Co-founder Timothy Lin is featured on Channel News Asia's "On the Red Dot" and CNA 93.8. This post contains a transcript of the radio interview and CNA's documentary footage.
Cylynx
April 12, 2021 · 4 min read
Singapore, 28 March 2021 – Cylynx's co-founder Timothy Lin discusses the links between cybercrime and financial crime on Channel News Asia (CNA) "On the Red Dot", episode 42: How to Stop Cybercrime." He shows how blockchain forensics could be used to trace pseudo-anonymous transactions across the blockchain.
For more information on the programme check out [CNA's video on demand](Channel News Asia "https://www.channelnewsasia.com/news/video-on-demand/on-the-red-dot-fy2021/how-to-stop-cybercrime-14471422").
As a run-up to the programme, he did a radio interview with CNA 93.8. He discusses cybersecurity threats with Lee Heng Yu, CEO and co-founder of Polaris. The following transcript highlights the talking points of the interview (host in bold, Timothy's response in blockquotes).
Tim, you’re the co-founder of Cylynx, which uses AI to monitor blockchain transactions. So, you’re like the CSI for cryptocurrency, right? How difficult is it to investigate cybercrimes involving cryptocurrency, compared to fiat currencies?
Haha not really, it’s not as glamorous as it looks. There’s a lot of work done in extracting data, transforming it into meaningful data points, and making sense of activities. On the difficulty of investigating cybercrime involving crypto, compared to fiat currencies. In one sense it is easier. Anyone making digital transactions tends to leave behind a digital footprint that can be trace. But it’s also harder as money can be moved much quickly cross-border, and across multiple wallets
What do you mean when investigators talk about tracing “source of funds”?
Given a particular suspicious actor or account, we want to be able to locate where he obtain his money from (whether it might be through a hack or scam) and how he is transferring to across multiple accounts to hide the trail of transactions.
How does this help investigators like you flag suspicious money trails?
As payment systems move online and digital transactions grow in popularity, cybercrime is very closely related to financial crime. The relationship goes both ways – online digital banking systems are an additional attack surface for hackers, while stolen information and credentials are often sold on the dark web and laundered through numerous channels
Cryptocurrencies such as Bitcoin is one such channel. It is very easily to create multiple wallets and move money through them to obscure the origin of funds. Hackers rely on the pseudo-anonymous nature of cryptocurrency and the lack of a central governing authority to move their money around and cash them out at various exchanges.
While being pseudo-anonymous, each transaction is still stored and recorded on the blockchain network. We are able to identify certain characteristic patterns in the movement of funds, which helps us tag their origin and subsequent trail. This means that we are able surface such information to the regulators and exchanges to act as a line of defence against attempts by hackers in cashing out illicit funds.
Your company Cylynx uses AI to analyse and flag suspicious activities or abnormal transaction amounts on the blockchain. So, what criminal activities have you picked up? How much money are we talking about here? How much illicit cryptocurrency is being transacted or financing criminal activities?
Practically any activity you can find on the dark web, including drug trafficking, ransomware and child pornography. There are also cryptocurrency specific scams and hacks like various ponzi scams, ICO scams, hacks of major exchanges which have been linked to North Korea.
It is estimated that 1-2% of all cryptocurrency transaction volume can be attributed to some form of illicit activities. This is more than 10 billion dollars. Having said that, there is also way more genuine economic activity being processed through blockchain transactions, especially with renewed interests from large companies like paypal last year. Hence it is really important that crypto companies adopt strong screening mechanisms to weed out suspicious transactions and bring greater trust to crypto payments.
Tim, walk us through what happens when suspicious transactions are flagged. Who actually does the reporting and how does law enforcement follow up on it?
Typically, after a transaction is flagged by an exchange or payment gateway, they are required to file a suspicious transaction report with the regulators. The funds are then frozen pending investigation and possibly returned to the rightful owners in the case of a hack or scam.
However, this depends very much on the local regulations in question and how closely are the regulators working with exchanges in that particular country. The tricky part about cryptocurrency payments is that it is transnational in nature. The exchange could be headquartered in Korea with users from Singapore and hackers from another state.
For such cases, the local authorities would have to work with their international counterparts to seize the funds. There are attempts to have more streamlined, and coordinated policies across countries, but this is still relatively nascent as authorities are still figuring out the best way to approach cryptocurrency.
I mentioned earlier about the WEF’s latest list of global risks which identifies cybersecurity failure as the 4th most critical threat to facing the world – after “Infectious diseases”, “livelihood crises” and “extreme weather events”. Tim, do you agree with the WEF’s 4th placed ranking for cybersecurity failure?
I think it’s well placed. The modern economy is so reliant on computer systems, ranging from banking, telecommunications and even robo-vacuum cleaners. The threat of a large scale cybersecurity failure is real and could possibly threaten critical infrastructure systems.
Do you think that private companies and individuals need to work more closely with the public sector? Or can we depend on the authorities to lead the way forward to combat cybercrime? Let’s start with you, Tim.
Most certainly. Dealing with the wide-ranging and ever-evolving cyber threat, requires close cooperation between cybersecurity firms, private sector companies and public sector agencies. This not only applies to cyber threat intelligence or investigations but also cyber education and awareness. There’s so much we can do together to improve cyber literacy and equip non-technical people with the right mindset to safeguard themselves against such threats
Both of you are under 35 and both of you came up with innovative and successful solutions to handle cybercrime. But if you could have had someone to advise you when you first started this journey, what advice would you have wished you had? Tim, let’s start with you.
Come join Cylynx? But really, the Singapore cyber community is really warm and welcoming, and we have various programs such as the NUS ICE 71 cyber security incubator or accelerator program to help nurture ideas into companies and grow the ecosystem. Also, age does not really matter – the field is growing and if you are open to learning something new and are interested in this area, do take the plunge.
