Archive Page 2

A gentle guide to money laundering

Money laundering is the process of legitimising money obtained from illegal activities (‘proceeds of crime’), moving it into the financial system in such a way that either it fails to attract the attention of authorities, or there is a plausible reason that can be used to explain its existence. The first mechanism is preferable because it also avoids liability for tax.

Much, although not all, illicit money is collected as cash, from activities such as drug sales, theft, and ransoms. It is possible to keep this as cash and spend it within a cash environment, but this is limiting to the owner mostly because it is dangerous to spend it in large amounts. Law enforcement have long used the tactic of watching for people who spend more than they legitimately earn. National tax authorities also watch for spending that is greater than declared income. Until relatively recently, many countries imposed a wall between their tax departments and their law enforcement to encourage criminals to declare, and pay tax on, the proceeds of crime. Famously Al Capone was prosecuted for tax crimes, not organised crime. Thus it is natural the criminals want to find ways to take cash and convert it into explained resources in the mainstream financial system. Once in the financial system, opportunities for moving it around, and so blurring the trail, are much greater.

National money laundering

We begin by considering money laundering in a national context, that is within a single country. It is still possible to buy some expensive assets for cash, although opportunities are diminishing. Some of these assets are attractive because they are easy to transfer without any record (e.g. jewelry) so the eventual holder of such an asset cannot be linked back to the individual who bought it. In some Western countries it is still possible to buy a property worth millions and walk into the real-estate broker’s office with the purchase price in cash. However, even in these countries this probably requires some level of collusion or wilful blindness on the part of the real-estate broker. Many jurisdictions have begun to push ‘know your customer’ regulations out to any profession that handles large amounts of money, requiring them to report large cash transactions. The opportunities for directly converting cash into valuable items are shrinking.

The other way to legitimise cash in a single-country setting is to leverage a suitable business. The best businesses are those where the gap between inputs (costs of raw materials) and outputs (prices charged) is large. For example, a pizza business may sell 1000 pizzas a month but buy the raw ingredients for 5000 pizzas a month, flushing the unneeded ingredients away. The cost of the discarded raw ingredients is much lower than the price of finished pizzas. The cash to be laundered is accounted for as cash purchases of the non-existent pizzas, and so becomes part of the apparently legitimate profits of the business. It is difficult for law enforcement to demonstrate that not enough real pizzas were sold, and so that the business must be partly fraudulent. This mechanism depends on the claim that many customers pay with cash, and this is becoming less and less sustainable as debit cards etc. are more widely used, even for small purchases.

Another suitable business is art, because the costs of the raw materials to create, say, a painting are small compared to the selling price, which could be a million times greater. The art market worldwide is secretive, and anonymity of purchasers is commonplace. It is possible to create an art dealership and generate paintings that are apparently sold for large sums in cash to unidentified buyers. The sums paid by these fictitious buyers are made up from the laundered cash. This mechanism is more difficult to use than creating retail businesses, since it requires an art expert and an art creator who is good enough to create works with plausibly large prices.

Businesses where large amounts change hands can also be exploited, for example casinos, where wins that are provably legitimate can be bought at a discount price from winners desperate for quick money. However, casinos are amongst the most instrumented and analysed locations in the world, so any interaction within a casino risks leaving a record, visible both the casino analytics and potentially then to law enforcement.

Banks in several Western countries have mechanisms that allow anonymous cash deposits, although into known accounts. In Australia, ATMS allow deposits of large amounts of cash, often into accounts set up by foreign tourists for plausible purposes. In Canada, cash deposit mechanisms are a holdover from the days when many businesses needed to deposit cash takings after banking hours. Amounts of the magnitude of around $25,000 can be deposited in this way, and then moved through the domestic financial system and between banks, so that the trail is difficult, perhaps impossible to follow.

Within a single national jurisdiction, there are fewer and fewer ways to convert cash to other kinds of mainstream assets without drawing attention. Moving money across borders, although it increases some kinds of risks, also has advantages because of the weaknesses of national government organisations at cooperation with other countries. Also many countries have little interest in money laundering, and so serve as havens for doing so.

International money laundering.

The main reasons for money laundering across national borders are that it provides a natural break in the chain of ownership, and discontinuities in jurisdiction. Although law enforcement organisations cooperate between countries, this cooperation is usually more difficult than within a single country, with different laws applying, different search and seizure rules, and different priorities. Tax departments also tend to be nationally focused.

