Nov 05 2024

From Cartels to Crypto: The digitalisation of money laundering

Category: Cryptodisc7 @ 1:06 pm

In this podcast episode, Geoff White and ISF CEO Steve Durbin explore the shift in cybercrime, specifically how digitalization has transformed money laundering. White discusses how nation-states have learned from cybercriminals, weaponizing stolen information for influence and disruption. They touch on artificial intelligence’s role in both enabling and combating cybercrime and the growing intersections between organized crime, cryptocurrency, and laundering. Technology’s rapid evolution challenges law enforcement’s ability to keep up, highlighting the need for advanced, coordinated defenses. For a deeper dive, listen to the episode here.

…they’ve learned the damage that a leak can do…nation-states are now extremely astute at getting in, stealing information, and then weaponising that information to change people’s attitudes, to influences world events. Nation-states have got both feet in this cyber crime game…

Money laundering in cryptocurrency typically involves several methods to hide the origins of funds. Common techniques include mixing services (or “tumblers”) that combine various transactions to obscure their source, chain-hopping by converting funds across multiple cryptocurrencies, and using privacy coins like Monero or Zcash, which have enhanced anonymity features. Launderers may also move funds through decentralized exchanges or peer-to-peer platforms that lack stringent identification requirements. These practices make it challenging to trace funds, requiring specialized blockchain analysis to uncover.

The Crypto Launderers: Crime and Cryptocurrencies from the Dark Web to DeFi and Beyond

InfoSec services | InfoSec books | Follow our blog | DISC llc is listed on The vCISO Directory | ISO 27k Chat bot

Tags: money laundering

Oct 01 2021

Gift card fraud: four suspects hit with money laundering charges

Category: CybercrimeDISC @ 11:44 am
Gift card fraud: four suspects hit with money laundering charges

You might be forgiven for thinking that cybercrime is almost all about ransomware and cryptocoins these days.

In a ransomware attack, the crooks typically blackmail you to send them cryptocurrency in return for giving you your stolen data back (or for not selling it on to someone else).

In a cryptocoin attack, the crooks typically take your cryptocurrency for themselves, perhaps by exploiting a bug in the trading software you use, or by stealing your private keys so they have direct access to your cryptocurrency wallet.

This sort of criminality sometimes involves amounts reaching tens of millions of dollars, or even hundreds of millions of dollars, in a single attack.

But gift card fraud still fills a distressing niche in the cybercrime ecosystem, where a gang of crooks redeem gift cards that you paid for, either because you were convinced that those cards were earmarked for something else, or because the crooks got temporary access to one of your online accounts that allowed them to buy gift cards on your dime.

Indeed, the US Department of Justice announced this week the indictment of four suspected gift card scammers, and alleges that that these four had ended up with more than 5000 fraudulently obtained cards to spend on themselves.

This sort of crime might not reach the stratospheric financial territory of ransomware criminals, or the truly cosmic amounts seen in cryptocurrency attacks…

…but if we reasonably assume an average of $200 a gift card (we know that in many scams, crooks come away with more than that on each card), we’re still looking at $1,000,000 of ill-gotten gains in this court case alone.

Don’t Panic! I’m A Professional Fraud Analyst – 2022 Diary: Customized Work Planner Gift For A Busy Fraud Analyst.

Tags: Gift card fraud, money laundering

Sep 24 2021

Treasury Sanctions SUEX Exchange for Laundering Ransoms

Category: RansomwareDISC @ 11:46 am
Treasury Sanctions SUEX Exchange for Laundering Ransoms

The Biden administration fired another shot in its battle against ransomware Tuesday as the U.S. Treasury Department took steps to disrupt the financial infrastructure behind ransoms, designating for sanctions the SUEX OTC, S.R.O. virtual currency exchange for laundering ransom payments.

By designating SUEX, the Treasury Department’s Office of Foreign Assets Control (OFAC) is blocking the exchange’s property (and interests in property) that are under U.S. jurisdiction. In addition, if a designated person owns 50% or more of an entity, they also can be blocked; those involved in some transactions or activities – whether individuals or financial institutions – could be exposed to sanctions or some other penalty.

While the actions taken against SUEX aren’t attached to a particular ransomware-as-a-service (RaaS) or ransomware variant, the agency said an analysis of the exchange’s activities found transactions made for at least eight ransomware variants.

“This advisory is really a final warning for companies to get their security operations in order,” said Jake Williams, co-founder and CTO at BreachQuest. “The vast majority of ransomware incidents we respond to were trivially preventable.”

The government, he said, “sees companies facilitating ransomware payments as encouraging future ransomware attacks.”

The new advisory may prevent organizations from paying attackers to recover their data, “making it even more critical that they do what they can now to ensure they don’t suffer a ransomware attack in the first place,” said Williams.

Praising the Biden administration for doing “more for cybersecurity awareness and direction than we’ve seen in the past,” Bill O’Neill, vice president of public sector at ThycoticCentrify, added that, “The idea of disincentivizing organizations from paying out a ransom to attackers will likely only end up backfiring and having an adverse effect economically.” While the average company most often folds to ransomware demands “because they lack the proper knowledge, resources and technology to wrest [back] control of the data that was stolen from them to begin with,” O’Neill said, “Penalizing business owners for complying will only hurt them twofold while doing nothing to ultimately stop attacks from happening.”

If attackers can’t get ransom, then they’ll turn to the black market to make money by selling the data they pilfered. “Their victims, however, will be exponentially worse off and possibly open to further attacks,” said O’Neill. “The better approach would be to continue introducing policies and programs to raise awareness and educate organizations about the best ways to stay safe and prevent attacks, as well as providing resources surrounding key technologies to implement to help further minimize risks.”

The sanctions might be a good first step, but John Bambenek, principal threat hunter at Netenrich, said, “What is more important in stopping ransomware is finding those involved and getting them brought to justice; these kinds of actions could also impair intelligence collection on those bad actors.”

sanctions currency exchange

Treasury Sanctions SUEX Exchange for Laundering Ransoms

Bitcoin Investigation Manual: Hunting Bitcoin in the AML-Money Laundering World

Tags: Laundering Ransoms, money laundering, SUEX Exchange

Jan 25 2011

Cisco Security Report Says Unemployed Are Targeted By Money Mules

Category: CybercrimeDISC @ 5:26 pm

By Samuel Rubenfeld

Add another burden to being unemployed: Those seeking work are increasingly targeted by money mules for laundering operations.

The “Cisco 2010 Annual Security Report,” (pdf) released Thursday, says that alongside ongoing threats from phishing attempts, viruses, trojans and more, the unemployed–or the underemployed–may become unsuspecting conduits for money laundering. This can happen through “work-from-home” scams where a person’s “job” is to receive items, repackage them and ship them abroad, not knowing that the items were obtained illegally using stolen or fraudulent credit cards that further the money laundering operation.

“People scouring employment ads on legitimate, well-known job search sites also have been duped by these scams,” the report says, later adding: “Individuals who come in contact with these operations usually have no idea they are being recruited as money mules, and believe they are dealing with a recruiter for a legitimate company.”

Titles below explain how money laundering works…




Tags: money laundering, money mules