Risk
5/28/2013
01:29 PM
50%
50%

Liberty Reserve Laundered $6 Billion, Say Feds

Executives at money-transfer business Liberty Reserve charged with running "bank of choice for the criminal underworld."

The Department of Justice Tuesday accused executives of digital currency company Liberty Reserve of orchestrating a $6 billion money laundering scheme and running an unlicensed money-transfer business.

The Liberty Reserve investigation -- which involved law enforcement agencies in 17 countries -- is believed to be the biggest international money laundering prosecution in history, according to the Department of Justice.

A 27-page indictment, unsealed Tuesday in federal court, charged seven employees of the company, which is based in Costa Rica, with running a system "designed so that criminals could effect financial transactions under multiple layers of anonymity and thereby avoid apprehension by law enforcement."

"Not surprisingly, Liberty Reserve was in fact used extensively for illegal purposes, functioning in effect as the bank of choice for the criminal underworld," the indictment continued, which also reported that numerous stolen credit card data and personal identity information traffickers, Ponzi scheme peddlers, gambling providers, illegal drug-dealing retailers as well as hackers for hire were regular users of the service.

[ Legislation is not the answer when it comes to cyber attacks on financial institutions. Read Laws Can't Save Banks From DDoS Attacks. ]

"Liberty Reserve users routinely established accounts under false names -- including such blatantly criminal monikers as 'Russia Hackers' and 'Hacker Account,'" it read. "Liberty Reserve users then engaged in criminal transactions with an impunity that would have been impossible in the legitimate financial system."

Liberty Reserve had been regularly cited by security researchers -- together with PayPal, Western Union and WebMoney -- as being a payment scheme regularly used to sell cybercrime services.

Five of the seven people named in the indictment were arrested Friday. The arrests took place in Costa Rica, New York and Spain. Liberty Reserve's website was also shut down last week, reported security journalist Brian Krebs. According to Costa Rican news reports, the company's founder, Arthur Budovsky Belanchuk, 39, was arrested Friday in Spain.

The Liberty Reserve website shutdown caused immediate concern in the cybercrime underground, with hacker "off-sho.re," who operates a bulletproof hosting provider, telling Krebs he stood to lose $25,000 in what "could be the most massive ownage in the history of e-currency."

According to the indictment, Liberty Reserve officials attempted to evade anti-money-laundering regulations in Costa Rica by creating a portal that "appeared to give Costa Rican regulators the ability to access Liberty Reserve transactional information and monitor it for suspicious activity." But authorities said that internal communications between company employees acknowledged that the displayed information was largely "fake."

Facing increased pressure from the U.S. Department of the Treasury's Financial Crimes Enforcement Network in 2011, Liberty Reserve officials told Costa Rican regulators that the company had been purchased by a foreign company and would cease operations, according to the indictment. But they allegedly continued to operate underground, using "stripped-down staff working out of office space held in the name of shell companies."

Executives began transferring funds from Costa Rica to an account in Cyprus, and from there to accounts in Russia, according to the indictment. After Costa Rican officials seized $19.5 million, the executives allegedly began moving money to two dozen shell-company accounts held in Australia, China, Cyprus, Hong Kong, Morocco and Spain.

There is nothing in the enterprise that warrants protection more than data, but security pros all too often focus more on perimeter security. In the Tools And Strategies For File-Level Data Protection report from Dark Reading, we recommend several ways that security pros can effectively ensure that data is kept from prying eyes. (Free registration required.)

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Tech Digest, Dec. 19, 2014
Software-defined networking can be a net plus for security. The key: Work with the network team to implement gradually, test as you go, and take the opportunity to overhaul your security strategy.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-4440
Published: 2014-12-19
Password Generator (aka Pwgen) before 2.07 generates weak non-tty passwords, which makes it easier for context-dependent attackers to guess the password via a brute-force attack.

CVE-2013-4442
Published: 2014-12-19
Password Generator (aka Pwgen) before 2.07 uses weak pseudo generated numbers when /dev/urandom is unavailable, which makes it easier for context-dependent attackers to guess the numbers.

CVE-2013-7401
Published: 2014-12-19
The parse_request function in request.c in c-icap 0.2.x allows remote attackers to cause a denial of service (crash) via a URI without a " " or "?" character in an ICAP request, as demonstrated by use of the OPTIONS method.

CVE-2014-2026
Published: 2014-12-19
Cross-site scripting (XSS) vulnerability in the search functionality in United Planet Intrexx Professional before 5.2 Online Update 0905 and 6.x before 6.0 Online Update 10 allows remote attackers to inject arbitrary web script or HTML via the request parameter.

CVE-2014-2716
Published: 2014-12-19
Ekahau B4 staff badge tag 5.7 with firmware 1.4.52, Real-Time Location System (RTLS) Controller 6.0.5-FINAL, and Activator 3 reuses the RC4 cipher stream, which makes it easier for remote attackers to obtain plaintext messages via an XOR operation on two ciphertexts.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Join us Wednesday, Dec. 17 at 1 p.m. Eastern Time to hear what employers are really looking for in a chief information security officer -- it may not be what you think.