McAfee Labs

Cybercrime Report: Getting Paid and Getting Away With It

0
By on Apr 23, 2014

Money acts as one of the key drivers for cybercrime. Add to this cybercrime’s lower risk than traditional crime, and there is little wonder that we are witnessing the evolution of crime to the digital sphere. In previous research papers, we focused on the service-based nature of cybercrime, in which anybody can be a cybercriminal because the ability to outsource any component of the attack is now available on the surface web. Indeed, we have already witnessed major breaches aided by this service-based nature.

This of course is only part of the story. Although the attack may be the highest profile in terms of media coverage, it does not address the key step of “getting paid.” The use of virtual currencies in cyberattacks was covered in our report Digital Laundry, but it does not tell the whole story.

In the latest research I co-authored with Charles McFarland and François Paget, Jackpot! Money Laundering Through Online Gambling, we analyzed the role of online gambling sites for money laundering. Although this may be seen as a rather obvious issue, the scale and ease with which such sites facilitate laundering may be surprising. For example, the numbers of unlicensed sites are as many as nine times those of licensed operators. We are also witnessing many sites now operating on the Dark Web and leveraging virtual currencies. If we add to this an ecosystem that provides a multitude of tools to aid in obfuscating those laundered funds, there is no doubt that the challenge for law enforcement is significant.

Let’s hear from Troels Oerting, the Head of the European Cybercrime Centre:

“Almost all organised crime is profit driven. In the ‘real’ world and in the ‘virtual’ world. Back in the old days of Prohibition—in Al Capone’s Chicago—the money trail became the key to get criminals behind bars. ‘Follow the money’ became an integrated part of education on police and prosecutors academies.

“The saying is still valid. But the rules of the game are changing. Money is normally laundered in 3 stages: Placement, Layering, and Integration. This was easy to follow in the old days. Money continues to flow inside and between countries, regions, and globally and the speed and ease in doing so is a necessity in our global interconnected world. Money is the primary goal for criminals—their business model. It is also needed for fueling criminal operations, and to finance terrorism or violent extremism. A lot of crime will move into cyberspace. To take advantage of a new ‘business opportunity’ with endless income and limited risk. But also to take advantage of the ability to be unidentifiable on the Dark Net and on stealthy services.

“Finally criminals and terrorists will also be attracted to virtual currency and the advantages this unregulated payment system will bring. The case against Liberty Reserve shows that money laundering is not a ‘penny game’ and it is facilitated in jurisdictions which are not always helpful to mainstream policing.

“In [the European Cybercrime Centre] we build on ‘financial intelligence’ in order to integrate this important information flow to become part of the trigger for recommending investigations to Member States against networks and their kingpins. It is a difficult, complicated and time consuming task with many legal rules to observe. But we will continue. And also continue to inform the public on the state of play. It is a difficult job to keep crime at ‘an acceptable level’ in cyberspace and we will continue to need a discussion and debate on how to strike that balance. We will try to do our part.”

Addressing the issue

National instruments to address global crime are hugely inefficient as money flows can cross borders at the click of a button. It is for this reason we have witnessed the development of centers such as the European Cybercrime Centre that aid collaboration between global law enforcement and the private sector. We at McAfee support their efforts. In fact, I have recently been appointed as a special advisor.

Other examples of law enforcement collaboration include the Global Initiative against Transnational Crime, a newly established network that brings together law enforcement professionals with experts from other actors such as policy makers, the private sector, the development sector, and academia. “As globalization and technology enable criminality at unprecedented levels, we urgently need new thinking, innovative and proactive responses that are predicated upon building partnerships between different actors and across borders,” said Mark Shaw, Director, Global Initiative Against Transnational Organized Crime.

It is clear that without an effective platform to collaborate across multiple borders, cybercriminals will get paid and get away with it.

You can read the full report here.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>