Cybercrime funds make up 8-10% of all illegal profits laundered and amount to $80-200 billion each year.

Kelly Sheridan, Former Senior Editor, Dark Reading

March 19, 2018

5 Min Read

Cybercriminals launder an estimated $80-200 billion in illegal profit each year, which amounts to 8-10% of all illegal proceeds laundered around the world. Virtual currencies are the most common tool used for money laundering - but Bitcoin isn't quite as trendy among hackers.

The data comes from Into the Web of Profit, an independent academic study sponsored by Bromium and conducted by Dr. Mike McGuire, senior lecturer in Criminology at Surrey University in England. It's a nine-month study into the macroeconomics of cybercrime and how cybercriminals "cash out" the funds they generate through illegal activity.

With his academic background as a criminologist, Dr. McGuire has a decidedly different approach to cybercrime and focuses on how human factors affect behavior. In other words, he explores "not just that there are bad guys doing bad things, but the way responses are made."

This study began as a simple question: What do cybercriminals spend their money on? However, it quickly evolved as Dr. McGuire discovered what he calls the "cybercrime economy." His research turned into a broader study on how money flows around the criminal ecosystem.

"We've got to move beyond this idea that cybercrime is like a business - it's more than that. It's like an economy which mirrors the legitimate economy," he explains. "Increasingly, what we're seeing is the legitimate economy is feeding off the cybercrime economy."

This economy consists of three parts: how cybercriminals' revenue is generated, where that money goes, and what they do with the money when they move it around. Once the flow of money is understood, businesses can better determine how to protect themselves.

Virtual Currency is in. Bitcoin is out.

There are several reasons why cybercriminals are turning to cryptocurrency. They're easily acquired, for one, and they have a reputation for enabling anonymous transactions.

Cybercriminals often cash out their virtual currencies by directly converting them into assets. Several sites, including Bitcoin Real Estate, let customers buy high-value properties (think tropical islands and penthouses in Paris) while evading financial regulators.

About 25% of all property sales will be conducted in cryptocurrency within the next few years, the report states. It's concerning to financial analysts who fear swift and sneaky transactions, often paid for with criminal proceeds, will disrupt the global property market.

However, attackers are learning some digital currencies are more appealing than others.

"There's almost a wholesale movement away from Bitcoin in the cybercrime world," says McGuire. Bitcoin's blockchain technology means all transactions are transparent, even if the users' identities remain concealed.

This transparency has caused cybercriminals to explore software "tumbler" tools like CoinSwap and CoinJoin to hide where their payments come from. Yet even these are ineffective. Researchers at Princeton found data often leaks during these Web interactions through trackers and cookies. As a result, it's possible to pinpoint users in 60% of transactions.

Now cybercriminals are adopting more anonymous currencies like Monero and Zcash.

Laundering via Gaming and Paypal

Cybercriminals often convert stolen funds into in-game currencies and then back into Bitcoin or other digital currencies. Popular games for this tactic include FIFA, Minecraft, World of Warcraft, Final Fantasy, Star Wars Online, and Grand Theft Auto 5.

FinCEN has stated that with respect to laundering, any person or business involved with currency exchange within games may be prosecuted as a "money transmitter." Gaming companies are also increasingly aware that criminals leverage their games for fraud. Kabam, for example, warned users of possible misure of the currency used in its "Hobbit" game.

Digital payment systems (DPS), most frequently PayPal, are also exploited because they can be used anonymously. They're most effective when they can be combined with other laundering techniques and resources, Dr. McGuire found. Many use sites like Ebay, which owns PayPal, to conduct the laundering so the activity seems less suspicious when it's processed in PayPal.

By collecting data on online forums and interviewing both experts and cybercriminals, Dr. McGuire learned at least 10% of them used PayPal in some capacity to launder money - in some cases, up to £250,000, even though PayPal only allows a maximum of £2,500 per transaction.

Some criminals resort to micro-laundering, in which they use thousands of small electronic payments to launder a large sum of money. Dr. McGuire notes that during the HSBC laundering incident, testimony indicated that bank employees used PayPal to launder cash. Their process started with amounts as small as $0.15 over a period of up to 60 days. Over time they laundered hundreds of thousands of dollars through several PayPal accounts.

Dr. McGuire says while up to $200 billion is laundered each year, there is a gap between how much is made in cybercrime and how much is being laundered. The security community has to do more, he says, to stop the criminal and legitimate economies from interconnecting.

"The problem here is the cyber economy and the legitimate economy is so intertwined that some laundering is going on in cyber, then back to the real world, then back to cyber," he explains.

Related Content:

Interop ITX 2018

Join Dark Reading LIVE for two cybersecurity summits at Interop ITX. Learn from the industry’s most knowledgeable IT security experts. Early bird special ends 3/16 - use promo code 200KS for an extra $200 off. Check out the security track here.

About the Author(s)

Kelly Sheridan

Former Senior Editor, Dark Reading

Kelly Sheridan was formerly a Staff Editor at Dark Reading, where she focused on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial services. Sheridan earned her BA in English at Villanova University. You can follow her on Twitter @kellymsheridan.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights