Welcome And Guest Introduction

Eric Huber 0:00

That guy's advertising this tool...

Rachael Tyrell 0:03

Hello and welcome to episode seven, season two of your Cyber Threat Intelligence podcast. Whether you're a seasoned CPI expert, a cybersecurity professional, or simply curious about the digital battlefield, our expert guests and host will break down complex topics into actionable insights. On this episode of season two, our host, Pedro Kurtzman, will chat with Eric Hubert, who leads TD Bank's adversary intelligence and disruption theory, where he focuses on understanding and countering the evolving tactics of cyber-enabled financial criminals. With deep experience across fraud, cybersecurity, and artificial intelligence, he is committed to using intelligence-driven insights to safeguard people, organizations, and critical financial infrastructure. Over to you, Pedro.

Pedro Kertzman 0:54

Eric, thank you so much for coming to the show. I really appreciate you sharing your knowledge with us.

Eric Huber 1:01

Yeah, thank you for

Building A Cyber Fraud Hybrid Skill Set

Eric Huber 1:02

having me.

Pedro Kertzman 1:02

Amazing. So, you know, jumping on it, uh, I know you started your career on law enforcement and then teaching law enforcement, and then migrated, let's say, to the private sector across some of the big banks in North America. And uh at any point, you would remember if there was like a particular uh moment on this transition through these different companies or or organizations that you saw the cyber aspect and fraud and then payments kind of a really merging together, uh, or it was just like a smooth transition through the progress on your on your career on that side.

Eric Huber 1:50

Yeah, I call it my weird unicorn skill set because it wasn't anything that I that I I planned to do, and it's just this uh skill set where I've put together payments and fraud and cyber and crypto and just increasingly AI. And so it's a great question. When I was at uh a really large bank, so it was back in my JP Morgan days, I had the opportunity, I started doing traditional cyber digital forensics, internal investigations supporting everything that was going on with our partners, and then had the opportunity to switch over to electronic crimes, um, which is the hybrid of cyber and fraud. And I you know, and it was great. It was taking a step back in my career because I'd gotten a little burned out on network intrusion work, and it was a risk, but it was one that I was willing to take and was excited about. I remember the first like meeting I was in with these folks, and they're talking about you know, DDA accounts, and like DDA accounts, you know, dim account. What's that? It's a checking account. Oh, okay. So, I mean, that was my beginning where it's like I don't even know what it's called, and then eventually really learning hands-on. I had the cyber piece, I had a bunch of first background in that. I knew open source and tenants, but learning how money moved was fascinating for me. I got some formal training. Nacho, which is the organization that I heard over the ACH payment from the US, I actually had a wonderful uh training program. Okay, so I've been there a couple times and really learned how money moved through the system, and then it's just always learning and always being curious and just developing as came to me. And the next biggest thing right now, which everyone's working through, of course, is AI for everything.

Pedro Kertzman 3:38

Yeah, no, interesting.

Tracking Southeast Asia Fraud On Telegram

Pedro Kertzman 3:40

And and uh so you spent like a fair chunk of that uh part of your career focusing on the Southeast Asia cyber transnational cybercrime, and uh any like insights from that particular uh focus that you have with the folks that are not too used to to like Southeast Asia um cybercrime or or fraud or you know on the on that part of the the globe?

Eric Huber 4:10

It's vast. I've really started digging into it earnestly in the last maybe um and people I would recommend inspired me and have got another work is um Gary Warner and of course the Mighty Aaron Watt both have done quite a bit of work and it inspired me to dig into the ecosystem. And so my little corner of the research world is following what they're doing on Telegram and social through digging into that. One of the th that was immediately apparent to me still that Mesmer scope is just how big of an indigo on Telegram channel or focused on Southeast Asia fraud. Tens of thousands of profile subscribed when you look at some of the the the other thing, that's the street criminals here in the US are way more sophisticated in financial fraud than you wouldn't expect. Even their biggest channels are generally less than a thousand, but tens of thousands of people on a particular uh telegram channels in Southeast Asia is not it's it happens quite a bit. So there's just an immense amount of there's just Billy is a huge industry where you have vendors that are specific creating tools for that industry, like the Aoff work. So it's just incredible. It's a huge business. I say it's big business, but I mean this is just really giant.

