinaloa region – particularly from the Sinaloan towns of Los Mochis, Leyva, Guasave – has traveled with the drug (and interrelated human smuggling) trade to Phoenix, Arizona, the so-called “Kidnapping Capital” of the United States. With over 300 kidnappings reported a year (an expert panel review revised the numbers upwards nearly double to over 600 for each of the years it analyzed), an illicit K&R industry has grown in Phoenix with known recruiting areas and incidents occurring throughout the city at widely varying times of day, high levels of violence and torture and victims including both drug trade participants, their families and in some cases, uninvolved third parties.
Is there any logical reason to believe that what has happened in Phoenix will not spread elsewhere in the United States? I believe it is a question of following the drug trade and finding the cities in the United States where Sinaloan (and other K&R inclined) Drug Trafficking Organizations have an interest in doing business (i.e. approximately half of the marijuana smuggled into the United States comes in through Arizona and Phoenix is a hub).
Whether you’re operating in Phoenix or in any other kidnap prone town at the border or overseas, there are simple rules individuals and organizations can follow to reduce the likelihood of incident as well as crisis plans and insurance policies to help establish and pay for appropriate incident response. VRI is happy to assist you in either of these regards should you have requirements.
Finally, let’s talk about intellectual property infringement:
Though also extremely difficult to measure, it is estimated that 7-9% of world trade involves counterfeit, infringing, diverted or otherwise unauthorized goods and services.
While areas of the world such as China and the countries of the former Soviet Union are known to have relatively lax laws, law enforcement and/or high levels of cultural acceptance of illicit trade, the problems also rack up closer to home in lost jobs, government revenues and threats to public safety and wellbeing.
Whether involving counterfeit pharmaceuticals or automotive parts that harm and kill; software that doesn’t function (and may destabilize systems); or purported luxury goods, consumer electronic and entertainment content that only enrich criminals, the illicit “supply chain” is every bit as international – and perhaps more so – than supply chains that legitimately innovate, create jobs and pay taxes.
Many of those supply chains start or end here and American governments have plenty of challenges of our own determining when, where and how to enforce intellectual property rights. Some state and local police departments may have dedicated investigative/enforcement units and/or make IP cases, but they are pretty far down the budget totem pole from buying uniforms, cars, guns and computers (not to mention the 95% of expenditures that typically go to salaries, benefits and pensions!). The federal government has a dedicated unit of prosecutorial specialists (CCIPS) taking the lead and/or supporting AUSA’s throughout the country and working with industry and law enforcement to enforce rights. Significant links and prosecutions have been made – sometimes cooperatively across law enforcement agencies – between trade in counterfeit and diverted goods and services and international Drug Trafficking Organizations, terrorist organizations and others that primarily subsist on the terribly lucrative economics of stealing ideas and products.
All that said — and all government-led efforts made up, down and sideways — the counterfeit/diversion problem is one where industry must proactively look out for itself or suffer huge economic and reputational consequences.
From product labeling, inventory tracking and security assessment/remediation programs to help you understand the size, scope and scale of your IP infringement problem to intelligence & enforcement efforts to make your goods and services less attractive “targets” to those who would do harm, there is a wealth of measures you can take to proactively improve your situation and be prepared to react to this pervasive and insidious problem without “playing whack-a-mole”.
The International Chamber of Commerce’s BASCAP initiative (Business Action to Stop Counterfeiting and Piracy) has assembled a wealth of recommendations, statistics, case studies and other information at http://www.iccwbo.org/bascap/id6170/index.html.
VRI stands ready to assist organizations that wish to reduce the likelihood and impact of intellectual property infringement.
The bottom line is that a smaller world only creates bigger problems when you fail to keep up with (and do your best to prevent) them.
Be safe and enjoy your day.
Chairman and CEO
Vigilant Resources International (VRI)
About This Communication
The intention of this weekly communication series is to explore security threats and vulnerabilities and the technology that can help avoid or minimize them. I’m writing this series because I believe that security operations and technology — depending on how they are implemented and utilized — can either be byzantine, distracting and harmful or tremendously helpful in protecting lives, assets and reputations. I enjoy doing what I can to help people and organizations achieve the latter.
Security threats and vulnerabilities discussed in this series may include (and certainly will not be limited to) a full spectrum of physical, cyber, economic, reputational, man-made and natural disaster/weather related threats and vulnerabilities. Security technology considered may include (and certainly will not be limited to) physical security technology (cameras, alarms, access controls), cybersecurity, cybersurveillance, personal protective equipment gear, emergency communications, data mining, fusion centers, pin-mapping, predictive modeling, internal controls, and forensics.