Bitcoins, Web-Exchanges Make Following Money Near Impossible

Cybercriminals’ use of Bitcoins and Web-based currency exchanges has made a tried-and-true law enforcement strategy of following the money to arrest criminals close to impossible.

WASHINGTON, D.C. – The good news is that cooperation between the various law enforcement agencies in different countries all over the world is at an all time high; the bad news is that cybercriminals have embraced a potent combination of the anonymous online currency Bitcoin and equally anonymous, Web-based currency exchanges located outside U.S. jurisdiction that allow them to turn those Bitcoins into real money, making it more difficult than ever to track the bad actors down.

Such are the realities of the world we live in. The once-tried-and-true law enforcement method of following the money in order to get to the bottom of organized criminal operations is made more difficult by the emergence of digital currency, international wire transfers, and Web-based currency exchange services, shielded from U.S. law by their locations and hidden from sight with layers upon layers of obfuscation, Kaspersky Lab principle security researcher Kurt Baumgartner explained in an interview with Threatpost Wednesday.

Baumgartner participated in a panel discussion addressing the global trafficking of financial data at the Visa Global Security Summit this week. The panel heralded cooperation between different national law enforcement agencies, as well as information sharing between private businesses and law enforcement here in the U.S. The panel also highlighted substantial shift in the ways that cybercriminals do business.

It was once the case, Baumgartner explained during the panel discussion, that attackers almost exclusively targeted payment processors and financial services firms in order to steal corporate financial data straight from the source. However, many of these companies began prioritizing network security, fortifying their defenses, and making it much harder for attackers compromise their systems. So the attackers moved onto secondary targets, such as data brokers, where they could pilfer troves of sensitive information from somewhat less secure severs. They could then use this information to launch phishing and other social engineering attacks in order to establish side channels into the more intrinsically valuable networks, eventually stealing the same corporate financial data they sought in the first place.

This information is largely bought and sold online with digital currencies such as Bitcoin, or paid for with international wire transfers facilitated by seemingly – and in many cases – otherwise legitimate money transfer services such as Western Union and WebMoney. In the case of Bitcoin, that currency can be turned into physical money at any number of Web-based currency exchanges – “For a fee, always for a fee, but when you’re looking at laundering money, these guys are willing to pay” Baumgartner said.

“They are performing services and paying for dumps – so stolen personally identifiable information – they pay for it with Bitcoin, and basically the seller takes his proceeds and puts it into an exchange and then he is able to withdrawal actually money,” Baumgarnter said.

Baumgartner would later explain that obfuscation, in addition to these overseas currency exchange services, is making it easier and easier for criminals move their money around and ultimately launder it.

“With all of these incidents, one of the keys to effectively dealing with these bad actors is following the money,” he said. “And when you get Bitcoin involved, it becomes next to impossible to follow the money. Unfortunately, that’s where a lot of these guys are moving.”

Baumgartner eventually came back to what one of the other panel members, the FBI’s Donald Good, had said in their discussion at the summit earlier. The silver lining to all this is that cooperation and coordination between law enforcement is working. Baumgartner knows this because he has played a role in Kaspersky Lab’s participation with Law Enforcement in the U.S. and abroad in taking down botnets and other cybercriminal operations.

Baumgartner rifled off a list of cybercriminal arrests – claiming that nearly all of them have occurred as a result of international cooperation: the takedown of the currency exchange Liberty Reserve, an alleged haven for money laundering, a number of individuals allegedly associated with reputed cybercriminal Alberto Gonzalez were arrested and charged with various crimes in Amsterdam over the summer, and just this week, an Bulgarian believed to have been the leader of a vast a profitable ATM skimming operation was arrested in that country, which, Baumgartner noted, is unusual.

In fact, just a day earlier, the FBI took down the infamous Silk Road underground market. Silk Road was an illegal marketplace for drugs, hacking services, malware and related tools, weapons and ammunition, hacked Web accounts, and an absolute slew of personal, sensitive, and financial information, all of which had to be bought and paid for using Bitcoin. The marketplace reportedly generated some $1.2 billion and is a near perfect microcosm for how the global trade in illicit goods and information operates. Interestingly enough, the Silk Road deployed the use of strong encryption and anonymity tools to shield itself from law enforcement. In the end, Ross William Ulbricht, the man who ran Silk Road, made what the FBI described as “a simple mistake” leading to his arrest. In other words, investigators got lucky, lending credence to Baumgartner’s assertion that criminals are harder to catch than ever given anonymous digital currencies, anonymous Web transfers, and anonymous marketplaces.

