Kimberly Zenz - Financial Options for Cyber Criminals #uisgcon9


Published on

Published in: Economy & Finance, Business
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • Ten days ago British police announced the April arrest of a 16 year-old boy in connection with the large DDoS attack targeting Spamhaus and its hosting provider CloudFlare. The police’s statement seemed to say that the boy first attracted law enforcement attention due to the “significant amount of money flowing through his bank account” .Although the 16 year old in question appears to have been particularly reckless, his situation highlights one confronting all financially-motivated cyber criminals – the need to connect to the legitimate financial world at some point.
  • Botnet update example
  • Note: Arthur Budovsky was of Ukrainian extraction, was a US citizen, on probation since 2007 for running an electronic currency connected to e-gold, renounced US citizenship to take Costa Rican (thought that being in Costa Rica would protect him) = Mutual legal assistance treaty
  • Note: Arthur Budovsky was of Ukrainian extraction, was a US citizen, on probation since 2007 for running an electronic currency connected to e-gold, renounced US citizenship to take Costa Rican (thought that being in Costa Rica would protect him)
  • Note: Arthur Budovsky was of Ukrainian extraction, was a US citizen, on probation since 2007 for running an electronic currency connected to e-gold, renounced US citizenship to take Costa Rican (thought that being in Costa Rica would protect him)
  • Author is anonymousCreated by “Satoshi Nakamoto” in 2009 Real author may be Michael Clear from Trinity University in Ireland, may be Neal King, and Charles Bry in Germany and/or Vladimir Oksman in NY, or someone else entirely took down About 500,000 bots out of the 1.9 million strong ZeroAccess botnet exchanges including Coinbase BitInstant and Coinsetter
  • Botnet update example
  • Romanian authorities, working with the FBI and Italian special forces, were tipped off by banks in Italy, which denied a request allegedly by the accused to transfer $400,000 from a victim company there to a fictitious firm. According to documents released by prosecutors, the men were caught red handed on Dec. 9 trying to withdrawn nearly $1 million stolen from the American company.A U.S. law enforcement investigator familiar with the case who spoke on condition of anonymity said keystroke logging Trojans were used to steal the online banking credentials of the victim organizations, and that the case is connected to at least one other cyber fraud investigation that is still pending. The judge overseeing the case approved the prosecutor’s request to have the men detained for at least 29 days pending further investigation, saying that authorities have information that the defendants belong to much larger organized criminal group. 
  • Botnet update example
  • Kimberly Zenz - Financial Options for Cyber Criminals #uisgcon9

