SecurityBrief Asia - Technology news for CISOs & cybersecurity decision-makers
Story image
Cybercriminals laundering $200b in ill-gotten gains – here’s how
Sat, 17th Mar 2018
FYI, this story is more than a year old

A new report has landed with a number of startling findings, including the confirmation of a bustling cybercrime laundry market.

The comprehensive report from Bromium based on a nine month study found that up to US$200 billion in illegal cybercrime profits is laundered every year, making up an estimated 8-10 percent of total illegal profits laundered around the world.

“We invested in this research to instigate a meaningful conversation about how to disrupt the economic systems and poor security practices that enable cybercrime around the world; frankly because it's far too easy for them,” says Bromium CEO Gregory Webb.

“Today it is easy for hackers to infect machines, steal data, and hold businesses and individuals for ransom or sell stolen IP because enterprise defences are not fit for purpose. It is equally easy for them to wash that money and convert it into cash – and the rise in use of unregulated, virtual currencies is making this even easier.

Bromium's report will certainly start many interesting conversations, with insightful findings around how cybercriminals are laundering their proceeds, including:

  • Virtual currencies have become the primary tool used by cybercriminals for money laundering
  • Cybercriminals are moving away from Bitcoin to less recognised virtual currencies, like Monero, that provide greater anonymity
  • In-game purchases and currencies are spurring a rise in gaming-related laundering; as China and South Korea become hotspots for gaming-currency laundering
  • Covert data collection found that PayPal and other digital payment systems are employed by cybercriminals to launder money
  • Digital payment systems laundering often involves the use of micro-laundering techniques where multiple, small payments are made so laundering limits aren't triggered
Virtual currencies – Bitcoin falling out of favour with criminals?

According to Bromium, many cybercriminals are using virtual currency to make property purchases, effectively converting illegal proceeds into legitimate cash and assets.

There are websites (like Bitcoin Real Estate) with everything on offer from penthouse suites to 160 acre private islands that offer purchases using bitcoins. This option is popular as cryptocurrencies aren't subjected to the close regulation and scrutiny that traditional cash purchases receive.

In fact, the report found that nearly 25 percent of total property sales are forecast to be made with cryptocurrency in just the next few years – a concerning statistic for financial analysts as swifter, more covert transactions (many with criminal origins) could disrupt global property markets.

However, law enforcement agencies are now paying particular attention to Bitcoin which has caused many cybercriminals to look for alternatives. According to Bromium, information on Bitcoin transactions can leak during web transactions (most often through web trackers or cookies), allowing the connection of individuals to transactions in up to 60 percent of Bitcoin payments.

Surrey University senior lecturer in criminology and researcher and report author Dr. Mike McGuire says this has led to cybercriminals utilising other more anonymous options, like Monero.

“It's no surprise to see cybercriminals using virtual currency for money laundering. The attraction is obvious. It's digital, so is an easily convertible way of acquiring and transferring cybercrime revenue,” says Dr. McGuire.

“Anonymity is also key, with platforms like Monero designed to be truly anonymous, and tumbler services like CoinJoin that can obscure transaction origins. Targeted organisations must do more to protect their customers.

Considerable time spent on laundering through in-game currency and goods

Cybercriminals are increasingly converting stolen income into video game currency or in-game items like gold, which are converted into Bitcoin or other electronic formats. Bromium says games like Minecraft, FIFA, World of Warcraft, Final Fantasy, Star Wars Online and GTA 5 are the most popular options given they provide covert interactions with other players that allow trade of currency and goods.

“This trend appears to be particularly prevalent in countries like South Korea and China – with South Korean police arresting a gang transferring $38 million laundered in Korean games, back to China,” says Dr. McGuire.

“The advice on how to do this is readily available online and explains how cybercriminals can launder proceeds through both in-game currencies and goods.

‘Secure' digital payment systems facilitating laundering

The report estimates 10 percent of cybercriminals are using PayPal to launder money, with a further 35 percent utilising other digital payment systems like Skrill, Dwoll, Zoom, and mobile payment systems like M-Pesa.

One method that is becoming increasingly common and more difficult to detect is called ‘micro laundering' where thousands of small electronic payments are made through platforms like PayPal. Another common technique is to use online transactions via sites like eBay to encourage the laundering.

“The growing use of digital payment systems by cybercriminals is creating significant problems for the global financial system. Revenues that previously would have flowed within proven and well-established banking systems and could be traced are now outside of its jurisdiction,” says Dr. McGuire.

“Digital payment systems are most effective when combined with other digital resources, like virtual currencies and online banking. This hides the money trail and confuses law enforcement and financial regulators.

Dr. McGuire says now is the time for change, where law enforcement, the cybersecurity industry and both the public and private sectors need to be vigilant about disrupting cybercrime.

“We need a whole new approach to cybersecurity or these figures will continue to increase over time,” Dr. McGuire concludes.

Further findings will be released during the RSA Conference in San Francisco on April 20 where Dr. McGuire will present the full report.