AML CHALLENGES
To succeed in today’ s global business and political climate, financial institutions must be attentive to political ambitions and financial motivations behind cyberattacks
Microsoft’ s president recently called on world governments to develop and adhere to global cybersecurity rules— essentially a modern-day“ Digital Geneva Convention”— that would deter cyberattacks by nation-states.
On the encryption of cybercriminal communications and financial transactions, responses may include forced decryption, 44 subpoenas and search warrants, 45 detentions 46 and prosecutions, 47 although information privacy and civil liberties groups, like the EFF and the ACLU, 48 have raised significant objections. To look into ransomware related news and prevention tools, online search terms like“ cyber extortion,”“ digital blackmail” and“ cyber shakedown” may be helpful. 49
On man-in-the-middle and man-in-the-browser attacks, responses may include cybersecurity solutions, such as virtual private network( VPN) services, 50 multi-factor authentication, digital signing and timely security updates to operating systems, applications and antivirus protection. 51
To succeed in today’ s global business and political climate, financial institutions must be attentive to political ambitions and financial motivations behind cyberattacks. Cybersecurity risk management must be responsive to such evolving realities and to tools and methods— such as encrypted cybercrimes, ransomware and man-in-the-middle attacks— that may be deployed by nation-state actors, unscrupulous business competitors, proxies, drug cartels and terrorist groups.
Miguel Alcántar, CAMS-FCI, compliance advisor, Oakland, CA, USA, alcantar @ aya. yale. edu
44
Dan Terzian,“ Forced Decryption as a Foregone Conclusion,” California Law Review Circuit, Vol. 6, May 2015, http:// www. californialawreview. org / wp-content / uploads / 2015 / 05 / TERZIAN _ 27. pdf
45
John M. Cauthen,“ Executing Search Warrants in the Cloud,” FBI, October 7, 2014, https:// leb. fbi. gov / 2014 / october / executing-search-warrants-in-the-cloud
46
David Kravets,“ Man jailed 16 months, and counting, for refusing to decrypt hard drives,” Ars Technica, February 12, 2017, https:// arstechnica. com / tech-policy / 2017 / 02 / justice-naps-man-jailed-16-months-for-refusing-to-reveal-passwords /
47
Orin Kerr,“ The Fifth Amendment limits on forced decryption and applying the ´ foregone conclusion ´ doctrine,” Washington Post, June 7, 2016, https:// www. washingtonpost. com / news / volokh-conspiracy / wp / 2016 / 06 / 07 / the-fifth-amendment-limits-on-forced-decryption-and-applying-the-foregoneconclusion-doctrine /? utm _ term =. 7462c3b87571
48
“ Brief of Amici Curiae Electronic Frontier Foundation and American Civil Liberties Union in Support of Movant-Appellant and Reversal,” United States Court of Appeals Third Circuit, No. 15-3537, April 6, 2016, https:// cdn. arstechnica. net / wp-content / uploads / 2016 / 04 / effamicus. pdf
49
Cheryl Tang,“ Are All Ransom Attacks Considered Ransomware?,” Imperva. com, June 22, 2017, https:// www. imperva. com / blog / 2017 / 06 / are-all-ransom-attacks-considered-ransomware /
50
Max Eddy,“ The Best VPN Services of 2017,” PCMag, July 19, 2017, http:// www. pcmag. com / article2 / 0,2817,2403388,00. asp
51
“ Protecting Online Customers from Man-in-the-Browser and Man-in-the-Middle Attacks,” Arcot, http:// www3. ca. com /~/ media / Files / whitepapers / protection-from-mitm-mitb-attacks-wp. pdf
ACAMS TODAY | SEPTEMBER – NOVEMBER 2017 | ACAMS. ORG | ACAMSTODAY. ORG 23