Si Biles: Hello everyone and welcome to the Forensic Focus podcast. Today we have with us Nick Furneaux, very well known in the UK, and apparently quite well known abroad now, I see from the fact that you’re consulting for American companies and doing international lectures and all sorts of things. But well known in the UK for his forensic work.
He’s worked in some forensic software development and is well known in the cryptocurrency world. We are going to talk about a lot of that. We do know each other, we’ve met before, somewhere. I have very little recollection of where. F3 or something like that. We’ve met before.
You popped up in my LinkedIn feed because you’ve got a new book out and you, yourself, admit that it’s clickbait title from your talks. It’s a good clickbait title because it’s entirely true that there’s no such thing as crypto crime.
We’ll come to that in a minute, but just before that, tell us about yourself a little bit, how you got into this crazy and lovable world we like to call digital forensics.
Nick Furneaux: Oh, my goodness, there’s lots of ways of telling the same story really. In my CV, that the police always look at and curl their nose up at, I always say that I was playing with computers since I was about 12 years old.
Had a ZX81, Sinclair with a 16K RAM pack that you had to hold on with Velcro. There will be people that remember that who are of a certain age. I have always just enjoyed tinkering with computers. I don’t enjoy being in the limelight actually. I don’t mind this terribly because it’s just you and me, even though I’ve spent more hours than I care to remember on conference stages, panels and training.
Training thousands of police officers in different forms of forensics, specifically memory forensics and cryptocurrency investigations. So, I’ve always been playing with computers.
I then fell into forensics. I’m not going to do the boring story, but we were writing tools for the covert extraction of data for those types of people that would need to do such things. That then led us into the more computer forensic stuff. I found myself in Florida, at the University of Florida a large number of years ago now. I was a much younger man with a terrific guy called professor Haniph Lachman, who was head of physics at the university of Florida.
He showed me this thing that at the time was called Expert Witness. Which of course in no time at all became EnCase. I think he was on Clinton’s task force for education at the time and they were involved in the investigation of computer crime and how we could do online training when we had 28k modems and all this stuff.
I remember looking at Expert Witness thinking this is ace. I want to do more of this. Then I found people like F3 eventually, but I’ve always been a little bit left of centre. Some people will remember Helix. It was written by Drew Fahey. Drew and I became good friends back in the day we were teaching the Helix course of that live forensic analysis.
I remember speaking at F3 with Jim Gordon. Some people might remember Jim, West Mercia police, about doing live forensics on a live running machine. And, I remember the old guard sat at the front with their arms firmly crossed.
Si Biles: Tony and Brian there.
Nick Furneaux: These men are giants in helping us form process and if anyone did the old Cranfield take the three and a half inch floppy disk apart thing and find your way through it. I was much more interested in the analysis of live machines because that’s where I come with the covert data extraction stuff. That was the interest, what can we get from a live running machine?
Which took me into memory analysis, because we started pulling memory from machines using Helix. So, some people remember me from teaching, memory analysis, volatility and that sort of thing.
If you want me to square up the circle, brings me up to about 2015. A good friend of mine, a good forensic investigator from a police force in the UK, called me and said, we’ve got a computer here with Bitcoin on it. How do we carve the Bitcoin off? I thought to myself, that is such a logical question for a forensic person to ask, but absolutely the wrong question.
If you don’t know why that’s the wrong question, go and do some training, read a book or something. I thought this is probably something we should try and build some training around.
I started to get a few cryptocurrency oriented cases in, working with some of the big companies like Chainalysis at the time. Then, in 2017 my mum got really ill and died and I didn’t feel like working. Wiley had been chasing me, the publisher in the US, to write something and I thought I’d write something about cryptocurrencies. That’ll be good.
In 2018 I published Investigating Cryptocurrencies and my entire life then went hard right into the investigating of crimes that involve the use of crypto. Six years on and in some ways, nothing has changed. In other ways, everything has changed and it was time for a new one.
So, the new book, there’s no such thing as crypto crime is much longer, almost double the size, and is written for a much broader audience. Is that a fair CV?
Si Biles: It’s a wonderful Pressie. Yes, absolutely and you’re absolutely right.
It’s the way the industry has changed in the time. It has gone from that concern about Dead forensics through to live forensics and memory analysis through to, things that don’t even exist on the computer anymore and now somewhere floating in the ether, in blockchains.
Nick Furneaux: Don’t get me wrong on this. Do no harm forensics is always what you’re aiming for. You’re always aiming to make as few changes as possible. I always used to argue that if you pull the plug on a computer and you’re going to lose some registry keys and some income data, but I’d say yeah, but you’ve just deleted Four gig of memory.
But you can’t get anything out of memory. which proved to be utterly untrue so there is no way of steady state forensics, do no harm forensics, because when you kill the power, you eradicate most machines. Probably 16 gig of intelligence and evidence. So, you should always make as few changes as you can.
We did some work at one point and we found that actually pulling the plug on a machine made very little change to the hard drive, just stuff that hadn’t updated page file stuff and that malarkey. But obviously, you killed everything in the memory.
Now, if you had left the machine running, as long as you didn’t suddenly have antivirus run, or this was some terrorism suspect with a kill switch on their computer. Plugging a USB key made a couple of updates to a few registry keys, not too much, few other little bits. I think we were looking at something like 128 K of changes in order to plug in a USB key and run a command line tool. It was very small.