Finding Signal Through Translation And Peers

Pedro Kertzman 5:26

Got it. To pig back a little bit, I think you're you're talking about the scale that of that side of the globe into like telegram channels and and and all that. I imagine it might be like super noisy and overwhelming to kind of differentiate what is just quote unquote noise and really like important signals, how to triage that stuff. Any insights around that, particularly if you're somebody starting to monitor those particular channels coming from that region?

Eric Huber 6:01

I the thing that really helped with me is I started a few channels, started to read and on the flow. One of the biggest challenges for me is that um I only speak English, and the channels in that ecosystem tend to be um Mandarin Chinese. So I'm relying on various translation software. Telegram has translation software, which is great, and there's all sorts of different options, so it is much easier to do that sort of research these days with all the translation tools, but even with the translation, it's always a little off because this is a very I've learned I work with folks who are native speakers and they've confirmed this. It's a very nuanced language, and so there's only so much. Um, but it's just starting small, learning, and then a lot of what you get with open source is iteration. And so I remember starting with a couple you see links to other channels and some start reading and research, and it really helps to work with other cybersecurity researchers to ask them this is what I'm seeing. What am I seeing? Like, this is what I think I'm seeing. Am I right? It's like, yes, you're close, but um, so we have a very collaborative environment, the folks that are with.

Pedro Kertzman 7:11

That's awesome. Um also to to link to some something where you're just mentioning about like OSINT tools in general.

OSINT Guardrails Inside Regulated Banks

Pedro Kertzman 7:21

I would imagine that uh when we get closer to law enforcement, uh investigation, and all that, there will be like OSNT tools that are more commonly used. Um, but then you know it could just be my lack of knowledge about particularly the financial sector, but I would imagine that it's a more overall regulated sector. Um, any like particular way to handle OSINT tools when you go to like a more regulated uh sector? Can you just use the same tools? Is there like a particular um let's say triage process to see what tools you're gonna be able to use? Do you have to ask for the regulator of that region approval first? How's that trade-off from one to the other?

Eric Huber 8:11

Yeah, in I and I've worked in banks for so long that it's it's a great question because it's just reflective for me. We have great legal and privacy and governance partners. Um and it is important in any OSINT training, and back when I would do digital forensics, as is before you start a human resource type investigation, make sure HR is signed off on it. It's the same thing in our world, which is for vendor tools, for example. So you're gonna bring in a vendor tool um to a regulated environment like a bank, there's all sorts of different gateways protect yourself so that you're not supposed to do, and everything's regulatorily appropriate, uh, particularly when it comes to handling. So there's plenty of guardrails and government and whether you're using a using something free, um, we have folks that review everything and have the proper controls in place. I mean uh the attorneys know very much what mine, and we've got great partners. That's one of the things I recommend. If you're getting into this, um, you know, reach out to your legal and privacy folks, tell them here's what I'm gonna do, here's what I'm thinking. They work you the process, you get your governance.

Pedro Kertzman 9:19

Got it. Very interesting.

SIM Swap Collaboration Across Industries

Pedro Kertzman 9:21

And and uh like changing a little bit or switching gears a little bit, uh talking about you know the organizations and insider threats, for example. Um, I think you published something about how telecom companies and and the finance sector sometimes they get really mingled together to enable some some types of cybercrime or financial crimes, especially when it comes to sim swap.

Eric Huber 9:49

Oh, yeah, yeah.

Pedro Kertzman 9:50

Yeah, any any like insights from that relationship with other sectors and how they can collaborate better to kind of because it's still something, unfortunately, that happens that could improve the security for end users.

