* Historical bank robbery & sociological underpinnings
* Why digital robbery is the 'Perfect Crime'
* Some modern evolutions & why our traditional defenses are failing
* Where we can see solutions…
Din cloud launched hosted sql server dinsqldinCloud Inc.
dinCloud Announces Hosted SQL Server 2014 Offering
dinSQL Offers Security-Enhanced Platform and High Availability for Cloud-Hosted Databases
LOS ANGELES, CA – October 27, 2015 – dinCloud, a cloud services provider that helps organizations rapidly migrate to the cloud through business provisioning, today announced dinSQL, its hosted SQL Server offering. dinCloud’s database hosting platform allows organizations to host their SQL Server databases in the cloud via a virtual private data center, either as a primary site or as a backup in a business continuity/disaster recovery (BC/DR) scenario. dinSQL supports SQL Server 2014, 2012, 2008, and the 2005 version, which ceases extended support in April 2016. These editions can be delivered as a hybrid solution for those with a current on premises environment, or migrated to the cloud and setup for BC/DR.
Din cloud launched hosted sql server dinsqldinCloud Inc.
dinCloud Announces Hosted SQL Server 2014 Offering
dinSQL Offers Security-Enhanced Platform and High Availability for Cloud-Hosted Databases
LOS ANGELES, CA – October 27, 2015 – dinCloud, a cloud services provider that helps organizations rapidly migrate to the cloud through business provisioning, today announced dinSQL, its hosted SQL Server offering. dinCloud’s database hosting platform allows organizations to host their SQL Server databases in the cloud via a virtual private data center, either as a primary site or as a backup in a business continuity/disaster recovery (BC/DR) scenario. dinSQL supports SQL Server 2014, 2012, 2008, and the 2005 version, which ceases extended support in April 2016. These editions can be delivered as a hybrid solution for those with a current on premises environment, or migrated to the cloud and setup for BC/DR.
Devnexus 2017 Cybercrime and the Developer: How do you make a difference?Steve Poole
Cybercrime how bad can it be? Organised attacks around the world in 2016 have shown how unprepared we are to deal with the growth of Cybercrime. In this talk learn a little about the scale of the challenge developers face from assaults on our systems. Be prepared to be appalled and scared. Fainting is not allowed. Discover how to fight back and see how you can change your behaviour and your code to defend against these attacks.
Your destiny is clear - it’s time to be come a Cyber Defender
Keeping a holistic PCI compliance approach alive
PCI as a Framework
*Setting ourselves in context
*Setting ourselves up for success
*Selling / Framing / Evolving
Off-Book Benefits
Some of the Opportunities
*Getting plenty of ‘C level’ support
*With friends like these
APT or not - does it make a difference if you are compromised?Thomas Malmberg
This is my presentation from the Cyber Security Summit held in Prague 2015 at the Boscolo Prague Spa Hotel. For the missing slides and further information, contact me directly.
Companies are generally very good at protecting themselves against external attacks, but only rarely do they guard themselves against internal attacks. By using what’s known as ‘Social Engineering’, hackers exploit unsuspecting people who in good faith open up their doors to unwanted strangers.
Social engineering, or SE, is the art of manipulating people into performing actions or so they give up confidential information. Social Engineering can mean different things to different people.
Social Engineering as the Art of "Human OS" hacking
Main points of the presentation (1) Overall introduction on social engineering (2) Case studies (3) Defending against Social Engineering.
for: http://armsec.org/
Keeping an Eye On Risk - Current Concerns and Supervisory OversightCBIZ, Inc.
In this presentation, you will
-Gain an understanding of leading edge risk management practices for Credit Unions.
-Gain insight on the Board and Supervisory Committees’ role in the internal control structure.
Recognize areas of potential weakness in the organization.
Gain an understanding of the regulatory environment and impact on risk management.
n the world of DevOps and the cloud, most developers have to learn new technologies and methodologies. The focus tends to be on adding capabilities such as resilience and scaling to an application. One critical aspect consistently overlooked is security.
In this session, learn about a few of the simple actions you can take (and some behaviors you must change) to create a more secure Java application for the cloud. The world of the cyber criminal is closer than you realize. Hear how at risk your application may be, see practical examples of how you can inadvertently leave the doors open, and understand what you can do to make your Java solution more secure.