For me, the offset of the risk of keeping a machine running, taking your eight gig of memory and having the skills to be able to drag all the amazing evidence and intelligence you can get out of memory was always worth that offset for me.
Si Biles: I think that’s enshrined in the ACPO guidelines, isn’t it? Which is don’t change anything, but if you do, tell us what you’ve changed and at least know what you’re doing. If you’re making a conscious choice at that point, then it’s a win.
Like you say, if you’re picking up eight gig of additional, network connections, passwords, unencrypted files, it’s a huge amount of additional information that can add to a case.
Nick Furneaux: I always argue with the traditional forensics, you do no harm, but there’s no way of entering a crime scene and not making changes to it.
Si Biles: Well, in MeetSpace forensics, and this is a phrase that makes some of my colleague’s wince, there are DNA exclusions. You send your lab techs in and they’re all excluded by DNA, which is great if you’ve committed murder. So, that’s a known change.
If we’re saying effectively, we’re just going to remove our DNA from that scene and look at everything else, then we’re no worse than any other traditional forensic science.
Nick Furneaux: I’m sure it is still a debate of interest. Of course, it’s getting harder as machines now are almost all encrypted now and it is getting a little bit harder to get to live running machines and to be able to extract data. Memory is becoming a little bit trickier to analyse and so, we may go around in a big circle.
Si Biles: Well, it’s the perennial every time we make a better mousetrap, nature makes a better mouse, isn’t it? It’s the same as finding a loophole in something and then somebody will close it because it’s a security issue. If you can do it, it’s a security issue.
My background was information security before this, so I was rapidly trying to close up all of the things that other people were finding as ways of getting data out and stuff, in similar organizations to you.
Nick Furneaux: It’s interesting because it is tricky this whole do no harm thing. It looks like I’m looking at something, doesn’t it? Actually, I’m just being thoughtful. That’s probably a tell, that when I’m looking, I look up to my left or something.
Si Biles: It is, looking up to your left as you’re telling the truth and looking up to the right as you’re constructing a lie or something, I don’t recall.
Nick Furneaux: That’s interesting actually, because if I look to the right, I don’t feel as comfortable. Somebody would build something into that or read something into my personality. Anyway, let’s move on from that.
Si Biles: So obviously you’ve pivoted. I’m sure there’s still plenty of normal forensics around what your cryptocurrency cases are.
Nick Furneaux: Actually, that is a really good question in its own right. We have a real problem at the moment. There’s three parts to an investigation that includes a cryptocurrency. The one that everyone thinks about is the middle one, which is track and trace.
Everyone’s into following the funds on the blockchain, where have they gone, go into an off ramp, go into an exchange, finding an attributed address. This is all really good. But that’s only one of three.
The first one is discovery. I remember a couple of years ago talking to a very senior police officer from a country in South America saying have you started buying tools in like TRM labs, who I represent a few days a week and others, and he said no we don’t come across it. No, we don’t see crypto at all. The only reason when the rest of the world is seeing it in almost every criminal category, is they simply weren’t looking.
We do have a problem at the moment in that there aren’t really aren’t really any tools that define themselves on discovering crypto use and extracting the appropriate intelligence and evidential stuff from a phone, from a hard drive at that discovery level.
Don’t get me wrong Magnets tools are always really good and they do a little bit. I was kicking Jad, I mean everyone will know Jad at Magnet, about building more in.
There’s a really good company called CAT labs that are doing some really nice discovery software, but what we are missing is what we had at the back in the early days of forensics, when we had those freely downloadable fire and scripted tools that would do that when you don’t have the 20 grand tool on your desk.
There are just hardly any cryptocurrency oriented discovery tools around, that a forensics lab or an individual investigator could download and run and find Bitcoin addresses, Ethereum addresses or carve seed words, private keys and things like that.
So, if anyone fancies having a bit of a right, there’s a real gap in the freeware market for that at the moment. We could really do with the forensics community stepping up and realizing that there’s crypto now using every single criminal category and the discovery tools for phones and hard drives are really not very good or very good, but very expensive.
Si Biles: I predict a student, MSC project on that in the future from me.
Nick Furneaux: They can reach out if anyone wants to work on that. I have just about every greppable of almost every cryptocurrency on the planet. I certainly could. I’m not a great programmer. I don’t know about you, Simon. I’m a bit of a tinkerer. I put something together, but it’s a bit crap, if I’m honest.
Si Biles: My code is somewhat like my Russian. My wife’s Russian, or was Russian. I can listen to it and understand what she’s saying, but if I try and construct a sentence, I will A, mispronounce it, B, structure it wrong, and probably say something horribly offensive.
That’s I like my programming. I can read other people’s code, and I can make sense of what it’s supposed to be doing. I can do that, but if I sit down and try and structure it myself, it will turn out to have the wrong grammar and to be spelt wrong.
Nick Furneaux: It’s just the world of errors, isn’t it?
Si Biles: That’s absolutely right. So, my code writing is very limited. Scripting, grep and command line stuff, I’m quite familiar with. I’ve been the Unix was happening when I was a sysadmin, before I was anything else. Stringing together commands, that’s fine. That’s not programming.
