I thought this was a good read and relates to our investigations of fraud in a way that we haven’t really covered yet. What if you find fraud but the evidence left behind was tampered with to give the appearance of another actor?
That’s what happened with an attack on over 100 banks in 31 different countries. Initially it was thought that these attacks were done by Russian’s because of the language and wording of the code used in the attacks. After research was done it turned out that the Russian being used ended up not making any sense when translated back by fluent Russian speakers.
It is assumed that this was done by the attackers to throw off the investigators and raise a false flag. I know I read about this case about a week or two ago and the news reports read as if they were successful, because it basically said it was a Russian attack and that was it. I’m glad to see further research was done.
I think this is important for us to keep in mind as we do more with ACL or even Splunk. It’s one thing to find fraud on the surface but it’s possible that the real fraud story might be even deeper than the initial data shows.