The BBC says wild chimps have learned to detect and avoid traps set by human hunters

Across Africa, people often lay snare traps to catch bushmeat, killing or injuring chimps and other wildlife.

But a few chimps living in the rainforests of Guinea have learnt to recognise these snare traps laid by human hunters, researchers have found.

More astonishing, the chimps actively seek out and intentionally deactivate the traps, setting them off without being harmed.

At the RSA 2010 Conference in San Francisco last March I gave a presentation with linguistic anthropologist Harriet Ottenheimer. We explained how linguistic analysis of email can catch fraud and we gave the example of 419 scams, also known as advanced fee fraud (AFF). A pattern of “bad” language stands out. This is a concept we have developed and presented over several years.

The question we often are asked is whether this could be applied to email systems with automation. The answer is of course yes. Just as malware can be caught by looking for bad code, fraud can be caught by looking for a pattern of “bad” language.

I will present an update to our research at the International High Technology Crime Investigation Association Conference this month in Atlanta, Georgia.

SC Magazine reports today that Blare Sutton of Ernst and Young has found success with fraud investigations by manually applying our technique in the field.

Words that showed “subconscious” tendencies included problem, concern, revise, discount, correct, miss, Figure out, It’s OK, find it, complex. And when regulators such as the Australian Securities and Investments Commission were breathing down a company’s neck, Sutton’s team looked for incidences of their mentions in emails.

“It’s basic language,” he said. “There was nothing about the fraud [in the emails], it was subconscious language that led to an anomaly from which we could do a traditional investigation.”

Yes, just like a virus will masquerade as something else fraud language is not obvious, but calling it “subconscious” language is inaccurate. The story indicates Sutton is trying to statistically show correlation so the question now becomes whether we could predict fraud in advance or actually block fraud messages pro-actively. We are moving towards a warning system or prevention technique. Simply classifying language after the fact, which appears to be Sutton’s story, is interesting but not an ideal use case — his application comes across as “once we know there is fraud we can find indicators of it”.

RT has posted a story from Moscow titled Police bust hacker gang who made $30 million in one month.

Operatives of the city police directorate for fighting economic crimes have told journalists that the suspects created a computer virus that blocked all programs on the users’ computers and put a pornographic picture on the screen together with a demand to send an SMS to a certain number to receive a code that would supposedly unblock the computer. For the SMS the victims were billed about 300 roubles or $10. However, sending the SMS never led to any results and some users have sent it repeatedly.

I detect hyperbole. Let me count the ways I find this story hard to follow.

1. Even if users hit the SMS repeated times there still were over a million users affected. I searched the source lifenews.ru and found no mention of the malware incident. My Russian is not great but a million people with inoperable computers seems like it should be a headline story long before the police report catching the people responsible. The software in this case is not named but it probably is related to WinLock and LockScreen
2. Malware that tries to lock a system and demand payment is nothing new. Ransomware-A by name alone made it pretty clear in 2006 that you should not give in to demands for money. Are so many users in Russia really unaware of this class of malware and attack vector? Do they not realize they could use a free tool to get the unlock code or just figure out the unlock code themselves?
3. Russians are said to be familiar with or even seasoned by news of fraud and crime linked to blackmail. Why did they forgo all the other options and instead believe in a ransom note — give their money to someone without any guarantee of getting an unlock code in return?
4. The Telecom companies facilitated the crime. They must have detected something amiss when that many SMS messages flooded their system for so long and so much in revenue. Is there no fraud detection? No early-warning system in operation? Did they send a giant check to the gang as a prize, like a lottery winner, or did they just freeze the account and refuse payment? Perhaps I should ask this a different way. Do infrastructure operators in Russia have any incentive to detect and block this kind of obvious criminal activity or are they just taking a cut of the profits (apparently 50%) and walking away clean even after the criminals are caught?

The failure of the fraud detection system and the awareness of users is the real story I see in this report. Two or three days after the attack started it could have been shut down completely. Nothing glamorous or clever about it, and very easy to stop/prevent, which makes it so hard to believe it could have been as successful as claimed just as malware. I therefore think this amount of money must only be possible with the cooperation of those who could stop the attack.

An ITAR-TASS report gives a very different estimate of harm over a much longer period of time.

According to preliminary calculations, more than 3,000 Internet users fell victims of fraudsters in April alone, including in CIS countries. According to police data, the annual profit of law-breakers topped one billion roubles.

Perhaps something is being lost in translation with the first report. The same amount over a year is far more believable, but still begs the question of corruption and presence of simple controls.