Nick Furneaux: Although, actually I always feel that anyone that can write regular expressions has something just slightly wrong with them.
Si Biles: That is true. There is a slightly deranged, unhinged thing in getting a good regular expression.
Nick Furneaux: I can write a regular expression for that. You shouldn’t be able to do that. That’s not a life skill that should be a good thing.
Si Biles: I think the thing that put me off to start with was back when I was a sysadmin, it was like can you write a regular expression to parse an email address? The answer is no, you can’t. It’s not possible, because the way the email address is structured just means it’s not possible and you’re like, okay this makes no sense at all. I can’t do it, it’s fine. I’ve got the book up here.
Nick Furneaux: Was it like anything, at anything dot anything?
Si Biles: I’ve got the grep one kicking around somewhere as well for the reference, because you can’t do without them. It’s impossible.
Okay, first of all, the next person in the forensic focus forum that asks, has anybody got any suggestions for an MSC project?
You’ve, you’ve heard it here first.
Nick Furneaux: Put them in touch with me seriously, or reach out. Nick Furneaux on LinkedIn and send me a connection request and DM me about it. Or reach out to Simon for my email address or something. I’m more than happy to help and support because we really do need these discovery tools.
I say, this is no disrespect to Axiom, to Cat Labs, who are doing some really good stuff, but not everyone in the world can drop four digits on a tool. So, back to the old freeware tools that we all used to enjoy. Don’t get me wrong, I’m not sure you can always go to court on this stuff, but at least it’s a starter for10 in an investigation.
Si Biles: Yeah, absolutely. You can start to get funding if you’ve got something to follow up on.
Nick Furneaux: That is absolutely right. We all know this stuff. This is back to not being able to go to court and the judge says, how did you find that JPEG? And you said, I’ve absolutely no idea, FTK did it for me.
You still have to be able to recreate key findings. We can’t just rely on the. The old big red button. So actually, some of these tools that use regular expressions that we can actually look at. We can reconstruct or write an end script or something to say I wrote a tool which extracted that and we found it at this offset and so on.
You do need that. Again, that is in no way, dissing think tools like Axiom, which are fabulous and needs to be in every lab that can afford them.
Si Biles: There is a reason that it’s this way. I’m going to say conjecture as a whole, but is it change of pace in cryptocurrency? Is it the lack of knowledge of it? Is it the unfamiliarity? You were saying about that we’re not finding it, well, yeah, that’s because you’re not looking for it. Somebody said the same to me. A friend of mine was like nobody ever finds steganography. Well, who’s looking for steganography? Nobody’s looking for it. It doesn’t mean it’s not there.
Nick Furneaux: There’s plenty of detectors you can download online, but who the heck is ever doing it? It was interesting actually, when we used to write some of the covert tools, and I can say this because they’re not in circulation anymore with those agencies, but there was always this really big question as to should we be removing the USB entry from the appropriate registry key?
It was quite interesting, actually, that I had a three letter person once say to me, if we do the broader job right, that covert method of entry job right, there is no reason why anyone would ever look. If we do that covert method of entry badly, then they might go we need to do a complete forensic analysis of the computer and see if anybody has touched it.
But the reality is, I know how to pull registry keys off the computer to my write to see if anyone has ever put anything in it that I don’t know about. And I’ve never, ever done it.
So as Windows moved on, it became very difficult to actually remove entries from some registry keys and not have the operating system drop it back in again. Eventually, they were like, don’t worry we don’t think anybody will ever look. If you just call it generic USB.
So, I think sometimes we think these things are security issues, and they’re not really depending on the opponent to whom you are giving your attention.
Your question was more around the why don’t these tools exist? I think the problem is, is that cryptocurrencies are considered to be a track and trace issue. Don’t get me wrong the MET now have a cryptocurrency team, the NCA and others they’re all have their trained people, but that is very much related to following funds on the blockchain, tracing through contracts, through mixers, all this specialist stuff.
We do need those skills, but it comes back to the fact that if you haven’t found it in the first place, then that job can’t be done. It hasn’t traditionally been seen. When I wrote Investigating Cryptocurrencies in 2018, I wrote it for forensics people, because cryptocurrency has got the word crypto in it, from cryptography.
So, I assumed that it would absolutely be all my buddies at F3 that would be going, we need to get into this cryptography related to currency thing, and understand how elliptic curve cryptography worked, and all the maths around it. And actually, I’ve proven to be utterly and completely wrong. One of the reasons for the second book actually.
The reality is, is the people that are investigating this stuff are the financial investigators. They recognize money laundering schemes and they recognize it in banking. The patterns are very similar when you’re looking on a blockchain, they recognize how the financial things work within an investment scam.
So, when we started teaching digital forensics people I began noticing, around 2019, that there were all these people sat in the back of their arms across when we were doing some python scripting. They were all the financial investigators.
When we got to the track and trace stuff, they were just on fire. They were all over it. I think the problem has been nobody has sat down with the forensic teams around the world and said, you need to have some tools that discovers crypto.
A really good example, there was a drug dealer that had been under surveillance in central London. True story. Three years ago. They eventually moved in for the arrest. There’d been surveillance on him, they’d seen the deals go on, and they’d seen the supply deals happening. When they moved on the guy, they expected him to have around 40, 000 in cash on him. When they lifted him, he had nothing or anecdotally 10 quid in his wallet.
