Story image

Cybercriminals laundering $200b in ill-gotten gains – here’s how

17 Mar 18

A new report has landed with a number of startling findings, including the confirmation of a bustling cybercrime laundry market.

The comprehensive report from Bromium based on a nine month study found that up to US$200 billion in illegal cybercrime profits is laundered every year, making up an estimated 8-10 percent of total illegal profits laundered around the world.

“We invested in this research to instigate a meaningful conversation about how to disrupt the economic systems and poor security practices that enable cybercrime around the world; frankly because it’s far too easy for them,” says Bromium CEO Gregory Webb.

“Today it is easy for hackers to infect machines, steal data, and hold businesses and individuals for ransom or sell stolen IP because enterprise defences are not fit for purpose. It is equally easy for them to wash that money and convert it into cash – and the rise in use of unregulated, virtual currencies is making this even easier.”

Bromium’s report will certainly start many interesting conversations, with insightful findings around how cybercriminals are laundering their proceeds, including:

  • Virtual currencies have become the primary tool used by cybercriminals for money laundering
  • Cybercriminals are moving away from Bitcoin to less recognised virtual currencies, like Monero, that provide greater anonymity
  • In-game purchases and currencies are spurring a rise in gaming-related laundering; as China and South Korea become hotspots for gaming-currency laundering
  • Covert data collection found that PayPal and other digital payment systems are employed by cybercriminals to launder money
  • Digital payment systems laundering often involves the use of micro-laundering techniques where multiple, small payments are made so laundering limits aren’t triggered

Virtual currencies – Bitcoin falling out of favour with criminals?

According to Bromium, many cybercriminals are using virtual currency to make property purchases, effectively converting illegal proceeds into legitimate cash and assets.

There are websites (like Bitcoin Real Estate) with everything on offer from penthouse suites to 160 acre private islands that offer purchases using bitcoins. This option is popular as cryptocurrencies aren’t subjected to the close regulation and scrutiny that traditional cash purchases receive.

In fact, the report found that nearly 25 percent of total property sales are forecast to be made with cryptocurrency in just the next few years – a concerning statistic for financial analysts as swifter, more covert transactions (many with criminal origins) could disrupt global property markets.

However, law enforcement agencies are now paying particular attention to Bitcoin which has caused many cybercriminals to look for alternatives. According to Bromium, information on Bitcoin transactions can leak during web transactions (most often through web trackers or cookies), allowing the connection of individuals to transactions in up to 60 percent of Bitcoin payments.

Surrey University senior lecturer in criminology and researcher and report author Dr. Mike McGuire says this has led to cybercriminals utilising other more anonymous options, like Monero.

“It’s no surprise to see cybercriminals using virtual currency for money laundering. The attraction is obvious. It’s digital, so is an easily convertible way of acquiring and transferring cybercrime revenue,” says Dr. McGuire.

“Anonymity is also key, with platforms like Monero designed to be truly anonymous, and tumbler services like CoinJoin that can obscure transaction origins. Targeted organisations must do more to protect their customers.”

Considerable time spent on laundering through in-game currency and goods

Cybercriminals are increasingly converting stolen income into video game currency or in-game items like gold, which are converted into Bitcoin or other electronic formats. Bromium says games like Minecraft, FIFA, World of Warcraft, Final Fantasy, Star Wars Online and GTA 5 are the most popular options given they provide covert interactions with other players that allow trade of currency and goods.

“This trend appears to be particularly prevalent in countries like South Korea and China – with South Korean police arresting a gang transferring $38 million laundered in Korean games, back to China,” says Dr. McGuire.

“The advice on how to do this is readily available online and explains how cybercriminals can launder proceeds through both in-game currencies and goods.”

‘Secure’ digital payment systems facilitating laundering

The report estimates 10 percent of cybercriminals are using PayPal to launder money, with a further 35 percent utilising other digital payment systems like Skrill, Dwoll, Zoom, and mobile payment systems like M-Pesa.

One method that is becoming increasingly common and more difficult to detect is called ‘micro laundering’ where thousands of small electronic payments are made through platforms like PayPal. Another common technique is to use online transactions via sites like eBay to encourage the laundering.

“The growing use of digital payment systems by cybercriminals is creating significant problems for the global financial system. Revenues that previously would have flowed within proven and well-established banking systems and could be traced are now outside of its jurisdiction,” says Dr. McGuire.

“Digital payment systems are most effective when combined with other digital resources, like virtual currencies and online banking. This hides the money trail and confuses law enforcement and financial regulators.”

Dr. McGuire says now is the time for change, where law enforcement, the cybersecurity industry and both the public and private sectors need to be vigilant about disrupting cybercrime.

“We need a whole new approach to cybersecurity or these figures will continue to increase over time,” Dr. McGuire concludes.

Further findings will be released during the RSA Conference in San Francisco on April 20 where Dr. McGuire will present the full report.

McAfee named Leader in Magic Quadrant an eighth time
The company has been once again named as a Leader in the Gartner Magic Quadrant for Security Information and Event Management.
Symantec and Fortinet partner for integration
The partnership will deliver essential security controls across endpoint, network, and cloud environments.
Is Supermicro innocent? 3rd party test finds no malicious hardware
One of the larger scandals within IT circles took place this year with Bloomberg firing shots at Supermicro - now Supermicro is firing back.
25% of malicious emails still make it through to recipients
Popular email security programmes may fail to detect as much as 25% of all emails with malicious or dangerous attachments, a study from Mimecast says.
Google Cloud, Palo Alto Networks extend partnership
Google Cloud and Palo Alto Networks have extended their partnership to include more security features and customer support for all major public clouds.
Using blockchain to ensure regulatory compliance
“Data privacy regulations such as the GDPR require you to put better safeguards in place to protect customer data, and to prove you’ve done it."
A10 aims to secure Kubernetes container environments
The solution aims to provide teams deploying microservices applications with an automated way to integrate enterprise-grade security with comprehensive application visibility and analytics.
DigiCert conquers Google's distrust of Symantec certs
“This could have been an extremely disruptive event to online commerce," comments DigiCert CEO John Merrill.