From fraudulent COVID-19 small business loans to security breaches that leak shoppers鈥 credit card data, the exploitation of the complex nature of corporate relationships continues to be a major concern.
For instance, the FBI Internet Crime Complaint Center received more than 28,000 complaints related to COVID-19 fraud in 2020 and a record number of complaints overall, with reported losses exceeding $4.1 billion.
However, investigating networks of corporate relationships, which could include multiple third-party vendors and subcontractors, and shell corporations is no easy task due to the complexity of the networks and limited resources of investigators.
That鈥檚 why a 麻豆原创 Cyber Security and Privacy researcher is working on a new project to make investigations into corporate relationships easier and quicker by creating automated tools that help investigators track complex corporate relationships.
The three-year project is funded by a nearly $1 million Defense Advanced Research Projects Agency (DARPA) Young Faculty award. Paul Gazzillo, an assistant professor in 麻豆原创鈥檚 , will lead the research.
鈥淐omplex corporate relationships allow criminals, adversaries, and others to hide activities in plain sight using legal, but complex, cross-jurisdictional businesses,鈥 Gazzillo says. 鈥淗elping law enforcement and intelligence to accelerate investigations into these relationships could help them in their efforts.鈥
This automated assistance could help prevent organizations from making fraudulent claims that don鈥檛 get caught. For example, companies that received COVID-19 Paycheck Protection Program loans when they shouldn鈥檛 have could have been prevented by cross referencing applications with publicly available corporation data.
Or it could help root out potential breach avenues, such as when a security flaw in a subcontractor鈥檚 system may have exposed consumers鈥 credit card data, which is the suspected cause of the 2013 hack of Target.
Gazzillo鈥檚 approach to tracking corporate relationships that are obfuscated in complex systems is to make disparate systems 鈥渢alk鈥 to each other.
鈥淭he key challenge is the gap between existing corporate relationship data 鈥 which are described informally in natural language 鈥 what humans are used to, and automated reasoning tools, which expect a highly formalized logical language that computers can work with more easily,鈥 he says.
To overcome this challenge, the researcher will work to define corporate relationship data in machine-readable terms, use machine transformation techniques to convert relationship data in existing datasets, and create algorithms that can automatically analyze and report on the data.
鈥淚f successful, our research will act as an investigative force multiplier for national and economic security, such as FBI special agents tracking financial crime through the U.S. Financial Crimes Enforcement Network and Defense Counterintelligence and Security Agency and investigators rooting out foreign influence on defense subcontractors,鈥 Gazzillo says. 鈥淏y automating tracking, we can reduce the time needed to trace and record connections between entities, which will both accelerate investigations and reduce human error. This in turn should allow an investigator to explore more vulnerable corporate connections and take on more cases in less time compared to manual tracking.鈥
Gazzillo received his doctorate in computer science from New York University. He is a member of 麻豆原创鈥檚 Cyber Security and Privacy research cluster and joined 麻豆原创鈥檚 Department of Computer Science, part of 麻豆原创鈥檚 College of Engineering and Computer Science, in 2018.