So, his phone is seized, the house was done, computer seized, that thing. It’s only because a Metropolitan Police mobile phone investigator looked at an app on the phone and went, what is that? Googled it. Oh, it’s a cryptocurrency app. We’re able to get into it.
There was a quarter of a million pounds worth of crypto and they realized that actually all of the deals were being done phone to phone, crypto to crypto. When he was doing cash deals, he was then popping into the local corner shop to the bitcoin ATM, chucking the cash in, paying the 17% or whatever it was and then just moving it up the line.
Suddenly cryptocurrencies were involved in street level drug dealing, which rolls us into the title of the book, There’s no such thing as Crypto Crime. Is that drug dealer a cryptocurrency criminal? No, he’s not. He’s facilitating his criminal enterprise by empowering crypto to do that job. We just haven’t caught up on the discovery. It is still individual forensic investigators going, I don’t know what that is, and going and doing the job.
I think we’re missing private keys. That then takes us to the third part of the investigation, that if we can then find those funds and we see an off ramp, we can freeze and seize. Which means we actually get money back either for the public purse or most importantly for victims. And we’re not doing a good job of that at the moment.
Si Biles: It is that knowledge, that that awareness and the full process of it. I do have your book and whilst I was reading through it, it struck me, this beautiful quote on page 36. Quoting from King Solomon’s minds, and more importantly, Ecclesiastes, my biblical knowledge is a bit abbreviated, and Shakespeare. What has been is what will be, and what has been done will be done again, there is nothing new under the sun.
My desire to get into computer forensics was to do with reading A Cuckoo’s Egg by Cliff Stoll. Which is about, effectively, it’s a hacking thing.
It was hacking for the purposes of espionage, but it was computer crime. The only computer crime that really exists is hacking. Although that’s usually done for some other purpose. The more I’ve done forensic cases and worked over time, it’s drug dealing, it’s crimes against the person, it’s murder etc.
There isn’t anything really that people are doing now that wasn’t done a thousand years ago, by someone to someone. It was just they were doing it with a pen and paper, and now they’re doing it with a computer.
For those in the UK will have heard of Wolf Hall. Those of you who aren’t in the UK may have heard of Wolf Hall because it’s been doing very well, it’s an adaptation of a book by Hilary Mantel about Henry VIII and one of his advisors, Thomas Cromwell.
One of the reasons of the expected downfall of Cromwell is that he presented Henry VIII with a painting of his wife to be, that was a little too photoshopped. When she turned up, apparently, she didn’t match particularly well and it pissed Henry off, which, fundamentally undermined his belief and trust in his advisor.
But you’re talking about photoshop and forgery of, of things. In his case, in order to get a match which suited his Protestant views versus the Catholic Catholicism at the time.
Nick Furneaux: in 1500.
Si Biles: Exactly. It’s astonishing, isn’t it? And so, there isn’t anything new. and, and it’s just another tool in the arsenal of somebody who wishes to carry out a crime.
Nick Furneaux: I said on in a conference the other day, actually, that if you receive a phishing text, trying to get you to supply some details for something. Is that a telephone crime? It’s not, it’s a mechanism. The reason why this is important is that there are lot of countries around the world that are siloing cryptocurrency teams. We train these people in track and trace of crypto assets, like we used to do with forensics people in putting them in the broom cupboard.
I don’t know if you ever went to Avon and Somerset Police back in the day, but they were literally in this like, long, old broom cupboard and siloing them. That is a mistake, because there is never a cryptocurrency crime.
There is a mistake that we miss stuff. An example I often use, sorry for people who’ve heard it before, but we’ve had a couple of cases now where known cryptocurrency traders have been kidnapped. There was one specifically in London where the guys walked up at the guy’s front door and pistol whipped him, tied him up and forced him to send them all his crypto.
Is that cryptocurrency crime? Let’s step back a minute. These people got to the house somehow, so there’s probably going to be some NPR, there’s going to be CCTV in the street, there’s going to be doorbell cameras, there’s going to be DNA where they press the doorbell of the house or whatever.
All of that is before you get to the movement of the funds. So, siloing cryptocurrency teams is a real mistake. That mistake stems from thinking that there is something called cryptocurrency crime because it’s new and it’s shiny. They’ve been hearing about it on the news and stuff, but it’s not.
I’m not saying we shouldn’t have specifically trained teams. We should, but they shouldn’t be siloed. They should be part of the bigger investigative picture because they only form part of that investigative picture ever. Even if you look at something like the mango hack and stuff like that.
These hacks against cryptocurrency environments and investment schemes and DeFi schemes. Those funds, they use hacking techniques that we’ve been using for years. Or market manipulation techniques that have been around in the fiat markets forever and then they tend to move that and it then moves into fiat currency and is laundered off from there.
So again, it’s only part of the investigative picture and that was really the reason for calling the book, there’s no such thing as Crypto Crime. Clearly there are many crimes that are related to cryptocurrencies. Almost every type of category of crimes we are seeing in crypto involved with.
Si Biles: I’m going to say, we’ve seen this happen with digital forensics. We were siloed into broom cupboards and occasionally would be handed a laptop.
