1. Financial Options for Cyber Criminals
Kimberly Zenz
VeriSign iDefense
kzenz@verisign.com

2. “A Significant Amount of Money”
2

3. Stealing Money Isn’t Enough
3
• You have to be able to use it too
• Cyber criminals can take steps to be less public
• E.g. Diffuse services, less commercial criminal software offerings
• But all cyber criminals must at some point convert their criminal
gains into money that they can use. i.e. that is integrated with the
global financial system
• Money laundering a particular concern for cyber criminals because it
ties into larger anti-crime, anti-terrorism and political efforts
• Receives more official and private sector resources than purely anticyber crime efforts
• Laws and cooperation mechanisms older, more established, simpler
and less time sensitive than ant cyber crime efforts
• Private and public sectors older, more established, than anti cybercrime
• Transactions can be traced
• Assuming that officials are sufficiently motivated
• People talk

4. What is a Poor Cyber
Criminal to Do?
4

5. Electronic Currencies
5
• Popular choice for a reason
• Some have a history of offering clients anonymity
• Or at least not asking too hard for true proof of identity
• Third-party and personal exchanges also help provide anonymity
• Quick, online, (mostly) separate from the formal financial system
• Relatively easy to establish
• Limited truly reliable and secure options
• Vulnerable to betrayals, LEO, internal failures

6. Liberty Reserve
6
•
Leader until takedown
•
•
US DOJ: A money laundering case, not a cyber crime case
•
•
•
•
High profile customers, including 45 million USD Unlimited Operations ATM scammers
More than 6 billion USD laundered through 55 million transactions
25 million USD and 45 bank accounts seized
More effectively frozen - customers able to appeal for access to their accounts –
not too many forthcoming
Costa Rican base not sufficient legal protection
•
•
Leader Arthur Budovsky arrested in Spain, others arrested in US and Costa Rica
US DOJ could pursue the case
• 200,000 US users
• Presence of Liberty Reserve members Vladimir Katz (co-founder) and Mark Marmilev
(helped design technical infrastructure) in the Untied States
• Presence of infrastructure in US
• Transfer of funds through US financial institutions
•
•
Iran has this problem too
International anti-money laundering cooperation relatively straightforward
• 45+ domestic and foreign searches & seizures, 36 MLAT requests in 15 countries
• LEO Cooperation in: US, Costa Rica, Russia, China, Latvia, Cyrus, Hong
Kong, Norway, Sweden, Australia, Cyprus, Latvia, Switzerland, Luxembourg, Morocco,
Spain, Netherlands, United Kingdom, Norway, Canada, US, Costa Rica

7. Alternatives to Liberty Reserve
7
•
Perfect Money
•
•
•
Increase in use following LR takedown
In business since at least 2007
Claimed to be in Panama
• January 2013: Panamanian government stated that Perfect Money has no offices or
licenses in the country
•
Now provides a Hong Kong address
• Shared by many other businesses
•
But… Security press anointed Perfect Money as the Successor to Liberty
Reserve
•
•
Also successor to legal attention?
Announced the US citizen could not participate following LR takedown
• Difficult to police, infrastructure even harder
•
Turned away some visibly criminal customers

8. Further Electronic Currency Options
8
• WebMoney
• Founded in 1998, previously the front runner
• Claims 14 million users
• Strong global footprint, expanding
• Began in CIS, Latin America and Pacific Asia (not to USA)
• Traditionally popular among cyber criminals
• Use by legitimate small and medium sized businesses protected
WMZ from regulation efforts
• Now large legitimate presence encourages law enforcement
cooperation, especially in Russia
• May still be possible to “fly under the radar”
• Other electronic options of varying trustworthiness
• Payza/AlertPay, EgoPay, LiqPay, Paxum, PayWeb, SolidTrustP
ay, ePayments, Yandex.Dengi, RedPass, etc.