It is also common for those who benefit from criminal activity to live in countries other than those where the crimes are committed. For example, the heads of drug production and smuggling cartels tend to live in Central and South America, while their profits are primarily made in the U.S. and Brazil. To access their profits, these must be moved from one country to another.

There are three qualitatively distinct mechanisms for moving money across borders, each with their own issues: objects of value can be physically moved; money can be moved through the global financial system; and value can be transferred virtually, that is without any actual movement of anything.

Moving objects of value.

The most obvious way to do this is to move cash physically. Travellers are supposed to declare amounts above a certain threshold (the $10,000 limit), but it is far from clear how likely someone carrying large amounts of currency is to be detected, either as an outgoing passenger (where checks are quite weak) or at Customs as an incoming passenger (which might be riskier, except that the countries where transnational criminals reside also tend to be those with weak border controls). For example, the U.S. estimates that at least $40 billion in physical currency is smuggled across the U.S.-Mexico border each year, while programs aimed at finding and stopping it have interdicted less than $100 million. Currency can also be shipped as cargo and, again, the level of risk this carries is far from clear. There have been a non-trivial number of interdictions of currency in air shipments, and in vehicles across land borders. The reluctance of retailers to accept any but pristine U.S. dollar bills in South America suggests that owning bills that are visibly used attracts suspicion in those countries. This in turn suggests that authorities in those countries are aware of illicit US currency shipments that end up in circulation in South American countries. One of the problems with currency is that it is quite bulky for its value, and sometimes has a detectable smell (e.g. U.S. dollars).

The practice of smurfing, carrying currency just below the declarable amount, is common and existing legal regimes make this difficult to suppress.

Another way to move value is to convert cash into small, portable, valuable items and transport these instead. The difficulty here is that the purchase of such items for cash is increasingly raising suspicion, as described above (although a number of small purchases over time could build up a reservoir of valuable items – for example, stored value cards can be purchased in modest quantities at a time, while accumulating large totals). The exception is art, for which large cash purchases are still the norm. Art has the added advantage that its declared value for border crossing need have little to do with its realisable value, and so it may not draw much attention from Customs. Thus while smuggling high-value diamonds carries some risk, smuggling art is almost totally without risk.

Bearer negotiable instruments also provide a way to move value (still with the risks associated with obtaining them). These are almost impossible to detect at borders, since they can be embodied in a single piece of paper. In some jurisdictions (e.g. Australia) there is no requirement to report a bearer negotiable instrument sent by mail.

Another way to move value is invoice fraud. A shipper in country A sends a legitimate product to country B, but charges an exorbitant price for it. When the recipient pays the exorbitant price, a confederate in country A receives the difference between the actual price and the exorbitant price from the shipper so that value is transferred from country B to country A.

Moving money through the global financial system.

The global financial system exists to move money between countries, but such movements must be traceable by the financial institutions involved, and the records of these movements are increasingly accessible to governments. Thus a criminal moving money internationally must take steps to make the records of the movements seem innocuous. Banks are supposed to report transfers that they consider suspicious. The extent to which banks take this seriously, and their working definitions of ‘suspicious’ are far from clear, but many are looking for patterns of transfer that are structured, that is broken up into several sub-transfers, each designed to look innocuous. Another strategy used by criminals to further blur the existence of a large transfer is to send sub-transfers from different bank branches, using variant names and details of the sender, and using other techniques to disguise the similarity of the sub-transfers. Any one of the individual sub-transfers is designed not to seem suspicious at the particular branch; but it is not difficult for the bank to detect the overall structure, if it looks for it.  There are limits to how much this can be done because the receiver needs to know that the correct total amount has been transferred, and in a timely way; too much blurring of sub-transfers creates opportunities for the sender to purloin some of the money. Banks are increasingly validating precise details of senders in their online transfer interfaces, making it harder to create artificial variations from one sub-transfer to another.

Moving value virtually.

There are a variety of alternative remittance systems (ARSs), of which the best known are the hawalas, that developed to facilitate transfers for people who do not have easy access to banks, or for whom the fees charged by mainstream financial institutions are prohibitive. Historically, the customers of these ARSs were guest workers in rich countries who send a portion of their wages to relatives back home.

When the flow from country A to country B is more or less in balance with the flow in the reverse direction, ARSs need move no money at all. Customers in country B receiving (notionally) money sent from country A are in fact paid with money deposited in country B intended for country A, and vice versa. Short-term imbalances are handled on a trust basis by the ARS bankers at both ends.