With the new interconnected age comes new risks for cyber attacks and other fraudulent activity. Do you know what you need to keep your end users protected? Digital Insight discusses security and compliance in the interconnected age.
Cyber attacks have been hitting the headlines for years; but in spite of the risks, the reputational damage and the rising cost of fines, there is still an endless stream of businesses being exposed for security failings.
The scale of the problem is vast: Accenture’s recent 2016 Global Security Report highlighted “an astounding level of breaches” with the organisations surveyed facing more than 80 targeted attacks every year, of which a third were successful. Much has been made of the evolving threat landscape and increasing sophistication of attacks. But whilst there is evidence to support the growing complexity of the challenge, all too often the analysis of these high-profile attacks determines basic, foundational security principles were ignored.
Some commentators argue that the persistence of failings is a direct reflection of organisational priorities, and that while businesses may talk a good game, security is not yet given the attention that it requires at board level. This leaves CISOs and IT leaders fighting a losing battle to secure adequate attention and investment for an area of the business which does not generate revenue.
This conference will look at raising security standards across the business, exploring some of the most persistent problems from IT infrastructure to staff engagement. Amidst a backdrop of perpetual media hysteria, turbulent markets and looming regulatory change, it can prove difficult to establish a coherent picture of the threat, never mind what action to take. The conference will help contextualise the challenging landscape and discuss how to deliver meaningful improvements and end to end organisational resilience.
Social Engineering 101: Don't Get Manipulated by AttackersNetSquared
Nonprofits - This security-focused educational webinar will be presented by Erich Kron, a Security Awareness Advocate at KnowBe4!
Abstract:
Social Engineering is a practice we use almost every day of our lives. It is apparent in how we interact with our families, our friends, strangers and even those coworkers we don't really like. It's really just the practice of dealing with other humans.
By studying these interactions, attackers can become very adept at using these skills to manipulate people into actions that benefit them. Phishing, smishing, vishing are all tools of the trade that attackers use. The psychology used in these attacks to bypass critical thinking is becoming more and more advanced. By leveraging techniques like focus redirection and exploiting the way our brain filters can be tricked in to perceiving a different reality, attackers are outpacing our best efforts to defend ourselves. We do know that throwing money at a problem doesn’t make it go away. Social engineering methods and the cyber criminals behind the attacks are furiously innovating.
Fear, anxiety and outrage are all being used to spread ransomware and other types of malware, scam people and organizations out of money and disrupt business. It’s no wonder that social engineering and phishing are the most common way that successful breaches get started.
This session will look at the things social engineers use to trick users into performing the kinds of actions that lead to security breaches and ways to identify and counteract these attacks. It will also discuss recent real-world attacks and the social engineering tricks that made them effective.
Topics include:
- The Perception vs. Reality Dilemma
- Focus redirection
- Psychology behind the attacks
- Identifying and developing defensive practices
Have you ever wondered how search works while visiting an e-commerce site, internal website, or searching through other types of online resources? Look no further than this informative session on the ways that taxonomies help end-users navigate the internet! Hear from taxonomists and other information professionals who have first-hand experience creating and working with taxonomies that aid in navigation, search, and discovery across a range of disciplines.
This presentation, created by Syed Faiz ul Hassan, explores the profound influence of media on public perception and behavior. It delves into the evolution of media from oral traditions to modern digital and social media platforms. Key topics include the role of media in information propagation, socialization, crisis awareness, globalization, and education. The presentation also examines media influence through agenda setting, propaganda, and manipulative techniques used by advertisers and marketers. Furthermore, it highlights the impact of surveillance enabled by media technologies on personal behavior and preferences. Through this comprehensive overview, the presentation aims to shed light on how media shapes collective consciousness and public opinion.
Devnexus 2017 Cybercrime and the Developer: How do you make a difference?Steve Poole
Cybercrime how bad can it be? Organised attacks around the world in 2016 have shown how unprepared we are to deal with the growth of Cybercrime. In this talk learn a little about the scale of the challenge developers face from assaults on our systems. Be prepared to be appalled and scared. Fainting is not allowed. Discover how to fight back and see how you can change your behaviour and your code to defend against these attacks.