Now everybody carries a computer around with them, in their pocket as their mobile phone that’s tracking them on GPS. Every murder squad knows that they’re going to phone the phone examiner and ask him where this guy’s been because that knowledge has suddenly become more prevalent.
Sooner or later there will be a tipping point, but it’s obviously it’s material like yours, training and things like that will enlighten the investigating officers to the point that they’re going let’s integrate this.
As with running any good team, you should be able to talk and communicate within your specialists and SMEs anyway. Siloing is an issue of management, my wife’s a project manager and she would definitely agree that not having SMEs involved in the process of planning something is a guaranteed way to fail a project.
That’s true, it’s the same in an investigation. If you’re not going to go and ask your examiner, what could we get out of this? Then you’re going to be in a lot of trouble.
Nick Furneaux: Yeah, you’re missing a trick. I’ve always felt the investigative teams that hold all of those key SMEs, the non-law enforcement agencies. How they run teams in that way, where they have that group of polymaths to a degree, but they’re all SMEs. They all know their specific subjects. I think investigative teams work like that extremely well. Investigations are no more Morse turning up on a scene flashing his badge, going under the tape and looking at it.
Now there is this huge group of specializations now that work into murders and I think it doesn’t make good television. So, we get really good TV about forensics, but we often have to have the key characters solving the crime. And, of course, that’s just not real. That just doesn’t happen.
You have these broad teams working multiple cases, working with multiple other teams, they do their specific bits, they produce their paperwork and their intelligence pack and their evidence packs off of that.
You still get the Morse character that runs the operation, but he’s not the one under the tape looking then going off and solving the crime. It is just not a reality.
It’s exactly the same with the crypto stuff. Don’t see it as a standalone thing. There is no Morse character that can jump online, find the assets and solve the crime. It is part of a team of capability and expertise that can do these types of investigations.
Si Biles: Now, there’s a lot of publicity around very specific types of crypto crime at the moment. There’s been a couple of television shows recently and I wholeheartedly admit, I haven’t seen. It’s like the pig fattening, pig killing, pig slaying.
Nick Furneaux: Pig Butchering. There is a woman called Erin West who is extraordinary, look her up on LinkedIn, Google her. She was Assistant District Attorney in California until just recently. She is running something called Operation Shamrock, which is a desire to take down the global scam machine and refocus on getting funds back to victims.
She is brilliant. She wrote the forwards of the book. She’s right on top of the book there, but she is doing amazing work. She actually likes the phrase pig butchering because it sounds awful and it makes it sound really awful and terrible, which it is. I don’t like it because pig butchering refers to romance scams, fattening up the pig before you slaughter it.
The problem is with people that fall for romance scams is that they’re victimized twice. They lose both funds and they lose something of their heart. I don’t say that with like a squishy emotional side to it, but I have known people to have taken their own lives on the back of it. I have known people’s lives be ruined, because they fall in love with these people. They really do.
I once sat with a woman who I explained that she was being scammed. Look, you’re being scammed. This is all the reasons why. I even put in an envelope what would happen next. Then when it happened, I said, look at the envelope, you’re being scammed.
Still sent money to the guy the next day because it was heart. She actually then went to the guy and said, are you scamming me? He said, oh my goodness. No, actually I haven’t told you this but I’m being scammed. And on it goes.
I was telling this story on a webinar last week, recently a guy contacted a woman on social media and they get talking. He’s a big strapping Ukrainian guy and he’s fighting on the front lines against the great Russian evil as he’s describing it. He’s got terrible body Armor. He could die at any moment and if only he had two thousand pounds to be able to buy proper body armour, maybe he would survive to be able to come to the Midlands and whisk her off her feet.
She just fell for the whole thing. But of course, he can’t receive money through the bank. There are no banks, which sounds completely reasonable, doesn’t it? In Eastern Ukraine. There’s no banks open. The only way I can do this is through crypto and then I can use the crypto to buy a thing. So, she was converting money into crypto through normal cryptocurrency exchange and sending this money out.
Her family figured it out really quick. She wouldn’t listen to the family. Family got me involved. Could you help? I tried to reason with her. She was not interested at all. Why? Because the heart got involved.
Actually, even with not straight romance scams, just our trusting nature, there was a lady, a broadcaster, a known name, who had been making investments with an investment company.
Her family again felt she was being scammed and again she just wouldn’t believe it. This was an intelligent, very likable woman. Although she wasn’t being taken in by the heart, she really believed that her investment advisor was absolutely on the level. She was literally going to invite him for Christmas dinner and of course, never got to meet him.
The only way we convinced her is that we did all of the open source stuff around the back and got a family member to take her to the address to show that no one was working there of that name. Even then she was like, maybe they just used that address, it’s extraordinary. And this was an intelligent, hugely likable, otherwise extremely sensible woman, but because although it wasn’t romance, her heart was now involved in what she was doing.
So yeah, pig butchering. I hate the term, but it’s that nasty and it ruins people’s lives. To segway on, the problem is now, is that a lot of the people that are carrying out these scams are themselves victims.
So, Erin West has just come back from the Thai Myanmar border. Where they are building these vast scam farms. I mean, there’s cranes up where they are putting four figures of people, human trafficked into these scam centres. We’ve got reports of torture and rape when they don’t hit their targets.
