Cyber Security

Almost every crime committed in current times has a cyber element to it. At the same time, not every crime or a suspicion of a crime will attract the attention of law enforcement agencies. This frequently leaves companies and individuals being forced to conduct their own internal investigations.

Cyber policy assessment to ensure protection for individuals and businesses.

Training in cyber threats and client-specific cyber risk profiles.

Incident response, and cyber-attack policy development.

Case Study

Bearstone was engaged by a large East Asian industrial company that fell victim to an elaborate cybercrime scheme. The client suspected it had been attacked by a sophisticated organized crime network, based in Eastern Europe. The fraud involved a cyber element, white-collar financial crime element, and a physical theft element.

The client was approached by a fraudster posing as a legitimate prospective buyer. The buyer wanted to buy a large quantity of goods. As a guarantee of payment, the buyer provided a valid letter of credit, issued by a respectable bank. The client sent the products to the buyer via a shipping agency. When the client tried to collect payment, it transpired that the letter of credit had been falsified, both physically and electronically. The company that the frauds had impersonated was also found to have been a victim of commercial identity theft executed online.

We were mandated to conduct an investigation it into how the fraud was conducted, specifically aimed at understanding the identity theft, the true and complete path of the fraudulent letter of credit and determining which banks and individuals could have been involved in processing the fraudulent billing.

We were also mandated to attempt to trace, locate and if possible repossess the stolen merchandise, in liaison with local law enforcement.

Retracing the steps taken by the criminals in issuing the fraudulent letter of credit required cyber intelligence collection on the part of our investigators. The criminals took great lengths in masking their steps across several opaque jurisdictions, using multiple financial institutions as intermediaries. Most of these intermediaries were not aware that they had been used in a criminal endeavour.

Our activities included a cyber investigation involving metadata and content analysis into the encrypted SWIFT electronic data exchange between the financial intermediaries, or so-called corresponding banks, as well all of the online communication (emails, attachments etc.) between the criminals and the client.

We also investigated the way in which the criminals were able to steal the identity of the buyer and trick both the client and most of the financial intermediaries into believing that they were dealing with a legitimate counterparty.

The results of our investigation showed that the criminals were able to procure a domain name that looked almost identical to the company they impersonated, which allowed them to create an identical looking website and emails. Our team discovered that they also used serious social media engineering in order for their online identity to look convincing.

Moreover, we found that some of the financial intermediaries involved in the issue of the letter of credit had either very poor due diligence standards, or even possibly had been involved in the scheme as abettors. We were able to retrace the steps that the criminals took in order to digitally forge part of the SWIFT communications, which fooled the banks involved in the entire process.

We managed to find the true final destination of the stolen merchandise. Moreover, we managed to intercept the containers with the stolen goods, in transit, and alert the corresponding law enforcement agencies to conduct a lawful confiscation under the authority of the local prosecutor of the transit country.