Seize and Desist podcast

S&D E10 - Overcoming obstacles in asset recovery

Author
Lo Furneaux
Marketing - Associate

Build confidence in managing virtual assets

“You have to fight AI with AI.”

In this episode, we bring you a special conversation with Matt O’Neil, co-founder and partner at 50H Consulting and former Deputy Special Agent in Charge of Cyber at the @US Secret Service.

Matt shares his unique insights and experiences with our host, Aidan Larkin. Together, they delve into the challenges of asset recovery and forfeiture, especially those concerning cyber-enabled fraud. 

They discuss why the Secret Service investigates financial crimes, the importance of leveraging emerging technologies like AI to combat sophisticated transnational cybercrime and the necessity for enhanced information-sharing practices between the public and private sectors.

Timestamps

00:00 - Matt’s journey with the US Secret Service

05:00 - Using asset seizures to fight cyber-enabled fraud

09:30 - The Secret Service's role in investigating financial crime

12:00 - Challenges in asset recovery and forfeiture

15:00 - Operation Shamrock and enhancing cross-sector information-sharing

22:30 - Reimagining regulations for technology and finance

29:00 - Understanding a typical scam case

31:30 - Leveraging AI to combat transnational crime

35:30 - Future trends in financial crime and asset recovery

Resources Mentioned

About our Guest

Matt O’Neil has over 25 years of experience disrupting and dismantling financially motivated transnational organised criminal groups with the US Secret Service.

As the former Managing Director of the USSS Global Cyber Investigative Operations Center (GIOC) and Cyber Intelligence Section (CIS), Matt was instrumental in coordinating international takedowns of digital money laundering networks and dark web marketplaces. His efforts led to the prosecution of globally notorious cybercriminals responsible for stealing and laundering billions. He also led their Asset Forfeiture Branch to successfully recover more than US$2 billion in seized assets in just 2 years. 

Since retiring from the Secret Service, Matt has dedicated himself to raising awareness for the threats posed by transnational organised crimes like pig butchering, ransomware and phishing.

Disclaimer

Our podcasts are for informational purposes only.  They are not intended to provide legal, tax, financial, and/or investment advice. Listeners must consult their own advisors before making decisions on the topics discussed.  

Asset Reality has no responsibility or liability for any decision made or any other acts or omissions in connection with your use of this material.

The views expressed by guests are their own and their appearance on the program does not imply an endorsement of them or any entity they represent. Views and opinions expressed by Asset Reality employees are those of the employees and do not necessarily reflect the views of the company. 

Asset Reality does not guarantee or warrant the accuracy, completeness, timeliness, suitability or validity of the information in any particular podcast and will not be responsible for any claim attributable to errors, omissions, or other inaccuracies of any part of such material. 

Unless stated otherwise, reference to any specific product or entity does not constitute an endorsement or recommendation by Asset Reality

Transcription

Speaker: Aidan Larkin

Give us the terrifying version of the role that AI could be playing in these as future breed of the scam cases. 

Speaker: Matt O'Neill

When you look at what we know about the adversaries, transnational cyber criminal operations, they are borderless, they're agile, they are aggressive in their use of new technology. We in law enforcement are not aggressive in our use of new technology partly because of the procurement challenges. Onboarding new things under the tech stack of law enforcement is a really slow process. The scary part is bad guys are always way, way ahead. The ability for them to use voice, vishing, and their ability to use LLMs to communicate with massive amounts of people in different languages is a real formidable threat. You have to fight AI with AI. That's what everyone says, and I completely agree. I was at an event. There was a demo of cloned voice using AI, imperceptible from the ear. The same company is able to show that they're able to manipulate the face to incapable of the human eye of noticing the difference. However, with AI, they can find it almost immediately and even provide a scoring, like, a sixty two percent likelihood that that is actually a voice. 

Speaker: Aidan Larkin

For all of the risks around digital assets, it also contains the blueprint because the very same technology that it exists on is what creates these immutable ledgers. We also can use the technology, but it's how quickly we get to market with that technology or how expensive it is. And that's a huge barrier to entry. 

Speaker: Tobias Furneaux

Hi. I'm Tobias Furneaux, one of the producers of Seize and Desist. Instead of a dive into consensus in Austin, Texas, we're excited to bring you a special conversation with Matt O'Neil, cofounder of 50H Consulting and former deputy special agent in charge of cyber for the US Secret Service on the current problems in asset recovery and forfeiture. In this episode, recorded on the twelfth of June, Matt and Aidan explore why the US Secret Service investigates financial crimes, why there are so many challenges in asset forfeiture and recovery, how Operation Shamrock and AI technology are changing things, and how we can encourage robust and lawful cross domain information sharing practices that are built with privacy in mind. We hope you enjoy this enlightening conversation. Thank you for listening. Let's get started. 

Speaker: Aidan Larkin

Matt O'Neil, thank you very much for joining us on the Seize and Desist podcast. How are you, sir? 

Speaker: Matt O'Neill

I'm good. Thank you for having me. 

Speaker: Aidan Larkin

We've always wanted in this podcast to bring in practitioners, people that have actually worked the cases, built the programs, been involved in asset seizure, and can speak about asset recovery. And I think you tick all of those boxes incredibly well. Tell us a bit about your background and how you get into this career that we're gonna start unpacking. 