Eric Huber 10:06

Yes, and this is where I start getting a little slippery and evasive in that there are various organizations that uh are set up where folks in the finance talk to each other, and there's other organizations that are set up where it's broader. And so what I can say is we all work together um with banks. One of the common phrases you'll hear is there's no comp work very closely with our peers and other financial institutions. That really extends to uh telecom partners, they're excellent, and so we work very closely with that. A lot of my research, if you follow LinkedIn or any presentations, I'll talk about sim swapping, and that's where take control of someone's phone number from the the literally the phone that the victim has that the fraudster has, so they control the phone number. So now you control if there's that multi-factor authentic and the really popular tack is cryptocurrency, right? So you you take the control of that phone number, you uh figure out the victim's uh cryptocurrency accounts, you know, log in there, use the control of that phone to access accounts. The wireless providers spend a lot of time looking. Um, no systems, and so sometimes you will see some really awful OPSEC on um LinkedIn, or excuse me, not LinkedIn, uh on Telegram and other social media. There's a lot of collaborative effort. When I see those, I get those over and they uh they tear K of things very quickly.

Crypto Fraud Where It Mirrors Banking

Pedro Kertzman 11:32

Got it. And and speak back in a little bit on the cryptocurrency. Um any have you seen like recently? I think we're not uh on the if I can call it that, the boom of cryptocurrency anymore. It's tending to be more people know about it regardless if they want to adopt or not, but everybody, or hopefully a lot of people at this point heard of cryptocurrency already. Um from a like an investigation standpoint from the financial sector, do you see a lot of um similarities or things get blurred between or gray zones between cryptocurrency fraud and like really like traditional quote unquote financial fraud?

Eric Huber 12:20

Yeah, that's a good question. So there's um like the digital currency exchanges, and when I talk about digital currency exchanges, I'm talking about the organizations that will take uh currency, cash, whatever you would call it, turn that into cryptocurrency and back and forth, and you can buy cryptocurrency for other US, like Gemini and all those ones. And they have the same problems that we have, they're similar final problems. They have to worry about account takeovers and people attacking their clients and people using their institution for nefarious. Um, so that that's one piece. And then the other piece is sort of the decentralized aspect, is the difference between cryptocurrency because it is decentralized. If I want to send a wire inside the United States from one person to the other, I'm using a couple of definitions, I can move money around in cryptocurrency and not have it hit any sort of traditional financial institution until I want to cash out, and even then there's ways of doing that where you are bypassing traditional institutions, and so you see that on I see a lot of that research, which you'll see my bad guys in the United States creep gangs really like Bitcoin, and so you know the way they tend to pay each other is like they'll use things like cash out, which is still popular, they use payment apps like anyone else. They really like Bitcoin. My Southeast Asian fraudsters really like Heather, which is a stable coin that is backed US dollar per bit of cryptocurrency, the Tron um, and so USDT, it's still C the payment U, and that means USD.

Using Blockchains For Investigation Signals

Eric Huber 13:54

Great for researchers because if I'm see something, I see some sort of tool, um, some bad guy is advertising this tool and says, hey, if you want to purchase it, here's the address for it. I can put that into the public ledger and I can see, okay, I don't know who this is, right? I don't know who's on the other end, but golly gee, Willokers, I can see this person got paid you know three million dollars in the last you know month or so. That actually helps me understand if the tool being advertised is you know how popular it is, is it legitimate, does it work? It's like someone's paying for it and they're paying a lot of money for it. So it's just cool as a researcher, it's much easier than uh than trying to track down between finances. You know, there's all those that we're limited what we can share with each other.

