THE RISE OF EURASIAN FINANCIAL
CRIMINAL ENTERPRISES:
THE NEW MAFIA
A Chris Swecker White Paper
Sponsored by
THE RISE OF EURASIAN FINANCIAL CRIMINAL ENTERPRISES: THE NEW MAFIA // MARCH 2013 // 1
“You are like the Wind and I like the Lion…. I like the Lion must remain
in my place, but you like the Wind, will never know yours.”
Mulay Hamid El Raisuli, Lord of the Riff, Sultan to the Berbers, Last of the Barbary Pirates
Sun Tzu said “If you know your enemy and know yourself, you need not fear the result of
a hundred battles.” So it is for investigators and analysts in the financial services industry
responsible for compliance with anti-money laundering (AML) laws and regulations. To be
effective (and compliant), AML and anti- fraud professionals must keep astride of an ever
changing global landscape of adversaries and the threats they present, while constantly
assessing their own strategies and capabilities to meet the threats. Like the “wind”1 in
the quote above, a new adversary has emerged who recognizes no limits and can project
themselves to every corner of the globe. This adversary has no physical “place”, yet current
AML and fraud strategies are constrained by methods and techniques designed to fight a more
tangible and accessible enemy. Moreover the traditional focus of most anti-fraud detection
processes on the individual event often fails to “recognize that a seemingly discrete or benign
offense may actually be part of a larger pattern of activity by an organization that merits further
investigation...”2
Due to the confluence of globalization, the Internet and the technical savvy of criminals
unleashed by the break-up of the former Soviet Union, a new crime business model now
dominates the financial landscape. By far the most economically profitable criminal enterprises
in the world are virtual, viral and well networked Eurasian Criminal Enterprises (CE) that make
the traditional crime models seem almost pedestrian. These CEs prey on financial institutions,
government benefit programs and insurance companies to garner unprecedented levels of
illicit profits. The implications for AML and anti-Fraud programs are profound. Where there
are proceeds of this magnitude, there is massive money laundering. Anti-fraud programs are
equally challenged by the global scope and elusiveness of large crime rings that steal and
monetize customer information through a network of low level “mules” and cutouts. These
professional criminals study, probe and exploit every financial product and channel with minimal
risk of arrest and prosecution.
When did financial crimes become a mass produced commodity? For most of the twentieth
century the focus of law enforcement was directed towards the infamous criminal activities
of the La Cosa Nostra, drug cartels and street gangs. These organizations proliferated criminal
schemes that focused on activities such as loan sharking, extortion, labor racketeering, theft
and hijacking, money laundering, corruption, and drug trafficking - all supported by violence and
intimidation. They exploited the financial system to launder illicit proceeds, not pilfer funds.
Responding to public alarm, legislators held hearings to underscore the threat to society
that organized criminal activity presented and enacted hard hitting criminal statutes such as
Conspiracy, Money Laundering, Racketeering Influenced Corrupt Organizations (RICO), and
Continuing Criminal Enterprises (CCE).
1 From the 1975 movie entitled “The Wind and the Lion” starring Sean Connery.
2 United States Attorneys’ Bulletin, November 2012: “Responding to the Threat of International Organized Crime: A Primer on Programs,
Profiles, and Practice Points” by Thomas P. Ott.
THE RISE OF EURASIAN FINANCIAL CRIMINAL ENTERPRISES: THE NEW MAFIA // MARCH 2013 // 2
THE “NEW MAFIA” KNOWS
NO BOUNDARIES AND
ESCHEWS THE NOW
BYZANTINE “BRICKS AND
MORTAR” CRIME MODEL.
WE OVERLOOK THIS
DYNAMIC AT OUR PERIL.
In addition these traditional organized crime syndicates were in the cross hairs of a series of
AML statutes such as The Bank Secrecy Act of 1970; the Money Laundering Control Act of
1986; The Annunzio-Wylie Anti-Money Laundering Act of 1992 and various other legislative
updates that attacked the financial infrastructure of traditional organized crime. Such a massive
commitment to attacking the traditional threats has made it difficult to shift resources and
strategies to meet the new threats where law enforcement plays a lesser role than those
who are really in the front lines, the very organizations that provide the benefits, goods
and services. Unfortunately neither the statutes described above nor the strategies of law
enforcement and especially AML/Fraud programs have been able to pivot and devise effective
strategies to address the “New Mafia” which focuses on a wide range of financial crime
schemes from identity theft and account takeover to credit card fraud: from massive health
care fraud to insurance scams. The “New Mafia” knows no boundaries and eschews the now
byzantine “bricks and mortar” crime model. We overlook this dynamic at our peril.
