Risk
5/28/2013
01:29 PM
Connect Directly
RSS
E-Mail
50%
50%

Liberty Reserve Laundered $6 Billion, Say Feds

Executives at money-transfer business Liberty Reserve charged with running "bank of choice for the criminal underworld."

The Department of Justice Tuesday accused executives of digital currency company Liberty Reserve of orchestrating a $6 billion money laundering scheme and running an unlicensed money-transfer business.

The Liberty Reserve investigation -- which involved law enforcement agencies in 17 countries -- is believed to be the biggest international money laundering prosecution in history, according to the Department of Justice.

A 27-page indictment, unsealed Tuesday in federal court, charged seven employees of the company, which is based in Costa Rica, with running a system "designed so that criminals could effect financial transactions under multiple layers of anonymity and thereby avoid apprehension by law enforcement."

"Not surprisingly, Liberty Reserve was in fact used extensively for illegal purposes, functioning in effect as the bank of choice for the criminal underworld," the indictment continued, which also reported that numerous stolen credit card data and personal identity information traffickers, Ponzi scheme peddlers, gambling providers, illegal drug-dealing retailers as well as hackers for hire were regular users of the service.

[ Legislation is not the answer when it comes to cyber attacks on financial institutions. Read Laws Can't Save Banks From DDoS Attacks. ]

"Liberty Reserve users routinely established accounts under false names -- including such blatantly criminal monikers as 'Russia Hackers' and 'Hacker Account,'" it read. "Liberty Reserve users then engaged in criminal transactions with an impunity that would have been impossible in the legitimate financial system."

Liberty Reserve had been regularly cited by security researchers -- together with PayPal, Western Union and WebMoney -- as being a payment scheme regularly used to sell cybercrime services.

Five of the seven people named in the indictment were arrested Friday. The arrests took place in Costa Rica, New York and Spain. Liberty Reserve's website was also shut down last week, reported security journalist Brian Krebs. According to Costa Rican news reports, the company's founder, Arthur Budovsky Belanchuk, 39, was arrested Friday in Spain.

The Liberty Reserve website shutdown caused immediate concern in the cybercrime underground, with hacker "off-sho.re," who operates a bulletproof hosting provider, telling Krebs he stood to lose $25,000 in what "could be the most massive ownage in the history of e-currency."

According to the indictment, Liberty Reserve officials attempted to evade anti-money-laundering regulations in Costa Rica by creating a portal that "appeared to give Costa Rican regulators the ability to access Liberty Reserve transactional information and monitor it for suspicious activity." But authorities said that internal communications between company employees acknowledged that the displayed information was largely "fake."

Facing increased pressure from the U.S. Department of the Treasury's Financial Crimes Enforcement Network in 2011, Liberty Reserve officials told Costa Rican regulators that the company had been purchased by a foreign company and would cease operations, according to the indictment. But they allegedly continued to operate underground, using "stripped-down staff working out of office space held in the name of shell companies."

Executives began transferring funds from Costa Rica to an account in Cyprus, and from there to accounts in Russia, according to the indictment. After Costa Rican officials seized $19.5 million, the executives allegedly began moving money to two dozen shell-company accounts held in Australia, China, Cyprus, Hong Kong, Morocco and Spain.

There is nothing in the enterprise that warrants protection more than data, but security pros all too often focus more on perimeter security. In the Tools And Strategies For File-Level Data Protection report from Dark Reading, we recommend several ways that security pros can effectively ensure that data is kept from prying eyes. (Free registration required.)

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Must Reads - September 25, 2014
Dark Reading's new Must Reads is a compendium of our best recent coverage of identity and access management. Learn about access control in the age of HTML5, how to improve authentication, why Active Directory is dead, and more.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-5485
Published: 2014-09-30
registerConfiglet.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via unspecified vectors, related to the admin interface.

CVE-2012-5486
Published: 2014-09-30
ZPublisher.HTTPRequest._scrubHeader in Zope 2 before 2.13.19, as used in Plone before 4.3 beta 1, allows remote attackers to inject arbitrary HTTP headers via a linefeed (LF) character.

CVE-2012-5487
Published: 2014-09-30
The sandbox whitelisting function (allowmodule.py) in Plone before 4.2.3 and 4.3 before beta 1 allows remote authenticated users with certain privileges to bypass the Python sandbox restriction and execute arbitrary Python code via vectors related to importing.

CVE-2012-5488
Published: 2014-09-30
python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via a crafted URL, related to createObject.

CVE-2012-5489
Published: 2014-09-30
The App.Undo.UndoSupport.get_request_var_or_attr function in Zope before 2.12.21 and 3.13.x before 2.13.11, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote authenticated users to gain access to restricted attributes via unspecified vectors.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
In our next Dark Reading Radio broadcast, we’ll take a close look at some of the latest research and practices in application security.