Pedro Kertzman 14:40

Interesting. And uh I think you mentioned some time ago about the unforgiving technology when it comes to cryptocurrency, because it in some ways it kind of fights the enabler of cybercrime because of the lack of tracing and and and all the the underlying technology um for cryptocurrencies. And uh from a CTI teams standpoint, um any uh I don't want to use the word trace, but any uh clues or things coming from that side of the transactional or the ransom whether it's going to be paid uh through a crypto usually a cryptocurrency, um any things that they could learn without becoming like a you know financial sector uh analyst or specialized on that sector that the CTI teams could use to better interact, I think that's the the word, with the fraud team or the financial sector teams that they could make the relationship better.

Eric Huber 15:52

No, no, there in yeah, and we work really closely with the cyber threat until skill set. It's quite an overlap. My particular team, we're we're more of an intelligence team. So here at TD, we're the adversary intelligence team. So if you can tell from our team's title, uh what we do, um, and we work really closely with the cyber in our bank and and us, and so usually it is the finance um who will have access to what we can do, or there's some fantastic vendor tools out there to tracing and attribution, cryptocurrency, and and some cyber threat and tele folks have those also, particularly when it comes to um, but there's lots of really cool free stuff out there too. And there's all sorts of free ledger tools, there's all sorts of great training, and so it is increasingly more approachable for anyone, whether you're uh bad guys are offering a nation, and some bad guys opsec are better than others. So there's plenty of stuff out there where you can just start digging.

AI Gains Plus Hallucination Risk

Pedro Kertzman 16:50

Okay, very interesting. And and uh where do you think like the where do you think the industry from uh like financial crime mingled with uh crypto and AI now it's kind of a heading? How much you see like the AI changing this particular part of the the the fraud and the threat landscape related to cyber cybercrime? How you see AI shaping this is where we are heading uh on this new AI kind of uh enabled scenario.

Eric Huber 17:27

I'm always joking, I'm terrible at prediction, but for AI I'm a little bit more confident just because of the uh you know, don't ask me where we're gonna be at five years. So now my uh my answer is always like the bad guys are gonna iterate and get better too. Oh, which is true. But no, AI, one of the things that's really helpful with AI is you you can point it at that data, ask a good question, and it can read data a way that you're never going to be able to details that you may do it faster. It's gonna be able to put things together, that's a lot of time to do. It's not even just the just some of the experiments I've been doing public data, um, just with Telegram. It's like, all right, you know, take this data from Telegram, throw it in there, and you know, tell me what you think. It's like I didn't pick that up on this channel. I followed it for a while, and you're picking up or picked up before. So it's going to be faster. It will pick up details that uh they pick up. My biggest concern at this point, error, AI hallucination. So I think as things get uh and you gotta get your governance right too, which gets back to the you know, the the the beginning questions, but you know, here inside of financial institutions, uh governance is what we do, we're highly regulated. I'm a little more worried about industriated, uh, you've grabbed a bunch of personal identifying, you've fed it into some public there, right? And so there's a lot of uh there's a lot of potential for for problems.

Pedro Kertzman 18:45

Yeah, it makes sense. And I think back in the day, for probably anybody trying to work on a any cybersecurity-related field, um, there was always like a lot of data you have to go through, uh whatever could be structured, unstructured.

Eric Huber 19:03

Yeah, and it's just incredible. And and so just having a conversation with someone today where it's like when I did digital forensics and was deep into it, I always felt a little inadequate because I never learned like to do things in Python. You know, Perl was very popular back in the day for digital forensics. Um, and now it's like, I wait. I mean, you know, I I actually made able to be able to do things that was not normally able to do because of that skill set. And now I can the worry is I still think those skill sets are important because at least in the early stages, you're gonna need somebody with that skill set to QA and make sure you're getting um results. And I think it also helps with telling and asking AI what to do. So I'm not predicting that those skills are gonna go away, like you know, don't learn to code, don't learn to do this. So I don't think that's accurate, but understand that you are gonna be doing a lot with AI and understand as you're starting to learn these skills, how can you take these skills more effective? And that's gonna work A, that'll make you more effective, and B, that's gonna make you more employers.

