OSINT: The key to cracking AML/CTF investigations

Financial institutions are vulnerable to attacks by individuals and groups who hide their identity using sophisticated methods. OSINT tools can be useful for obtaining unique intelligence and helping protect the time and resources of financial institutions

Archive photo: Bigstock

With social media websites and cyber-related intelligence which has given rise to an unprecedented volume of intelligence at one’s fingertips, the internet is an ocean of data that is just waiting to be exploited to crack money laundering and terror financing investigations.

Over the last decade, there has been an increase in the drive to adopt intelligence-led approaches and solutions in order to deal with cyber threats based on the understanding that individuals and illicit networks intent on committing financial crimes can be identified by those who utilize all capabilities to see the wider intelligence picture.

Financial institutions (FIs) can be attacked by individuals and networks who mask their identities in sophisticated ways. However, digital fingerprints can be tracked down online, and analysts can exploit the internet to their advantage to reveal hidden leads and connections.

Numerous web sources hold an unparalleled amount of hidden information. Threat actors and illicit networks operators leave a digital footprint that can be identified by analyzing the technical details of electronic activity, behavior and cyber information such as IP addresses, time-stamps, device indicators and more.

But despite the advantages available to FIs when using cyber information, many don’t use it to its full potential when conducting Anti-Money Laundering (AML) investigations. The inclusion of this data in suspicious activity reports make them as complete and accurate as possible.

For example, when IP addresses are filed, analysts are able to identify otherwise concealed links to other threat accounts or networks. Relationships found by connected IP addresses can be further strengthened by OSINT gathering on the individual to identify suspicious activity and map the virtual footprint left behind.

During AML investigations, social network analysis of the OSINT gathered allows analysts to map and measure the relationships between the identified networks which may be used to move illicit funds or to finance terror activity.

Criminals and terrorists who work online or in the shadows of the dark web are often paid in virtual currency such as Bitcoin or other cryptocurrencies, which is an attractive way to launder funds without concern of being caught by AML authorities.

Using the internet and dark web as well as smartphones and laptops in one country, they can plan and raise funds for a terror attack by a compartmentalized cell in another country thousands of kilometers away.

While FIs don’t have the capabilities to gather the type of data that Counter-Terror Financing (CTF) agencies do, they can disrupt the attempts by illegal organizations by blocking and rejecting suspicious transactions and filing timely and accurate suspicious activity reports, which allows for a full assessment of financial transactions and other data that might link illicit networks laundering funds.

In order to gain unmatched intelligence and in order for FIs to save time and resources, OSINT tools which can anonymously and automatically monitor and manage content from across all layers of the internet must be used. The capabilities of automation, artificial intelligence (AI) and machine learning technologies allow FIs to harness and leverage the vast volumes of data and intelligence they find in real time.

www.cobwebs.com