A problem arises when the flows between the two countries are not balanced, so that there is a net flow in one direction. The most common net flow is from rich countries to poorer ones and this is also the more probable direction for money laundering flows as well (although people smuggling, for example, may generate flows in the other direction). Net flows must eventually be realised as actual flows.

One way to handle the actual flow is to use conventional financial system transfers. A single financial system transfer is the result of the net of many small transfers collected and aggregated, so the overhead of a standard banking transfer is amortized. The effect of money laundering flows can be concealed in the larger flows arising from ordinary practice. Concealment is sometimes helped by the informal record keeping of many ARSs, although they are now registered in some jurisdictions, and so tracking mechanisms are beginning to be in place.

The second way to handle the required balancing flows is to use cuckoo smurfing. This technique uses a legitimate transfer, in the direction opposite to that required to correct the imbalance, as cover. In other words, if ARS A wants to move $50,000 from to ARS B to correct an imbalance, they find a legitimate transfer from a customer of B to a customer of A of the right size, B takes the deposited funds from B’s customer and keeps them, while A pays $50,000 to A’s customer. Both customers are satisfied, A is $50,000 poorer while B is $50,000 richer, as required, and no money has actually moved through the global financial system. In fact, the only way to detect that this has happened is that the apparent transfer from B’s customer to A’s customer did not leave a trace, when it should have.

The same mechanism can be used directly for money laundering, as long as a matching countervailing innocent flow is available. The lack of trace of the money laundering transfer makes this approach especially attractive.

Cuckoo smurfing requires the existence of substantial innocent transfers in the opposite direction to the net flows between the two countries concerned (typically from poorer countries to richer ones) which may limit the applicability of this technique.

Many developed countries are on a trajectory to block most of these money laundering paths by more detailed regulation, and increased enforcement. However, Financial Intelligence Units (FIUs) – Austrac in Australia, Fintrac in Canada, Fincen in the U.S., and the Financial Intelligence Unit in the U.K. for example – struggle to find and/or block money laundering for several structural reasons.

First, the cornerstone of detection is the reporting, by banks and ASRs, of transactions that they consider to be suspicious or anomalous. While legislation lays out the conditions that should trigger reporting, there is, inevitably, some interpretation leeway; dealing with rich customers is how banks make their money; and so there is some incentive to under-report certain kinds of transactions. In other words, banks make a policy decision about the level of risk they will take, and this decision is not necessarily one that FIUs would agree with. In Zapata et al. v HSBC Holding Plc (2016), HSBC admitted criminal liability for laundering $881 million of the drug cartel proceeds, accepting large sums of money from individuals with no visible source of income. In several other successful terrorist financing prosecutions, well-known multinational banks transferred millions of dollars to terrorist organisations. The Commonwealth Bank of Australia has recently been charged with failing to report more than 50,000 suspicious transactions over the $10,000 threshold, involving large deposits (100s of millions) paid in through ATMs and almost immediately transferred offshore. This suggests that, as well as developing regulations, FIUs need to be more aggressive in their approach to banks. Another aspect of the problem is that FIUs don’t know about the transactions that they aren’t told about, so it is difficult for them to assess the extent of under-reporting. Measuring compliance remains a challenge.

Second, money laundering has become a service, provided by specialists and marketed to criminals. A criminal group can outsource its money laundering needs to an organisation that develops its own intelligence, mechanisms, and experience in the use of techniques for laundering. More importantly, though, the use of such a wholesaler breaks the connection between the crime(s) that generated the money and the money itself – so that proving that intercepted money is actually proceeds of crime becomes much more difficult. Thus when FIUs find transfers that are clearly suspicious, they may be unable to prosecute anyone because they cannot demonstrate that the money is not innocent. There may be a greater role for disruption as a strategy rather than prosecution, as the U.K already does.

One development which will change the face of money laundering is the development of cryptocurrencies such as Bitcoin. These make it possible to decouple the relationship between criminal and crime. For example, drugs are increasingly sold online via Dark Web market sites. Drugs are paid for with Bitcoin and shipped to the buyer through regular postal channels. These market sites operate like other online businesses, in some cases guaranteeing refunds if shipments are interdicted by Customs. But now criminals are paid in untraceable Bitcoins, and it is the buyers who have to convert traceable national currency into untraceable (and international) cryptocurrency. Bitcoin is already accepted by some real-estate brokers, some airlines and travel agencies, and sites such as eBay, so that criminals can spend their Bitcoin on their lifestyle directly. There are also arbitrage businesses that use Bitcoin to buy gift cards which are widely usable. The development of ransomware, for which the ransoms are also collected in cryptocurrency, shows how non-physical criminal ‘services’ can also be delivered without providing a path back to the criminals involved.

