Interviews

Cyber money laundering

by Mark Rowe

Laundering through in-game currency and goods is on the rise, according to an academic study into the macro economics of cybercrime and how cybercriminals launder and ‘cash out’ the profits of crimes. The findings are part of a larger nine-month study titled Into the Web of Profit, sponsored by Bromium. The full findings will be presented during the five-day cyber RSA Conference in April by Dr Mike McGuire, Senior Lecturer in Criminology at the University of Surrey.

According to the report, cybercriminal proceeds make up an estimated 8pc to 10pc of total illegal profits laundered globally; amounting to an estimated $80-$200 billion each year. The report suggests that virtual currencies have become the primary tool used by cybercriminals for money laundering; cybercriminals are moving away from Bitcoin to less recognized virtual currencies, like Monero, that provide greater anonymity; and as in-game purchases and currencies are spurring a rise in gaming-related laundering, China and South Korea have become hotspots for gaming-currency laundering. Covert data collection found that PayPal and other digital payment systems are employed by cybercriminals to launder money.

Dr Mike McGuire said: “It’s no surprise to see cybercriminals using virtual currency for money laundering. The attraction is obvious. It’s digital, so is an easily convertible way of acquiring and transferring cybercrime revenue. Anonymity is also key, with platforms like Monero designed to be truly anonymous, and tumbler services like CoinJoin that can obscure transaction origins. Targeted organizations must do more to protect their customers.”

The report also indicates that cybercriminals are spending “considerable time” converting stolen income into video game currency or in-game items like gold, which are then converted into bitcoin or other electronic formats. Games such as Minecraft, FIFA, World of Warcraft, Final Fantasy, Star Wars Online and GTA 5 are among the most popular options because they allow covert interactions with other players that allow trade of currency and goods. Dr McGuire added, “Gaming currencies and items that can be easily converted and moved across borders offer an attractive prospect to cybercriminals. This trend appears to be particularly prevalent in countries like South Korea and China – with South Korean police arresting a gang transferring $38 million laundered in Korean games, back to China. The advice on how to do this is readily available online and explains how cybercriminals can launder proceeds through both in-game currencies and goods.”

Gregory Webb, CEO of Bromium, said: “We invested in this research to instigate a meaningful conversation about how to disrupt the economic systems and poor security practices that enable cybercrime around the world; frankly because it’s far too easy for them. Today it is easy for hackers to infect machines, steal data, and hold businesses and individuals for ransom or sell stolen IP because enterprise defences are not fit for purpose. It is equally easy for them to wash that money and convert it into cash – and the rise in use of unregulated, virtual currencies is making this even easier. We need to attack the problem in a different way. Law enforcement, the cybersecurity industry and both the public and private sectors need to be vigilant about disrupting cybercrime. Protecting applications that access sensitive data is an absolute requirement. We need a whole new approach to cybersecurity or these figures will continue to increase over time.”

Many cybercriminals are using virtual currency to make property purchases which convert illegal proceeds into legitimate cash and assets. Websites such as Bitcoin Real Estate offer everything from penthouse suites and lavish mansions, to 160-acre private islands, all with the option to buy using bitcoins. Unlike cash purchases which are subject to regulation and scrutiny, properties purchased with cryptocurrency are not as closely scrutinised because cryptocurrencies aren’t regulated by central banks or governments. The study found that nearly 25 percent of total property sales are predicted to be in cryptocurrency in the next few years. This is concerning financial analysts who worry that allowing swifter, more covert transactions, many with criminal origins, will disrupt global property markets.

However, as the report highlights, law enforcement agencies are now monitoring Bitcoin, causing many cybercriminals to look for alternatives. Information on bitcoin transactions can leak during web transactions – typically via web trackers or cookies. This means that connecting transactions to individuals is possible in up to 60 percent of Bitcoin payments.

Covert data collection in online forums and interviews including with cybercriminals indicate that an estimated 10 percent of cybercriminals are using PayPal to launder money. A further 35 percent use other digital payment systems, including Skrill, Dwoll, Zoom, and mobile payment systems like M-Pesa. Methods like ‘micro laundering’, where thousands of small electronic payments are made through platforms like PayPal, are increasingly common and more difficult to detect. Another common technique is to use online transactions – via sites like eBay – to facilitate the laundering.

Dr McGuire adds: “The growing use of digital payment systems by cybercriminals is creating significant problems for the global financial system. Revenues that previously would have flowed within proven and well-established banking systems and could be traced are now outside of its jurisdiction. Digital payment systems are most effective when combined with other digital resources, like virtual currencies and online banking. This hides the money trail and confuses law enforcement and financial regulators.”

Further findings will be released during the RSA Conference in San Francisco, at Dr McGuire’s talk on Friday, April 20.

Related News

  • Interviews

    Formjacking attacks

    by Mark Rowe

    Hackers have form, and a new approach, writes Paolo Passeri, pictured, Cyber Intelligence Principal at the cloud security product company Netskope. Formjacking…

Newsletter

Subscribe to our weekly newsletter to stay on top of security news and events.

© 2024 Professional Security Magazine. All rights reserved.

Website by MSEC Marketing