From Money Mules to Chain-Hopping: Targeting the Finances of Cybercrime

Abstract

This paper examines money-laundering techniques used by cyber-criminals and proposes measures that should be taken by UK policymakers, law enforcement agencies and regulated businesses to make it more difficult for such activities to go undetected. Cybercrime has become a major category of financially motivated crime. It generates proceeds that in some cases amount to hundreds of millions of pounds. Moreover, it engenders a bustling underground economy where stolen data and services that facilitate cybercrime are traded. Money forms a key part of cyber-criminals’ motivation to engage in criminality. It is also their vulnerability. Since financially motivated crime inevitably involves money laundering, which refers to any use of the proceeds of crime, anti-money laundering (AML) measures can be used to target cyber-criminals. Financial investigation can be used to trace transactions and identify their beneficiaries. Criminal prosecution can target money launderers who help cyber-criminals transfer and use the proceeds of crime. Based on a review of publicly available information and interviews with subject-matter experts, this paper proposes ways of further strengthening these financial efforts against cybercrime. Scope of the Paper Cybercrime is a broad concept. This paper focuses specifically on the proceeds from hacking, malware infections (including ransomware) and distributed denial of service (DDOS) attacks. These are enabled by the existence of an underground criminal economy of services that facilitate cybercrime. In view of this, the paper also covers the proceeds of ancillary services that range from the provision of hacking, malware or DDOS attacks ‘as a service’ to money-laundering services. Generation of Cyber-Criminal Proceeds Since the form and amount of the proceeds often determine how they will be laundered, it is necessary to consider how cyber-criminals generate proceeds. This happens in a variety of ways, including: • Taking over a bank customer’s account or interfering with inter-bank payments, typically via Society for Worldwide Interbank Financial Telecommunication (SWIFT) intrusions, which leads to unauthorised electronic transfers of fiat currency (government-issued money such as US dollars or British pounds). • Hacking ATMs or attacking banks’ card-processing systems, which generates proceeds in cash. Attacks on card processing involve the deactivation of withdrawal and overdraft limits on cards held by criminals. • Ransomware extortion, ‘cryptojacking’1 or theft of cryptocurrency, which all depend on cryptocurrency, such as bitcoin. The market in ancillary services is also dominated by cryptocurrency due to the perceived anonymity of transactions.