Risk
5/28/2013
01:29 PM
50%
50%

Liberty Reserve Laundered $6 Billion, Say Feds

Executives at money-transfer business Liberty Reserve charged with running "bank of choice for the criminal underworld."

The Department of Justice Tuesday accused executives of digital currency company Liberty Reserve of orchestrating a $6 billion money laundering scheme and running an unlicensed money-transfer business.

The Liberty Reserve investigation -- which involved law enforcement agencies in 17 countries -- is believed to be the biggest international money laundering prosecution in history, according to the Department of Justice.

A 27-page indictment, unsealed Tuesday in federal court, charged seven employees of the company, which is based in Costa Rica, with running a system "designed so that criminals could effect financial transactions under multiple layers of anonymity and thereby avoid apprehension by law enforcement."

"Not surprisingly, Liberty Reserve was in fact used extensively for illegal purposes, functioning in effect as the bank of choice for the criminal underworld," the indictment continued, which also reported that numerous stolen credit card data and personal identity information traffickers, Ponzi scheme peddlers, gambling providers, illegal drug-dealing retailers as well as hackers for hire were regular users of the service.

[ Legislation is not the answer when it comes to cyber attacks on financial institutions. Read Laws Can't Save Banks From DDoS Attacks. ]

"Liberty Reserve users routinely established accounts under false names -- including such blatantly criminal monikers as 'Russia Hackers' and 'Hacker Account,'" it read. "Liberty Reserve users then engaged in criminal transactions with an impunity that would have been impossible in the legitimate financial system."

Liberty Reserve had been regularly cited by security researchers -- together with PayPal, Western Union and WebMoney -- as being a payment scheme regularly used to sell cybercrime services.

Five of the seven people named in the indictment were arrested Friday. The arrests took place in Costa Rica, New York and Spain. Liberty Reserve's website was also shut down last week, reported security journalist Brian Krebs. According to Costa Rican news reports, the company's founder, Arthur Budovsky Belanchuk, 39, was arrested Friday in Spain.

The Liberty Reserve website shutdown caused immediate concern in the cybercrime underground, with hacker "off-sho.re," who operates a bulletproof hosting provider, telling Krebs he stood to lose $25,000 in what "could be the most massive ownage in the history of e-currency."

According to the indictment, Liberty Reserve officials attempted to evade anti-money-laundering regulations in Costa Rica by creating a portal that "appeared to give Costa Rican regulators the ability to access Liberty Reserve transactional information and monitor it for suspicious activity." But authorities said that internal communications between company employees acknowledged that the displayed information was largely "fake."

Facing increased pressure from the U.S. Department of the Treasury's Financial Crimes Enforcement Network in 2011, Liberty Reserve officials told Costa Rican regulators that the company had been purchased by a foreign company and would cease operations, according to the indictment. But they allegedly continued to operate underground, using "stripped-down staff working out of office space held in the name of shell companies."

Executives began transferring funds from Costa Rica to an account in Cyprus, and from there to accounts in Russia, according to the indictment. After Costa Rican officials seized $19.5 million, the executives allegedly began moving money to two dozen shell-company accounts held in Australia, China, Cyprus, Hong Kong, Morocco and Spain.

There is nothing in the enterprise that warrants protection more than data, but security pros all too often focus more on perimeter security. In the Tools And Strategies For File-Level Data Protection report from Dark Reading, we recommend several ways that security pros can effectively ensure that data is kept from prying eyes. (Free registration required.)

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Security Operations and IT Operations: Finding the Path to Collaboration
A wide gulf has emerged between SOC and NOC teams that's keeping both of them from assuring the confidentiality, integrity, and availability of IT systems. Here's how experts think it should be bridged.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.