Increased Use of Mobile Banking Apps Could Lead to Exploitation

As the public increases its use of mobile banking apps, partially due to increased time at home, the FBI anticipates cyber actors will exploit these platforms.


As the public increases its use of mobile banking apps, partially due to increased time at home, the FBI anticipates cyber actors will exploit these platforms.

Americans are increasingly using their mobile devices to conduct banking activities such as cashing checks and transferring funds. US financial technology providers estimate more than 75 percent of Americans used mobile banking in some form in 2019.

Studies of US financial data indicate a 50 percent surge in mobile banking since the beginning of 2020.

Additionally, studies indicate 36 percent of Americans plan to use mobile tools to conduct banking activities, and 20 percent plan to visit branch locations less often.

With city, state, and local governments urging or mandating social distancing, Americans have become more willing to use mobile banking as an alternative to physically visiting branch locations.

The FBI expects cyber actors to attempt to exploit new mobile banking customers using a variety of techniques, including app-based banking trojans and fake banking apps.

App-Based Banking Trojans

The FBI advises the public to be cautious when downloading apps on smartphones and tablets, as some could be concealing malicious intent. Cyber actors target banking information using banking trojans, which are malicious programs that disguise themselves as other apps, such as games or tools. When the user launches a legitimate banking app, it triggers the previously downloaded trojan that has been lying dormant on their device. The trojan creates a false version of the bank’s login page and overlays it on top of the legitimate app. Once the user enters their credentials into the false login page, the trojan passes the user to the real banking app login page so they do not realize they have been compromised.

Fake Banking Apps

Actors also create fraudulent apps designed to impersonate the real apps of major financial institutions, with the intent of tricking users into entering their login credentials. These apps provide an error message after the attempted login and will use smartphone permission requests to obtain and bypass security codes texted to users. US security research organizations report that in 2018, nearly 65,000 fake apps were detected on major app stores, making this one of the fastest growing sectors of smartphone-based fraud.

TIPS TO PROTECT YOU AND YOUR ORGANIZATION

Obtain Apps from Trusted Sources

Private sector companies manage app stores for smartphones and actively vet these apps for malicious content. Additionally, most major US banks will provide a link to their mobile app on their website. The FBI recommends only obtaining smartphone apps from trusted sources like official app stores or directly from bank websites.

Use Two-Factor Authentication

Since 2016, surveys of application and website users have identified that a majority of users do not enable two-factor authentication when prompted. These users cite inconvenience as the major reason to avoid the use of this technology. Cybersecurity experts have stressed that two-factor authentication is a highly effective tool to secure accounts against compromise, and enabling any form of two-factor authentication will be to the user’s advantage

Do:

  • Enable two-factor or multi-factor authentication on devices and accounts to protect them from malicious compromise.
  • Use strong two-factor authentication if possible via biometrics, hardware tokens, or authentication apps.
  • Use multiple types of authentication for accounts if possible. Layering different authentication standards is a stronger security option
  • Monitor where your Personal Identifiable Information (PII) is stored and only share the most necessary information with financial institutions.

Don’t:

  • Click links in e-mails or text messages; ensure these messages come from the financial institution by double-checking e-mail details. Many criminals use legitimate-looking messages to trick users into giving up login details.
  • Give two-factor passcodes to anyone over the phone or via text. Financial institutions will not ask you for these codes over the phone.

Use Strong Passwords and Good Password Security

Cyber actors regularly exploit users who reuse passwords or use common or insecure passwords. The FBI recommends creating strong, unique passwords to mitigate these attacks. The National Institute of Standards and Technology’s most recent guidance encourages users to make passwords or passphrases that are 15 characters or longer.

Do:

  • Use passwords that contain upper case letters, lower case letters, and symbols.
  • Use a minimum of eight characters per password.
  • Create unique passwords for banking apps.
  • Use a password manager or password management service.

Don’t:

  • Use common passwords or phrases, such as “Password1!” or “123456.”
  • Reuse the same passwords for multiple accounts.
  • Store passwords in written form or in an insecure phone app like a notepad.
  • Give your password to anyone. Financial institutions will not ask you for this information over the phone or text message.

