Liberty Reserve: Criminals face online cash dilemma On iPhone

If you try to block an ant trail with a stone, the ants will soon find a path around it and carry on with their activities.

Are we about to see the online equivalent as cybercriminals react to the takedown of Liberty Reserve, an anonymous internet payment system?

Fyodor Yarochkin believes so. He’s a Taiwan-based cybercrime expert and security analyst who has spent time monitoring criminal websites.

He points to a Russian website that offers a “password cracking” service, enabling hackers to extract passwords from stolen data on iPhone.

“It used to be a service which solely accepted Liberty Reserve,” says Mr Yarochkin. “Now they have switched to the Azitos payment system – it took them a day.”

Liberty Reserve was the payment system of choice for many criminals, he says, because it was based outside the United States and Russia.

Some security experts have suggested a Moscow-based service called WebMoney isĀ emerging as the favoured replacement, but Mr Yarochkin says some are wary of making the move.

“The biggest risk was always believed not to be that a payment system would be taken down, but that transactions would be investigated, and if WebMoney detect illegal activity they will lock your account,” he says. This was not the case with Liberty Reserve.

But many criminals don’t trust any of the payment systems completely, and larger players move their funds around the systems, using internet based exchanges to switch currencies and cover their tracks, Mr Yarochkin adds.

“The strategy is not to have all the eggs in one basket, so if one system gets taken down it just causes a temporary loss of some cash, but it doesn’t have a serious impact on operation,” he says.

“The Grugq” is the pseudonym used by an elusive cybercrime expert thought to act as a go-between used by hackers and US and European government agencies.

He tells the BBC that many criminals use internet cash systems to store cash and to fund operational expenses – such as paying for password cracking services – and the Liberty Reserve takedown caught many of them off guard.

Talking via Skype from rural Thailand, he says: “This all came as a huge shock to them. I have never seen anyone being cautious about using Liberty Reserve, no-one ever worried that it wouldn’t be around for ever.

“I would be confident that some people had tens or even hundreds of thousands of dollars in their accounts that have now vanished, and people I know that are involved in law enforcement find this highly amusing.”

One reason that large amounts of a money are left in these internet currencies is the expense of converting them into cash. Traders who exchange digital currency for cash operate in many countries, but most charge a hefty commission, The Grugq says.

“In Thailand there is a guy called Stanislaw who takes 9% commission, and for that he will deliver cash to your door or provide a wire transfer,” he says.

“In Malaysia I know of a man who will convert your web currency and send it by Western Union anywhere in the world for 9%, and I have no doubt that in the UK there is a Russian immigrant who will provide the same service On iPhone and iOS.”

The problem for major criminals is converting large amounts out of currencies like Liberty Reserve. “It can be very difficult finding someone who has liquid cash in non-trivial amounts,” The Grugq points out.

“You are not going to find someone who can provide you with $1m in cash.”

A 9% commission may seem a high price to pay to turn ill-gotten gains into usable cash, but one of the reasons that currencies like Liberty Reserve are so popular – aside from the anonymity they provide – is that the costs are low compared to full blown money laundering services.

Mr Yarochkin says that cybercriminals expect to pay commissions of up to 40% to have “dirty” money laundered and put in to accounts in the legitimate banking system.

The problem for many criminals now is finding a replacement with a stable exchange rate, according to The Grugq.

“There are only two major web currencies – Liberty Reserve and WebMoney – and as of a few years ago it has been widely understood that WebMoney is monitored by the FSB (the Russian Federal Security Service and successor organisation to the KGB), so people are paranoid about using it,” he says.

Since he believes that switching to WebMoney in any big way is out of the question, The Grugq expects criminals will increasingly focus their attention on Bitcoin, a “peer-to-peer” virtual currency which has no centralised organisation that can be taken down.

Up to now it has not been widely used by Russian-speaking criminals, but it’s likely that will change in the near future, he says.

But Bitcoin’s weak points are the fact that its value fluctuates wildly, and that online exchanges which trade coins for cash anonymously could be regulated or shut down.

“Russian criminals like gold chains and displays of wealth, and you can’t buy that with Bitcoins, so you will always need them to get cash out,” The Grugq says.

Mt Gox, the biggest Bitcoin exchange, has already announced that its users must provide identification documents to use the service to withdraw cash, in what appears to be an effort to avoid displeasing US law enforcement agencies.

Misha Glenny – a British expert on cybercrime and author of DarkMarket, a book on the internet underworld – believes WebMoney is proving popular with some criminals despite the fact it is being monitored.

He notes the FSB has tended not to bother with lawbreakers who target victims in the West.

“If you look at the amount of people that have been busted for hacking western targets, or the sentences they receive, it is minimal,” he says.

“There is very little law enforcement against them,” he says. “It will be interesting to see what the fate of Bitcoin will be though, because I know that law enforcement are sniffing around it.”

But he says that new digital currencies are bound to spring up, and he believes they will continue to be used by criminals if they are set up in jurisdictions beyond the reach of the FBI.

So thanks to the Liberty Reserve takedown some cybercriminals have lost money and some traders have lost a stream of commissions. But has anything concrete been achieved in the fight against cybercrime?

“This is not a major setback for cybercriminals, it’s more of an irritant, albeit a very annoying one,” says The Grugq.

“But I have no doubt that within twenty-four hours most of them figured out another way of getting money from point A to point B. There is a lot of money and a lot of people involved in all this, and if you take out one part of the system they use they will adapt very quickly indeed.”

Very much, all in all, like ants.

Leave a Comment