Speaker: Matt O'Neill

Yeah. So I grew up in Virginia. My dad was a secret service agent. He was actually the first secret service agent assigned to the Treasury Forfeiture Fund in, I think, 1991. And so kinda runs in my blood a little bit. I did not initially, growing up, have an interest in getting into federal law enforcement. I wanted to get into broadcast journalism. My first job out of college was at ESPN. Worked on SportsCenter Baseball Tonight, college football, college basketball, all that kind of stuff. And then realized at, like, twenty one, I'm missing something. And I happened to apply and got got lucky and got hired at twenty three in 1998 when electronic crimes were first sort of taking off. And because my office was filled with a bunch of old guys, for the most part, they were like, “Hey, you came from a tech place. How about you start working those cases?”

Speaker: Aidan Larkin

You're the young one. You've got a pager and a cell phone. 

Speaker: Matt O'Neill

You know how to use a VCR. So you can do this. And I did and I loved it. There's three kinds of people that work cyber cases. People who like it, people who love it, people who live it. And I was always looking for the people that lived it because it is a passion and there's always that spark. And for me, it was an awesome agent that I learned a lot from Derek Dunn, had caught a case, early hacking case. And he came back and he was in Eastern Europe and he was meeting with cops and he was telling me about how much fun it is to try to find somebody located halfway around the world that is trying not to get caught in this cat and mouse chase. From that case, I remember her saying that is what I want to do. Going after low level counterfeiters and things like that, that was fine, but it wasn't the passion. What he was doing was a passion. So I set out a course to say, that's what I wanna do for the rest of my career. Along the way, when you start working those larger cases, then you start getting into this whole asset forfeiture component because there's so many bad actors that do what a prosecutor that I love called life on the installment plan. So they get arrested, do two years in prison, get out, do another two. But if you can take their stuff, that's what hurts them. And I had an early case early on where we did that. The guy was, he did not care that he was going to prison for three years, but because we took about a million and a half dollars and we took his car, he was crying like a baby. That always stuck with me. For many of these people, their cost benefit analysis is different than ours. And so understanding what really is gonna hurt them, what the punishment is, they shouldn't get to keep their stuff, right? I mean, that's their ill gotten gains. And so it's been sort of like a dual track to try to arrest as many people as possible, but also try to seize and recover and return to victims as well because there's a lot of personal satisfaction in doing that. 

Speaker: Aidan Larkin

And it is that sort of life cycle that you just hinted at that we wanted to really unpack because I think you're right. And it's probably if we're in the industry, we assume that it's general knowledge or, sorry, common knowledge, but it's actually not. Asset forfeiture and asset seizure still isn't as widespread as people might think it is. What do you think is the main reason behind that? When someone gets convicted, they get incarcerated, they get put in prison. We don't build the prison after the event, but yet in 2024 there are still governments and still countries and still individual agencies that just don't have that mindset. We're almost pleading with them going why are you not taking their stuff? Because as you say, it's a bit of a cost of doing business for them. What do you think is the big challenge that stops agencies implementing those processes? 

Speaker: Matt O'Neill

So I can speak first domestically in the United States. A lot of people go into law enforcement to make arrests, and there's a lot of bravado and putting handcuffs on somebody. Not as much about writing a probable cost statement for a civil administrative forfeiture to take their car. There's a lot of additional work. It's not as much as people think, but there's more additional work that goes into it. But ultimately, historically, you're measured on how many people are you locking up. And if you only have managers that don't focus on the fact that you're missing a large part of the process, You will have people that say, I don't understand it. It's too complicated. It's not worth my time. I'm here to arrest people not to process paper. They're concerned about a whole bunch of other sort of procedural things that in their opinion might open them up to scrutiny if they screw something up. And a lot of times, I think I always found folks that were hesitant to do something that they've never done before, but everyone is in that scenario. So when I ran the Secret Services Asset Forfeiture Branch, we had really good trainers that would go out and talk to people and say, just call us. We'll walk you through the process. There's a couple of things that you have to hit early on because of the law, like how quickly you notify people and things like that, but it's really not all that complicated. And once you've done one, then you know the process and it doesn't take a lot of time. But I think a lot of it is in the US, just that's not the goal. Nobody went through the academy to seize a bank account. When I talk to partners overseas, some of it is more cultural. Like they came from a communist era where the government was taking stuff, so they don't want the government taking stuff. And I recognize all of that. And then trying to sort of work through how you can protect the asset, protect the victim, protect the rights of the actual person that stole it. People don't realize if you do a civil administrative forfeiture, civil judicial forfeiture in the United States, that you still have to notice the person you took it from and they still have a right to file a petition or a claim to try to get them the asset back. And that there is a separation between the courts and the asset forfeiture process with the exception of a criminal forfeiture, which is a very rare it was ninety some percent of the Secret Service's asset forfeiture were civil administrative forfeitures. 

Speaker: Aidan Larkin

Oh, wow. I didn’t realize it was as high as that.

Speaker: Matt O'Neill

Yeah. So for us, it was there's a five hundred thousand dollar threshold in civil administrative forfeiture except for cash and monetary instruments, and most of our seizures kind of fell under that amount. We seized billions of dollars through civil administrative forfeiture, which is faster than civil judicial or criminal because in criminal forfeitures, you have to have a conviction. In criminal forfeiture, though, you can do a substitution of assets where if I didn't get the stuff at the time, I could take this other stuff to substitute it. Can't do that in civil administrative forfeiture, but at the same time, civil administrative forfeiture, it makes the most sense for scam cases. So victim cases taking it through the civil administrative forfeiture route. The Secret Service was lucky because we had a centralized process. So all of the offices could rely on our branch in order to do most of the processing, which made it easier. If you have decentralized model, you're gonna have to have a hundred different people that really understand CAFRA, the Civil Access Forfeiture Reform Act, but we didn't have to have that. We were lucky in the sense that the Secret Services asset forfeiture branch was largely run by a woman that was there when my dad was there in 1991. So nobody knows more about the process than her. So I always felt very comfortable in making sure that we were adjudicating things properly and also understanding going back to the question, why aren't people doing that? There is a benefit to the office. If it's a non victim funds, the Treasury Forfeiture Fund is an extraordinarily gracious about providing CapEx funding to law enforcement for excess money that doesn't go back to victims. So you're able to build entire programs working with the Treasury Forfeiture Fund that if you don't do that, there's no tangible benefit to the agency. 

