Chapter 3 - Crime Areas

3.5 Criminal finances online - Overview

The final phase in most cybercrimes is to successfully launder the proceeds of crimes into the legal economy, often entailing their movement across jurisdictions. Smuggling large amounts of cash around the world remains a popular option for criminals despite the risk of seizure of undeclared cash exceeding EUR 10000 by customs agents [79]. Alternative methods include a variety of offline and online payment methods such as bank transfers to accounts opened with fake IDs, prepaid cards, wire transfers through Western Union and Moneygram, Ukash, Paysafecard, Paypal, Paymer, trust-based Hawala transfers or virtual currencies. The plethora of payment mechanisms used by cybercriminals to cash out virtual proceeds demonstrates that criminals exploit any system where they believe there is little risk. More sophisticated offenders also exploit legal business structures to obscure the link between proceeds and underlying criminal activities. The industrialization of crime has also led to the emergence of specialist entities that manage money laundering for multiple illegal enterprises.

Another method is the use of online gambling services; in 2013, the total value of this sector was approximately EUR 26.1 billion and is continuously growing [80]. Unregulated or inadequately regulated online gambling has been exploited for money laundering purposes for years. Such services manage huge volumes of transactions and cash flows - making it easier to hide comparatively small amounts of illicit activity - and are tax free in many jurisdictions. This provides criminals with the ability to conceal and transfer assets while avoiding detection by law enforcement agencies.

Money Mules

Money mules provide a key service in the laundering of criminal proceeds from cybercrimes. They are the most visible link between the online and offline worlds. Acting as middlemen they receive goods or funds and forward them to the offender in exchange for a commission, typically 3-5% of the transferred amount or, in some cases, a monthly salary. To avoid laborious duties connected with recruitment and micromanaging mules and to distance themselves from the physical crime, elite criminals use the services provided by a mule herder.

The mules can be either professional criminals or na├»ve individuals recruited online through email campaigns or classified adverts. Gradually the mules who were initially unwitting, slowly come to understand the true nature of their ‘job’, yet often continue to engage in the illegal activity for their own financial gain [81]. Money mules are often in acute need of money, such as unemployed individuals, students and housewives. Money mules can also be absent immigrants who have sold their bank account details to an OCG.

Virtual Currencies

Virtual currencies offer a particular set of features that make them attractive to online criminals: anonymity or ‘pseudonymity’, and the rapid and irreversible transfers of funds for minimal transaction fees compared to conventional banking. Virtual currencies offer a level of anonymity similar to cash in the online environment and have arguably become a major facilitator for all financially-driven cybercrime.

Virtual currencies fall into two categories - centralised (or scheme-based) and decentralised. Centralised currencies such as WebMoney and Perfect Money are run and administrated by a single entity which manages the scheme in a role analogous to a central bank (although they are not banks and therefore need not adhere to the same rules and regulations).

Decentralised currencies such as Bitcoin and Darkcoin have no such entity administering them, operating instead across a distributed peer-to-peer network of user nodes. Each transaction on what is known as the blockchain is open to public scrutiny, only the particulars of the remitter and benefactor are obscured.

The conversion between fiat currencies and virtual ones, or from one virtual currency to another generally takes place via online exchangers. Although most of these services are legitimate, they exist as a service within the digital underground economy, offering additional security to their customers.

Although generally designed for legitimate use, virtual currencies are heavily abused by cybercriminals. Cybercriminals often favour centralised schemes which, being tied to tangible assets, are inherently more stable compared to cryptocurrencies whose price is often highly volatile due to high levels of speculation. Of the centralised schemes favoured by the criminal community WebMoney is still very popular, particularly for criminal-to-criminal payments, as is Perfect Money to a lesser extent.

Another type of centralised scheme popular with cybercriminals is those that use a voucher system such as Ukash and Paysafecard. Voucher systems allow customers to purchase a coded voucher to which the scheme allocates the purchase value. The code is then redeemable at participating outlets, or easily and anonymously transferrable to a third party.

While historically decentralised virtual currencies or cryptocurrencies have not been popular with cybercriminals, they have become the currency of choice for internet-enabled traditional crime on the Darknet. Hidden marketplaces such as Silk Road typically use Bitcoins as a method of payment.

The takedown of first E-Gold in 2009, and subsequently Liberty Reserve in 2013, has resulted in a growing level of distrust in centralised schemes as cybercriminals are increasingly adopting cryptocurrencies. Bitcoin is beginning to feature heavily in police investigations, particularly in cases of ransomware and extortion.

A feature of cryptocurrencies that makes them an attractive alternative to cybercriminals is their distributed nature which makes them resistant to law enforcement disruption and government control - a premise at the heart of the cryptocurrency philosophy. So why then have cybercriminals not shifted their operations over to these systems?

The transparency of such systems is a likely deterrent, potentially providing law enforcement with a financial trail to follow. The market is also volatile with currency prices fluctuating significantly and often. Furthermore a number of exchange services were hacked in 2014 with many users losing their online e-wallets with no recourse for compensation.

Money Laundering Using Virtual Currencies

Virtual currencies have the potential to become an ideal instrument for money laundering. Entry to and exit from the system is typically via an exchanger. Exchange services are another niche service offered in the digital underground economy. However, legitimate exchangers are also exploited, particularly those which carry out little Know Your Customer (KYC) [82] processes and offer multiple methods to ‘cash out’ including payments via pre-paid or virtual credit cards and Money Service Bureaus.

Once in control of the digital funds, the ease of creating new e-wallets means a launderer can easily discard ‘dirty’ wallets. In addition to traditional layering methods, cryptocurrencies use specialised laundering services known as ‘tumblers’ or ‘mixers’.

‘Tumblers’ are services, often operating on Tor [83], which allow users to transfer their cryptocurrencies into a pool of funds and then receive them back (minus a small commission) into newly generated ‘clean’ addresses, thereby breaking the financial trail.

When considering money laundering through online gambling, the introduction of the possibility to pay, play and cash out using virtual currencies has added a new level of anonymity. Indeed a new generation of online casinos has emerged specifically for cryptocurrencies [84], some of which promote themselves on the level of anonymity they provide, advocating the use of TOR [85], if not only being accessible via TOR.