Cryptocurrencies, such as Bitcoin, are worrisome to banks because the anonymity built into its exchanges enables senders and recipients to easily veil their identities. Money laundering and extortion fraud, like the ransom attacks against banks that have been waged for the last year by the the group DD4BC - DDoS for Bitcoin - are obvious concerns.
But the transaction infrastructure used by cryptocurrencies offers many secure exchange and event tracking features that banks should put to use, says Vincent D'Agostino, a former special agent within the cyber branch of the Federal Bureau of Investigation, who recently joined AML compliance and cyber-defense firm K2 Intelligence.
Blockchain, the distributed database software that enables digital currency transactions, offers a way for individuals and banks to directly exchange money and assets, such as stocks and bonds, without having to rely on a middleman, D'Agostino explains in an interview with Information Security Media Group.
"For right now, the Blockchain is being used for the Bitcoin transactions themselves," D'Agostino says. "But the benefits of that technology can be brought into the banking sector in different ways, beyond just adding in a Bitcoin component to a bank's accepted currency. ... The Blockchain, as ubiquitous as it is, allows you to track things. If we want to determine the exact time and date that something occurred between two persons or two companies, the Blockchain allows you to do that in a way that we've never seen before. And financial institutions [can] take advantage of that type of technology, whether it be for a currency or for contracts or any type of deed."
The Blockchain provides a digital signature that can be used to authenticate documents. "You can hash a document," D'Agostino says. "You can authenticate it through the digital signature, and those documents then become part of the Blockchain; and if someone were to alter those documents in any way, it would invalidate that hash and you would know it's a fraud."
In light of the emergence of cryptocurrency and other online developments, the lines that divide anti-money-laundering and cybersecurity are blurring, D'Agostino explains.
"They are essentially becoming one in the same," he says. "I don't even know how to distinguish the two. If you're dealing with anti-money-laundering statutes and procedures within a financial institution, you're invariably going to come across a cyber issue. ... Any time there's a compromise of any data, anytime there's any structuring that's going on with payments, the ultimate end game for that is financial, and the ultimate method by which it's done is through the Internet."
Cybersecurity and AML experts at banks should be sharing information with each other to help fight the threat of cybercriminals, many of whom are based overseas, the former FBI agent says.
In this interview (see audio link below photo), D'Agostino also discusses:
- Why banks have been reluctant to embrace Bitcoin;
- Lessons learned from the Silk Road underground narcotics marketplace case; and
- Why cybercrime is so much more damaging than conventional bank fraud schemes.
D'Agostino, formerly a senior special agent within the cyber branch of the Federal Bureau of Investigation's New York Office, now helps to lead K2 Intelligence's U.S. cyber investigations and incident response practice. As one of the U.S. government's foremost authorities on identify theft, dark/deep Web investigations, cryptocurrency and international botnet investigations, D'Agostino was instrumental in government seizures of hundreds of international TOR hidden services and servers, as well as in securing convictions in connection with the dismantling of the Silk Road network.