Another form of illicit money transfer that is not, strictly speaking, money laundering is the movement of money for evasion of tax. Many forms of tax evasion/avoidance seek to move money without revealing its ownership. Even when ownership is visible, international transfers can be used to reduce the tax payable. An individual in country A sends some money to country B using a mechanism that makes it non-taxable in country A. This money is then moved to country C and is then brought back to country A as incoming money that is again not subject to tax (for example, an international business loan). The money is now available to its original owner, but has been sheltered from tax liability. This is difficult for financial authorities in any of the three countries to detect, since it seems innocuous until the loop is visibly closed.

(Fear not, Dear Reader, that this document reveals anything to criminals that they don’t already know. All of the content is already available from public sources.)


Is “sentiment analysis” doing anything real?

Oceans of computational cycles have been spent analysing the sentiment of documents, driven by businesses interested in how their products are being perceived, movie producers interested in their potential products, and just about everyone about tweets.

Sentiment is based on a measure of how “positive” or “negative” a particular document is. The problem is that there are a number of aspects of an individual that could be positive or negative, and sentiment analysis jams them all into one bucket and measures them. It’s far from clear that this measures anything real — signs of which can be seen in the well-known one-and-a-half star difference when individuals are asked to rate the same objects on two successive days.

So what can be positive and negative?

It could be the individual’s attitude to a particular object and, of course, this is what most systems purport to be measuring. However, attitude is a two-place relation: A’s attitude to B. It’s usually obvious that a document has been written by A, but much more difficult to make sure that the object about which the attitude is being expressed is actually B.

However, most of the difficulty comes from other aspects that can also be positive and negative. One of these is mood. Mood is an internal setting whose drivers are poorly understood but which is known to be (a) predictable over the course of a period of, say, a day, and (b) composed of two independent components, positive mood and negative mood (that is, not opposites). In broad brush terms, negative mood is stable through the day, while positive mood peaks in the middle of the day. There are longer term patterns as well; positive mood tends to increase through the week while negative mood decreases.

Looking at someone’s writing about an object therefore should take into account their underlying mood — but never does. And it would be difficult to tease apart the signals of mood from the signals of attitude with the current state of the art. But we could plausibly predict that “sentiment” would be less positive overall if it was captured at the beginning or end of the day.

The other aspect that can be positive or negative is emotion. Emotions are short-term responses to the current environment that play a role in reordering each individual’s priorities to optimize decision making, especially in response to an external stimulus.  There are two emotions that align strongly with positivity (joy) and negativity (disgust).

Looking at someone’s writing about an object should therefore take into account their emotional state (at the time they were writing) — but never does. Again it would be difficult to tease the signals of emotion and the signals of attitude apart. I have no doubt that many businesses get much worse results from their surveys than they ‘should’ because those surveys are designed so poorly that they become annoying, and this spills over into the content of the responses.

Bottom line: there is no such thing as positive sentiment or negative sentiment. There are positive or negative attitudes, moods, and emotions, but the one that sentiment analysis is trying to measure — attitudes — is inextricably confounded by the other two.  Progress is being made in understanding and detecting moods and emotions, but much less has been done on detecting attitudes, mostly because of the difficulty of finding the intended object within a short piece of text.


And so it begins

Stories out today that Google is now able to connect the purchasing habits of anyone it has a model for (i.e. almost everybody who’s ever been online) with Google’s own data on online activity.

For example, this story:

Google says that this enables them to draw the line between the ads that users have been shown, and the products that they buy. There’s a discrepancy in this story because Google also claim that they don’t get the list of products purchased using a credit card, but only the total amount. So a big hmmmmm.

(And if I were Google, I’d be concerned that there isn’t much of a link! Consumers might be less resentful if Google did indeed serve ads for things they wanted to buy, but everyone I’ve ever heard talk about online ads says the same thing: the ads either have nothing to do with their interests, or they are ads for things that they just bought.)

But connecting users to purchases (rather than ads to purchases) is the critical step to building a model of how much users are willing to pay — and this is the real risk of multinational data collection and analytics (as I’ve discussed in earlier posts).

