McAfee Labs

Cybercrime: More Than DDoS and Malware

0
By on Oct 16, 2013

“Why am I transferring this money? Oh, this is for the cocaine.” I can’t imagine ever using such a justification to a bank teller, but if I did reply like this I would almost immediately expect some sort of investigation. This and other remarkable reasons for transactions (such as for “ATM-skimming work”) by Liberty Reserve customers somehow were not red flags, merely an example of the absence of any verification for the now defunct virtual currency.

It was this lack of verification, and the anonymity afforded to its customers that drew criminals to use Liberty Reserve, and resulted in what investigators described as processing 55 million illicit transactions worldwide for one million users. Liberty Reserve is only one example of an online currency being abused by criminals. In Digital Laundry: An analysis of online currencies, and their use in cybercrime, a report I co-authored with François Paget and Matthew Hart, we mapped out the migration of criminals between currency platforms as law enforcement closed the net on the likes of Liberty Reserve and its predecessor, e-gold.

This anonymity, or at least perceived anonymity, drives not only illicit transactions, but also a frightening number of products and services that stretch the definition of cybercrime. In our previous report Cybercrime Exposed: Cybercrime-as-a-Service, we described services such as malware, password cracking, etc. These are services that we often cite as cybercrime, but in Digital Laundry the types of products and services we highlight include the sale of drugs, guns, and even contract killing.

Although these services are not usually classed as “cybercrime,” there is no doubt that many traditional crimes now employ technology to assist criminals. We have read about drug smugglers hire hackers to break into systems of shipping companies—to change the location and delivery times of containers with drugs—as well as reports of bank robbers using a KVM switch to facilitate the theft of more than £1m. So perhaps the descriptions in Digital Laundry of services within the Dark Web should come as no surprise.

One thing for certain, however, is that without confidence in online payment mechanisms such services are unlikely to thrive. Attempts to close down digital currencies have shown that criminals simply move their businesses elsewhere, with the migration to and from Liberty Reserve serving as an example. Virtual currencies will not go away. Despite their role in facilitating crime, there are also considerable opportunities for legitimate use. Ignoring this market opportunity is likely to cost potential legitimate investors significant revenue, but failure to address the potential risks may cost a lot more.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>