In fact recently the US Justice Department redefined how “organized crime” operates
emphasizing the “transnational” characteristics of the most dangerous groups. Contrast
the earlier description of criminal activities of traditional organized crime syndicates with the
violations described below:
“IOC (International Organized Crime) groups engage in a wide range of criminal
activities that impact the United States. They target consumers through various
techniques that are designed to obtain bank account information and steal personal
identities. In addition to traditional “phishing,” advanced fee fraud schemes, massmarketing schemes, and Internet auction fraud, IOC groups use other high-tech
mechanisms such as “skimming” devices that are surreptitiously installed in ATMs
and point-of-sale machines. IOC groups have also become increasingly adept at
government fraud, targeting food stamp and welfare programs, Medicare and
Medicaid, and government grant and loan programs. Money is the “life blood” of
all organized crime groups. These groups launder their illicit proceeds by exploiting
the financial system in this country through the use of prepaid access cards, digital
currencies, shell companies, cash checkers, and informal money transmitters. IOC
groups also engage in the theft of intellectual property, ranging from movies and
CDs to proprietary designs of technology and manufacturing processes. International
networks allow IOC groups to engage in the smuggling of narcotics, contraband
cigarettes, weapons, counterfeit goods and currency, as well as the smuggling and
trafficking of humans into the United States.”3
Ironically, but directly to the point, most of the violations cited above when examined as
singular incidents without the benefit of linking to broader crime schemes fly well below the
radar of both law enforcement and industry AML/anti-fraud programs.
To better understand the new adversary a history lesson is in order. The dissolution of the
former Soviet Union was one of the most significant historical events since the end of the
Second World War. It proved once again that democracy and free markets are enduring.
3 United States Attorneys’ Bulletin, November 2012: “Responding to the Threat of International Organized Crime: A Primer on Programs,
Profiles, and Practice Points” by Thomas P. Ott.
THE RISE OF EURASIAN FINANCIAL CRIMINAL ENTERPRISES: THE NEW MAFIA // MARCH 2013 // 3
TO EFFECTIVELY ADDRESS
THIS NEW ADVERSARY WE
MUST “OUT NETWORK THE
NETWORKS” BY BREAKING
DOWN INDIVIDUAL AND
INDUSTRY SILOS; EMPLOYING
BETTER TECHNOLOGY TOOLS
THAN THOSE UTILIZED BY
THE BAD GUYS SUCH AS REAL
TIME DETECTION, POWERFUL
DATA ANALYTICS AND
Like many communist systems however, a robust “black market” was always operating in the
shadows aided and enabled by the intelligence services of the former Soviet Bloc countries.
The leaders of these dark markets were adept at infiltrating and exploiting weaknesses in
financial systems, government programs and various industries such as mining, energy and
banking. Many were part of a Soviet prison spawned criminal network called “Thieves in
Law” and represent the elite of the Post-Soviet world of organized crime. Because of their
associations with government intelligence agencies such as the KGB and FSB combined with
their industry ties, these criminal organizations became technically savvy and well versed in
intelligence “tradecraft”, business practices and processes. So as the doors to the west were
opened wide, these criminal elements dispersed throughout Europe and by the early nineties
reached the shores of the USA where they formed their own criminal associations.
Brighton Beach, New York was a beachhead for several Russian criminal groups and it was
there they invented health care fraud schemes on a mass scale. Using a network of false
ABOVE ALL LINK SEEMINGLY
medical clinics, complicit medical providers and phantom or complicit beneficiaries, they
DISPARATE CRIMINAL ACTS
garnered huge profits. Continuing to innovate and build on their knowledge of the insurance
THAT INDIVIDUALLY FALL
UNDER OUR THRESHOLDS
BUT IN THE AGGREGATE
TOTAL UP TO MULTI-MILLION
DOLLAR LOSSES.
and medical claims procedures, these enterprising Eastern European expats refined the
insurance scam. The criminals perfected the staged accident scheme which to this day is the
highest loss category in the insurance industry.
By the close of the millennium a new and viral technology that connected people and
businesses across the globe was gaining global acceptance, the World Wide Web and the
Internet. It was inevitable that the “New Mafia” would take note of this new tool that was
dramatically transforming domestic and international commerce. Using the Internet and
tradecraft employed so effectively in the black market environment, they innovated new ways
to commit financial crimes with ease from safe havens far from the jurisdiction of their victims.