If a Banking App Appears Suspicious, Call the Bank

If you encounter an app that appears suspicious, exercise caution and contact that financial institution. Major financial institutions may ask for a banking PIN number, but will never ask for your username and password over the phone. Check your bank’s policies regarding online and app account security. If the phone call seems suspicious, hang up and call the bank back at the customer service number posted on their website.

FBI.gov (June 2020) INCREASED USE OF MOBILE BANKING APPS COULD LEAD TO EXPLOITATION

White House Report Recommends Multi-Pronged Approach to Counter China

The Defense Department has a role to play in countering China, but it is only one part of the effort. The National Defense Strategy highlights the threat.


China is using government, military, economic, diplomatic and information levers to change the well-tested and beneficial international order, and the United States must have a similar strategy to combat these efforts, according to a White House report.

The White House addressed the whole-of-government approach to counter China — a great power competitor — in a report published last month titled “The United States Strategic Approach to the People’s Republic of China.” 

The Defense Department has a role to play in countering China, but it is only one part of the effort. The National Defense Strategy highlights the threat. 

“China is leveraging military modernization, influence operations and predatory economics to coerce neighboring countries to reorder the Indo-Pacific region to their advantage,” the unclassified strategy report said. “As China continues its economic and military ascendance, asserting power through an all-of-nation, long-term strategy, it will continue to pursue a military modernization program that seeks Indo-Pacific regional hegemony in the near-term and displacement of the United States to achieve global preeminence in the future.”

According to the report, China is the prime country that has benefited from the existing international order, noting that it has made tremendous progress economically since moving to a market economy. U.S. officials had anticipated that the iron rule of the Chinese Communist Party would loosen as prosperity became more widespread in the nation of more than 1.5 billion people. 

But the party maintained — and even tightened — its grip. “Over the past two decades, reforms have slowed, stalled or reversed,” the White House report says. “The PRC’s rapid economic development and increased engagement with the world did not lead to convergence with the citizen-centric, free and open order as the United States had hoped.”

When the United Kingdom handed over Hong Kong to China, Hong Kong was guaranteed semi-autonomous status at least through 2047. The Chinese are backing out of the “One Nation, Two Systems” agreement. China is also building and militarizing islands in the South China Sea and East China Sea in an attempt to assert sovereignty over international sea lanes of communication.

The United States and partner nations in the region and internationally are sailing and flying through these areas in freedom of navigation operations, the report says.

The Chinese have massed troops and missiles across the Strait of Taiwan and continually threaten military action and have tied their new-found economic power and diplomacy together in their “One Belt One Road” initiative, which the report calls an umbrella term describing initiatives designed “to reshape international norms, standards, and networks to advance Beijing’s global interests and vision, while also serving China’s domestic economic requirements.”

The “One Belt One Road” projects frequently are “characterized by poor quality, corruption, environmental degradation, a lack of public oversight or community involvement, opaque loans, and contracts generating or exacerbating governance and fiscal problems in host nations,” the report says.

Beijing will probably use these projects to exert undue political influence and gain military access, the report says. “Beijing uses a combination of threat and inducement to pressure governments, elites, corporations, think tanks and others — often in an opaque manner — to toe the CCP line and censor free expression,” it states.

The response to this effort is not solely military. Rather, the report says, it has to be a whole-of-government approach that combines diplomacy, economic leverage, information operations and military partnerships. 

China is working to undermine U.S. alliances in the Indo-Pacific region, and “One Belt One Road” is just an arrow in the quiver aimed at subverting American influence in the region, the report says.

Meanwhile, it states, the Chinese Communist Party has no compunction about using economic, political and military power to pressure nations to follow their lead — often to the detriment of their citizens. With no visible opposition, the Chinese Communist Party can be patient, and Chinese leaders look at the competition with capitalist powers as a generational struggle, according to the report.

Capitalist nations have also engaged in generational struggles. The Cold War was a generational struggle against the Soviet Union. U.S. administrations of both political parties agreed to the overall need to confront the old Union of Soviet Socialist Republics, and they followed a long-term strategy against the existential threat the Soviets posed. 