Your destiny is clear - it’s time to be come a Cyber Defender
Keeping a holistic PCI compliance approach alive
PCI as a Framework
*Setting ourselves in context
*Setting ourselves up for success
*Selling / Framing / Evolving
Off-Book Benefits
Some of the Opportunities
*Getting plenty of ‘C level’ support
*With friends like these
APT or not - does it make a difference if you are compromised?Thomas Malmberg
This is my presentation from the Cyber Security Summit held in Prague 2015 at the Boscolo Prague Spa Hotel. For the missing slides and further information, contact me directly.
Companies are generally very good at protecting themselves against external attacks, but only rarely do they guard themselves against internal attacks. By using what’s known as ‘Social Engineering’, hackers exploit unsuspecting people who in good faith open up their doors to unwanted strangers.
Social engineering, or SE, is the art of manipulating people into performing actions or so they give up confidential information. Social Engineering can mean different things to different people.
Social Engineering as the Art of "Human OS" hacking
Main points of the presentation (1) Overall introduction on social engineering (2) Case studies (3) Defending against Social Engineering.
for: http://armsec.org/
Keeping an Eye On Risk - Current Concerns and Supervisory OversightCBIZ, Inc.
In this presentation, you will
-Gain an understanding of leading edge risk management practices for Credit Unions.
-Gain insight on the Board and Supervisory Committees’ role in the internal control structure.
Recognize areas of potential weakness in the organization.
Gain an understanding of the regulatory environment and impact on risk management.
n the world of DevOps and the cloud, most developers have to learn new technologies and methodologies. The focus tends to be on adding capabilities such as resilience and scaling to an application. One critical aspect consistently overlooked is security.
In this session, learn about a few of the simple actions you can take (and some behaviors you must change) to create a more secure Java application for the cloud. The world of the cyber criminal is closer than you realize. Hear how at risk your application may be, see practical examples of how you can inadvertently leave the doors open, and understand what you can do to make your Java solution more secure.
With the new interconnected age comes new risks for cyber attacks and other fraudulent activity. Do you know what you need to keep your end users protected? Digital Insight discusses security and compliance in the interconnected age.
Cyber attacks have been hitting the headlines for years; but in spite of the risks, the reputational damage and the rising cost of fines, there is still an endless stream of businesses being exposed for security failings.
The scale of the problem is vast: Accenture’s recent 2016 Global Security Report highlighted “an astounding level of breaches” with the organisations surveyed facing more than 80 targeted attacks every year, of which a third were successful. Much has been made of the evolving threat landscape and increasing sophistication of attacks. But whilst there is evidence to support the growing complexity of the challenge, all too often the analysis of these high-profile attacks determines basic, foundational security principles were ignored.
Some commentators argue that the persistence of failings is a direct reflection of organisational priorities, and that while businesses may talk a good game, security is not yet given the attention that it requires at board level. This leaves CISOs and IT leaders fighting a losing battle to secure adequate attention and investment for an area of the business which does not generate revenue.
This conference will look at raising security standards across the business, exploring some of the most persistent problems from IT infrastructure to staff engagement. Amidst a backdrop of perpetual media hysteria, turbulent markets and looming regulatory change, it can prove difficult to establish a coherent picture of the threat, never mind what action to take. The conference will help contextualise the challenging landscape and discuss how to deliver meaningful improvements and end to end organisational resilience.
Social Engineering 101: Don't Get Manipulated by AttackersNetSquared
Nonprofits - This security-focused educational webinar will be presented by Erich Kron, a Security Awareness Advocate at KnowBe4!
Abstract:
Social Engineering is a practice we use almost every day of our lives. It is apparent in how we interact with our families, our friends, strangers and even those coworkers we don't really like. It's really just the practice of dealing with other humans.
By studying these interactions, attackers can become very adept at using these skills to manipulate people into actions that benefit them. Phishing, smishing, vishing are all tools of the trade that attackers use. The psychology used in these attacks to bypass critical thinking is becoming more and more advanced. By leveraging techniques like focus redirection and exploiting the way our brain filters can be tricked in to perceiving a different reality, attackers are outpacing our best efforts to defend ourselves. We do know that throwing money at a problem doesn’t make it go away. Social engineering methods and the cyber criminals behind the attacks are furiously innovating.
Fear, anxiety and outrage are all being used to spread ransomware and other types of malware, scam people and organizations out of money and disrupt business. It’s no wonder that social engineering and phishing are the most common way that successful breaches get started.
This session will look at the things social engineers use to trick users into performing the kinds of actions that lead to security breaches and ways to identify and counteract these attacks. It will also discuss recent real-world attacks and the social engineering tricks that made them effective.
Topics include:
- The Perception vs. Reality Dilemma
- Focus redirection
- Psychology behind the attacks
- Identifying and developing defensive practices
Have you ever wondered how search works while visiting an e-commerce site, internal website, or searching through other types of online resources? Look no further than this informative session on the ways that taxonomies help end-users navigate the internet! Hear from taxonomists and other information professionals who have first-hand experience creating and working with taxonomies that aid in navigation, search, and discovery across a range of disciplines.
This presentation, created by Syed Faiz ul Hassan, explores the profound influence of media on public perception and behavior. It delves into the evolution of media from oral traditions to modern digital and social media platforms. Key topics include the role of media in information propagation, socialization, crisis awareness, globalization, and education. The presentation also examines media influence through agenda setting, propaganda, and manipulative techniques used by advertisers and marketers. Furthermore, it highlights the impact of surveillance enabled by media technologies on personal behavior and preferences. Through this comprehensive overview, the presentation aims to shed light on how media shapes collective consciousness and public opinion.
0x01 - Newton's Third Law: Static vs. Dynamic AbusersOWASP Beja
f you offer a service on the web, odds are that someone will abuse it. Be it an API, a SaaS, a PaaS, or even a static website, someone somewhere will try to figure out a way to use it to their own needs. In this talk we'll compare measures that are effective against static attackers and how to battle a dynamic attacker who adapts to your counter-measures.
About the Speaker
===============
Diogo Sousa, Engineering Manager @ Canonical
An opinionated individual with an interest in cryptography and its intersection with secure software development.
Acorn Recovery: Restore IT infra within minutesIP ServerOne
Introducing Acorn Recovery as a Service, a simple, fast, and secure managed disaster recovery (DRaaS) by IP ServerOne. A DR solution that helps restore your IT infra within minutes.
Sharpen existing tools or get a new toolbox? Contemporary cluster initiatives...Orkestra
UIIN Conference, Madrid, 27-29 May 2024
James Wilson, Orkestra and Deusto Business School
Emily Wise, Lund University
Madeline Smith, The Glasgow School of Art
This presentation by Morris Kleiner (University of Minnesota), was made during the discussion “Competition and Regulation in Professions and Occupations” held at the Working Party No. 2 on Competition and Regulation on 10 June 2024. More papers and presentations on the topic can be found out at oe.cd/crps.
This presentation was uploaded with the author’s consent.
1. MODERN BANK
ROBBERY 101:
THE INTRODUCTORY
COURSE
Patrick Wheeler
Mar2015
v1.2
• Historical bank robbery &
sociological underpinnings
• Why digital robbery is the
'Perfect Crime'
• Some modern evolutions &
why our traditional defenses
are failing
• Where we can see
solutions…
DISCLAIMER - Doing the Necessary
• This is not a How-To Manual and any effort to replicate
techniques and methods herein may be met with
variable success (and interest by law enforcement) …
• This is an effort to share one person’s experience in
hopes it helps us all…
• These are largely my opinions (except where they
aren’t)…
• These are definitely not the opinions of my employer
(except where they are)…
• I may make mistakes and be factually incorrect (except
where I ain’t & don’t)…
• I will by relying upon publicly available information (for
some reason I hesitate to share specific company
information in a public forum) …
• If I appropriated your images, my thanks (and apologies
if I misuse, offend or fail to attribute) …
Patience Please:
• I tend to speak quickly …
• I abuse analogies and esoteric references …
• I apologize in advance if I stutter or stumble a
little bit …
Please let me know if I can clarify anything…
… you can usually find me wherever someone is serving food or
coffee
2. About what I do …
BIO –
Patrick Wheeler has been involved in IT Consulting,
Business, Engineering and Security for over 20 yrs. He
has a Bachelors in Environmental Engineering, an MBA
and is a registered professional Civil Engineer. His
background includes fun job titles like Security Architect,
Audit Manager, Inspector, Systems and Security Analyst,
Project Manager, Operations Director, VP of Operations
and Chief Information Security Officer.
•His business, IT and best practices focus is on
information security, risk and compliance including PCI
and security program management as well as internal
and external financial & technology audits. With a legal
support background he serves as an expert witness to
courts on various aspects of best practices and industry
standards.