Baumgartner also suggested in closing, the possibility that a new trend of corporate identity theft may be emerging. Dunn & Bradstreet, the New Jersey-based corporate licensure firm revealed in Brian Krebs’ ‘SSNDOB[dot]ms’ exposé, is a sort of a corporate data broker. So what happens, Baumgartner said, when an attacker steals the identity of a corporation? He or she steals a lot more money, likely going unnoticed for a much longer period of time.

Suggested articles


  • WildBill on

    What the heck is bitcoin and why should I care?
    • Brian Donohue on

      Bitcoin is a popular, open-source, decentralized digital crypto-currency. Because it is decentralized, it is impossible for a central power to freeze an individual's Bitcoin holdings. It's also global, so users don't have to worry about conversion rates between countries with different currencies. Users can trade Bitcoin fairly easily with other Bitcoin users without having to deal with the hassle of wire transfers and fees between different banks. It's used widely by cybercriminals because it is difficult to track but is also invested in for legitimate reasons as well. Users can trade their Bitcoins in for real-life currency at any number of exchanges as well. I am not sure why you should care about Bitcoin, but I care about it because it represents a revolutionary change - spurred by the Internet and computing - to the historical concept of currency.
      • Bill Firth on

        Thanks for the reply. I still don't understand it nor can I tell how it relates to the real world in which we live. If you don't have to put real cash behind it, you can make yourself a bitcoin billionaire for nothing. Did this get started through Internet gaming or gambling? Why would anyone need a currency in cyberspace? As long as doctors and supermarkets don't want to get paid by Bitcoin, I think I'll be just fine. Anyway, it seems to have NO impact on anything I do or the world in which I live so I won't think about it anymore.
        • Bitcoin master on

          Bitcoin is going to change the world...but dont worry to think to hard about it because clearly u dont have the IQ to understand it like 90% of the population
          • Astronomer46 on

            IQ has nothing to do with it; mine is 143. Experience has everything to do with it. I started in computers working on mainframes in 1967, probably before you were born. I do not play games or gamble online and only transact business with my bank. So far, I have only encountered bitcoins in blogs and articles. I have no need for them nor do I even need to understand them because they cannot be used to buy groceries or gasoline and have NO impact on my life.
  • Emily on

    Even populist Rand came out against tracing the billions hidden in island banks. Watch nothing happen with the Bitcoin situation: Politicians value their privacy too.
  • Bill Firth on

    I used the wrong screen name in my post above. Astronomer46 is also me. If there is a widespread and persistent power outage covering several weeks or months, how will you access your bitcoins with no internet or power to run the banks' computers or the internet backbone servers? How long will it take for fuel for emergency generators to become scarce? Do you think the banks and internet server farms will get fuel before the hospitals? Without computers and the internet, your bitcoins are just in a bit bucket somewhere with absolutely no value. You might want to think about joining the real world unless you also believe in zombies and think that there will be a zombie apocolypse soon.
    • Index on

      So you are saying that this currency can only stop existing should there be a systematic global collapse of all our cable and satellite communications? Because you dont need an ISP to access the web….. I rely on the comfort that the only thing that can damage my currency is a catastrophe that would cripple everyone (as there is no more gold standard for USD currency, should something like you described happen, your cold cash will be worth nothing too.) while your currency is constantly fluctuating in a market that is ruled by the rich to the degree that your government cant function without the central bank and the federal reserve. I can turn my bitcoins into money whenever i want, and actively participate and pretty much now life of bitcoin exchange. Enjoy your day.
    • Bill Firth on

      I invite you to consider what would happen if no one had any electricity at all, anywhere. If your bitcoins are in cyberspace and there is no electricity to maintain cyberspace, how will you get hard currency to buy water, food, etc.? If my neighbor has water to sell, he will accept my cash. In this scenario, how would you use your bitcoins? I believe that your faith and trust that the Internet will always be there is misplaced and not tempered with experince. Too bad you weren't 6 miles from the epicenter of the 1994 Northridge quake. You might have a different perspective when you go 4 days with no electricity or water.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.