Speaker: Aidan Larkin

I wanna back up a second on Secret Service in general because many people will just have that limited view of what Secret Service does. Certainly when I was in law enforcement in the UK, I say law enforcement I was in criminal investigation in the HMRC but doing civil tax investigation so I was as light law enforcement as it gets. And when I think of Secret Service I think of protecting the president. I was astonished to learn the sheer size and scope. We have quite a broad international listener base. Why is the Secret Service involved in financial crime cases? 

Speaker: Matt O'Neill

Sure. So the Secret Service was founded in April 1865, which was the end of this US Civil War. At that time, a substantial amount of the money that was being passed was counterfeit. The only other federal law enforcement agencies that were in existence was the US Marshals Service and the US Postal Inspection Service, and they had their own responsibilities. So the Secret Service was formed in the Department of the Treasury to protect the financial integrity of the United States. And it wasn't until the murder of three presidents in 1901 that the Secret Service was tasked with protecting the president. Again, there were not a lot of other agencies around. The FBI didn't come around until 1908, which we always like to say, FBI was formed by a bunch of former Secret Service agents that got transferred from Treasury to the Department of Justice. So at that time, we were one of the only games in town. 

Speaker: Aidan Larkin

So the original functionality of Secret Service was the integrity of financial system? 

Speaker: Matt O'Neill

Yes. And then in 2002/2003, with the creation of Department of Homeland Security, we transitioned from Treasury to DHS. But when I started in 1998, we were Treasury agents. And so we've always had this core mission. When I first started, the most cases that we were working were counterfeit cases, treasury cases, meaning like treasury checks that were being stolen out of the mail, deceased payee cases, so somebody died and didn't tell the treasury department or the veterans affairs, so they were still getting benefits. Those were the kinds of cases that we were working, plus money laundering cases and embezzlement cases, just like fraud. And that's what I always try to explain to folks overseas and even domestically is, like, when you think of Secret Service, what should you think about? We do fraud. That's what we do. I think some of our partner agencies, without naming any names, sometimes I don't think they know what they wanna be when they grow up. And so they're doing everything. It's really hard when you're doing drug cases and you're doing civil corruption cases. When you're covering off on so many different things, it's hard to, like, specialize. Secret Service has sixty five hundred seven thousand employees, about three thousand some agents. Half of them are in the field offices around the country and overseas. When they're in those field offices, their responsibility is to work basically cyber fraud cases, cyber enabled fraud cases. So that's kind of like how we got to where we are, but recognizing there's forty three cyber fraud task forces that the Secret Service runs with partners from state and local, other federal law enforcement agencies. One of the other things that a lot of people don't know about the Secret Service, which I think is a really great mission, is they have the National Computer Forensics Institute in Hoover, Alabama, and they train five thousand or so state and local law enforcement officers every year through federal funds directly through the NCFI on working cyber fraud cases. Because that's what we need. We need to get state and local law enforcement officers equipped to battle this challenge because there's so many competing priorities on the federal level, and there's so much need at the state and local level. Having the NCFI serve as this single point in the United States to train state and locals. And then what happens is is they'll come, say you're a local police department Pennsylvania. You'll send somebody down there. The government pays for it. They come back with equipment. The government paid for it, things like that. And then they black shop with the cyber fraud task forces and serve as a force multiplier. 

Speaker: Aidan Larkin

And I think that that's an important area to focus on because it's a nice segue from the victim's perspective and fraud seems to be the biggest thing, cyber enabled fraud. Because if you're a criminal why would you risk your life, you know, transporting guns and drugs and getting into that messy world when you can just sit behind a laptop now and generate billions of dollars we're seeing. Is that maybe just to unpack a little bit for people the, like, the typical sort of scam case that we're seeing and the lack of training at a state and local and a lot of that is not through a lack of will which is they simply don't have the people, the resources because most people, unless you've experience the scams or get involved in them, what's it look like for an average victim who goes along with a fifty thousand dollar or a hundred thousand dollar loss and reports it to local law enforcement? 

Speaker: Matt O'Neill

It makes it really difficult because not only do they not potentially have the time, so the resources to devote to it, but also it was my experience that many states don't necessarily have the laws necessary to combat transnational cross border crimes. For example, when I was in New Hampshire, we could do a subpoena. They would have to do a search warrant. One took ten minutes. One took several hours. Right? And sending out legal process isn't free. You get charged by who you send it to the cost of developing all of the responsive materials. There's a limited budget. There's also because in many instances, the requirements are to protect the constituents in the town. Going after a people churn group out of Myanmar is not the priority of the department. And quite honestly, it's really difficult for federal law enforcement. There are small police departments that do a wonderful job, but it is really difficult for them to do it. And they have to build up a lot of political capital inside their PDs and things like that in order to get it done. I do not subscribe to the idea that federal law enforcement has all the answers because we don't. You can see in the annual Internet Crimes Complaint Center, IC3 reporting, in 2017 when we started the Global Operations Center for the Secret Service, I think it was about four billion in loss. This year, it was twelve billion in loss. So a three hundred percent increase. So what we're doing is not working. It's high time we come up with other alternatives to try to disrupt and dismantle transnational organized promoters. 

