When it comes to tackling the issue of online fraud, Arkose Labs have a unique solution – hire a former US Most Wanted cybercriminal.
Kevin Gosschalk, Arkose Labs Founder and CEO, advised that in order to fight fraudsters, you have to know what’s going on inside of their minds and how their points of view and tactics shift. This led to the company creating the role of Chief Criminal Officer, with Brett Johnson, ex-hacker previously dubbed the “original internet godfather” taking on the mantle.
On his inspiration for creating the role, Gosschalk said: “From very early on in my career, I have been working with innovative technology to solve very human problems, initially in the biomedical field. I was very aware of online fraud because I’m a gamer, and my online gaming accounts would get hacked and I would have to go through the rigmarole of resetting my password, etc. As my career progressed, I was convinced that I could leverage the same approach I took to developing biomedical technology to another human problem – online fraud attacks.
“A big part of solving the online fraud issue is understanding the fraudsters – their motivations; how they organise, their technology prowess, etc.
“So when I met Brett Johnson a few years ago, I knew that at some point we’d be working together. Brett is a reformed cybercriminal, and one of the first cybercriminals. He actually created the community infrastructure that was the precursor to the Dark Net and Dark Net Markets that operate today. His knowledge of cybercriminals is unmatched, and now he is leveraging that knowledge in conjunction with our deep data-driven insights and real-world interactions with fraudsters to make fraud a less profitable endeavour for the bad actors.”
What does a Chief Criminal Officer do?
In this newly created role, Johnson is providing bespoke counsel to the company’s key customers on the novel attacks that are targeting them specifically. He is also working with the Arkose Labs product team to ensure that the latest attack types can be addressed through their product, as well as collaborating with Gosschalk on thought leadership initiatives to inform the industry and bring fresh intel found on Dark Web and forums to help the fraud-fighting community at large.
“With a Chief Criminal Officer as part of our team,” Gosschalk added, “We can leverage even more fresh intelligence to make our products that much more powerful to create an online environment where all consumers are protected from malicious activity.”
A fraudster reformed
As one of the world’s top experts on cybercrime, Johnson undoubtedly brings a unique perspective to the companies operations. When asked why he decided to turn away from a life of cybercrime and instead help companies fight the fraudsters, Johnson simply said: “I got tired of harming people.”
“Friends, family, people I knew and people I didn’t know – I got tired of harming myself. I was dubbed the Original Internet Godfather and a US Most Wanted Cybercriminal. I spent years in prison. I was given the opportunity to turn my life around, to use my skills for good, and I took it. Today I work hard to protect businesses and consumers from the type of person I used to be. I get far more satisfaction today helping people than I ever did as a criminal.”
He continued: “My real-life experiences in the early days of cybercrime give me a unique perspective on how to stop cybercriminals. That fact is probably the major reason why my past makes me the perfect man to be Arkose Labs’ Chief Criminal Officer.”
The challenges of the fraud landscape
With fraud being as big a threat as ever, companies and consumers are constantly at risk from cybercriminals who are constantly levelling up their practices to get past any defences.
In terms of the current challenges, Johnson said: “Cybercriminals are extremely well organised, and that poses a significant challenge.
“That fact is one reason why you’ll hear security professionals say they feel like they are playing a cat and mouse game or whack-a-mole when trying to stop bad actors.
“Committing fraud is a business for cybercriminals; it’s their career. They are nimble, innovative, and can pivot quickly – take a look at how quickly scammers jumped on the state unemployment payments at the outset of the pandemic.”
“Another big challenge is that fraudsters’ targets have moved upstream from traditional payments fraud,” Gosschalk added.
“Now fraudsters are going after the first point of contact a company has with a consumer – a consumer’s online account. Once fraudsters get access to a consumer’s account they have multiple avenues for wreaking havoc – either draining a consumer’s bank account of funds, stealing a consumer’s loyalty points from an airline, or verifying that the consumer’s username and password are legitimate and then selling those credentials on the Dark Web.
However, as Gosschalk concludes, fintech and innovative thinking can help aid in these challenges. “When a fintech has the controls in place to undermine what fraudsters want most – money, the tide turns on all fraud. When wealth creation through account takeovers and other types of fraud becomes too expensive, fraudsters go away.”