Pedro Kertzman 20:08

100% I agree. I think if you know the overall how things connect together, the overall architecture, what this language, programming language is good for, the other one, uh, you're just gonna make, like you mentioned, better questions, and then you the likelihood of getting a better output will also be higher.

Eric Huber 20:29

It's it's the same problem we had in digital forensics, which is I used to call it push button forensics. You bought some Wonder Tools, you threw the data in there, you asked it to do something or report, I'm like, fine, that's fine now. Well, you know, how do you know that's accurate? Well, you have to understand how the file you're ever gonna get called into ID court, I answered you the same thing with AI.

Pedro Kertzman 20:47

Yeah, agreed. Um, just to expand a little bit still on that, um it may look like that AI is gonna lower the threshold or the entry barrier from a skill set standpoint for analysts or defenders in general, but it can also enable folks on the other side, right? Where do you see like the benefits? Uh how can we really leverage AI in a similar but opposite way that the other guys are leveraging on the other side of the the the line?

Eric Huber 21:23

They're learning too. Yeah, no, it's interesting you say that. We're what I tell people, we're both sides are learning how to use AI. I see them coming up with some good ideas, I'm seeing some that you know aren't working particularly well. They're a business like any. And so for us on the good guys, it's gonna make it's gonna take away a lot of the repetitive tasks, it's gonna be able to do things that you couldn't do before at scale, but you're still going to need, at least in my line of business, you'll still need a human at top looking at all the data and deciding what to do. So, a lot of what my team does, our our team's mottos are make friends and collaborate, and we make friends. And for us. to collaborate and you get those fraudstered tiers. It takes humans taking that data and then working with our partners internally and externally to take the fight. And so I don't see that. Um I don't think it's gonna make it I don't even know if it's gonna necessarily make our job easier. It's just gonna make us better and quicker. Because the problem set is still how are we gonna go after this particular are we gonna work with our internal partners to put controls in place to thwart them? Are we gonna work with law enforcement to go after them? There's still a lot of really good detective work. AI just makes it more and we can be decked.

Coding Skills Still Matter With AI

Pedro Kertzman 22:36

Agreed agreed. Eric that was really awesome.

Eric Huber 22:40

I I appreciate all the insights any like final thoughts for the listeners You know I get asked a lot how do you get into the lineup and one of the things though I'll the people that succeed particularly on the business are the folks that are curious. I'm kind of cheat torpedo myself for probably future um yeah future candidates to go through interviews from but one of the things that really resonates when I'm the ones where it's like I've got this home lab I'm doing this I'm trying this that's like okay that's someone who's going it's a very good indicator of success that someone's got that drive that they're doing it on their own excited and they're they're always and there's so much data available now with AI models of give all sorts of data out there that you can play with that there's no real barrier to to educating yourself and becoming good at whatever you want to do.

Pedro Kertzman 23:30

That's that's awesome. I honestly could not agree more one thing I often mention to when I go to colleges and and other education institutions to talk about threat intelligence it's you have absolutely these days you don't have any barriers to keep learning. Because on our day to day there's no stopping on learning we're always learning so I think when you show that to people on an interview regardless of your title your certificates that you have your stuff that are uh homemade per se it's it's an indication that you're ready to like keep grinding and move forward. I could not agree

Curiosity Career Advice And Closing

Pedro Kertzman 24:17

more.

Rachael Tyrell 24:17

Eric thank you so much I really appreciate all the insights and I'll hope you'll see around thank you thank you thank you for having me and that's a wrap thanks for tuning in if you found this episode valuable don't forget to subscribe share and leave a review got thoughts or questions connect with us on our LinkedIn group Cyber Threat Intelligence Podcast we'd love to hear from you. If you know anyone with CTI expertise that would like to be interviewed in the show just let us know. Until next time stay strong and stay secure