Responding to a cyber attack — account takeover and redirect Industry: Internet service provider Country: Eurozone The situation: determine if the intrusion had gone beyond the initial attack A large European top-level domain name registrar reported that vector. Using pattern and link analysis to visualize network the domain names for major international companies had been traffic, the investigation team determined that the intrusion hijacked and redirected to inappropriate internet sites. was indeed limited in scope, which the company was able to demonstrate to regulators. The analyses provided substantive How FDA helped: evidence that the intrusion was limited in scope, causing minimal The company used FDA techniques to isolate the intrusion damage to the company. mechanism and to evaluate the network infrastructure to Detecting bank deposit fraud Industry: Banking Country: Asia The situation: into a network of high-performance computers on-site. The A large Asian bank was seeking to uncover bank deposit bank developed customized counter-fraud risk-scoring models fraud patterns across its retail business in order to improve leveraging visual analytics, link analysis, statistical anomaly its internal controls environment and build trust with detection and predictive analytics techniques to spot unusual customers and employees. patterns of potential bank deposit fraud schemes. The bank uncovered hidden relationships between its customers and How FDA helped: employees, highlighted suspicious insider activities and detected The company used advanced FDA techniques to harness data transactions that were designed to avoid internal reporting never before extracted from its core banking system, which was thresholds. The bank put together a fraud task force to review linked with data from other business units, such as branch and case observations resulting from the models and validated that internet banking. Several billion bank transactions were loaded the reduction in false positives had significantly improved. Surveillance monitoring: Know Your Trader (KYT) Industry: Financial services Country: Australia The situation: review by applying: The bank was investigating concerns raised by an Australian • A series of keywords and ontologies designed to detect rogue regulator with respect to various FX and financial benchmark trading and noncompliance with bank regulations processes. Specifically, the regulator issued a series of • A communication risk-scoring model that assigns an agreed compulsory notices to the bank requiring it to produce certain weight to each test and ranks each communication based on documents and information. the co-occurrence of how that communication meets each test criterion How FDA helped: The bank deployed KYT forensic data analysis techniques By using FDA to enable a targeted document review based on spanning more than 10 million documents — covering corporate text mining and an objective risk-scoring model, the number of email, instant messaging, and Reuters and Bloomberg Chat documents requiring review was substantially reduced — cutting data — to identify potentially high-risk communications between costs by millions, with a better risk mitigation outcome. the bank’s securities traders, industry analysts and other parties. By using FDA, the project team performed targeted document Global Forensic Data Analytics Survey 2016 | 31