Speaker: Aidan Larkin

And if only there was a former Seize and Desist podcast guest from Santa Clara who was trying to do things and work with people like yourself. Tell us a little bit about Operation Shamrock and your involvement in it. 

Speaker: Matt O'Neill

Sure. So Erin West, who is a close dear friend, has been on a crusade to raise awareness for pig butchering, which obviously crypto investment scams typically originating on Southeast Asia that's affected, I think it was four point some billion dollars domestically in the United States last year. Obviously, much larger overseas. I joined up with her back in January when I retired. I worked for myself, so there's nobody to say no to it. And I really love working on projects that are impactful. And I came to the realization when I was with the US Secret Service, I was fortunate to be able to run essentially their cyber investigative portfolio, and I knew how anemic the federal response is. The answer, I'm fully convinced, is in cross industry, cross information sharing at scale. Having tech companies and social media and ISPs and all this share lawful information and banks using in the US 314B under the Patriot Act to share information. And so, myself, Esteban, Casano from TRM Labs, and Jake Sims are working with Erin, and we have four hundred or five hundred additional folks. And we're covering off on very specific things that are actionable that will make a difference. Because as I tell Erin, the cavalry is not coming. There is no cavalry. There's so many competing priorities, and this is taking place overseas in places that are not cooperative with US domestic law enforcement. They're not really cooperative with a lot of other sort of even partners. The best you can hope for is to take down domains, which they can just pop right back up, and then seize money. But that's the cost of doing business. We have to transform how we're fighting it and came to a realization for us towards the end of my time, we were working on a big case that sees a couple hundred million dollars and you laid out all of the information on a table. And you said, you know what? If only this bank was talking to this bank, was talking to this bank, this would not have happened. So trying to transform how communication is taking place because the losses are not acceptable and then they're gonna continue to grow. Places like the UK and Australia are doing a good job of actually tamping down on some of the fraud. And how are they doing it? They're doing it through information sharing. It's not this novel thing that I came up with. We saw in 2017 when we started the Global Investigative Operations Center for the Secret Service, we saw immediate results when offices started talking to each other. That's what we need. And when it does happen, wonderful things happen. But it's adopting a new frame of mind to say it's not the government that's gonna save the day. It's actually the tech companies, banks, individual actors that are people like us in Operation Shamrock that are trying to raise awareness and put pressure on organizations to do a better job of protecting the people that are using their platforms. 

Speaker: Aidan Larkin

And what is the reason that the information sharing is so difficult? I mean, for an outsider looking in, they'll think, well, why can't if there's a suspicion of a crime, who's gonna sue someone for releasing that information? Or has there been examples in the past where they've got into trouble? Is this the general counsel and a tech company somewhere saying you can't do that? You can't release that information? 

Speaker: Matt O'Neill

Well, so there's two things to break down. The first is financial institutions. So in the United States, financial institutions can share information under 314B of the USA Patriot Act. That's the safe harbor provision, and it allows financial institutions to share information on terrorism or money laundering. Here's the rub. One, it's voluntary. Two, the definition of money laundering does not specifically call out fraud. Three, there's no carrot. There's no incentive for financial institutions that by and large are not suffering the loss with many of these scams to open themselves up to regulatory scrutiny in order to do something that is good for mankind. They're big businesses. They work for the bottom line. They don't work for you and me. And so trying to get clear plain language from regulators, from FinCEN, to say, yes. Fraud is covered under the safe harbor of the Patriot Act seems like a very basic step. But they not only need to say it, but they need to put it in the rule book for the regulators to come through, and they need to incentivize information sharing. So there are frameworks for banks to share information. It's not working right now. If you keep in mind, the Patriot Act came about twenty two years ago and has not been 314A and 314B have not been looked at in any serious way in many years. They were supposed to fix it a couple years ago with the, AMLAD, the Anti Money Laundering Act. They did not. And so the US used to be looked as this leader in AML sort of thing. It is not in my view, it is completely broken, and that's why the dollar losses are staggering. There needs to be whether it's regulatory, legislative, there needs to be pressure to put on. I don't think it's realistic to say it's gonna be mandatory, but that's the conversation that needs to take place. And what'll happen eventually is if you look at the UK and Australia where the banks are starting to actually eat the losses, all of a sudden information sharing takes off because it affected their bottom line. 

Speaker: Aidan Larkin

It's something I've been saying and I kept thinking, was I oversimplifying it? But I don't understand that having spoken to many victims in these types of cases, I can almost like role play through conversations. So I can go into the bank and I can say, I've used my credit card abroad in a store somewhere, and now someone just went and bought a MacBook in a country that I don't recognize and immediately they'll just go, did you pay on Visa? Yeah, no problem. You know, charge back. Bang. The money is credited straight into my account. And I know for a fact no one in that bank is, you know, dispatching a private sector investigator to go to the store. It just sits there and it's probably they've calculated my, you know, APR on my credit card, and it's kind of like there's a buffer in there. And every now and then, someone's gonna come back, but they understand that the user experience if every time I used a card and it was like the first new version of credit cards in the late seventies, early eighties, and if you did it and something was wrong and you were on the hook for it, then you would just never use it abroad. So to encourage people and give them that safety net they brought in this sort of system of chargeback and I can't come up and think well imagine you could go with a crypto case and say I was involved in this and I fell for a scam, this thing happened, I acted responsibly but they've actually now drained my account and I've just I've lost three thousand dollars Imagine that the ecosystem would be much better and the banks and the entire experience would be much better. If they reimburse that amount under a chargeback scheme, charge you a bit more globally as to a customer base, There seems to be a slightly easier fix than they're looking at and I'm sure everyone would pay an extra couple of percent on credit card. I still think there will be some sort of chargeback. Now if you have a certain in certain name of big exchange or custodian use their crypto credit card, that they might be at the beginnings of this. But when you talk about them being compelled to do something, are you thinking along the same lines as, like, the way suspicious activity triggers an STR or an SAR? Is it a case of you need a compliance officer in the bank going, hey. If we don't report this today, we're on the hook. Will it take that level, you think, make an act? 

