11:12 AM

Cyber Criminals Find New Online Currency Service

Since the Justice Department shut down digital currency service Liberty Reserve, a new cyber underground payment standard has emerged.

9 Android Apps To Improve Security, Privacy
9 Android Apps To Improve Security, Privacy
(click image for larger view)
How are hackers moving money in the wake of U.S. authorities taking down online currency service Liberty Reserve?

After a temporary lull in online payment activity, cybercriminals have increasingly been turning to a service known as Perfect Money, said Idan Aharoni, the head of cyber intelligence at EMC Corp's RSA security division. "We expected a large migration to another e-currency, and that has happened," Aharoni told Reuters on Friday.

Together with shutting down the Liberty Reserve site in May, the Department of Justice charged seven employees of the Costa Rica-based operation with having facilitated $6 billion in money laundering. As part of that takedown, U.S. authorities also filed a civil action against 35 exchanger websites related to Liberty Reserve, seeking that their domain names be forfeited.

Those efforts lead to the inevitable question of how the service's existing 1 million worldwide users might next move money without leaving a trail.

[ Here's one way the National Security Agency is hoping to plug leaks: NSA Cuts 90% Of System Admin Jobs. ]

Last week, an unnamed source told TechWeekEurope that multiple carder forums -- marketplaces for buying and selling stolen credit card information -- have adopted Perfect Money as their new default payment method. Other carder sites, meanwhile, have also reportedly added Perfect Money -- as well as WebMoney, also known as WMZ -- as new payment options. Still, based on chatter on underground cybercrime forums, some hackers' requests to join Perfect Money have recently been rejected on the grounds that their "type of activity is not welcome."

Could Perfect Money be actively trying to avoid the ire of U.S. banking regulators and law enforcement agencies and thus the fate suffered by Liberty Reserve? The service issued a customer advisory on June 15, warning that "all accounts that belong to U.S. citizens/residents/U.S. companies will be disabled on 1st of July." On that date, those accounts were set to be frozen, and no more transactions would be allowed. "Please do not postpone taking action to withdraw your balance," it said.

Closing out an account wouldn't be cheap, with Perfect Money charging a fixed $100 fee, plus 3% of the amount withdrawn. In addition, while the service promises a 4% annual interest rate on balances, it also charges fees for internal transfers (0.5%), wire transfer deposits (1.5% and up) and wire transfer withdrawals (4%).

On the upside, the online payment service offers more robust security than the average bank, including sending optional one-time codes sent via SMS -- each of which costs a customer $0.10 to generate -- for logging in. The service also records the IP address used to set up an account. Every time someone attempts to access a particular Perfect Money account from an IP address that's not on file, the service emails a one-time access code to the account holder's verified email address, which must be entered into the website before the transaction can proceed.

But who runs Perfect Money, and to which banking regulators might the service be answerable? That's not clear. According to some news reports, the service is based in Panama. But that country's financial regulators have said that Perfect Money has no registered offices in the country.

More clues: The service is customized for use in 20 different languages -- but says it provides customer support only in English -- and the website has been registered using Iceland's top-level domain name. The website also lists a mailing address in Hong Kong, but no phone number or email address. A query made via the website, requesting information on where the service is based, as well as what steps it's taken to avoid being targeted by U.S. financial regulators, wasn't returned.

To what extent would an e-currency service be responsible for policing its customers? Seth Ginsberg, a lawyer for former Liberty Reserve principal Mark Marmilev -- who's pleaded not guilty to money laundering charges -- said that e-currency providers shouldn't be punished because some people use the services to disguise illicit activities.

"It's my understanding that Liberty Reserve was designed to compete with mainstream financial providers. The fact that it may have been misused by various customers should not reflect on the company," Ginsburg told Reuters. Indeed, the BBC reported that many legitimate users outside the United States simply viewed Liberty Reserve as a cheaper alternative to PayPal. For example, the service offered instant transfers, and a maximum service fee of $2.99 per transaction.

"There is a legitimate need for alternatives to the mainstream financial market, so the fact that there's another company out there filling the void left by Liberty Reserve is not surprising," Ginsburg said.

For comparison purposes, in December the Department of Justice slapped British multinational bank HSBC with a record $1.9 billion fine for its "blatant failure" to implement money-laundering controls, which resulted in terrorists being able to use the bank to move money. Aside from that fine being levied, however, no arrests were made.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Security Operations and IT Operations: Finding the Path to Collaboration
A wide gulf has emerged between SOC and NOC teams that's keeping both of them from assuring the confidentiality, integrity, and availability of IT systems. Here's how experts think it should be bridged.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.