Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

Bye, Bitcoin: Criminals Seek Other Crypto Currency

Law enforcement crackdowns, hack attacks, and market volatility drive Russian fraudsters to mint their own virtual currency systems.

When it comes to profiting from ill-gotten gains, have bitcoins become passé?

That appears to be the prevailing attitude on some leading Russian cybercrime forums, which have ditched well-known virtual currencies -- including Perfect Money and Bitcoin -- in favor of forum-specific alternatives, which administrators claim offer higher levels of anonymity, security, and reliability.

Blame the shift, at least partly, on the Justice Department's takedown of Liberty Reserve, which was a Costa Rica-based virtual currency system that sported one million users. After it was closed, criminals needed to find new ways to move money and store stolen funds -- preferably without having their profits picked off by either rivals or investigators. "Ever since the Liberty Reserve takedown in May of last year and the confiscation of all accounts by law enforcement, fraudsters have been busy finding a solid currency to which they can entrust their spoils without the risk of losing them in a bust," said RSA fraud intelligence analyst Daniel Cohen in a blog post.

Why not simply use existing virtual currency options? While Perfect Money and Bitcoin would seem to be "the obvious choices" for cybercriminals, said Cohen, "Perfect Money is of questionable background, while Bitcoin does not provide fraudsters the required level of anonymity and is not immune to seizure." For example, US prosecutors in November seized bitcoins worth more than $34.1 million from users of the "darknet" narcotics marketplace known as Silk Road.

[Target's breach has driven propoals for new ways to exchange funds, but none hit the bull's-eye. Learn Why Alternate Payment Schemes Get No Love.]

Criminals also risk having their bitcoin hordes stolen by rivals. Last week, for example, the administrator of a darknet site known as Silk Road 2 -- which, like its namesake, serves as a marketplace for buying and selling narcotics -- said that the site had been hacked, and all of its users' bitcoins stolen, the BBC reported.

According to a forum post from a Silk Road 2 administrator (who goes by "Defcon"), one of the site's vendors made off with the bitcoin haul -- worth an estimated $2.7 million -- by exploiting a recently discovered vulnerability involving transaction malleability. The heist led a number of bitcoin exchanges to suspend operations until they bolster their defenses. "I should have taken MtGox and Bitstamp's lead and disabled withdrawals as soon as the malleability issue was reported. I was slow to respond and too sceptical (sic) of the possible issue at hand," Defcon said in a forum posting.

Those bitcoin exchange suspensions have recently driven the value of a bitcoin to less than $300 on Mt Gox -- which typically handles about one-fifth of the world's bitcoin trades -- compared to the currency being valued Tuesday on other exchanges at about $630. Still, that's down from the $1,200 commanded by a bitcoin back in November.

That market volatility is likely another reason why many criminals have opted for an alternative cryptographic currency, digital currency expert Michael Jackson, a former COO at Skype, told The Register. "It suggests that criminals don't trust Bitcoin -- I hope this is because they think the police will find them, but I suspect it's more to do with the fact that they don't like volatility. Even an online dope seller wants predictability in his business."

Photo credit: zcopley.
Photo credit: zcopley.

What's arguably even better for criminals, however, is anonymity. "Buyers and sellers of crimeware services have long had anonymous handles with which to do business," said Sean Sullivan, security advisor at F-Secure Labs, via email. "Anonymity has allowed crimeware to evolve into a highly commoditized ecosystem. Having its own currency system adds another layer of anonymity."

Cybercriminals, however, are likely still using bitcoins for some purposes. "They probably aren’t avoiding bitcoins other than when it comes to buying and selling crimeware services," Sullivan said. "They are all probably invested in Bitcoin in order to move and launder 'real' money."

What's on offer for criminals seeking Bitcoin and Perfect Money alternatives? To date, RSA said it's been tracking three Russian-built currency systems -- MUSD, United Payment System, and UAPS -- all of which are tailor-made to help criminals evade law enforcement agencies. "These new internal currencies are carefully administered and secured, ensuring a high level of anonymity in transaction and hiding the user identities, making it more difficult for law enforcement to trace, block, or seize funds and accounts," RSA's Cohen said. The services allow users to deposit funds and cash out their holdings, sometimes to a prepaid credit card.

So far, the most advanced option appears to be UAPS -- a.k.a. the "First Commercial Bank" -- which first appeared more than a year ago on a Russian cybercrime forum. The currency system reportedly sports its own development team, gets frequent updates, and, per its data-retention policy, holds related data for only two months before purging it from the system.

Four different cybercrime boards, meanwhile, appear to have standardized on the United Payment System currency system. According to RSA, each board has its own exchange agent, who's overseen by a site administrator charged with keeping the dealings "honest." That approach highlights how cybercrime forums rely on members to stay straight with each other. "Doing business with crimeware suppliers is based on trust -- karma systems, feedback -- like [on] eBay," Sullivan said. "Buyers rate sellers. A currency provider will have to earn trust -- and heaven help him if he breaks that trust with a large number of cybercriminals."