They’re not allowed to leave. Terrible things happen to these people that are on the phones and on the text and on social media, trying to find victims because if they don’t, there’s threats against themselves and against their families.
We’ve now got this bizarre situation where the perpetrators are victims. Where do we start with that? We need our international agencies to be kicking the right doors in those countries. We need to be putting armed teams in and taking these places down. Showing appropriate care and to the people that are being victimized.
We’re really going off a forensics topic here.
Si Biles: I mean, that is the point, isn’t it? That we don’t operate in a vacuum.
I was going to say can say much as it’s nice to get a nice, neat little hard disk and go this is my job, it’s not. This is at best, somebody’s life who’s been falsely accused and we can say no it wasn’t them, or it’s somebody who has hurt somebody else, in some ways quite horrifically and there’s a knock on impact. Assuming they are guilty, you’re going to be taking someone potentially away, from their parents, from their family etc.
Everything we do has a human impact. When you’re talking about Drug dealers or like this, whereby they are running chains of people, money mules, the county lines operations in the UK and the equivalents worldwide of those things.
You’re talking about huge networks of people who are suffering. Certainly being manipulated, certainly being made to do things that are at best without their knowledge and understanding, at worst coerced physically, violently. We shouldn’t be so blase to assume that our little forensic examination over here is not impactful in human terms.
It’s a hugely important field that we’re in.
Nick Furneaux: We can’t win Simon. I mean, this is the reality. We’re not going to win, but that doesn’t mean we shouldn’t fight.
I was on the Seize and Desist podcast last week and I said to them that we’re never going to stop the boats coming across the channel. We’re just not, someone is always going to get in a boat and try, but that doesn’t mean we shouldn’t be sending lifeguards out to pull people out of the sea before they die. We should still be trying to save people, even if we’re never going to win overall battle.
I’m pretty apolitical but I actually feel for whatever government is in power on this particular subject, because it’s only going to get worse as it becomes harder and harder economically and environmentally to live in sub Saharan Africa.
If we see an extension of conflict, it can extend much more, but more extension of conflicts in the Middle East. The potential for things going worse in Eastern Europe, the movement is only in one direction. The movement is into Northern Europe. There’s no government can stop this. It’s, it’s all about management.
So, coming back to actually what we’re talking about is that people are going to run these scam farms because they can make vast amounts of money. Another question, of course, is where are these hundreds of millions going? You can only buy a certain number of Lamborghinis and boats. One has to start looking up the chain at governments and all the rest of it that are tacitly or actively supporting these things.
We know that North Korea has been doing that for years, the vast half billion pounds hacks and scams that rolling into North Korea go to the government there. I think there are other governments that have somewhat learned from that lesson and realize that they can tap in. They can still leave the scammers with their tens of millions to wave their dollar bills on social media and have their yacht in Dubai.
Actually, let’s not talk about Dubai, but the reality is we’re never actually going to win. We need people at the high levels going after the governments trying to get them to play appropriate ball. We need to be taking out the serious organized crimes. Then, we need people focusing on the victims and trying to get funds back to them.
I feel quite passionate about it.
Si Biles: It’s very fair. Especially where international law doesn’t currently have the teeth to deal with this.
Nick Furneaux: I think it’s been said a few times now, when you have an American president, this is not a political point, just blatantly letting their son off. This wouldn’t have happened 10 years ago, would it? There would’ve been this vast uproar and everyone now just goes yeah, they’re all just doing it. They’re all as bad as each other.
Just coming back to the point, we shouldn’t not fight just because we’re not going to win the bigger battle. Right at the end of my book, I reach out to the scammers because there will be those that will read this book. There’s an awful lot left out, a lot of capability that law enforcement have and governments have in this space.
But to say that sometimes that I unravel scams and I’m like, this is blinking brilliant. I mean, it’s hard enough to unravel it, but to have come up with it in the first place, I mean, high five.
Si Biles: I love cases like that.
I mean, obviously, it is horrible, but wow that was really ingenious.
Nick Furneaux: I say in there some of the work that you are doing to defraud people is hardly short of brilliant. But how do you want to feel about your life? when you are X years old and on your deathbed that everyone will get to, what do you want to look back and see yourself as a parasite on humanity? Or someone that actually did good for others?
Some of these people are brilliant and if they use their powers for good, could make a difference. There’ll be plenty that enjoying their Lamborghinis and their lifestyle and that’s their life choice. But maybe there are some that think actually, maybe there’s a better way to use these extraordinary skills.
For some people they see it as the only way out. We don’t have to agree with that, but we should understand it.
Si Biles: There’s a famous joke in computer security terms, which is if you can’t quote, Art of War, you’re not doing it right.
Nick Furneaux: Have you ever tried to read it? It’s really hard reading.
Si Biles: It’s hard going, isn’t it?
But, if you don’t understand your enemy, or you underestimate your enemy, you have no hope. You’re not going to get there. We are all motivated to do things for a reason. I’m motivated to keep a roof over my head and look after my children and put food on the table. I can do that here by doing something legitimate.
In other countries that may be a different thing. It’s difficult to judge somebody else whose world you don’t understand.