Speaker: Matt O'Neill

Yeah. I half jokingly say what's gonna actually force change is somebody of prominence that's connected to somebody of significance loses a lot of money, and somebody's gonna go, wait a second. Why did you suffer the loss? The difference between the payment cards and a lot of scams are to no fault of your own. You have a Visa card and you use it somewhere, and that person gets compromised. That business gets compromised, and then sold on the dark web and somebody buys it. There's nothing you did in the system. And you're right. They've built in certain losses. And banks have done a much better job, especially with chip and signature, chip and PIN, identifying common point of purchase analysis, being able to shut down cards. People understand that there's zero liability provided that you report it quickly. The kind of slight challenges is that if it's in a scam where you actually are sending the money yourself because you think that you're involved in an investment or you're in a romance, and it's not. That's where there's more friction in the system. However, the question that I always have is, what is the duty of care of the organizations? And I've come to the realization that who is ultimately responsible is equally it's not just the banks, but it's the tech companies that we talked about, like, the safe harbor provisions. There are no safe harbor provisions. There's no regulatory sector. There needs to be, there needs to be some safe harbors for tech companies, social media companies, ISPs, registrars, hosting providers to share information lawfully at scale. Because a lot of times there's two things at play. Right? So I'm talking to you on Meta. I'm talking to you on Match. I'm talking to you on whatever. And that's where the scam is actually happening. The end result is I'm sending you money, but we're only focusing on the end result and saying, hey. How come you name the bank? How come you're not reimbursing them? And then the bank goes, well, wait a second. All of this communication took place on these platforms that are doing zippy to try to protect their people. And that is one of the things that I've always say to folks is when there's a conversation related to social media, you know, my view on social media is probably the worst thing that's happened to society in a hundred years. But at the same time, they'll say, well, how come they're not protecting their customers? And it's like, well, you're not the customer. You're the product. You're not paying anything to be on the social media. You are the product. 

Speaker: Aidan Larkin

Oh, yeah. If something's free, you're the product. 

Speaker: Matt O'Neill

Yeah. Yeah. And so it's unfortunate right now that the individual consumer is bearing the brunt. And the other side component to it is when you talked about the payment cards and there's lobbying groups behind restaurant business, hospitality, big box retailers, there's no lobbying group behind individual consumers. There's nobody pushing for them. There's plenty of lobby on financial services. There's plenty of lobby on tech sector. So who gets lost in the middle is basically the average consumer and small business that has no no help. 

Speaker: Aidan Larkin

That is that tragic but cautionary tale. I mean, I got to meet at the GCFFC to give them a shout. It was the, this is the industry sort of coming together, the Global Coalition in fight against financial crime where you're bringing together public and private sector and Interpol and representatives in FATF and the sector basically coming together to say look what can we try and do and we heard actually the talk from the lady who was one of the prominent victims of the Tindler Swindler and someone made a comment afterwards going it shouldn't take someone to go and literally get their own Netflix documentary green lit to like cause change because most ordinary people just won't have those resources or I think the lady who actually gave the talk was involved in marketing and PR and it took someone like that to realize that more should be getting done here. And I agree with your point, I think until there's some high profile casualties or a tech company or a bank gets successfully sued that you might find that that sort of reform starts to kick in. But it goes back to this analogy of the wild west which I've heard it disputed but I still maintain. I think it's the best description of crypto and this overall the sector that we're in because it is the wild west in the sense of back in this turn of the century there wasn't regulations around food that could be sold, there wasn't regulations about services, there wasn't regulations. You were operating in an environment where a lot of it was buyer beware and I think that that's what Operation Shamrock has done a very good job. You're getting people like John Oliver talking about it, getting actual awareness because the great tragedy that I see on my side of the fence is that so much of it is avoidable. Because you're right for the criminals there. And maybe just to give us an example of just the scale of what you're seeing because I still think a lot of people just hear crypto scams and we're interested in this topic because these are the asset recovery and seizure cases of the future. These are the cases that we should be going after and there is such a devastating impact on people that lose their assets and we want to get the assets back up to criminals and give them back to victims. Could you give us a bit of an overview of what these sort of typical cases look like and maybe just unpack in a bit more detail why it is so attractive to criminals and it is so difficult for law enforcement to go after it because it's it's a foreign exchange with a victim over here operating in a different country. Can you just give us your views of what you've seen in the Secret Service? 

Speaker: Matt O'Neill

So we spent a lot of time working on quote, unquote, pig butchering cases. And you try to do two parts of the investigation, the on chain analysis following the money, and then the off chain investigation, the more traditional gumshoe kind of work. What we would find invariably was communications would start on, it could be either start as a text message or it could be on some social media platform. And then your social engineering and building a relationship up over time to develop trust. And they have the luxury of having time on their side. They'll find the right vulnerable person, and they'll eventually bleed them completely dry. It's the sophistication level of creating fraudulent graphical interfaces to make it appear as if that this is a real account where you're actually making money. Maybe it's really difficult for the victim to understand to be able to do their own analysis. If somebody told me, “Hey, Matt. You're making money, and I have this one vehicle that mirrors the S and P five hundred”. I can take a look at the S and P five hundred every day and go, “oh, it's up. I need to be up”. The way they go into these word salads, to make it really confusing to the victim, all they see is they're making more money. And the challenge for law enforcement is, one, most of them are located overseas in places that don't have reciprocity and coordinating with US domestic law enforcement. Two, their money is moving so fast through custodial or noncustodial exchanges. And I always just kind of remind folks that crypto is just a payment system. There's no such thing as a crypto case. Right? It's a way bank guys move money just like they were using prepaid debit cards, and they're still using prepaid cards. It's just one mechanism. It's a payment system of one of many payment systems. But because of the speed in which the money moves and because of the lack of know your customer, there's only two, and I won't name them, two custodial exchanges in the United States that participate in three fourteen b. So they're not even communicating with each other, which is a real disgrace because they are tech companies. Tech companies should understand that sharing information lawfully at scale using privacy and handset technology is only good for the business. It's only good for their future. 