Lessons from Wannacrypt and its cousins

Now that the dust has settled a bit, we can look at the Wannacrypt ransomware, and the other malware  that are exploiting the same vulnerability, more objectively.

First, the reason that this attack vector existed is because Microsoft, a long time ago, made a mistake in a file sharing protocol. It was (apparently) exploited by the NSA, and then by others with less good intentions, but the vulnerability is all down to Microsoft.

There are three pools of vulnerable computers that played a role in spreading the Wannacrypt worm, as well as falling victim to it.

  1. Enterprise computers which were not being updated in a timely way because it was too complicated to maintain all of their other software systems at the same time. When Microsoft issues a patch, bad actors immediately try to reverse engineer it to work out what vulnerability it addresses. The last time I heard someone from Microsoft Security talk about this, they estimated it took about 3 days for this to happen. If you hadn’t updated in that time, you were vulnerable to an attack that the patch would have prevented. Many businesses evaluated the risk of updating in a timely way as greater than the risk of disruption because of an interaction of the patch with their running systems — but they may now have to re-evaluate that calculus!
  2. Computers running XP for perfectly rational reasons. Microsoft stopped supporting XP because they wanted people to buy new versions of their operating system (and often new hardware to be able to run it), but there are many, many people in the world for whom a computer running XP was a perfectly serviceable product, and who will continue to run it as long as their hardware keeps working. The software industry continues to get away with failing to warrant their products as fit for purpose, but it wouldn’t work in other industries. Imagine the discovery that the locks on a car stopped working after 5 years — could a manufacturer get away with claiming that the car was no longer supported? (Microsoft did, in this instance, release a patch for XP, but well after the fact.)
  3. Computers running unregistered versions of Microsoft operating systems (which therefore do not get updates). Here Microsoft is culpable for an opposite reason. People can run an unregistered version for years and years, provided they’re willing to re-install it periodically. It’s technically possible to prevent (or make much more difficult) this kind of serial illegality.

The analogy is with public health. When there’s a large pool of unvaccinated people, the risk to everyone increases. Microsoft’s business decisions make the pool of ‘unvaccinated’ computers much larger than it needs to be. And while this pool is out there, there will always be bad actors who can find a use for the computers it contains.

Asymmetric haggling

I’ve pointed out before that the real threat to privacy comes not from governments, but from multinationals; and the key model of you that they want to build is how much you’re willing to pay for products and services. They can then use this information directly (airlines, Amazon) or sell it to others (Google).

We’re used to a world in which products and services cost the same for every buyer, but this world is rapidly disappearing. There’s a good article about the state of play in the May issue of the Atlantic:

The price are quoted in an online setting already depends on the time of day, what platform you’re using, and your previous browsing history.

Of course, fixed prices are a relatively new invention, and haggling is still how prices are determined in much of the world. The difference in the online world is  that the seller has much more data, and modelling capability, to work out what you’re willing to pay than you have about how cheaply the seller is willing to sell. So not only is pricing an adversarial process, it’s become a highly asymmetric one.

This is going to have all sorts of unforeseen consequences: analytics for buyers; buying surrogates; a return to bricks and mortar shopping for some people; less overall buying, … We’ll find out.

In the meantime, it’s always a good idea to shop online using multiple browsers on multiple platforms, deleting cookies and other trackers as much as you can.

Advances in Social Network Analysis and Mining Conference — Sydney

This conference will be in Sydney in 2017, from 31st July to 3rd August.

As well as the main conference, there is also a workshop, FOSINT: Foundations of Open Source Intelligence, which may be of even more direct interest for readers of this blog.

Also I will be giving a tutorial on Adversarial Analytics as part of the conference.

Even more security theatre

I happened to visit a consulate to do some routine paperwork. Here’s the security process I encountered:

  1. Get identity checked from passport, details entered (laboriously) into online system.
  2. Cell phone locked away.
  3. Wanded by metal detection wand.
  4. Sent by secure elevator to another floor, to a waiting room with staff behind bullet-proof glass.

Here’s the thing: I got to carry my (unexamined) backpack with me through the whole process!

And what’s the threat from a cell phone in this context? Embarrassing pictures of the five year old posters on the wall of the waiting room?

I understand that government departments have difficulty separating serious from trivial risks, because if anything happened they would be blamed, regardless of how low-probability the risk was. But there’s no political reason not to make whatever precautions you decide to take actually helpful to reduce the perceived risks.