I mentioned earlier, my wife’s Russian, the cultural differences between two countries is vast, even though they are a modern first world developed country. There are huge, huge differences stemming from language, literature, religion and all sorts of things. Fundamentally that means that there are always going to be things that you just don’t get as a Brit, as an Englishman.
Some of these other countries are even further removed than that from us. What is and isn’t acceptable to them and what is and isn’t to us. The norm is, is hugely away from our level.
Nick Furneaux: What we see is appropriate behaviour. It doesn’t necessarily make us right and them wrong.
I watched a conference years ago and they called it the loaf of bread protocol. They gave the example of someone, like me, stealing a loaf of bread. Then, the example of a homeless girl, 14 years old on the streets of London, starving, stealing a loaf of bread.
The law sees it exactly the same. I’m walking along with my Apple watch on and a nice car in a car park, very fortunate to have a reasonable standard of living. Although, I hardly own any crypto, by the way. It was criminal.
The view, of course, is we would see that poor 14 year old girl as a victim and actually stealing the loaf of bread is completely understandable. The poor thing is starving. Yet for me to steal the loaf of bread, somehow that would be risible and completely wrong. The reality is the law, in many ways it’s useless because it doesn’t look at the individual, just says all bad.
So, when we look at scammers, we might decide that we look at the guy with the Lamborghini waving his wads of dollars on social media as risible, but actually the person that is scamming in a scam farm, in Southeast Asia, under the threat of physical violence. It’s the same scam, the same thing but it’s a different environment. But the law is the law and how do we deal with those things?
I mean, we are going way outside my paygrade. We should just go back to the fact that I never bought crypto.
Si Biles: I had a little bit and I bought whatever it was Bitcoin for a few pounds and I sold it and I made 600 quid and I was so chuffed. The acceptance of if I had just held on to that I could have retired by now. You just got to let it go, don’t you?
Nick Furneaux: You do. I think I’ve said on the Seize and Desist podcast last week. It’s a good podcast by the way, it’s to do with seizure, it’s to do with the other end. So, we’re at one end, the Seize and Desist podcast is about the other end.
Si Biles: We’ll put a link in the show notes so that other people can go and listen to.
Nick Furneaux: I said in there that I read the Bitcoin white paper. If anyone’s a coder out there, honestly, the Bitcoin code is some of the most beautiful code ever written. Never been hacked. It’s utterly beautiful. If you go of course it’s been hacked, it’s been hacked millions of times.
No, it hasn’t, what’s been hacked are the systems that have been put around it with the exchanges and social engineering attacks and things like that. The Bitcoin code has never been hacked. Tiny problem in the first year that it came out, but that was solved. It’s never had a problem since. It is an amazing thing, the Bitcoin code, but I looked at it and went a conspiracist and criminals, that’s who it’ll be.
For the first few years, who was using it? Conspiracists and criminals. Mostly it was preppers and it was criminals thinking this is quite cool. So, when it was at 300 bucks, I was like, this is a waste of time. Then a mate of mine called Chris, when it was about two and a half thousand dollars, phoned me up and he’s said how much of this Bitcoin should I buy mate? I think it’s going somewhere. I
‘m like, dude, don’t bother. It’s conspiracists and criminals.
Now we’re near the hundred thousand dollars, aren’t we. He was like, dude, that’s the worst advice I’ve ever been given, ever. I’m like, mate, don’t take investment advice from an investigator.
I think it’s in the book that story. But I’ve been wrong and I wish anybody that is into crypto as an investment vehicle all the best.
I think at the recent high point, I’ve now got about 10 grand’s worth of crypto. Woo! So, I’m doing fantastically well. It is one of those things I look back and I’m like, man, why didn’t I just buy a dozen when it was 300 bucks, I wouldn’t be on the podcast now.
Si Biles: Yeah, well, this is it. I’d be sunning myself on the Bahamas.
I hasten to add, there is no financial advice included in this podcast. I’m making no recommendations in any way, shape or form. In terms of, crypto, we’ve seen Bitcoin come and stay. We have seen Ethereum and dogecoin, so many you can’t list them.
Do you think that? We will continue to see a plethora of Sub things? Or do you think it will normalize in the way that we have dollars and Pounds and we’ll end up with a stable set of normalized cryptocurrencies?
Nick Furneaux: Oh man, I can rattle on this. Here’s the problem.
We don’t currently have a cryptocurrency because fees are too high. Nobody is holding Bitcoin so that they can go out and buy a few beers tonight.
There is the lightning network, which is supposed to let you do that, but no one’s using it. It works. Don’t get me wrong. It’s a clever piece of technology which enables you to make transactions at very low cost in the Bitcoin network, but nobody’s using it.
So, there’s no real currency until somebody comes up with a cryptocurrency app that 15 year olds start using to pay their mate for the vape that he’s just bought for them. Phone to phone. That’s the pattern of all our social media. 15 year olds started using it, then the parents started using it, and then the 15 year olds grew up and now we’ve got grandmothers on Facebook. That’s how that happened, that’s how tech tends to be absorbed into the psyche of community.
Someone needs to come up with something that is basically free in transactions and that can act as a highly secure currency.