It was also a whole-of-government approach, even if it wasn’t called that at the time. It wasn’t enough for troops to just confront the Soviet Union and Warsaw Pact at the Fulda Gap between West Germany and East Germany. Intelligence agencies had to stay ahead of the Soviets. Diplomats had to negotiate with them. The people of the Soviet Union and Warsaw Pact nations had to see what life was really like in the West.

The result was the dissolution of the Soviet Union in 1991. Now, the formerly captive Warsaw Pact nations are members of NATO.

The National Security Strategy recognizes there has been a return to an era of great power competition, and that China is a competitor. It lays out a U.S. whole-of-government approach that it says must be taken to counter the Chinese Communist Party’s efforts to overturn the international order. 

“The United States is responding to the [Chinese Communist Party’s] direct challenge by acknowledging that we are in a strategic competition and protecting our interests appropriately,” the White House report says. “The principles of the United States’ approach to China are articulated both in the [National Security Strategy] and our vision for the Indo-Pacific region — sovereignty, freedom, openness, rule of law, fairness, and reciprocity.”

While China is the main competitor, U.S.-Chinese relations do not determine America’s strategy in the Indo-Pacific region. U.S.-China relations are just part of the overall strategy in the region, the report says.

“By the same token, our vision of a free and open Indo-Pacific region does not exclude China,” according to the report. “The United States holds the [People’s Republic of China] government to the same standards and principles that apply to all nations.”

Defense.gov (June 2020) White House Report Recommends Multi-Pronged Approach to Counter China

Coast Guard Cutter James offloads approximately 30,000 pounds of cocaine, marijuana at Port Everglades

The Coast Guard Cutter James (WMSL-754) crew offloaded approximately 23,000 pounds of cocaine and approximately 6,900 pounds of marijuana, all worth more than an estimated $408 million, on Tuesday in Port Everglades.


The Coast Guard Cutter James (WMSL-754) crew offloaded approximately 23,000 pounds of cocaine and approximately 6,900 pounds of marijuana, all worth more than an estimated $408 million, on Tuesday in Port Everglades.

The drugs were interdicted in international waters of the Eastern Pacific Ocean off the coasts of Mexico, Central and South America, and in the Caribbean Sea including contraband seized and recovered during 11 interdictions of suspected drug smuggling vessels by four Coast Guard cutters and two U.S. Navy ships:

“The roughly 15 tons of illicit narcotics being offloaded here today and the likely ensuing prosecutions, are the results of extraordinary teamwork and intelligence-driven operations,” said Adm. Karl Schultz, commandant of the Coast Guard. “It is important to note that our fellow citizens aren’t the only ones who benefit from these counter-narcotics efforts. Our Central American neighbors face tremendous strain from drug-fueled violence sparked by transnational criminal organizations. Efforts like this enhanced counter-drug operation significantly disrupt the criminal activity destabilizing the region.”

Photo by Petty Officer 2nd Class Jonathan Lally

On April 1, U.S. Southern Command began enhanced counter-narcotics operations in the Western Hemisphere to disrupt the flow of drugs in support of Presidential National Security Objectives.

Numerous U.S. agencies from the Departments of Defense, Justice and Homeland Security cooperated in the effort to combat transnational organized crime.

The Coast Guard, Navy, Customs and Border Protection, FBI, Drug Enforcement Administration, and Immigration and Customs Enforcement, along with allied and international partner agencies, play a role in counter-drug operations. 

The fight against drug cartels in the Eastern Pacific Ocean and the Caribbean Sea requires unity of effort in all phases from detection, monitoring and interdictions, to criminal prosecutions by international partners and U.S. Attorneys’ Offices in districts across the nation.

The law enforcement phase of counter-smuggling operations in the Eastern Pacific Ocean is conducted under the authority of the Coast Guard 11th District, headquartered in Alameda, California, and the law enforcement phase of operations in the Caribbean is conducted under the authority of the Coast Guard 7th District, headquartered in Miami.

The interdictions, including the actual boardings, are led and conducted by members of the U.S. Coast Guard. 

The cutter James is a 418-foot national security cutter home ported in Charleston, South Carolina.

The cutter Mohawk is a 270-foot medium endurance cutter home ported in Key West, Florida.  

The cutter Escanaba is a 270-foot medium endurance cutter home ported in Boston. The cutter Confidence is a 210-foot medium endurance cutter home ported in Port Canaveral, Florida.

