Attacks/Breaches

3/19/2018
07:00 AM
Connect Directly
Twitter
LinkedIn
Google+
RSS
E-Mail
50%
50%

Cybercriminals Launder Up to $200B in Profit Per Year

Cybercrime funds make up 8-10% of all illegal profits laundered and amount to $80-200 billion each year.

Cybercriminals launder an estimated $80-200 billion in illegal profit each year, which amounts to 8-10% of all illegal proceeds laundered around the world. Virtual currencies are the most common tool used for money laundering - but Bitcoin isn't quite as trendy among hackers.

The data comes from Into the Web of Profit, an independent academic study sponsored by Bromium and conducted by Dr. Mike McGuire, senior lecturer in Criminology at Surrey University in England. It's a nine-month study into the macroeconomics of cybercrime and how cybercriminals "cash out" the funds they generate through illegal activity.

With his academic background as a criminologist, Dr. McGuire has a decidedly different approach to cybercrime and focuses on how human factors affect behavior. In other words, he explores "not just that there are bad guys doing bad things, but the way responses are made."

This study began as a simple question: What do cybercriminals spend their money on? However, it quickly evolved as Dr. McGuire discovered what he calls the "cybercrime economy." His research turned into a broader study on how money flows around the criminal ecosystem.

"We've got to move beyond this idea that cybercrime is like a business - it's more than that. It's like an economy which mirrors the legitimate economy," he explains. "Increasingly, what we're seeing is the legitimate economy is feeding off the cybercrime economy."

This economy consists of three parts: how cybercriminals' revenue is generated, where that money goes, and what they do with the money when they move it around. Once the flow of money is understood, businesses can better determine how to protect themselves.

Virtual Currency is in. Bitcoin is out.

There are several reasons why cybercriminals are turning to cryptocurrency. They're easily acquired, for one, and they have a reputation for enabling anonymous transactions.

Cybercriminals often cash out their virtual currencies by directly converting them into assets. Several sites, including Bitcoin Real Estate, let customers buy high-value properties (think tropical islands and penthouses in Paris) while evading financial regulators.

About 25% of all property sales will be conducted in cryptocurrency within the next few years, the report states. It's concerning to financial analysts who fear swift and sneaky transactions, often paid for with criminal proceeds, will disrupt the global property market.

However, attackers are learning some digital currencies are more appealing than others.

"There's almost a wholesale movement away from Bitcoin in the cybercrime world," says McGuire. Bitcoin's blockchain technology means all transactions are transparent, even if the users' identities remain concealed.

This transparency has caused cybercriminals to explore software "tumbler" tools like CoinSwap and CoinJoin to hide where their payments come from. Yet even these are ineffective. Researchers at Princeton found data often leaks during these Web interactions through trackers and cookies. As a result, it's possible to pinpoint users in 60% of transactions.

Now cybercriminals are adopting more anonymous currencies like Monero and Zcash.

Laundering via Gaming and Paypal

Cybercriminals often convert stolen funds into in-game currencies and then back into Bitcoin or other digital currencies. Popular games for this tactic include FIFA, Minecraft, World of Warcraft, Final Fantasy, Star Wars Online, and Grand Theft Auto 5.

FinCEN has stated that with respect to laundering, any person or business involved with currency exchange within games may be prosecuted as a "money transmitter." Gaming companies are also increasingly aware that criminals leverage their games for fraud. Kabam, for example, warned users of possible misure of the currency used in its "Hobbit" game.

Digital payment systems (DPS), most frequently PayPal, are also exploited because they can be used anonymously. They're most effective when they can be combined with other laundering techniques and resources, Dr. McGuire found. Many use sites like Ebay, which owns PayPal, to conduct the laundering so the activity seems less suspicious when it's processed in PayPal.

By collecting data on online forums and interviewing both experts and cybercriminals, Dr. McGuire learned at least 10% of them used PayPal in some capacity to launder money - in some cases, up to £250,000, even though PayPal only allows a maximum of £2,500 per transaction.

Some criminals resort to micro-laundering, in which they use thousands of small electronic payments to launder a large sum of money. Dr. McGuire notes that during the HSBC laundering incident, testimony indicated that bank employees used PayPal to launder cash. Their process started with amounts as small as $0.15 over a period of up to 60 days. Over time they laundered hundreds of thousands of dollars through several PayPal accounts.

Dr. McGuire says while up to $200 billion is laundered each year, there is a gap between how much is made in cybercrime and how much is being laundered. The security community has to do more, he says, to stop the criminal and legitimate economies from interconnecting.

"The problem here is the cyber economy and the legitimate economy is so intertwined that some laundering is going on in cyber, then back to the real world, then back to cyber," he explains.

Related Content:

Interop ITX 2018

Join Dark Reading LIVE for two cybersecurity summits at Interop ITX. Learn from the industry’s most knowledgeable IT security experts. Early bird special ends 3/16 - use promo code 200KS for an extra $200 off. Check out the security track here.

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
DallasBishoff
100%
0%
DallasBishoff,
User Rank: Author
3/19/2018 | 10:48:25 AM
Cyber Criminals Have Mortgages
It's important for security professionals to understand their adversaries. While script kiddies are still part of the threat landscape, the real bad guys are educated, professional, disciplined, well financed, and share and conduct business within their world.

As I frequently point out to consulting clients, the bad guys pay mortgages. Their craft is their professional. They take it seriously. We have to take them serious. 
12 Free, Ready-to-Use Security Tools
Steve Zurier, Freelance Writer,  10/12/2018
Most IT Security Pros Want to Change Jobs
Dark Reading Staff 10/12/2018
Most Malware Arrives Via Email
Dark Reading Staff 10/11/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Flash Poll
The Risk Management Struggle
The Risk Management Struggle
The majority of organizations are struggling to implement a risk-based approach to security even though risk reduction has become the primary metric for measuring the effectiveness of enterprise security strategies. Read the report and get more details today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-18374
PUBLISHED: 2018-10-16
XSS exists in the MetInfo 6.1.2 admin/index.php page via the anyid parameter.
CVE-2018-18375
PUBLISHED: 2018-10-16
goform/getProfileList in Orange AirBox Y858_FL_01.16_04 allows attackers to extract APN data (name, number, username, and password) via the rand parameter.
CVE-2018-18376
PUBLISHED: 2018-10-16
goform/getWlanClientInfo in Orange AirBox Y858_FL_01.16_04 allows remote attackers to discover information about currently connected devices (hostnames, IP addresses, MAC addresses, and connection time) via the rand parameter.
CVE-2018-18377
PUBLISHED: 2018-10-16
goform/setReset on Orange AirBox Y858_FL_01.16_04 devices allows attackers to reset a router to factory settings, which can be used to login using the default admin:admin credentials.
CVE-2018-17534
PUBLISHED: 2018-10-15
Teltonika RUT9XX routers with firmware before 00.04.233 provide a root terminal on a serial interface without proper access control. This allows attackers with physical access to execute arbitrary commands with root privileges.