Cybercriminals Prefer 'Old School' Money Laundering MethodsBut SWIFT Report Says Use of Cryptocurrency for Laundering Could Grow
Cybercriminals still prefer to use “money mules” and drug trafficking to launder money tied to their bank hacking activities rather than cryptocurrency transactions, according to a report from SWIFT, which handles intra-bank financial transactions.
Money laundering is usually accomplished using physical methods, such as having so-called money mules open and access bank accounts, creating front companies, selling drugs or engaging in human trafficking.
While cryptocurrencies and digital wallets are increasingly used for money laundering, their use still remains relatively rare, the SWIFT report notes. But it warns that use of cryptocurrency for money laundering is likely to increase as new payment tools, such as prepaid cryptocurrency cards, emerge.
Cleaning the Money
"Irrespective of the cyberattack method, the challenge all criminals face after a successful cyberattack is getting ahold of cash or other liquid financial assets that are perceived as 'clean,'" according to the SWIFT report. "A common denominator that underpins cyber heists is the essential function of the money mule - irrespective of the diversity of the cybercrime group, the execution of the heist or the final destination of laundered funds."
The researchers found that cybercriminals, including nation-state actors, threat groups and individual hackers, believe physical methods of money laundering, including use of money mules, offer better obfuscation than modern methods such as using cryptocurrency.
The SWIFT study primarily investigated money laundering tied to large-scale cyber heists against banks' high-value payment and ATM-related systems, including back office payment systems. It did not consider how money stolen by card skimmers or physical attacks on ATMs is laundered.
Common Laundering Methods
The report notes that for money laundering, stolen funds go through three phases:
- Placement: Stolen money is introduced into the financial system.
- Layering: Illicit funds are moved through the financial system to disguise their origin ownership.
- Integration: Laundered funds are re-introduced to the legitimate economy or reinvested into the criminal enterprise.
Money mules have several roles to play in cyber bank heists, particularly those involving ATMs. The report notes they use stolen and fraudulently created debit cards at banks to illegally withdraw money from ATMs and accounts and then take the stolen cash to currency exchanges (see: Modern Bank Heists 3.0: 'A Hostage Situation').
European law enforcement agencies identified 3,833 money mules along with 386 money mule recruiters between September and November 2019 and made 228 arrests, which prevented a total loss of 12.9 million ($15.2 million) from European banks and other financial institutions, the report adds.
Use of Cryptocurrency
Although the use of cryptocurrencies to launder funds is relatively rare, the report notes that some criminal groups launder potentially identifiable cryptocurrency funds by blending it with large amounts of other funds.
The Lazarus Group, an advanced persistent threat group with links to North Korea, is known to use cryptocurrency as part of its money laundering process.
The Lazarus Group targets cryptocurrency exchanges to steal money and then launders the money by sending it to multiple exchanges with the help of facilitators located in East Asia, according to SWIFT (see: Lazarus Group Uses Spear Phishing to Steal Cryptocurrency).
"The East Asian facilitators move a portion of the received funds through newly added bank accounts that are linked to their exchange account - this enables the conversion from cryptocurrency into fiat currency, the report notes. “Other stolen funds might be transferred in bitcoin into prepaid gift cards, which can be used at other exchanges to purchase additional bitcoin.”
In August, the U.S. Department of Justice announced that it had filed a civil forfeiture complaint in an effort to recover millions in cryptocurrency from 280 accounts that allegedly was stolen by North Korean hackers (see: DOJ Seeks to Recover Stolen Cryptocurrency).
The civil lawsuit relates to a criminal case that the Justice Department brought against two Chinese nationals for their alleged role in laundering $100 million in cryptocurrency stolen from exchanges by North Korean hackers in 2018 (see: 2 Chinese Nationals Indicted for Laundering Cryptocurrency).