Speaker: Aidan Larkin

It's good for the sector and building trust in the sector, surely. 

Speaker: Matt O'Neill

It is. It's either gonna be forced upon them or that if they don't do something meaningfully soon. Because when society loses trust in that payment system, people are gonna stop using that payment system. And so then there's other challenges as well, not to get way too nerdy, but there's challenges that are different when seizing digital assets than they would be seizing a car. And it's because you have to show it at the transactional level. You have to follow the fungibility thing with cryptocurrency is different than it is with regular traditional fiat currency. So it makes it a much more laborious process. 

Speaker: Aidan Larkin

And that is something just to interject. It's a wonderful point. We talk about the fact that conceptually it’s simple but procedurally, I was asked today about a law enforcement agency, how can this be our case if you know, jurisdictionally, the private keys are in a different country, so the private keys that control the crypto, that's where the case needs to be held. Well, it's actually in a blockchain. And imagine having this conversation with a judge where you're trying to conceptually and then, well, you know, bring me Satoshi Nakamoto. Well, that's not a real person. What? And then it goes back to your very first point why people like, I didn't sign up to this job to do these types of transactions. I wanna arrest bad guys. So I think it's a really good point that the procedural detail is the bit that is causing some of the biggest points of friction right now. 

Speaker: Matt O'Neill

Well, and I think part of it too is there are people that become overly reliant on tools and don't understand that you can't go into a court and say, well, I know that this money flowed through here and went to this custodial exchange because I use a tool that told me so. You have to train people to say, this is how you follow money. Then it gets much more complicated with crushing, swapping, and all that other stuff. But this is how you follow money, and then I'm using this tool to make it easier for me to automate the process. Because that's the thing that we always try to remind people is bad guys are automating as much as possible. Why? Because they're lazy, and it's easier for them to do that.

Speaker: Aidan Larkin

Yes. Scammers don't use a brand new email every single time, although they could. They don't use necessarily a brand new mobile phone every single time because they're human beings. 

Speaker: Matt O'Neill

Yeah. And so trying to bring on new technology in law enforcement is a slow process. So when we started the global operations center in 2017, I think we had, like, three crypto tracing blockchain analytic tracing licenses. My budget was almost exclusively cyber threat intel data on traditional Russian hackers that has been put together for many, many years. We were not focused on that. And the problem is is that when you put together your budget plan for government and it's a five year plan, how the heck are you supposed to know what the important thing is in five years downstream? Which is why the Treasury Forfeiture Fund is so important is because they provide the CapEx that enables you to sort of at least stay one or two steps behind the bad guy and not five. 

Speaker: Aidan Larkin

Yeah. It's you know, it's capitalism is always gonna outrun compliance. People are gonna find a way to make money. Yes. You have an uphill battle of how would you predict five years in advance? And that's why I think a lot of government procurement is sometimes inflexible because it does narrow people into, tell us what you need for the next two years. I don't know what the bad guys are gonna be doing in two years today. 

Speaker: Matt O'Neill

And anybody who says that they do is lying. There's no way you could possibly know. Because of the evolution in 2017, we were focusing on business email compromise. We were focusing on things that are no BDC is still a massive, massive problem, but the top tier things, ransomware wasn't a thing the way it is now. We were looking at DPRK actors getting into financial institutions for global cash operations. We're looking at things that are completely different than what the folks that are still doing it are looking at today. 

Speaker: Aidan Larkin

Well, that's actually a nice segue because the one thing that we can guarantee will be a problem in the future is the technological possibilities of AI and how that will affect. So we've talked about the fact that we have only globally, we repeat ourselves a lot, asset reality we talk about one percent of listed proceeds are seized globally, that's a big battle. Against that ecosystem you then throw in digital assets and even though digital assets has a lot of wonderful like green shoots of optimism because you can trace on an immutable block chain and we're seeing these billion dollar seizures. It would be remiss of us to say oh that's it, it's all fine, now we've got it all figured out because criminals are using digital assets. There's challenges there. But the picture you've painted about complexity of these victim cases and the inability to sometimes recover assets and take these cases on, All of that is challenging before you utter the two immortal letters of AI. You're now in the private sector having retired and you're doing a lot of work with different companies and I see you're speaking in a lot of events. Like, what are you seeing and what are you hearing about and what are your own personal thoughts on the, give us the terrifying version and the optimistic version of the role that AI could be playing in these future breed of scam cases. 

Speaker: Matt O'Neill

When you look at what we know about the adversary, so when adversary transnational cyber criminal operations, they are borderless, they're agile, and they are aggressive in their use of new technology. We in law enforcement are not aggressive in our use of new technology partly because of the procurement challenges. Onboarding new things under the tech stack of law enforcement is a really slow process. The scary part is bad guys are always way, way ahead. The ability for them to use voice fishing and their ability to use LLMs to communicate with massive amounts of people in different languages is a real formidable threat. The positive side is there are a lot of tech companies that are doing a good job of you have to fight AI with AI. That's what everyone says. And I completely agree. When you see demos, I was at an event yesterday at Nasdaq. There was a demo of cloned voice using AI, imperceptible from the ear. The same company is able to show that they're able to manipulate the face to incapable of the human eye of noticing the difference. However, with AI, they can find it almost immediately and even provide a scoring, like, a sixty two percent likelihood that that is actually a voice. Right? Or it's a combination of that kind of stuff. 

Speaker: Aidan Larkin

It almost sounds like a bit of a space race. It's like the underlying technology. It's who puts it to what use. I remember when ChatGPT and everyone sort of losing their mind about, no. Kids are never gonna study anymore, and they're gonna plagiarize everything. And, yes, but similarly, the same tool will be able to spot a mile off and say, yeah, you don't notice it, but we know that this is AI. We've said the same thing on the show with previous guests about those that sort of bang the drum and hate crypto and think of crypto as a solicit asset class and as you've summed it perfectly, it's just another vehicle that's being abused in the same way luxury goods are abused and money laundering, real estate is abused, cash is abused. But similarly, for all of the risks around digital assets, it also contains the blueprint because the very same technology that it exists on is what creates these immutable ledgers combined with OSINT and there are chances of actually spotting, detecting, securing convictions, gathering evidence. It's almost like we have a bit of a dog in the fight because we also can use the technology, but it's how quickly we get to market with that technology or how expensive it is. And that's a huge barrier to entry that you've seen obviously clearly over the decades. If someone builds the tool and you can't afford it and that's what we're seeing now at a state and local level. I mean if I go in as a victim who's just lost my savings and my local law enforcement agency is not going to have some sort of the language learning model experience and they're not going to maybe necessarily have the tools. Do you think we'll see more of the public and private sector collaboration to utter the words, the new FATF standards and asset recovery? I mean, if you're future gazing and you were to predict, like, what do you think the next one, two, five years is going to look like in this financial crime arena and this battle that ends up in these asset recovery cases? If you were to future gaze, what do you think? 

Speaker: Matt O'Neill

I think it's going to be a lot more focused on private sector than public sector. And I think that there's a lot of really good organizations that are coming online that are able to generate revenue, but also able to fill in the gaps that law enforcement public sector is trying to fill in, but is very, very slow to adapt. And so whether it is enhanced KYC, whether it is some informal or more formal information sharing components taking place, there is a healthy amount of discussion taking place on Capitol Hill in the United States about changing whether it's regulations or legislative fixes to help combat. I think what you'll find is it'll be the state department will play a much bigger role than the executive branch meeting the justice department in combating cybercrime as we know it. As it relates to asset forfeiture, my hope is that as the custodial exchanges face some of the pressures that they're facing, that they will continue to work, more openly with law enforcement to do the right thing and help recover funds to get them back to victims. I'm always concerned about certain factions trying to eliminate asset forfeiture because I think that the unintended consequences are gonna be so dire if you ever did that, but you're always gonna have those folks. And it's also an interesting thing, like, some of the technology that I've seen now that I've left, to your point about having money, I've seen some things that have absolutely blown me away. Like if I had that, we could solve so many different things. And it's getting them to market, getting them in front of the right people in law enforcement. And also a lot of times, there's so many solutions that you could say, hey. If you worked with you and you guys put your forces together, that's gonna be transformative in fighting crime. I always kind of wonder too, like, what's easier now to do this kind of work now or in the seventies and eighties. I subscribe that it's easier now because to your point, when it's transparent transactions and all I have to do is figure out who's on the other end, and I don't have to do the amount of subpoenas and things that I have to get from traditional commercial investment banking. I gotta just see it. That makes it a lot shorter. So now the harder part is just the Sony defense. Some other dude did it. Who's responsible? So I've taken one of the hard parts out of the equation, and now I'm just kind of focusing on who did it. A lot of times, it's the other sort of thing that helps, as you said, the Ozint, the social media exploitation, all that stuff. Because where we found a lot of value is it's not necessarily the target. So if I'm targeting person x, I'm not really looking at person x on social media because that guy's pretty good. I'm looking at their girlfriend or their wives or both. And that is where we've made a lot of arrests. And I love to talk about them of being able to track that because the OPSEC of the nuclear family, if you will, is not to the level of which the bad guy is. So we've been able to track people traveling because the girlfriend's posting pictures in front of the Amsterdam sign. So thank you very much. Now in the seventies, that's not happening. There are things that are better today than there were back in the day. 

Speaker: Aidan Larkin

That's been necessary. We're on stream to this conversation about as much as the new technology is a threat. Again, if we get it to market and into the hands of law enforcement quicker, there is a chance that we fight fire with fire a little bit. You mentioned it just to wrap up, I wanted to go back to something you said at the very beginning and get your thoughts on it because it's a running scene with all of our US guests. And you mentioned the success of civil forfeiture which is absolutely essential in crypto cases, it's essential in any scam case because if I'm a victim of course yes I want justice but justice is getting my stuff back. Wonderful bonus if you can go and find the guy but if you can't get the foreign national but you can get me my stuff back that's a great result and you also disrupt them by taking their capital. There's been a lot of debate over the last five, ten years of civil forfeiture and the work we do with overseas jurisdictions and more developing countries, they're just having their conversations. Now FATF have, you know, product guidance around having non conviction based forfeiture regimes which is absolutely essential in crypto cases because we can't find the person and all you have is a tainted wallet at an exchange. You don't want a barrier to getting that money frozen and getting those assets back. What do you think about this though, these claims of policing for profit? Amanda Wick and I went into a lot of detail about it. Now we can't throw the baby out with the bathwater. What are your views on civil forfeiture? And is it just a case if it's a cost of doing business? There will always be bad cases. There will all be over exuberance. There will always be misuses, but we don't shut down the criminal justice system because we have indicted or convicted the wrong people. In the past, I would love to know what your views are as someone who's been inside it and has now stepped out. 

