Will money laundering software pave the dawn of ‘The Skynet’?

The battle between Ukraine and Russia has caused great disturbance in the world. The Crimean peninsula is the main flashpoint in Ukraine's crisis. It is a pro-Russia part of Ukraine, separated from the rest of the country geographically, historically and politically. It also hosts Russia's Black Sea Fleet. Russia’s interest in Crimea is because of varied reasons which encompass linguistics, military and economic. Between last Wednesday and Saturday Russia has fired rockets in Ukraine.

With the escalation of military tension the European Union and USA has imposed sanctions on Russia. But is it really going to stop the country? How far will it go before it stops? How much damage will it cause not just to Ukraine but to the world?

Let’s look at the arsenal of Russia. Their weapons not just include bullets and bombs, but oil and above all computer virus. They are capable of launching a full fledged cyber warfare. This war will not just be limited to Ukraine, but will sweep the world. Every single person, be it the rich or the poor will have to pay a price.

Oh, did I say- they will launch cyber attack? My mistake! They have already launched it. The recent malware that has its origin in the Russia and Ukraine region is Gameover Zeus. Experts say PCs infected with Gameover are being harvested for sensitive financial and personal data, and rented out to an elite cadre of hackers for use in online extortion attacks, spam and other illicit moneymaking schemes. This software is based on code from the Zeus Trojan. That’s a malware that has been used for banking heists numerous times. This virus sends phishing emails and gets hold of customer’s banking details. Once this is done your money is my money.

So how can banks protect their customers?

Closely monitoring transactions is the only way. Every money laundering activity has three phases- Placement, Layering and Integration. This is how funds are initially deployed in the financial system, then they are channelized across various geographies and finally withdrawn or invested by the beneficiary. Money movement can take the form of structuring so as to avoid filing a CTR.

Imagine your banking system detects multiple people transferring small amount of funds to a company. Here you clearly detect two red flags, one is the amount and the other is- individuals transferring funds to an entity. While it is possible that numerous people are paying their insurance premium, we need to see the nature of business of the entity in question. If it is a reputed insurance company risk can still be mitigated. Otherwise it can be a big concern. This is especially when no purpose of the transactions are mentioned. So as a bank you need to ask your customer the reason for these transactions. In case the customer’s bank information is being used by somebody else which is supposed to happen in case his computer is infected by Gameover, then he will from the sky when questioned. That’s when as a good bank you take steps like raising a SAR and initiate a thorough investigation.

Even one financial institution can pose threat to another when nested accounts exist. This way one correspondent banking customer allows another organization (XYZ bank) to use the services of its correspondent bank through its own system. In this case the identity of that other entity is hidden. Now imagine a person who has hacked somebody else’s bank account hiding in the system of XYZ bank. Thus you as a correspondent bank helping a criminal. Therefore it is of utmost importance that you ensure that there are no nested accounts in your system.

War is not just fought on the ground, now it is fought in the banks as well. We need to make sure that our financial system is not misused as it happened before the WTC attack. Modern software has taken war to a completely different level. Is this the begining of ‘Skynet’ (From the movie: The Terminator)?