Crowdfunding, Flash Mobs and SaaS: New Tools of the Hacking Trade

Crowdfunding, Flash Mobs and SaaS: New Tools of the Hacking Trade

Crowdfunding, Flash Mobs and SaaS: New Tools of the Hacking Trade

Moore’s Law dictates that advances in technology double every two years. It’s the driving force behind nearly every exponential technology in play today – from gene editing to machine learning.

Yet, as global security advisor and futurist Marc Goodman puts it, “Along with Moore’s law, comes Moore’s outlaws.” In other words, exponential technology doesn’t belong to the good guys alone. Hackers, cyber crooks and state-sponsored bad actors have just as much to gain from deploying exponential technologies to advance and scale their own criminal innovation.

Presenting to a room of credit union thought leaders at the CO-OP / TMG Leadership Summit, Goodman shared how cyber criminals are using technology and innovative business models to enhance and grow their global hacking businesses.



Banking on the power of voyeurism, one inventive blackmailer found a new way to put crowdfunding technology to work. The individual claimed to have a videotape of a Canadian politician using drugs. Rather than turn it over to the authorities, the individual worked alongside gossip blog Gawker to raise $200,000 from the public for the video’s release.

Other criminal use cases for crowdfunding include assassination markets on the dark web, money laundering and fraudulent claims of illness or other personal struggles.


Flash Mobs

Taking the innovative concept of the flash mob to new lows, a fraud ring with criminal subcontractors in 26 countries pulled off a $45 million flash rob at ATMs around the globe. So-called “cashing crews” were mobilized by hackers who removed withdrawal limits on compromised prepaid debit card accounts. This global team of crooks managed to perform 36,000 fraudulent transactions in under 10 hours.

Flash fraud incidents designed to get in and get out before financial institutions know what has hit them are the criminal element’s answer to fraud innovation. As credit unions and other card issuers enhance their fraud detection and prevention efforts with machine learning and artificial intelligence, criminals are expected to continue their attempts at super-speedy global heists.

CO-OP’s Industry Fraud Specialist John Buzzard is quick to point out flash fraud attacks are not always performed on a global scale. “They come in all sizes and are often vexing to the card issuer that wishes to contain them,” he said. “We often see criminals aggregate stolen card data through the dark web. They then sell that data to an end user who performs a flash fraud attack against a particular BIN over the course of hours or days.”

Buzzard stressed a combination of fraud strategy rules and machine learning technology will nibble away at the overall effectiveness of flash fraud. “These techniques control fraud from two powerful perspectives.”

[Callout] To learn more about how machine learning and other technologies can enhance credit union member security, download “A New Frontier: Machine Learning, Artificial Intelligence and Big Data.”



Legitimate software developers are not the only ones to have identified lucrative markets for their software as a service (SaaS) business models. Their criminal counterparts have found an untapped ecosystem of novice hackers and other lawless individuals looking for an easier way to get their jobs done. They have the vision, but lack the resources, to fully scale their offenses. Enter CaaS – or crime as a service.

“Crime has become automated,” said Goodman, who explained the rise in crimeware is satisfying demand from a market drawn to the idea of a criminal franchise in a box. “For $2,500, crimeware kits will launch attacks for you. Some even come with dashboards to report on which are working best.”

Goodman closed his talk by sharing several tips for consumers looking to protect themselves from innovative criminals. Among them…

  1. Use a password manager from a reputable provider, such as Dashlane. Doing so helps consumers avoid the tendency to use the same password for multiple sites, a habit will known to and exploited by today’s hackers and their customers.
  2. Enable two-factor authentication. For guidance on how to do so, check out Goodman encouraged credit unions to make two-factor authentication available for their members.
  3. Back up everything. If a ransomware attack comes, this will remove or at least lessen the temptation to pay the ransom demanded by the attackers.
  4. Create two accounts on your devices, one for you and one for an administrator. Research shows removing admin rights from everyday users slows, or even stops, many malware infections.

CO-OP’s ongoing effort to provide peak protection for credit unions and their members includes significant investment in fraud and cybersecurity prevention tools. The combination of technology, such as machine learning, artificial intelligence and biometrics, and the skill of our human fraud analysts, ensures a seamless and secure experience for credit unions and their members.