•He has been involved in many industries from
government agencies, financial services, and banking
through fashion, retail and technology startups. Prior to
moving to Europe he served in California’s Silicon Valley
and San Francisco Bay Area specializing in security,
compliance and operational efficiency topics.
•Personal interests include driving old cars too fast while
taking photographs (in a well-controlled secure
environments). Oh, and waterwheels. He now regrets
this hobby after writing a successful EU grant of 2.5€M to
identify and convert old watermills to generate renewable
electricity …
5. 1. Motivation ‘That’s Where The Money Is’
Andrew Stone (1996), a
computer security consultant
from Hampshire in the UK, was
convicted of stealing more than
£1 million by pointing high
definition video cameras at
ATMs
from a considerable distance, and
by recording the card numbers,
expiry dates, etc. from the
embossed detail on the ATM cards
along with video footage of the
PINs being entered … produce
clone cards … withdraw the full
daily limit for each account … also
allowed him to sidestep withdrawal
limits by using multiple copied
cards.
In court, it was shown that he could
withdraw as much as £10,000 per
hour by using this method.
Stone was sentenced to five years
and six months in prison.
vs.
6. Dishonesty is the new Honesty:
…how getting caught matters less than we
think in whether we cheat; and how
business practices pave the way for
unethical behavior, both intentionally and
unintentionally. … how unethical behavior
works in the personal, professional, and
political worlds, and how it affects all of us.
The RSA Animate Version.
Cheating is the new Fair Play:
… some behavioral ethics
researchers were startled by
a study published recently in
The Journal of Personality
and Social Psychology by
researchers at the University
of Washington, the London
Business School, Harvard and
the University of
Pennsylvania.
The title: “The Cheater’s
High: The Unexpected
Affective Benefits of
Unethical Behavior.”
http://well.blogs.nytimes.com/2013/10/07/in-bad-news-cheating-feels-
good/?_r=0
…. Banks are evil ….
2. Justification: Sociologically, to get really depressed…
7. 3. Deterrence / Opportunity
Digital Crime:
… a little less physical …
•No need to be present at the
site of the criminal act
–No person-to-person interactions
(individuals being robbed are
unpredictable!) so no heroes and
less potential for violence …
–No chance of accidental weapons
discharge and murder charges
–No Local Police who pursue
robbers diligently
–No Video cameras and witnesses
• Perceived as protected from
identification and prosecution
• State Lines?
… while Americans struggled
during the height of the Great
Depression, the Dillinger gang
stole … from Midwestern banks …
made a crucial mistake… Dillinger
fled jail in a stolen car and drove
from Indiana to Illinois… a Federal
offense to transport a stolen motor
vehicle across state lines …
enabled the FBI to lead the
nationwide manhunt. Director J.
Edgar Hoover made Dillinger’s
capture the FBI’s top priority.
…. Banks are evil ….
Three Technological evolutions: Fast Cars
Interstate Highways and Overwhelming
Firepower. Legal justice system slow to
adjust to new reality…
8. 4. Capability ‘democratization’ of Fraud:
Fraud as a Service (FaaS) / Communities of Crime / Getting Social
Increased commercialization and ‘business’
driven approach …
• ‘Supported’ Fraud Tools with Trouble
Ticketing
• Bot Networks for Hire
• Networks of Money Mules and Bank
Accounts for Hire
• ‘Getaway Drivers’ and Denial of Service
for Hire
• Advertising Services within and to the
Criminal Community
Can outsource the difficult and parts
• Zero Day Attacks and initial compromise
Money Mules for hire
• Distributed Denial of Service attacks to
masque getaway
• Can re-use attack methodology and tools
again and again and
• can become RESELLERS (entrepreneurs)
… Sutherland's differential association theory can be summarized as:
(Sutherland and Cressey, 1978)
• Criminal behavior is learned; it's not inherited, and the person who
isn't already trained in crime doesn't invent criminal behavior.
• Criminal behavior is learned through interaction with other people
through the processes of … communication and example.
• The principle learning of criminal behavior occurs with intimate
personal groups.
• The learning of crime includes learning the techniques of committing
the crime and the motives, drives, rationalizations and attitudes that
accompany it…
…. Banks are evil ….