Now, the people that tried to do it was Facebook. What happened was the, Senate went bonkers. Then, the EU went bonkers. Why? Because they realized if every Facebook user changed $10 into the Facebook cryptocurrency, it would be the most powerful currency on the planet by a factor of about eight or something ridiculous. The almighty dollar would now be very much in second place. They all went crazy and Facebook had to step back.
However, on the flip side, I don’t see it going anywhere. Blockchain technology. If anyone tells you blockchain is complicated, they’re trying to sell you something. Blockchain is just a spreadsheet with some crypto tacked onto it. It’s very effective at having secure transactional record keeping.
I don’t think the technology is going anywhere. I think Bitcoin is now a little bit too big to fail. It is an asset class. It is not a currency. People are holding Bitcoin like they do gold now and silver and I think it will continue to be an asset class. Where that technology goes, I’ll be honest, I’m not bothered. I’m an investigator. I don’t care.
I will only ever be interested when something is being used to carry out some criminality. I think it’s going to go somewhere. I think it’s going to continue to be a thing. I think someone’s going to suddenly hit the viral market.
A lot of currencies are talking about having the E pound, and the E dollar and this thing. It’s pointless. That’s just a sop to the public that want to think they’re using some cryptocurrency. That’s rubbish. There’s no reason for it really. I think any company that tried to globally have a cryptocurrency that people started to use globally would just be stomped on by every legislature that realizes that they’re losing control of finance within their in their country.
The US can’t allow the dollar to be trumped by a social media network with its own currency. I’m not seeing a global currency at the moment, but I think this is here to stay.
Crime pays. Crime pays for both the criminals and the investigators. I’m very fortunate that I’ll continue to make a perfectly pleasant living to put a roof over the head of my family because the reality is that I don’t think the criminals are going anywhere anytime soon.
We’ll continue to play that tit and tat game. They’ll continue to come up with awesome schemes that I’ll look at on my computer and go cool. If a scammer is watching this, then do some cool stuff, but the problem is the victims at the other end are decent, ordinary people. Use your powers for good.
Si Biles: On that note, we’re coming to the top of the hour. I didn’t realize that the top of the hour was an American expression. Somebody pointed this out the other day.
Nick Furneaux: Oh, everything’s an American expression now.
Si Biles: We invented the language.
So, we’ve been, we’ve been chatting for an hour, which is the time that we have.
It’s been wonderful, I’ve really enjoyed it. So, I’m going to say, on the note that cryptocurrency isn’t going anywhere, I would recommend the next book. I’ve, I’m not far into it, but I’ve done the thing that everybody who’s about to plan to do an interview does, which is flick through it, open random pages, try and find something to catch the interviewee out on.
It’s all very well written and very interesting. I’d thoroughly recommend it. Also, as you pointed out, you’ve pulled in several other people to include information.
Nick Furneaux: You only know what you know, Simon. I realize that there were some aspects to do with sanctions avoidance and things like that, that I just didn’t have expertise in.
I’m very fortunate now to know some really good people in the space. I’ve been able to pull in world leaders, in this world, to provide contributions. The guy who was running crypto for the MPCC, has done a thing on running crypto teams.
Ari Redbord, who was ex department of justice, now at TRM labs, who I work with, part time. He wrote the section on sanctions avoidance. Aaron West wrote the forward. Carole house, who’s head of cyber at the white house, wrote the outro. Some really great people in there that brought their expertise to fill the holes where, you only know what you know. Can’t pretend to know everything.
Si Biles: It’s a great book and I thoroughly look forward to getting through the rest of it. Thank you. Thank you for agreeing to come on and talk about it.
Before I interview someone, I have a look at their LinkedIn profile. I noticed that you live, fortunately in beer.
Nick Furneaux: I do. Little fishing village in East Devon with a great name. It’s fantastic. Everyone loves a drink as well. We’ve actually got a pub here called the barrel of beer. You can get a t-shirt that says, I’ve had a beer in the barrel of beer in beer. Got to be done.
So, I’m very fortunate, I sit here and I can see the sea. It’s very beautiful. I pass three pubs and a wine bar in the 400 meters from here to the beach. It’s a great.
Si Biles: The bit at the back that says you enjoy running is a little bit of a misnomer. Running at the clifftops of South Devon. Runing down via the pubs to the beach.
Nick Furneaux: Yeah, wine bar, then the dolphin, then the barrel of beer, then the anchor actually in that order. But no, I was out running over the cliffs this morning, and it’s a very beautiful place to be, I feel very fortunate to be here.
Si Biles: Well, I’m very happy for you, and it’s a great place to be running your cryptocurrency investigations from and long may it last for you. Thank you very much for joining us.
For the podcast listeners. You can find us in all the places that you can find podcasts and if you’ve ever listened to this podcast before, you’ll know that I’m going to remember none of them.
LinkedIn. We do post on LinkedIn. I was thinking Spotify, Apple Podcasts, YouTube, all of the good stuff, but most importantly, on the Forensic Focus, website, we will put through a whole bunch of links to Nick’s book and to the Seize and Desist Podcast Nick was on the other day.
You can have a listen to the final end of that because obviously we’re more loaded to the front end of the cryptocurrency process. but it’s been an absolute pleasure. Thank you. Lovely to see you again.
All right. So, all the best. Thank you very much everyone. Bye. Thanks.