WASHINGTON, D.C. – The good news is that cooperation between the various law enforcement agencies in different countries all over the world is at an all time high; the bad news is that cybercriminals have embraced a potent combination of the anonymous online currency Bitcoin and equally anonymous, Web-based currency exchanges located outside U.S. jurisdiction that allow them to turn those Bitcoins into real money, making it more difficult than ever to track the bad actors down.
Such are the realities of the world we live in. The once-tried-and-true law enforcement method of following the money in order to get to the bottom of organized criminal operations is made more difficult by the emergence of digital currency, international wire transfers, and Web-based currency exchange services, shielded from U.S. law by their locations and hidden from sight with layers upon layers of obfuscation, Kaspersky Lab principle security researcher Kurt Baumgartner explained in an interview with Threatpost Wednesday.
Baumgartner participated in a panel discussion addressing the global trafficking of financial data at the Visa Global Security Summit this week. The panel heralded cooperation between different national law enforcement agencies, as well as information sharing between private businesses and law enforcement here in the U.S. The panel also highlighted substantial shift in the ways that cybercriminals do business.
It was once the case, Baumgartner explained during the panel discussion, that attackers almost exclusively targeted payment processors and financial services firms in order to steal corporate financial data straight from the source. However, many of these companies began prioritizing network security, fortifying their defenses, and making it much harder for attackers compromise their systems. So the attackers moved onto secondary targets, such as data brokers, where they could pilfer troves of sensitive information from somewhat less secure severs. They could then use this information to launch phishing and other social engineering attacks in order to establish side channels into the more intrinsically valuable networks, eventually stealing the same corporate financial data they sought in the first place.
This information is largely bought and sold online with digital currencies such as Bitcoin, or paid for with international wire transfers facilitated by seemingly – and in many cases – otherwise legitimate money transfer services such as Western Union and WebMoney. In the case of Bitcoin, that currency can be turned into physical money at any number of Web-based currency exchanges – “For a fee, always for a fee, but when you’re looking at laundering money, these guys are willing to pay” Baumgartner said.
“They are performing services and paying for dumps – so stolen personally identifiable information – they pay for it with Bitcoin, and basically the seller takes his proceeds and puts it into an exchange and then he is able to withdrawal actually money,” Baumgarnter said.
Baumgartner would later explain that obfuscation, in addition to these overseas currency exchange services, is making it easier and easier for criminals move their money around and ultimately launder it.
“With all of these incidents, one of the keys to effectively dealing with these bad actors is following the money,” he said. “And when you get Bitcoin involved, it becomes next to impossible to follow the money. Unfortunately, that’s where a lot of these guys are moving.”
Baumgartner eventually came back to what one of the other panel members, the FBI’s Donald Good, had said in their discussion at the summit earlier. The silver lining to all this is that cooperation and coordination between law enforcement is working. Baumgartner knows this because he has played a role in Kaspersky Lab’s participation with Law Enforcement in the U.S. and abroad in taking down botnets and other cybercriminal operations.
Baumgartner rifled off a list of cybercriminal arrests – claiming that nearly all of them have occurred as a result of international cooperation: the takedown of the currency exchange Liberty Reserve, an alleged haven for money laundering, a number of individuals allegedly associated with reputed cybercriminal Alberto Gonzalez were arrested and charged with various crimes in Amsterdam over the summer, and just this week, an Bulgarian believed to have been the leader of a vast a profitable ATM skimming operation was arrested in that country, which, Baumgartner noted, is unusual.
In fact, just a day earlier, the FBI took down the infamous Silk Road underground market. Silk Road was an illegal marketplace for drugs, hacking services, malware and related tools, weapons and ammunition, hacked Web accounts, and an absolute slew of personal, sensitive, and financial information, all of which had to be bought and paid for using Bitcoin. The marketplace reportedly generated some $1.2 billion and is a near perfect microcosm for how the global trade in illicit goods and information operates. Interestingly enough, the Silk Road deployed the use of strong encryption and anonymity tools to shield itself from law enforcement. In the end, Ross William Ulbricht, the man who ran Silk Road, made what the FBI described as “a simple mistake” leading to his arrest. In other words, investigators got lucky, lending credence to Baumgartner’s assertion that criminals are harder to catch than ever given anonymous digital currencies, anonymous Web transfers, and anonymous marketplaces.
Baumgartner also suggested in closing, the possibility that a new trend of corporate identity theft may be emerging. Dunn & Bradstreet, the New Jersey-based corporate licensure firm revealed in Brian Krebs’ ‘SSNDOB[dot]ms’ exposé, is a sort of a corporate data broker. So what happens, Baumgartner said, when an attacker steals the identity of a corporation? He or she steals a lot more money, likely going unnoticed for a much longer period of time.