9. While the street crews were taking money out of bank machines, the
computer experts were watching the financial transactions from afar, ensuring
that they would not be short-changed … the leader of the New York cashing
crew … fled the United States just as the authorities were starting to make
arrests of members of his crew … gunmen stormed a house where he was
playing dominoes and began shooting. A manila envelope containing about
$100,000 in cash remained untouched.
The Perfect Crime - ATM Breach - 45M$ Single Day ATM Cash-Out
14. Feeling ‘Outgunned’
•Is our financial industry ready to prevent a ‘Nation State’ backed compromise?
•How about the tools released ‘into the wild’ by nation states?
•Or the teams trained by them?
•The damages from the NSA (and affiliates) actions (stuxnet, cryptography,
backdoors, distrust) but even more importantly the tools re-purposed and in the
hands of mal-intended persons are hard to prepare for …
•Just as Vauban’s fortifications became obsolete with military evolution, our
digital defences must evolve, somehow drastically, to a new reality …
15. Solutions (Today !)
Jean-Baptiste Alphonse Kerr, 1849
plus ça change, the more things change,
plus c'est la même chose the more things stay the same
– There is no room for complacency …
– The targets, the methods and the actors may evolve …
– A coordinated, active and evolving defence is required …
– We must keep getting better and better at what we are doing …
– We will only get better by cooperating, learning and evolving our defences …
Deeper/Taller/Wider/Harder Defensive Layers With Hardened Crunchy Interiors
– Fortresses are Today’s Reality –
Tip: how to stop targeted (APT) attacks
http://www.asd.gov.au/infosec/mitigationstrategies.htm
16. Looking backwards to look forward:
• Many Security and Operational Best Practices Standards Exist, are Being Created &
Updated
– International (e.g. ISO - International Standards Organization, NIST - National Institute
of Standards)
– Governmental & Quasi-Governmental (e.g. EPC - European Payments Council & SEPA-
Single European Payments Area)
– Channel Specific (e.g. EMV Chip & PIN and 3DS, PCI – Payment Card Industry)
Vauban’s Layered Defenses at
Rocroi
Vauban’s ‘Other’ Defensive Layers
17. A Coordinated Societal Response:
We need to see ourselves into the future we want to live in …
• Critical National Infrastructure (CNI) learning & information sharing / CERTs
• Police Computer Crimes Units (CCU) – real, rapid and substantive
deterrence and criminal punishments
• Industry working collaboratively; sharing information, standards bodies
and frameworks, encryption and data de-valuation and building rapid
internal response capabilities, minimise impacts on customers
• Proposed European rules; emphasis on self certification schemes, breach
notification and stiff penalties
18. Summary
References & Credits:
• Fraud Triangle – Donald Cressey & Diamond
• Andrew Stone & Willie Sutton & John Dillinger
• Dishonesty Animated & Dan Ariely & Cheating
is Fun & Sutherland & Cressey
• Zeus Trojan, Man-in-Browser & Spear Phishing
• Botnets for rent, DDoS & Citadel
Yes, systemic fraud and ‘modern’ Bank Robbery hurts society and <!fluffy
kittens!> …
Old fashioned bank robbery only went away with community support and
organised policing… Yes, look to your Citadel and your Castle and Your Moat,
Understand your Enemy … but …
…Look over your citadel walls and find your friends …
Q&A: (you can usually find me wherever there is food or coffee being served ;-)
• NYTimes $45M in 1-Day & ‘New Bank Robbery’ & ATM
• Carbanak / Anunak
• ATM Jackpotting Commercial Software – Electronic
Bank Robberies [30c3] – YouTube ▶ 56:19
• Tommy Gun & Stuxnet & Regin Banking Malware
• ‘Standards’: ISO, NIST, PCI & Circl.lu, EU Data Privacy
• Vauban Fortifications & New Brisach & Luxembourg
20. My lessons learned
… ‘X’ is a BaFin regulated and
monitored payment institute
there is no need for any
auditing at ‘X’ premises and ‘X’
is not authorized to allow such
audits (e.g.PCI-DSS)…
http://www.bafin.de/SharedDocs/Veroeffentlichungen/EN
/Fachartikel/2013/fa_bj_2013_11_it_sicherheit_en.html
(Not) Sun Tzu: Keep
your friends close, but
your enemies closer
Editor's Notes
Part I:
Banks were evil, putting people out in street while living lavish lifestyles, robbers as folk heroes
PtII: Poster boys for low-level street thugs, ‘livin la vida gangsta’ complete with selfies