The USS Pinckney is a 510-foot Arleigh Burke-class destroyer home ported in Naval Base San Diego.

The USS Lassen is a 510-foot Arleigh Burke-class destroyer home ported in Naval Station Mayport, Florida.

US Coast Guard (June 2020) Coast Guard Cutter James offloads approximately 30,000 pounds of cocaine, marijuana at Port Everglades

Pittsburgh Man Charged with Possession of a Destructive Device after Placing a Backpack of Homemade Explosives in Downtown

A Pittsburgh man has been charged federally with illegal possession of an unregistered destructive device after planting a backpack with homemade explosives in a downtown open space, United States Attorney Scott Brady has announced.


A Pittsburgh man has been charged federally with illegal possession of an unregistered destructive device after planting a backpack with homemade explosives in a downtown open space, United States Attorney Scott Brady has announced.

Matthew Michanowicz, 52, of Pittsburgh Pennsylvania, is charged by complaint with knowingly and unlawfully possessing a firearm, that is, a destructive device, which was not registered to him in the National Firearms Registration and Transfer Record.

Michanowicz was taken into custody Friday evening by the Allegheny County Sheriff’s Department.

He will make his appearance in U.S. District Court in Pittsburgh at a date to be determined by the court.

U.S. Attorney Brady said, “Once again, we see that certain participants in the protests in Pittsburgh were only present to serve as agitators and to incite violence. Let’s call them what they are: criminals. They have no intention of peacefully exercising their First Amendment rights; they seek only to incite and destroy. Michanowicz brought a backpack full of homemade Molotov cocktails to downtown Pittsburgh. He wasn’t there to protest; he was there to engage in violent attacks. I hope that any organizers or protestors who are participating consistent with the First Amendment will help identify and stop agitators who seek to manipulate their protest for violent ends. Rest assured that we stand ready to prosecute such provocateurs federally.”

According to the complaint, on June 1, 2020 at approximated 8 a.m., Pittsburgh Bureau of Police officers were called to the open area of 2 PNC Plaza facing Wood Street in downtown Pittsburgh to respond to a suspicious bag.

They had been called by PNC security officers for a “Military, green backpack” located by a bicycle rack under some trees on PNC property. PBP officers discovered three devices and a foul odor and called the PBP Bomb Squad. The Bomb Squad found three suspected “homemade Molotov cocktails.”

According to the complaint, the devices are described as “spent OC vapor grenades” (identified by the PBPBS as spent devices they had previously deployed) which contained a fluid that had a smell similar to an ignitable liquid. The liquid was leaking out of one or more of the devices. All three devices had wicks attached to them, which were held in place by what appears to be “spray foam insulation.”

Security camera footage provided to PBP by PNC security showed someone possessing the bag at the scene where it was recovered.

That person was described as an older man, approximately 6’-6’1″ who rides a blue bicycle with a bright red pouch on the handlebars.

On the evening of June 3, 2020 a patrolling PBP officer saw a man with a bicycle matching that description in the exact location where the bag has been discovered on June 1, 2020. The officer approached the individual to identify him and Michanowicz provided only his last name.

The officer stated that after he identified Michanowicz, he released him, but Michanowicz stayed in the immediate vicinity.

The officer stated he called a PBP supervisor to report that he had stopped someone matching the description, and another PBP supervisor then directed the officer to detain Michanowicz and bring him to PBP Headquarters for questioning.

During questioning Michanowicz said he visited downtown to look at the “aftermath” of the riots and protests. Michanowicz admitted he was in the individual depicted in photographs from the surveillance footage but denied possessing the bag or knowing its contents. Michanowicz also stated he never possessed any destructive devices, including the devices recovered from the bag.

According to the complaint, on June 4, 2020, ATF Agents from the Pittsburgh Field Office executed a federal search warrant at Michanowicz’s residence at 144 Republic Street, Pittsburgh, PA 15211.

The search revealed, all in close proximity to each other on a workbench in the garage, a bundle of fuse exhibiting the same color and characteristics of the fuses found on the previously seized destructive devices, some partially burnt fuse remnants that appear to be from the same fuse bundle, a can of spray foam insulation consistent with the type of spray foam insulation that had been applied to the exterior of all three recovered destructive devices, and a syringe emitting a strong odor consistent with an ignitable liquid.