Characteristics of the “New Mafia” include:
»» Constant research and testing of dollar thresholds and alert triggers
»» Recruitment of insiders to gain knowledge of vulnerabilities or access to valuable
confidential personal data
»» Participation in Internet facilitated “dark markets” mainly hosted in foreign domains
and conducted in Russian language that broker the sale or hire of virtually anything that
facilitates criminal schemes such as data, “mule networks”, malware, skimming devices,
botnets, etc.
»» Use of foot soldiers such as foreign students on J-1 Visas to “monetize” data, i.e. open
accounts, use cloned credit and debit cards, purchase and reship goods purchased with
fraudulent instruments, open false clinics, obtain beneficiary data, etc.
»» Extensive use of social engineered Internet exploits to steal data, learn processes and
take over financial accounts
»» Cooperative group action that takes advantage of specialists for hire, division of labor, and
an effective criminal supply chain
The key to understanding these groups is a recognition that pursuing one alert at a time;
setting obvious thresholds; favoring siloed “point solutions” for channels and products and
overlooking the links to the broader network will permit the criminal enterprises to commit
fraud over long periods of time and inflict huge losses despite the detection of individual
nodes, which are expendable. To effectively address this new adversary we must “out network
the networks” by breaking down individual and industry silos; employing better technology
THE RISE OF EURASIAN FINANCIAL CRIMINAL ENTERPRISES: THE NEW MAFIA // MARCH 2013 // 4
ONE ASPECT OF THE NEW
tools than those utilized by the bad guys such as real time detection, powerful data analytics
CRIME MODEL REPRESENTS
and above all link seemingly disparate criminal acts that individually fall under our thresholds
THE ACHILLES HEEL.
THESE NEW CRIMINAL
ENTERPRISES EVENTUALLY
HAVE TO “MONETIZE” THEIR
STOLEN DATA, WHETHER
but in the aggregate total up to multi-million dollar losses.
As an illustration of the scope and breath of these networks consider the following case.
In October 2010, the Department of Justice (DOJ) announced an indictment under the
Racketeering Influenced Corrupt Organizations Statute (RICO), 18 U.S.C. §§ 1961–1968, linking
Armenian organized crime to “the largest Medicare fraud scheme ever perpetrated by a single
criminal enterprise and charged by the Department of Justice.” This case involved 43 members
IT’S A CREDIT CARD NUMBER
and associates of an Armenian-American “Thief in Law” enterprise led by Mirzoyan-Terdjanian
AND CV CODE, A USER ID AND
who submitted over 100 million dollars in false Medicare claims.
PASSWORD FOR AN ONLINE
BANKING PORTFOLIO
OR A MEDICAID
PROVIDER NUMBER.
The sad truth is that while this was a law enforcement triumph, it represents a systemic failure
to detect a scheme that ran for over 8 years and involved literally thousands of fraudulent
claims, some of which were detected but never linked to show the big picture. All of these
illicit funds had to move through the financial system.
One aspect of the new crime model represents the Achilles heel. These new CEs eventually
have to “monetize” their stolen data, whether it’s a credit card number and CV code, a User ID
and password for an online banking portfolio or a Medicaid provider number. The completion
of the crime requires physical acts such as account opening, benefit enrollment, use of a
credit card or debit card, or purchase and shipment of goods. To do this they must provide
data which can be linked and analyzed. This is what occurred in the FBI takedown of a massive
case entitled “Trident Breach” which involved over 27 “money mules” who despite their low
level represent the most vital link in the criminal supply chain. The mastermind hackers stole
$70 million from the payroll accounts of some 400 American companies and organizations – all
from the safety of their homes in Eastern Europe. But to complete the scheme they recruited
“money mules “who shared email accounts, addresses, US travel visa sponsors and bank
accounts. Many were identified via their Facebook accounts. Use of linking technology would
have identified these associations much sooner as this group attempted to steal over 200
million dollars in losses before they were arrested and the mule network dismantled.
