Cybercriminals, the same shadowy figures who use ransomware, email scams, denial-of-service attacks and other methods to earn a living, have turned to money laundering to hide and eventually "cash out" the profits of their criminal deeds. And it's no wonder why when you consider that cybercrime is a lucrative business, with some bad guys making an estimated $20,000 per month or more.
By definition, money laundering is the process of disguising the proceeds of crime by integrating it into the legitimate financial system. The bad guys do so because spending illicit money can attract unwanted attention, and it is difficult to explain where the funds came from.
By using a combination of new cryptocurrencies and peer-to-peer (P2P) marketplaces, cybercriminals are laundering up to an estimated $200 billion in ill-gotten gains a year, according to a nine-month academic study by Dr. Mike McGuire, senior lecturer in criminology at Surrey University. That number represents an estimated 8%-10% of total illegal profits laundered globally.
It did not take long for the bad guys to jump on the cryptocurrency bandwagon — and for all the wrong reasons. First it was bitcoin and its use on sites such as Silk Road and AlphaBay. Now they are moving to newer and lesser-known virtual currencies that are not in as many headlines and easier to manipulate. These transactions do not require people to use their real names, so they can buy and sell currency from unidentifiable addresses. Cryptocurrencies are also attractive because they are highly portable; you can carry millions of pounds of coins on a USB drive and easily move across borders via email or on a plane.
Modern e-commerce is another target for cybercriminals. They create money-laundering schemes that use legitimate websites as payment processors. First, they make illegal purchases online and have them appear as lawful transactions on their bank statements. Next, the dirty money moves straight to online merchants, who funnel it through other legitimate payment ecosystems.
In other instances, the bad guys create fake e-commerce sites that look and feel like the real thing but actually don't sell anything. They are simply online money-laundering boutiques, just like that empty bricks-and-mortar store that is actually a front for illegal activity.
Exploiting Brand-Name Payment Systems
Some of the Internet's biggest marketplaces are now being exploited by cybercriminal money launderers thanks to their online payment systems, ease of use, and huge global adoption. This allows the bad guys to stay under the radar among thousands of other users. P2P marketplaces such as Uber and Airbnb have also been exploited by criminals looking to launder dirty money, hiding their activity among thousands of legitimate transactions.
According to news accounts, criminals were booking fake Airbnb stays to launder dirty money. They used credit cards and money transfers from mule accounts to book and pay for rooms through this peer-to-peer platform. All of this is conducted online and is a very effective way to turn illicit proceeds into legitimate earnings. Plus, it has the added advantage of moving many of these payments across borders.
Criminals have also discovered how to launder their money through fake Uber transactions. To do so, middlemen use stolen credit cards to book "ghost rides" — rides that never happened — with complicit drivers. The middlemen and drivers take a cut, leaving the rest of the now-laundered money with the client. The ease with which this can be done is testament to the difficulty of policing thousands of P2P transactions across multiple territories. The current systems, put in place to monitor transactions and flag suspicious activity, simply aren't stringent enough to spot these types of cons.
The bottom line is that money laundering continues to be a complex issue, and technology is increasing the complexity of this challenge. Why? Because money laundering often starts with small dollar amounts that travel undetected before being moved around the world in large volumes. It involves a complicated web of companies, individuals, trades, settlements and payments organized by seemingly ordinary individuals who are hard to identify as money launderers.
This past year has been especially noteworthy as several large, high-profile European financial institutions have gone under fire for money-laundering scandals. Yet money laundering today isn't just something rich white-collar criminals do to hide illicit money. Nor is it, despite the many headlines, just a European problem. Even worse, going forward, experts such as Cisco predict that there will be more than 50 billion connected devices across the world by 2020, so criminals will have an even better chance to hide their activities via P2P lending and the ability to initiate payments via mobile providers, Facebook, and a multitude of payment apps.
- 2019 Attacker Playbook
- Online Fraud: Now a Major Application Layer Security Problem
- Your Life Is the Attack Surface: The Risks of IoT