The MUSD currency first appeared in November 2013. It's only being used on one forum, and it allows users to buy or sell services, as well as procure forum advertising. The currency's developers say their system offers anonymity, a built-in escrow service, and the ability to cash out the currency in person. "Two verified exchange agent services currently work with MUSD in this board, with one offering to cash out MUSD for hard currency in person at an office in Kiev, Ukraine," said Cohen.

On a related note, Russian authorities have recently been signaling that they'll crack down on users of any type of virtual currency, including bitcoins. "Citizens and legal entities risk being drawn -- even unintentionally -- into illegal activity, including laundering of money obtained through crime, as well as financing terrorism," according to a warning issued last month by Russia's central bank.

Earlier this month, Russian authorities warned that only rubles are legal tender inside Russia, and that trading in bitcoins is illegal. "Systems for anonymous payments and cybercurrencies that have gained considerable circulation -- including the most well-known, Bitcoin -- are money substitutes and cannot be used by individuals or legal entities," according to a statement by the Russian Prosecutor General's Office.

The NSA leak showed that one rogue insider can do massive damage. Use these three steps to keep your information safe from internal threats. Also in the Stop Data Leaks issue of Dark Reading: Technology is critical, but corporate culture also plays a central role in stopping a big breach. (Free registration required.)

Mathew Schwartz served as the InformationWeek information security reporter from 2010 until mid-2014. View Full Bio

Comment  | 
Print  | 
More Insights
Oldest First  |  Newest First  |  Threaded View
Lorna Garey
Lorna Garey,
User Rank: Ninja
2/18/2014 | 12:00:58 PM
Why tie to physical location?
Mat, why would a group looking to launch a cyber-currency tie itself to a specific country, especially Russia? The U.S., EU and China also seem like bad bets. It's CYBER after all, so why not be completely separate from any physical location?
User Rank: Apprentice
2/18/2014 | 12:30:52 PM
Re: Why tie to physical location?
Good question. These are add-ons to Russian-language cybercrime forums. It doesn't mean that the admins or users reside in Russia. But if they do, they might want a way to cash out large amounts of money in rubles, for local spending.
User Rank: Apprentice
2/18/2014 | 4:06:59 PM
Re: Why tie to physical location?
This is one area where technology is not being used for the good of society. The easiest way to limit illegal activities is by limiting/restricting free movement of finance. However, it is not all negative as technology that enables agencies to detect narcotics using sensors etc restores some of the balance.

I feel since Bitcoin is not doing too good even for legal activities, I wonder whether another crypto currency will every gain the kind the hype and value that Bitcoin gained during the month of November last year.  
Thomas Claburn
Thomas Claburn,
User Rank: Ninja
2/18/2014 | 6:49:07 PM
Re: Why tie to physical location?
It would be fitting if cybercriminals took to using actual cans of Hormel Spam as currency.
User Rank: Ninja
2/19/2014 | 9:04:08 PM
Bitcoin, We Hardly Knew Ye
Notwithstanding the negative nellie approach to cryptocurrencies, Bitcoin will always be remembered for causing the widespread soiling of jockey shorts worn by members of the Federal Reserve, Greenspan, Bernanke and other keepers of the fiat money cartel.
User Rank: Apprentice
2/20/2014 | 9:14:34 AM
So much for Law proofing.
      Seems sence the US invented the Ethernet it owns it and all Backdoors. Obviously they some how where able to get subpoenas. And direct access to the accounts. but when they did that the 34000000 dollars is now worth only 8500000. A tremendous shock to the system. 
7 Old IT Things Every New InfoSec Pro Should Know
Joan Goodchild, Staff Editor,  4/20/2021
Cloud-Native Businesses Struggle With Security
Robert Lemos, Contributing Writer,  5/6/2021
Defending Against Web Scraping Attacks
Rob Simon, Principal Security Consultant at TrustedSec,  5/7/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-05-13
File Upload vulnerability exists in ArticleCMS 1.0 via the image upload feature at /admin by changing the Content-Type to image/jpeg and placing PHP code after the JPEG data, which could let a remote malicious user execute arbitrary PHP code.
PUBLISHED: 2021-05-13
Insecure permissions issue in zzcms 201910 via the reset any user password in /one/getpassword.php.
PUBLISHED: 2021-05-13
A malformed input file can lead to a segfault due to an out of bounds array access in raptor_xml_writer_start_element_common.
PUBLISHED: 2021-05-13
A flaw was found in OpenJPEG’s encoder. This flaw allows an attacker to pass specially crafted x,y offset input to OpenJPEG to use during encoding. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
PUBLISHED: 2021-05-13
A vulnerability was found in Linux Kernel where in the spk_ttyio_receive_buf2() function, it would dereference spk_ttyio_synth without checking whether it is NULL or not, and may lead to a NULL-ptr deref crash.