FIGURE 1: OPERATION TRIDENT BREACH MONEY MULES
WANTED
BY THE FBI
THE RISE OF EURASIAN FINANCIAL CRIMINAL ENTERPRISES: THE NEW MAFIA // MARCH 2013 // 5
THE BEST WEAPONS
AVAILABLE ARE THE
RICH DATA AVAILABLE
FROM BOTH INTERNAL
AND EXTERNAL SOURCES,
POWERFUL ANALYTICS AND
PROACTIVE STRATEGIES
THAT SEARCH OUT
THE LINKS BETWEEN
DISPARATE CRIMINAL
ACTS AND EVENTS.
CONCLUSION
The current criminal for financial crimes professionals has never been so complex. Over the
years traditional strategies have been developed and ingrained in our financial institutions,
government agencies and the insurance industry to combat traditional threats and threat
actors. These traditional organized crime models are now at the bottom of the criminal
food chain when measured by the level of illicit proceeds generated. Most AML and fraud
professionals will concede that having a compliant AML program does not necessarily equate
to an effective program. Financial crimes has become a multi-billion dollar industry where not
only the game but the players have changed. Bad guys have the first mover advantage while
fraud and AML programs are encumbered by resource limitations, low levels of awareness at
the executive level, persistent silos, high prosecution thresholds and outdated strategies. These
strategies may be compliant but they are far from effective in combatting the “New Mafia.”
The best weapons available are the rich data available from both internal and external
sources, powerful analytics and proactive strategies that search out the links between
disparate criminal acts and events. The one thing that is not limited is the technological
firepower available today. This technology must be combined with incisive, preemptive
strategies that are well designed to meet current threats. The multi-billion dollar question is
whether executives who are responsible for financial crimes programs will pursue business
as usual or embrace a new paradigm.
THE RISE OF EURASIAN FINANCIAL CRIMINAL ENTERPRISES: THE NEW MAFIA // MARCH 2013 // 6
ABOUT THE AUTHOR
Chris Swecker has 30 years of experience in law enforcement, national security, legal, and
corporate security/ risk management. Swecker served 24 years with the Federal Bureau of
Investigation (FBI) before retiring as Assistant Director of the FBI’s Criminal Investigative Division.
He was responsible for eight FBI divisions including Cyber, Criminal, International Operations,
Training, Crisis Management, Operational Technology, Criminal Justice Information and the Law
Enforcement Liaison office encompassing more than half of the FBI’s total resources. Swecker
also served as the FBI’s On Scene Commander in Iraq in 2003 where he led a team of FBI Agents
conducting counter-intelligence and terrorism investigations.
As head of the FBI’s Criminal Division, Swecker led all FBI criminal investigations including public
corruption, money laundering, organized crime/drug trafficking and financial crime matters. He was
instrumental in the development of the FBI’s post 9-11 strategies, leveraging criminal investigative
resources to support counter terrorism/intelligence efforts. He led national task forces on
corporate fraud, violent gangs, financial crimes, crimes against children, public corruption and
organized crime and established the MS-13 National Gang Task Force and the National Gang
Chris Swecker
Financial Crimes Consultant
and Attorney; retired Assistant
Director, FBI; and former Global
Security Director, Bank of America
Intelligence Center. Swecker has extensive experience in organized crime, money laundering and
major drug trafficking investigations.
As Corporate Security Director for Bank of America, Swecker led investigations; physical
security; international security; employment screening and executive protection. He executed a
comprehensive transformation of all aspects of the security organization, emphasizing the use
of advanced analytical software, security technology and fusion of open source, government and
internal information to drive strategies to prevent fraud, privacy and security events.
Swecker has testified before Congressional Committees on topics such as identity theft, crimes
against children, mortgage fraud, human trafficking, financial crimes, information privacy and data
compromise, crimes on the Internet, drug trafficking and gangs. He has also appeared as a guest
on such media programs as 60 Minutes, Good Morning America, CSPAN Washington Journal,
Oprah Winfrey and North Carolina People. He is a frequent public speaker on financial crimes,
money laundering and cyber crimes.
Swecker received the prestigious Presidential Rank Award in 2003 for his service in Iraq and as
Special Agent in Charge of the NC Office.
About Verafin
Verafin is a leader in enterprise Fraud Detection and Anti-Money Laundering (FRAML™) technology with a customer base of
1000 financial institutions across North America. Verafin is the exclusive provider of fraud detection and BSA/AML software for
the California Bankers Association, Florida Bankers Association, Massachusetts Bankers Association, CUNA Strategic Services
and has industry endorsements in 44 states across the U.S. For more information, visit www.verafin.com.
Check out www.verafin.com/resource-center for complimentary
educational webinars and white papers on hot industry topics.