Speaker: Matt O'Neill

Well, so and I come from a little bit of a different perspective because the Secret Service works scam cases, so there's always victim cases. And so we're not largely seizing victim free money. Some of the challenges of, like, the policing for profit and all that other stuff doesn't really apply to the Secret Service because we returned something like fifty six to sixty percent of RC's money back to victims. I ran the asset forfeiture branch for a couple years, and it was during COVID. So on average, the Secret Service in since 1991, I ran the numbers because I was just kinda curious, would seize about eighty to a hundred million dollars a year. Sometimes it was a big year and you do two hundred million. In the two years I was there, we did nearly two billion dollars. A lot of it was pandemic related funds, but it was also the early stages of pig butchering and crypto investment scams and other digital asset related cases, hacks of historical exchanges and things like that. I don't see it in the same way that others do. If you have good processes and good governance in place, then you can tamp out most of the corruption if there is corruption in the civil administrative forfeiture process. And because we did ninety seven percent of civil administrative forfeitures and because we were centralized, every single forfeiture that the secret service had during my tenure went across my desk for final signature for forfeiture. And so there is no direct correlation if you're in an office to seizing something and tangibly using it. If somebody is in an office in Louisville, Kentucky and they seize a car, they're not using that car. So there's not a direct correlation to me as the case agent doing something to try to increase the coffers of the US Secret Service's yield through treasury. They never see that end result. I think a lot of that, if it's taking place, it's not it was never taking place with us because when you work scam cases, there are victims. When there are instances where it was not victim money or the victim was not getting the money back, those were more of the rare. If you're going after a third party money laundering group or if you're going after some peer to peer over the counter exchangers that are just converting cash into crypto or vice versa, we worked some of those cases, but we worked fraud, we worked scams. So most of this seizures and forfeitures that we had went back to victims. I tried as much as I could, especially in business email compromise cases, to get it outside of the asset forfeiture, do hold harmless indemnification agreements, just keep it out of the asset forfeiture process as much as possible. I wish to some degree we did that in the pandemic related fraud. We seized, like, one point four billion dollars in pandemic related fraud. The amount of pressure that that put upon my unit, it was like nothing you we literally took seven, eight years of work and dumped it on people and said, hey, by the way, it's government. It takes forever to hire people. It takes forever to get new contracts to bring in contractors. You have to go do this. And so there needs to be a nice balance between working cases and being a collection agency. Because ultimately, if you go way too far and just say, look, I'm just gonna recover money for victims, but I'm not actually building a case that off chains investigation. To me, that's a limiter and we shouldn't be just doing that because ultimately it leads to burnout. It leads to the fact that no one is actually feeling the consequences. 

Speaker: Aidan Larkin

Yeah. You're not addressing the root problem. 

Speaker: Matt O'Neill

Yeah. So to me, I understand the conversation. But from the agency that I left and the branch that I ran, I always found that to be this, like, I wonder who's doing this and where that's taking place because there's no way for us to materially benefit from any seizures. 

Speaker: Aidan Larkin

Matt, I think the theme of this talk has been about the fact that there is that art of the possible with the technology. And I know you were quoted on the LinkedIn post as helping Geoff White with Rynston getting some of the stories. And I think Jeff's actually coming onto the podcast quite soon. Okay. Yeah. Next week actually. We're recording with him and I think it's these stories and the education because in light of massive reforms in law and huge changes in operating budgets and like you say even even if I give an agency a billion dollars tomorrow where they couldn't hire the people fast enough that probably all we have right now is education and awareness. Best way to not become a victim of a scam is to have all of the tools and information you need to not become a victim and not become a future facet recovery case. If you had one wish or one magic wand what do you think is the thing that is not being done the most globally to close us out that we could do if I can put you on the spot? 

Speaker: Matt O'Neill

No. I mean, I wish I had some brilliant idea, but it's information sharing at scale. Cross border, cross domain information sharing at scale. Less reliance on public sector, more reliance on private sector in order to bridge the gap and provide a more finished product to law enforcement that's actionable for them to take whatever means they have to dismantle the group. But the disruption needs to start to rely more on the tech sector, more on the financial institutions, and then have some robust lawful with privacy in mind, cross border, cross domain, cross industry information sharing. 

Speaker: Aidan Larkin

Brilliant. So let's revisit this podcast in a year's time and see where we've gotten to as a sector. Thank you very much for your time, sir. It's an absolute pleasure speaking to you. 

Speaker: Matt O'Neill

My pleasure. Thank you. 

Speaker: Tobias Furneaux

We're grateful to Matt for taking the time to share his insights with us. You can follow him on LinkedIn for more information about Operation Shamrock or any of his other initiatives. If you've enjoyed today's conversation, like and subscribe to the cease and desist podcast on your preferred platform. Leave a comment and any suggestions for future episodes. Next time, Aidan will be joined by Gurvais Grigg, global public sector chief technology officer at Chainalysis and former assistant director of the FBI. They'll discuss the critical role of blockchain analytics and asset recovery, his advice for building effective infrastructure in the digital finance ecosystem, and the potential effects of AI enhanced analysis. Seize and Desist is brought to you by Asset Reality. Thank you for listening. 

Speaker: Lo Furneaux

Our podcasts are for informational purposes only. They are not intended to provide legal, tax, financial, and or investment advice. Listeners must consult their own advisers before making any decisions on the topics being discussed. 

Want to learn more?

GET STARTED