9. BitCoin: An Acceptable Option?
9
•
•
Volatile – speculation an issue
Mining losing utility
•
•
•
•
Handy for cyber criminals who can use botnets (like ZeroAccess)
As the rate of block generation (unencrypting a BitCoin) increases, difficulty rises – reaching maximum total
utility
BitCoin seems attractive because it is “anonymous”
But is BitCoin Anonymous?
•
•
•
•
Not big enough to hide truly large transactions
Transactions can be tracked in each BitCoin
Multiple BitCoin transaction chains combined and transformed into international currency
through exchanges
Exchanges can and will operate with authorities – US ahead of the BitCoin game
•
•
•
•
Mt. Gox account at Wells Fargo seized over paperwork, DHS prohibits Dwolla to exchange BitCoins
(total five million USD accounts)
IRS subpoenaed 24 exchanges. GOA office report on money laundering risks, US Treasury unit
Financial Crimes Enforcement Network (FinCEN) has BitCoin rules, IRS to follow
LEO (especially the FBI more aggressive about anonymity in general, e.g. Tor CP arrests and Silk
Road closure (which included the seizure of 3.6 million USD in BitCoins)
Other crypto currencies insufficiently popular, e.g. Litecoin, Namecoin, PPCoin, even
Ripple
•
May be scams themselves

10. Credit Cards
10
• Cash onto Credit Cards: Possible
• Prepaid debit and credit cards are available
• Some limitations
• Depend on the exchanges
• Limited totals
• Daily Withdrawal Limit – 1000 USD
• Maximum Daily Balance – 10K USD
• Total Loading Limit/Month – 20K USD
• Cash from Credit Cards: More difficult (but still possible)
• Credit card companies and acquiring banks increasingly picky
• Will cut off processors if caught violating TOS
• Copyright particularly valuable tool – instant TOS violation
• Copyrighted software sales, pharma particularly affected
• Small shift to prepaid payment cards for accepting fraudulent payments
a la rogue AV and ransomware
• E.g. Green Dot MoneyPak, can be purchased at major retailers such as
Wal-Mart, CVS, Walgreens, Kmart, etc.

11. Credit Cards (and other Money Mule Options)
11
• Prepaid credit cards and certificates also a growing alternative to
money mules
• Not just in accepting payments, also in sending money or goods for
resale
• Western Union et. al. are watching
• Human mules problematic
• Difficult to recruit enough – constant efforts required (or high payments to
services who must engage in constant efforts)
• Relatively easy to identify, arrest (especially if they must appear in person or
accept delivery at their actual address)
• Some mules will rob the thieves
• Brian Krebs: “mules are dumb,” make mistakes
• Big mules = big attention, e.g. General Valeriu Gaichuk in Romania
• Old methods still in use though
•
•
Can still use CCs to purchase goods, ship them near home country (in the case
of Eastern Europe, sometimes via a EU country such as Poland near the
Ukrainian border), sell them for cash
Can still use human mules for that matter

12. So… Is There Any Hope of
Getting Away With It?
12

13. Keeping Dishonest Money
13
• Money laundering already was an LEO priority, and cyber crime is a
growing one
• Each LEO success increases capacity for and interest in the next
• The dominance of the United States in the international financial
system helps make it a dominant, and potentially
unavoidable, player in anti money-laundering efforts
• Avoiding US victims and customers is not enough to avoid US attention
• So, really, what is a cyber criminal to do?
• Stay under the radar, it’s still a numbers game
• LEOs are better able to target money laundering than cyber crime, but are
still constrained by capacity issues and the need to prioritize
• So many “ we gave it to LE” stories
• The noticeable and stationary get targeted – just ask LR, Mt. Gox, Silk
Road, Gozi, Citadel, Carberp, etcetera
• The more automation, the better
• Risk still higher

14. Thank You
© 2012 VeriSign, Inc. All rights reserved. Verisign, the Verisign logo, iDefense and other trademarks, service
marks, and designs are registered or unregistered trademarks of VeriSign, Inc. and its subsidiaries in the
United States and in foreign countries. All trademarks are properties of their respective owners. All materials
are intended for iDefense customers and personnel only. The reproduction and distribution of this material is
forbidden without express written permission from iDefense. The opinions, statements, and assessments in
this report are solely those of the individual author(s) and do not constitute legal advice, nor do they
necessarily reflect the views of VeriSign, Inc., its subsidiaries, or affiliates.