Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

11/21/2017
04:45 PM
Connect Directly
Twitter
LinkedIn
Google+
RSS
E-Mail
50%
50%

A Call for Greater Regulation of Digital Currencies

A new report calls for international collaboration to create more transparency with virtual currencies and track money used for cybercrime.

Alternative payment systems, or "virtual currencies" as the Financial Action Task Force (FATF) has dubbed them, have fueled the exchange of illegal goods and services on the Dark Web. Under the shield of anonymity these currencies have let criminals engage in a growing breadth of illicit activities.

The use of cyberspace for financial activity has expanded opportunities for attackers, writes Tom Kellerman in a new report, "Follow the Money: Civilizing the Darkweb Economy," an initiative for The Wilson Center's Digital Futures Project, where he is a global fellow.

The World Economic Forum estimates cybercrime costs the global economy about $445 billion per year, the report states, citing a stat from the McKinsey Global Institute. It's time for payment systems to be held accountable, according to the report. Many implement Anti-Money Laundering (AML) and Know Your Customer (KYC) protocols, but criminals continue to find workarounds.

"We, as an industry, continue to talk about the symptoms of cybercrime without appreciating the fact that hacking tools and services are all commodities that are facilitated by an economy of scale," Kellerman explains. "The Dark Web has become a full economy of scale by definition."

Indeed, the Dark Web has enabled the sale not only of hacking tools, but all types of personally identifiable information and content promotion services to spread disinformation online. While hacking tools can be expensive, data is not: Identity "packages" can cost as little as 25 cents. Criminal markets include weapon and drug sales, child pornography, and hackers for hire.

Bitcoin is among the most well-known virtual currencies but far from the only one; in fact, most cybercrime proceeds are not laundered through Bitcoin, says Kellerman. Internet-based virtual currencies also include the more anonymous Monero, Dash, and Zcash, as well as China's AliPay, Russia's WebMoney, and Kenya's M-Pesa. While these are commonly used for legitimate purposes, they are also "ripe for abuse," the report says.

"The more anonymous they are, the more likely they are to be used on the Dark Web," says Scott Dueweke, president at the Identity and Payments Association, who provided insight for the report. Anonymity fuels cybercrime and the movement of currencies across systems.

Kellerman says financial institutions, including alternate payment providers, should be able to prove who their customers are and freeze funds used for crime and conspiracies if needed by law enforcement. "The best way to destabilize the capability of cybercriminals to flourish is to put pressure on their capacity to deliver goods and services," he explains.

Since 50% of all crimes now have a cyber component, the report states, it's time to "follow the money" and create an e-forfeiture fund to benefit public and private organizations around the world. The idea is financial institutions can track funds used for illegal purposes, seize it, and reinvest the money in protecting the infrastructure of the global financial system.

As cybercrime is a global problem, it demands an international solution among public and private organizations, says Dueweke. A public-private partnership could build a de facto or industry-led standard for converting money into alternate payment systems.

"This could create a baseline of respectability and standard of trust that doesn't exist now," Dueweke explains. There is no standard for companies to prove which customers are using virtual currencies for legitimate purposes, and which are using them for crime.

The global initiative would involve the Bank for International Settlements, which is owned by 60 member central banks around the world, the report explains. Because global cybercrime is enabled by cryptocurrencies, all nations should join to regulate and supervise them.

"The fund would represent a global public/private partnership to combat money laundering using these alternative payment systems," the report states. Virtual currencies which refuse to identify their customers or freeze accounts could potentially be linked to criminal activity.

"The only way to get a global standard like that is to have a public/private partnership," Dueweke says.

Related Content:

Join Dark Reading LIVE for two days of practical cyber defense discussions. Learn from the industry’s most knowledgeable IT security experts. Check out the INsecurity agenda here.

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
11/28/2017 | 9:45:12 PM
Re: 2, 4, 6, 8, what else can we regulate?
@Dr. T: Yeah, the term "trust" gets fuzzy when it comes to blockchain and Bitcoin. Trust the system and the math, but no individual or central source.
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
11/28/2017 | 9:44:02 PM
Re: 2, 4, 6, 8, what else can we regulate?
@Dr. T: Moreover, many forget that the cost of regulation gets passed directly on to consumers.

Imagine having to pay a set of mandatory regulatory fees for every cryptocurrency transaction and/or being taxed on cryptocurrency holdings!
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
11/28/2017 | 10:44:11 AM
Re: 2, 4, 6, 8, what else can we regulate?
" Messing with cryptocurrencies to defeat cybercriminals is like banning gasoline to defeat arsonists."

I would agree, digital currency is not the problem, it is how we use it.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
11/28/2017 | 10:42:59 AM
Re: 2, 4, 6, 8, what else can we regulate?
"The whole point is trustless decentralization"

It is actually implicit trust, in a block chain platform is designed trust in mind.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
11/28/2017 | 10:41:01 AM
Re: 2, 4, 6, 8, what else can we regulate?
"what else can we regulate"

I agree, regulations tend to not deliver the intended results.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
11/28/2017 | 10:39:14 AM
Re: Great News
"This ecosystem really needs some regulation"

I would partially agree, however I would not think it would be effective.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
11/28/2017 | 10:38:29 AM
Digital Currencies
I think Digital Currencies is not the problem, people  misusing them are the problems, so I am not sure of regulations would make any difference.
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
11/27/2017 | 4:23:07 PM
2, 4, 6, 8, what else can we regulate?
Which, of course, defeats the whole legitimate purpose of cryptocurrencies to begin with. And then why even have them? The whole point is trustless decentralization to make them immune to central-authority interference.

Crime should be dealt with the way one deals with crime. Messing with cryptocurrencies to defeat cybercriminals is like banning gasoline to defeat arsonists.
AutoEcole18
50%
50%
AutoEcole18,
User Rank: Apprentice
11/21/2017 | 5:34:05 PM
Great News
Such a great news. This ecosystem really needs some regulation.
Exploits Released for As-Yet Unpatched Critical Citrix Flaw
Jai Vijayan, Contributing Writer,  1/13/2020
Microsoft to Officially End Support for Windows 7, Server 2008
Kelly Sheridan, Staff Editor, Dark Reading,  1/13/2020
Active Directory Needs an Update: Here's Why
Raz Rafaeli, CEO and Co-Founder at Secret Double Octopus,  1/16/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
The Year in Security: 2019
This Tech Digest provides a wrap up and overview of the year's top cybersecurity news stories. It was a year of new twists on old threats, with fears of another WannaCry-type worm and of a possible botnet army of Wi-Fi routers. But 2019 also underscored the risk of firmware and trusted security tools harboring dangerous holes that cybercriminals and nation-state hackers could readily abuse. Read more.
Flash Poll
[Just Released] How Enterprises are Attacking the Cybersecurity Problem
[Just Released] How Enterprises are Attacking the Cybersecurity Problem
Organizations have invested in a sweeping array of security technologies to address challenges associated with the growing number of cybersecurity attacks. However, the complexity involved in managing these technologies is emerging as a major problem. Read this report to find out what your peers biggest security challenges are and the technologies they are using to address them.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-15625
PUBLISHED: 2020-01-18
A memory usage vulnerability exists in Trend Micro Password Manager 3.8 that could allow an attacker with access and permissions to the victim's memory processes to extract sensitive information.
CVE-2019-19696
PUBLISHED: 2020-01-18
A RootCA vulnerability found in Trend Micro Password Manager for Windows and macOS exists where the localhost.key of RootCA.crt might be improperly accessed by an unauthorized party and could be used to create malicious self-signed SSL certificates, allowing an attacker to misdirect a user to phishi...
CVE-2019-19697
PUBLISHED: 2020-01-18
An arbitrary code execution vulnerability exists in the Trend Micro Security 2019 (v15) consumer family of products which could allow an attacker to gain elevated privileges and tamper with protected services by disabling or otherwise preventing them to start. An attacker must already have administr...
CVE-2019-20357
PUBLISHED: 2020-01-18
A Persistent Arbitrary Code Execution vulnerability exists in the Trend Micro Security 2020 (v160 and 2019 (v15) consumer familiy of products which could potentially allow an attacker the ability to create a malicious program to escalate privileges and attain persistence on a vulnerable system.
CVE-2020-7222
PUBLISHED: 2020-01-18
An issue was discovered in Amcrest Web Server 2.520.AC00.18.R 2017-06-29 WEB 3.2.1.453504. The login page responds with JavaScript when one tries to authenticate. An attacker who changes the result parameter (to true) in this JavaScript code can bypass authentication and achieve limited privileges (...