A nine-month academic survey carried out a criminology lecturer at Surrey University has put a figure on the amount of money that cybercriminals have laundered through the use of cryptocurrencies, gaming currencies and digital payment systems.
And, the number is huge. Globally, cybercriminal proceeds make up around 8-10% of the total amount of illegal profits laundered. This amounts to up to $200 billion every single year.
The study, in conjunction with virtualisation-based security company Bromium, is part of Into the web of Profit study.
“Today it is easy for hackers to infect machines, steal data, and hold businesses and individuals for ransom or sell stolen IP because enterprise defences are not fit for purpose,” commented Gregory Webb, CEO of Bromium.
“It is equally easy for them to wash that money and convert it into cash – and the rise in use of unregulated, virtual currencies is making this even easier.”
The report states that Bitcoin and other virtual currencies are now the primary digital tool used by cybercriminals to launder their ill-gotten gains. However, there is a pronounced shift away from Bitcoin as criminals shift to less high-profiles and less trackable systems.
Researcher and report author Dr. Mike McGuire, Senior Lecturer in Criminology at Surrey University, said:
“It’s no surprise to see cybercriminals using virtual currency for money laundering. The attraction is obvious. It’s digital, so is an easily convertible way of acquiring and transferring cybercrime revenue. Anonymity is also key, with platforms like Monero designed to be truly anonymous, and tumbler services like CoinJoin that can obscure transaction origins. Targeted organizations must do more to protect their customers.”
Moving away from Bitcoin
The primary reason that cybercriminals seem to be jumping ship on Bitcoin is that it is not anonymous enough. Researchers at Princeton University have found that individuals can be uniquely identified in up to 60% of the time. The reason behind this is that web interactions create information that “leaks out”, such as web trackers and cookies which mean that even the use of software tumbler services cannot always conceal Bitcoin user identity.
The current legal status of Bitcoin is also currently clear. There have been a large, and growing, number of bitcoin seizures by police forces since 2013.
Criminals have now turned their attentions to other cryptocurrencies like Monero and Zcash which were designed to be more anonymous.
“The growing use of digital payment systems by cybercriminals is creating significant problems for the global financial system. Revenues that previously would have flowed within proven and well-established banking systems and could be traced are now outside of its jurisdiction,” Dr. McGuire concludes.
“Digital payment systems are most effective when combined with other digital resources, like virtual currencies and online banking. This hides the money trail and confuses law enforcement and financial regulators.”
Webb agrees: “We need to attack the problem in a different way. Law enforcement, the cybersecurity industry and both the public and private sectors need to be vigilant about disrupting cybercrime. Protecting applications that access sensitive data is an absolute requirement. We need a whole new approach to cybersecurity or these figures will continue to increase over time.”