Risk
5/28/2013
01:29 PM
50%
50%

Liberty Reserve Laundered $6 Billion, Say Feds

Executives at money-transfer business Liberty Reserve charged with running "bank of choice for the criminal underworld."

The Department of Justice Tuesday accused executives of digital currency company Liberty Reserve of orchestrating a $6 billion money laundering scheme and running an unlicensed money-transfer business.

The Liberty Reserve investigation -- which involved law enforcement agencies in 17 countries -- is believed to be the biggest international money laundering prosecution in history, according to the Department of Justice.

A 27-page indictment, unsealed Tuesday in federal court, charged seven employees of the company, which is based in Costa Rica, with running a system "designed so that criminals could effect financial transactions under multiple layers of anonymity and thereby avoid apprehension by law enforcement."

"Not surprisingly, Liberty Reserve was in fact used extensively for illegal purposes, functioning in effect as the bank of choice for the criminal underworld," the indictment continued, which also reported that numerous stolen credit card data and personal identity information traffickers, Ponzi scheme peddlers, gambling providers, illegal drug-dealing retailers as well as hackers for hire were regular users of the service.

[ Legislation is not the answer when it comes to cyber attacks on financial institutions. Read Laws Can't Save Banks From DDoS Attacks. ]

"Liberty Reserve users routinely established accounts under false names -- including such blatantly criminal monikers as 'Russia Hackers' and 'Hacker Account,'" it read. "Liberty Reserve users then engaged in criminal transactions with an impunity that would have been impossible in the legitimate financial system."

Liberty Reserve had been regularly cited by security researchers -- together with PayPal, Western Union and WebMoney -- as being a payment scheme regularly used to sell cybercrime services.

Five of the seven people named in the indictment were arrested Friday. The arrests took place in Costa Rica, New York and Spain. Liberty Reserve's website was also shut down last week, reported security journalist Brian Krebs. According to Costa Rican news reports, the company's founder, Arthur Budovsky Belanchuk, 39, was arrested Friday in Spain.

The Liberty Reserve website shutdown caused immediate concern in the cybercrime underground, with hacker "off-sho.re," who operates a bulletproof hosting provider, telling Krebs he stood to lose $25,000 in what "could be the most massive ownage in the history of e-currency."

According to the indictment, Liberty Reserve officials attempted to evade anti-money-laundering regulations in Costa Rica by creating a portal that "appeared to give Costa Rican regulators the ability to access Liberty Reserve transactional information and monitor it for suspicious activity." But authorities said that internal communications between company employees acknowledged that the displayed information was largely "fake."

Facing increased pressure from the U.S. Department of the Treasury's Financial Crimes Enforcement Network in 2011, Liberty Reserve officials told Costa Rican regulators that the company had been purchased by a foreign company and would cease operations, according to the indictment. But they allegedly continued to operate underground, using "stripped-down staff working out of office space held in the name of shell companies."

Executives began transferring funds from Costa Rica to an account in Cyprus, and from there to accounts in Russia, according to the indictment. After Costa Rican officials seized $19.5 million, the executives allegedly began moving money to two dozen shell-company accounts held in Australia, China, Cyprus, Hong Kong, Morocco and Spain.

There is nothing in the enterprise that warrants protection more than data, but security pros all too often focus more on perimeter security. In the Tools And Strategies For File-Level Data Protection report from Dark Reading, we recommend several ways that security pros can effectively ensure that data is kept from prying eyes. (Free registration required.)

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Tech Digest, Dec. 19, 2014
Software-defined networking can be a net plus for security. The key: Work with the network team to implement gradually, test as you go, and take the opportunity to overhaul your security strategy.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-2208
Published: 2014-12-28
CRLF injection vulnerability in the LightProcess protocol implementation in hphp/util/light-process.cpp in Facebook HipHop Virtual Machine (HHVM) before 2.4.2 allows remote attackers to execute arbitrary commands by entering a \n (newline) character before the end of a string.

CVE-2014-2209
Published: 2014-12-28
Facebook HipHop Virtual Machine (HHVM) before 3.1.0 does not drop supplemental group memberships within hphp/util/capability.cpp and hphp/util/light-process.cpp, which allows remote attackers to bypass intended access restrictions by leveraging group permissions for a file or directory.

CVE-2014-5386
Published: 2014-12-28
The mcrypt_create_iv function in hphp/runtime/ext/mcrypt/ext_mcrypt.cpp in Facebook HipHop Virtual Machine (HHVM) before 3.3.0 does not seed the random number generator, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging the use of a single initial...

CVE-2014-6123
Published: 2014-12-28
IBM Rational AppScan Source 8.0 through 8.0.0.2 and 8.5 through 8.5.0.1 and Security AppScan Source 8.6 through 8.6.0.2, 8.7 through 8.7.0.1, 8.8, 9.0 through 9.0.0.1, and 9.0.1 allow local users to obtain sensitive credential information by reading installation logs.

CVE-2014-6160
Published: 2014-12-28
IBM WebSphere Service Registry and Repository (WSRR) 8.5 before 8.5.0.1, when Chrome and WebSEAL are used, does not properly process ServiceRegistryDashboard logout actions, which allows remote attackers to bypass intended access restrictions by leveraging an unattended workstation.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Join us Wednesday, Dec. 17 at 1 p.m. Eastern Time to hear what employers are really looking for in a chief information security officer -- it may not be what you think.