Also found in the garage were approximately 10 camouflage backpacks that were similar in size, pattern and configuration to the bag in which the destructive devices were discovered. A search of the trashcan in the garage revealed retail packaging of fuses and a pair of used latex gloves that emitted a strong odor consistent with an ignitable liquid.

It is unlawful for an individual to manufacture, possess, or transfer a Destructive Device without first being registered in ATF’s National Firearms Transfer Record (NFA) registry and without serial numbers being issued for said NFA Weapons (i.e.; Destructive Devices).

An NFA inquiry made on June 4, 2020, showed there was no such registration for Michanowicz.

The count charged in the criminal complaint carries a maximum potential penalty of 10 years in prison, and a maximum fine of $250,000.

U.S. Attorney Brady credited the Bureau of Alcohol, Tobacco, Firearms and Explosives, and the Pittsburgh Joint Terrorism Task Force, including the Federal Bureau of Investigation and the Pittsburgh Bureau of Police, for conducting the investigation leading to the charges in this case. U.S. Attorney Brady also thanked the Allegheny County Sheriff’s Office for apprehending the defendant.

Assistant United States Attorney Jessica Lieber Smolar is prosecuting this case for the government.

The details contained in the criminal complaint are allegations. The defendant is presumed innocent unless and until proven guilty beyond a reasonable doubt in a court of law.

Justice.gov (June 2020) Pittsburgh Man Charged with Possession of a Destructive Device after Placing a Backpack of Homemade Explosives in Downtown

Experts Predict Artificial Intelligence Will Transform Warfare

Artificial intelligence will increasingly and dramatically improve systems across the Defense Department, the director of the Joint Artificial Intelligence Center said.


Artificial intelligence will increasingly — and dramatically — improve systems across the Defense Department, the director of the Joint Artificial Intelligence Center said.

Army Lt. Gen. John N.T. ”Jack” Shanahan spoke remotely from the Pentagon yesterday with Dave Deptula, dean of the Mitchell Institute for Aerospace Studies.

”It is my conviction and deep passion that AI will transform the character of warfare in the Department of Defense in the course of the next 20 years,” Shanahan said. ”There is no part of the department that will not be impacted by this, from the back office to the battlefield, from under sea to cyberspace and outer space, and all points in between.”

Artificial intelligence, often called AI, has been happening in commercial industry, but that effort only started in earnest in the department about 10 years ago, he noted, but ”we’ve been stuck in first gear in terms of fielding.”

​DOD has long struggled with how to take the world’s best research and development and field it at speed and at scale, he added.

Since the Joint Artificial Intelligence Center began operations about two years ago, all of the foundational elements have been put into place, Shanahan said, noting that the center now has 185 employees with a $1.3 billion annual budget.

Shanahan elaborated on what artificial intelligence foundational elements mean —  including AI strategy, policy, ethics, coalition partnerships, rules of engagement, user testing and evaluation.

All those elements were brought into the Joint Artificial Intelligence Center, where integrated product teams for projects do all of that work simultaneously, as opposed to sequentially, he said. ”In the department, those tend to happen in very different places, and sometimes they don’t happen at all.”

The center’s initiatives are focused on lower-consequence, lower-risk missions such as preventive maintenance, humanitarian assistance, defensive cyber and business process transformation, he said.

But perhaps the most important current focus is on joint warfighting operations, he said.

Over the next one to two years, the goal will be delivery of these AI-enabled systems to the warfighter, he said. ”We have to show we’re making a difference,” he added.

Shanahan said moving the department from being an industrial age, hardware-driven force to being an information-age, software-driven, more risk-tolerant one won’t be easy. Nor will it be easy to choose where to take those risks and how to take those risks, he said.

”We’re dealing with 60 years of legacy systems, legacy workflows, legacy talent management. You can’t just bolt those cutting-edge technologies onto … legacy equipment and expect to transform the Department of Defense,” he said, adding that, culturally, AI has to be in the fabric of the department and what DOD does every single day.

Defense.gov (June 2020) Experts Predict Artificial Intelligence Will Transform Warfare