How cyber criminals launder their gains
The proceeds of cyber crime make up an estimated eight to 10 percent of total illegal profits laundered globally each year, amounting to an estimated $80-$200 billion.
This is among the findings of a new report, commissioned by virtualization-based security company Bromium, into the economics of cyber crime and how criminals launder and 'cash out' the profits of their endeavors.
Key findings are that virtual currencies have become the primary tool used by cyber criminals for money laundering. However, they are moving away from Bitcoin to less well-known virtual currencies, like Monero, that provide greater anonymity. In-game purchases and currencies are spurring a rise in gaming-related laundering, as China and South Korea become hotspots for gaming-currency laundering.
"Gaming currencies and items that can be easily converted and moved across borders offer an attractive prospect to cyber criminals," says Dr Mike McGuire, senior lecturer in criminology at Surrey University, UK and author of the report. "This trend appears to be particularly prevalent in countries like South Korea and China -- with South Korean police arresting a gang transferring $38 million laundered in Korean games, back to China. The advice on how to do this is readily available online and explains how cyber criminals can launder proceeds through both in-game currencies and goods."
Covert data collection finds that PayPal and other digital payment systems are also employed by cyber criminals to launder money. Digital payment systems laundering often involves the use of micro-laundering techniques where multiple, small payments are made so that laundering alert limits aren’t triggered.
"We invested in this research to instigate a meaningful conversation about how to disrupt the economic systems and poor security practices that enable cyber crime around the world; frankly because it's far too easy for them," says Gregory Webb, CEO of Bromium. "Today it is easy for hackers to infect machines, steal data, and hold businesses and individuals for ransom or sell stolen IP because enterprise defenses are not fit for purpose. It is equally easy for them to wash that money and convert it into cash – and the rise in use of unregulated, virtual currencies is making this even easier. We need to attack the problem in a different way. Law enforcement, the cyber security industry and both the public and private sectors need to be vigilant about disrupting cyber crime. Protecting applications that access sensitive data is an absolute requirement. We need a whole new approach to cyber security or these figures will continue to increase over time."
The findings are part of a larger nine-month study titled 'Into the Web of Profit', sponsored by Bromium. The full findings will be presented by Dr McGuire at the RSA Conference in April.