    1. 1. Financial Options for Cyber Criminals Kimberly Zenz VeriSign iDefense
    2. 2. “A Significant Amount of Money” 2
    3. 3. Stealing Money Isn’t Enough 3 • You have to be able to use it too • Cyber criminals can take steps to be less public • E.g. Diffuse services, less commercial criminal software offerings • But all cyber criminals must at some point convert their criminal gains into money that they can use. i.e. that is integrated with the global financial system • Money laundering a particular concern for cyber criminals because it ties into larger anti-crime, anti-terrorism and political efforts • Receives more official and private sector resources than purely anticyber crime efforts • Laws and cooperation mechanisms older, more established, simpler and less time sensitive than ant cyber crime efforts • Private and public sectors older, more established, than anti cybercrime • Transactions can be traced • Assuming that officials are sufficiently motivated • People talk
    4. 4. What is a Poor Cyber Criminal to Do? 4
    5. 5. Electronic Currencies 5 • Popular choice for a reason • Some have a history of offering clients anonymity • Or at least not asking too hard for true proof of identity • Third-party and personal exchanges also help provide anonymity • Quick, online, (mostly) separate from the formal financial system • Relatively easy to establish • Limited truly reliable and secure options • Vulnerable to betrayals, LEO, internal failures
    6. 6. Liberty Reserve 6 • Leader until takedown • • US DOJ: A money laundering case, not a cyber crime case • • • • High profile customers, including 45 million USD Unlimited Operations ATM scammers More than 6 billion USD laundered through 55 million transactions 25 million USD and 45 bank accounts seized More effectively frozen - customers able to appeal for access to their accounts – not too many forthcoming Costa Rican base not sufficient legal protection • • Leader Arthur Budovsky arrested in Spain, others arrested in US and Costa Rica US DOJ could pursue the case • 200,000 US users • Presence of Liberty Reserve members Vladimir Katz (co-founder) and Mark Marmilev (helped design technical infrastructure) in the Untied States • Presence of infrastructure in US • Transfer of funds through US financial institutions • • Iran has this problem too International anti-money laundering cooperation relatively straightforward • 45+ domestic and foreign searches & seizures, 36 MLAT requests in 15 countries • LEO Cooperation in: US, Costa Rica, Russia, China, Latvia, Cyrus, Hong Kong, Norway, Sweden, Australia, Cyprus, Latvia, Switzerland, Luxembourg, Morocco, Spain, Netherlands, United Kingdom, Norway, Canada, US, Costa Rica
    7. 7. Alternatives to Liberty Reserve 7 • Perfect Money • • • Increase in use following LR takedown In business since at least 2007 Claimed to be in Panama • January 2013: Panamanian government stated that Perfect Money has no offices or licenses in the country • Now provides a Hong Kong address • Shared by many other businesses • But… Security press anointed Perfect Money as the Successor to Liberty Reserve • • Also successor to legal attention? Announced the US citizen could not participate following LR takedown • Difficult to police, infrastructure even harder • Turned away some visibly criminal customers
    8. 8. Further Electronic Currency Options 8 • WebMoney • Founded in 1998, previously the front runner • Claims 14 million users • Strong global footprint, expanding • Began in CIS, Latin America and Pacific Asia (not to USA) • Traditionally popular among cyber criminals • Use by legitimate small and medium sized businesses protected WMZ from regulation efforts • Now large legitimate presence encourages law enforcement cooperation, especially in Russia • May still be possible to “fly under the radar” • Other electronic options of varying trustworthiness • Payza/AlertPay, EgoPay, LiqPay, Paxum, PayWeb, SolidTrustP ay, ePayments, Yandex.Dengi, RedPass, etc.
    9. 9. BitCoin: An Acceptable Option? 9 • • Volatile – speculation an issue Mining losing utility • • • • Handy for cyber criminals who can use botnets (like ZeroAccess) As the rate of block generation (unencrypting a BitCoin) increases, difficulty rises – reaching maximum total utility BitCoin seems attractive because it is “anonymous” But is BitCoin Anonymous? • • • • Not big enough to hide truly large transactions Transactions can be tracked in each BitCoin Multiple BitCoin transaction chains combined and transformed into international currency through exchanges Exchanges can and will operate with authorities – US ahead of the BitCoin game • • • • Mt. Gox account at Wells Fargo seized over paperwork, DHS prohibits Dwolla to exchange BitCoins (total five million USD accounts) IRS subpoenaed 24 exchanges. GOA office report on money laundering risks, US Treasury unit Financial Crimes Enforcement Network (FinCEN) has BitCoin rules, IRS to follow LEO (especially the FBI more aggressive about anonymity in general, e.g. Tor CP arrests and Silk Road closure (which included the seizure of 3.6 million USD in BitCoins) Other crypto currencies insufficiently popular, e.g. Litecoin, Namecoin, PPCoin, even Ripple • May be scams themselves
    10. 10. Credit Cards 10 • Cash onto Credit Cards: Possible • Prepaid debit and credit cards are available • Some limitations • Depend on the exchanges • Limited totals • Daily Withdrawal Limit – 1000 USD • Maximum Daily Balance – 10K USD • Total Loading Limit/Month – 20K USD • Cash from Credit Cards: More difficult (but still possible) • Credit card companies and acquiring banks increasingly picky • Will cut off processors if caught violating TOS • Copyright particularly valuable tool – instant TOS violation • Copyrighted software sales, pharma particularly affected • Small shift to prepaid payment cards for accepting fraudulent payments a la rogue AV and ransomware • E.g. Green Dot MoneyPak, can be purchased at major retailers such as Wal-Mart, CVS, Walgreens, Kmart, etc.
    11. 11. Credit Cards (and other Money Mule Options) 11 • Prepaid credit cards and certificates also a growing alternative to money mules • Not just in accepting payments, also in sending money or goods for resale • Western Union et. al. are watching • Human mules problematic • Difficult to recruit enough – constant efforts required (or high payments to services who must engage in constant efforts) • Relatively easy to identify, arrest (especially if they must appear in person or accept delivery at their actual address) • Some mules will rob the thieves • Brian Krebs: “mules are dumb,” make mistakes • Big mules = big attention, e.g. General Valeriu Gaichuk in Romania • Old methods still in use though • • Can still use CCs to purchase goods, ship them near home country (in the case of Eastern Europe, sometimes via a EU country such as Poland near the Ukrainian border), sell them for cash Can still use human mules for that matter
    12. 12. So… Is There Any Hope of Getting Away With It? 12
    13. 13. Keeping Dishonest Money 13 • Money laundering already was an LEO priority, and cyber crime is a growing one • Each LEO success increases capacity for and interest in the next • The dominance of the United States in the international financial system helps make it a dominant, and potentially unavoidable, player in anti money-laundering efforts • Avoiding US victims and customers is not enough to avoid US attention • So, really, what is a cyber criminal to do? • Stay under the radar, it’s still a numbers game • LEOs are better able to target money laundering than cyber crime, but are still constrained by capacity issues and the need to prioritize • So many “ we gave it to LE” stories • The noticeable and stationary get targeted – just ask LR, Mt. Gox, Silk Road, Gozi, Citadel, Carberp, etcetera • The more automation, the better • Risk still higher
    14. 14. Thank You © 2012 VeriSign, Inc. All rights reserved. Verisign, the Verisign logo, iDefense and other trademarks, service marks, and designs are registered or unregistered trademarks of VeriSign, Inc. and its subsidiaries in the United States and in foreign countries. All trademarks are properties of their respective owners. All materials are intended for iDefense customers and personnel only. The reproduction and distribution of this material is forbidden without express written permission from iDefense. The opinions, statements, and assessments in this report are solely those of the individual author(s) and do not constitute legal advice, nor do they necessarily reflect the views of VeriSign, Inc., its subsidiaries, or affiliates.