Attacks/Breaches

3/19/2018
07:00 AM
Connect Directly
Twitter
LinkedIn
Google+
RSS
E-Mail
50%
50%

Cybercriminals Launder Up to $200B in Profit Per Year

Cybercrime funds make up 8-10% of all illegal profits laundered and amount to $80-200 billion each year.

Cybercriminals launder an estimated $80-200 billion in illegal profit each year, which amounts to 8-10% of all illegal proceeds laundered around the world. Virtual currencies are the most common tool used for money laundering - but Bitcoin isn't quite as trendy among hackers.

The data comes from Into the Web of Profit, an independent academic study sponsored by Bromium and conducted by Dr. Mike McGuire, senior lecturer in Criminology at Surrey University in England. It's a nine-month study into the macroeconomics of cybercrime and how cybercriminals "cash out" the funds they generate through illegal activity.

With his academic background as a criminologist, Dr. McGuire has a decidedly different approach to cybercrime and focuses on how human factors affect behavior. In other words, he explores "not just that there are bad guys doing bad things, but the way responses are made."

This study began as a simple question: What do cybercriminals spend their money on? However, it quickly evolved as Dr. McGuire discovered what he calls the "cybercrime economy." His research turned into a broader study on how money flows around the criminal ecosystem.

"We've got to move beyond this idea that cybercrime is like a business - it's more than that. It's like an economy which mirrors the legitimate economy," he explains. "Increasingly, what we're seeing is the legitimate economy is feeding off the cybercrime economy."

This economy consists of three parts: how cybercriminals' revenue is generated, where that money goes, and what they do with the money when they move it around. Once the flow of money is understood, businesses can better determine how to protect themselves.

Virtual Currency is in. Bitcoin is out.

There are several reasons why cybercriminals are turning to cryptocurrency. They're easily acquired, for one, and they have a reputation for enabling anonymous transactions.

Cybercriminals often cash out their virtual currencies by directly converting them into assets. Several sites, including Bitcoin Real Estate, let customers buy high-value properties (think tropical islands and penthouses in Paris) while evading financial regulators.

About 25% of all property sales will be conducted in cryptocurrency within the next few years, the report states. It's concerning to financial analysts who fear swift and sneaky transactions, often paid for with criminal proceeds, will disrupt the global property market.

However, attackers are learning some digital currencies are more appealing than others.

"There's almost a wholesale movement away from Bitcoin in the cybercrime world," says McGuire. Bitcoin's blockchain technology means all transactions are transparent, even if the users' identities remain concealed.

This transparency has caused cybercriminals to explore software "tumbler" tools like CoinSwap and CoinJoin to hide where their payments come from. Yet even these are ineffective. Researchers at Princeton found data often leaks during these Web interactions through trackers and cookies. As a result, it's possible to pinpoint users in 60% of transactions.

Now cybercriminals are adopting more anonymous currencies like Monero and Zcash.

Laundering via Gaming and Paypal

Cybercriminals often convert stolen funds into in-game currencies and then back into Bitcoin or other digital currencies. Popular games for this tactic include FIFA, Minecraft, World of Warcraft, Final Fantasy, Star Wars Online, and Grand Theft Auto 5.

FinCEN has stated that with respect to laundering, any person or business involved with currency exchange within games may be prosecuted as a "money transmitter." Gaming companies are also increasingly aware that criminals leverage their games for fraud. Kabam, for example, warned users of possible misure of the currency used in its "Hobbit" game.

Digital payment systems (DPS), most frequently PayPal, are also exploited because they can be used anonymously. They're most effective when they can be combined with other laundering techniques and resources, Dr. McGuire found. Many use sites like Ebay, which owns PayPal, to conduct the laundering so the activity seems less suspicious when it's processed in PayPal.

By collecting data on online forums and interviewing both experts and cybercriminals, Dr. McGuire learned at least 10% of them used PayPal in some capacity to launder money - in some cases, up to £250,000, even though PayPal only allows a maximum of £2,500 per transaction.

Some criminals resort to micro-laundering, in which they use thousands of small electronic payments to launder a large sum of money. Dr. McGuire notes that during the HSBC laundering incident, testimony indicated that bank employees used PayPal to launder cash. Their process started with amounts as small as $0.15 over a period of up to 60 days. Over time they laundered hundreds of thousands of dollars through several PayPal accounts.

Dr. McGuire says while up to $200 billion is laundered each year, there is a gap between how much is made in cybercrime and how much is being laundered. The security community has to do more, he says, to stop the criminal and legitimate economies from interconnecting.

"The problem here is the cyber economy and the legitimate economy is so intertwined that some laundering is going on in cyber, then back to the real world, then back to cyber," he explains.

Related Content:

Interop ITX 2018

Join Dark Reading LIVE for two cybersecurity summits at Interop ITX. Learn from the industry’s most knowledgeable IT security experts. Early bird special ends 3/16 - use promo code 200KS for an extra $200 off. Check out the security track here.

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
DallasBishoff
100%
0%
DallasBishoff,
User Rank: Author
3/19/2018 | 10:48:25 AM
Cyber Criminals Have Mortgages
It's important for security professionals to understand their adversaries. While script kiddies are still part of the threat landscape, the real bad guys are educated, professional, disciplined, well financed, and share and conduct business within their world.

As I frequently point out to consulting clients, the bad guys pay mortgages. Their craft is their professional. They take it seriously. We have to take them serious. 
Diversity: It's About Inclusion
Kelly Jackson Higgins, Executive Editor at Dark Reading,  4/25/2018
Coviello: Modern Security Threats are 'Less About the Techniques'
Kelly Sheridan, Staff Editor, Dark Reading,  4/24/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How to Cope with the IT Security Skills Shortage
Most enterprises don't have all the in-house skills they need to meet the rising threat from online attackers. Here are some tips on ways to beat the shortage.
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.