Law enforcement crackdowns, hack attacks, and market volatility drive Russian fraudsters to mint their own virtual currency systems.

Mathew J. Schwartz, Contributor

February 18, 2014

6 Min Read
Photo credit: <a href="http://www.flickr.com/photos/zcopley/8337050500/sizes/l/" target="_blank">zcopley</a>.

When it comes to profiting from ill-gotten gains, have bitcoins become passé?

That appears to be the prevailing attitude on some leading Russian cybercrime forums, which have ditched well-known virtual currencies -- including Perfect Money and Bitcoin -- in favor of forum-specific alternatives, which administrators claim offer higher levels of anonymity, security, and reliability.

Blame the shift, at least partly, on the Justice Department's takedown of Liberty Reserve, which was a Costa Rica-based virtual currency system that sported one million users. After it was closed, criminals needed to find new ways to move money and store stolen funds -- preferably without having their profits picked off by either rivals or investigators. "Ever since the Liberty Reserve takedown in May of last year and the confiscation of all accounts by law enforcement, fraudsters have been busy finding a solid currency to which they can entrust their spoils without the risk of losing them in a bust," said RSA fraud intelligence analyst Daniel Cohen in a blog post.

Why not simply use existing virtual currency options? While Perfect Money and Bitcoin would seem to be "the obvious choices" for cybercriminals, said Cohen, "Perfect Money is of questionable background, while Bitcoin does not provide fraudsters the required level of anonymity and is not immune to seizure." For example, US prosecutors in November seized bitcoins worth more than $34.1 million from users of the "darknet" narcotics marketplace known as Silk Road.

[Target's breach has driven propoals for new ways to exchange funds, but none hit the bull's-eye. Learn Why Alternate Payment Schemes Get No Love.]

Criminals also risk having their bitcoin hordes stolen by rivals. Last week, for example, the administrator of a darknet site known as Silk Road 2 -- which, like its namesake, serves as a marketplace for buying and selling narcotics -- said that the site had been hacked, and all of its users' bitcoins stolen, the BBC reported.

According to a forum post from a Silk Road 2 administrator (who goes by "Defcon"), one of the site's vendors made off with the bitcoin haul -- worth an estimated $2.7 million -- by exploiting a recently discovered vulnerability involving transaction malleability. The heist led a number of bitcoin exchanges to suspend operations until they bolster their defenses. "I should have taken MtGox and Bitstamp's lead and disabled withdrawals as soon as the malleability issue was reported. I was slow to respond and too sceptical (sic) of the possible issue at hand," Defcon said in a forum posting.

Those bitcoin exchange suspensions have recently driven the value of a bitcoin to less than $300 on Mt Gox -- which typically handles about one-fifth of the world's bitcoin trades -- compared to the currency being valued Tuesday on other exchanges at about $630. Still, that's down from the $1,200 commanded by a bitcoin back in November.

That market volatility is likely another reason why many criminals have opted for an alternative cryptographic currency, digital currency expert Michael Jackson, a former COO at Skype, told The Register. "It suggests that criminals don't trust Bitcoin -- I hope this is because they think the police will find them, but I suspect it's more to do with the fact that they don't like volatility. Even an online dope seller wants predictability in his business."

What's arguably even better for criminals, however, is anonymity. "Buyers and sellers of crimeware services have long had anonymous handles with which to do business," said Sean Sullivan, security advisor at F-Secure Labs, via email. "Anonymity has allowed crimeware to evolve into a highly commoditized ecosystem. Having its own currency system adds another layer of anonymity."

Cybercriminals, however, are likely still using bitcoins for some purposes. "They probably aren’t avoiding bitcoins other than when it comes to buying and selling crimeware services," Sullivan said. "They are all probably invested in Bitcoin in order to move and launder 'real' money."

What's on offer for criminals seeking Bitcoin and Perfect Money alternatives? To date, RSA said it's been tracking three Russian-built currency systems -- MUSD, United Payment System, and UAPS -- all of which are tailor-made to help criminals evade law enforcement agencies. "These new internal currencies are carefully administered and secured, ensuring a high level of anonymity in transaction and hiding the user identities, making it more difficult for law enforcement to trace, block, or seize funds and accounts," RSA's Cohen said. The services allow users to deposit funds and cash out their holdings, sometimes to a prepaid credit card.

So far, the most advanced option appears to be UAPS -- a.k.a. the "First Commercial Bank" -- which first appeared more than a year ago on a Russian cybercrime forum. The currency system reportedly sports its own development team, gets frequent updates, and, per its data-retention policy, holds related data for only two months before purging it from the system.

Four different cybercrime boards, meanwhile, appear to have standardized on the United Payment System currency system. According to RSA, each board has its own exchange agent, who's overseen by a site administrator charged with keeping the dealings "honest." That approach highlights how cybercrime forums rely on members to stay straight with each other. "Doing business with crimeware suppliers is based on trust -- karma systems, feedback -- like [on] eBay," Sullivan said. "Buyers rate sellers. A currency provider will have to earn trust -- and heaven help him if he breaks that trust with a large number of cybercriminals."

The MUSD currency first appeared in November 2013. It's only being used on one forum, and it allows users to buy or sell services, as well as procure forum advertising. The currency's developers say their system offers anonymity, a built-in escrow service, and the ability to cash out the currency in person. "Two verified exchange agent services currently work with MUSD in this board, with one offering to cash out MUSD for hard currency in person at an office in Kiev, Ukraine," said Cohen.

On a related note, Russian authorities have recently been signaling that they'll crack down on users of any type of virtual currency, including bitcoins. "Citizens and legal entities risk being drawn -- even unintentionally -- into illegal activity, including laundering of money obtained through crime, as well as financing terrorism," according to a warning issued last month by Russia's central bank.

Earlier this month, Russian authorities warned that only rubles are legal tender inside Russia, and that trading in bitcoins is illegal. "Systems for anonymous payments and cybercurrencies that have gained considerable circulation -- including the most well-known, Bitcoin -- are money substitutes and cannot be used by individuals or legal entities," according to a statement by the Russian Prosecutor General's Office.

The NSA leak showed that one rogue insider can do massive damage. Use these three steps to keep your information safe from internal threats. Also in the Stop Data Leaks issue of Dark Reading: Technology is critical, but corporate culture also plays a central role in stopping a big breach. (Free registration required.)

About the Author(s)

Mathew J. Schwartz

Contributor

Mathew Schwartz served as the InformationWeek information security reporter from 2010 until mid-2014.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights