Digital Currency Forum: Enforcement, Regulation, and Search for Crypto Savvy Investigators

NEW YORK — You have to be concerned about law enforcement and government regulators in the age of cybercrime and crypto-mania. Cyberthieves stole $6.9 billion in 2021, according to Forbesand everything indicates that 2022 will be worse, no matter what the authorities do to prevent it.

Part of the reason is that cyberspace surveillance officials often pursue criminals with more advanced technologies and skills, who like nothing better than to devise new and inventive ways to steal. As if that weren’t enough, dedicated cyber thugs already adept at all forms of internet crime – hackers, ransomware, romance scams, SIM swapping, extortion, fraud, and more. – have now been given crypto, which not only provides thieves with more ways to commit crimes, it also makes them harder to catch.

“If you think about it from the perspective of cybercriminals, before crypto, they had to hack, steal information, and then monetize it, [which often means] going through multiple accounts or cutting off other criminals, introducing risk at every step,” said Justin Herring, deputy executive superintendent of the Cybersecurity Division of the New York Department of Financial Services. “On the other hand, the monetization chain for crypto is number one, To hack ; and number two, take control of the digital asset. There is no number three.

Cryptocurrency on the rise

Herring’s remarks came during a panel on crypto crime at the recent two-day Thomson Reuters Institute conference, Manifest Destiny: Risk, opportunity and reward around digital currencies. Moderated by Gina Jurva, attorney and head of market intelligence and thought leadership content for business and government at the Thomson Reuters Institute, the panel, Internal affairs: managing law enforcement actions around crypto crimeexplored the many risks companies operating in the crypto space currently face, as well as the efforts of law enforcement and regulators to secure crypto-based financial transactions as such transactions become more mainstream from more and more.

On the law enforcement side, for example, the recent enthusiasm for all things crypto has led to an exponential increase in criminal attempts to steal various types of virtual assets. According to panelist Elizabeth Roper, chief of the New York District Attorney’s office’s Cybercrime and Identity Theft Bureau, her office’s reporting line has received 45 reports of stolen non-fungible tokens (NFTs) this year, whereas last year they only had one. “Now we have the whole team just working on [NFT theft],” she says.

If you have the right control system and the right technical tools, you will be able to see and react to trends in what criminals are doing.

Cybercrime and cryptocurrency have become so prevalent, so quickly, that Roper warned financial institutions, crypto exchanges or other online asset providers to be on their guard. “You’re going to be the target of some kind of cyber attack,” she said, noting that they should expect it, plan for it, “and implement the plan when it happens.”

Part of this plan should involve developing a relationship with law enforcement. before any security breach happens, she advises, and contacts investigators if and when something happens. “There can be a real sense of desperation when a cyber event occurs, and many people and businesses feel like there’s nothing they can do,” Roper said. However, if the stolen asset is cryptocurrency, “law enforcement actually has a good chance of freezing and ideally recovering those assets.”

On the regulatory front, efforts to adapt traditional anti-money laundering (AML) and know-your-customer (KYC) protocols into the crypto space are underway, but according to New York’s DFS Herring, ” in many cases, this will require tools – such as blockchain analysis – that are different from the tools used in the traditional financial industry.

Indeed, many of the tools needed to regulate crypto have yet to be developed, admits Herring, but he said he sees encouraging signs that some in the crypto industry are coming to the idea that they have a shared responsibility when it comes to protecting their clients’ assets.

Better protection “starts with a good foundation,” Herring explained. “If you have the right control system and the right technical tools, you will be able to see and react to trends in what criminals are doing.”

The Crypto Talent War

Of course, precisely who will develop and implement these new regulatory tools is somewhat uncertain, as law enforcement and regulatory agencies are also at a disadvantage when it comes to recruiting tech-savvy analysts and investigators. Tech companies pay a lot more for experienced engineers and coders, Herring and Roper said, and there isn’t much formal training available. This means that people hired by law enforcement and regulators must be “passionate” about crypto and, fundamentally, willing and able to learn on their own.

“If you’re interested enough in cyber to read about it in your spare time, we can work with that,” Herring said, noting that finding such people is a challenge.

In a separate round table, Supply and Demand: Winning the Crypto Talent Warpanelists explained that engineers who can work in next-generation Internet environments such as Web 2.5-3.0 and the Metaverse can essentially write their own ticket, but the talent pool coming out of academic institutions is woefully understaffed.

As a result, organizations looking for next-generation tech talent “are more open to [individuals with] from non-traditional backgrounds,” said panelist Adam Posner, of the NHP Talent Group – and that includes people without college degrees. “I can’t even tell you the last time I saw a degree required for one of my Web 3.0 companies,” Posner said. “They want to see what you did, how you did it, and what you’re going to do for their organization.” If a candidate has a good foundation of technical skills, he added, many of these companies will place people in a six-week boot camp to “upgrade” them — and in many cases that is. all the training they need to get started.

During his midday keynote, however, former Manhattan District Attorney Cyrus Vance Jr. issued a cautionary note when he asked conference attendees to step back and ask if the Implementing all of the ideas under discussion was in itself a good idea, given the massive power shifts, income inequality and social upheaval caused by the rise of tech giants such as Facebook and Google.

“Let’s not lose sight of asking the questions,” Vance said, noting that those questions perhaps should have been asked. before Mark Zuckerberg, Jeff Bezos and other industrial tech giants have achieved “titan” status. “If we knew it was going to be as successful as we think it would be, what rules would we have to put in place before it became so successful that it was just too late to ask questions?” Vance said.